manualshive.com logo in svg

D-Link DGS-3700-12, User Manual

The D-Link DGS-3700-12 is a high-performance Ethernet switch designed for small to medium-sized businesses. Ensure a seamless hardware installation with the comprehensive Hardware Installation Manual available for free download from our website. This user-friendly manual provides detailed instructions and diagrams to assist you in effortlessly setting up your network.

Share
Download
background image

DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual 

 

 

 

237 

 

NOTE:

 The four built in server groups can only have server hosts running the same 

TACACS daemon. TACACS/XTACACS/ protocols are separate entities and 
are not compatible with each other.

 

Authentication Server Settings 

This window will set user-defined Authentication Server Hosts for the TACACS/XTACACS//RADIUS 
security protocols on the Switch. When a user attempts to access the Switch with Authentication Policy enabled, the 
Switch will send authentication packets to a remote TACACS/XTACACS//RADIUS server host on a remote 
host. The TACACS/XTACACS//RADIUS server host will then verify or deny the request and return the 
appropriate message to the Switch. More than one authentication protocol can be run on the same physical server 
host but, remember that TACACS/XTACACS//RADIUS are separate entities and are not compatible with 
each other. The maximum supported number of server hosts is 16. 

To view this window, click 

Security > Access Authentication Control > Authentication Server Settings

,

 

as shown 

below: 

 

Figure 8- 50 Authentication Server Settings window 

Configure the following parameters to add an Authentication Server Host: 

Parameter                   Description 

IP Address 

The IP address of the remote server host the user wishes to add. 

Port (1-65535) 

Enter a number between 

1

  and 

65535

  to define the virtual port number of the authentication 

protocol on a server host. The default port number is 

49

  for TACACS/XTACACS/ 

servers and 

1813

  for RADIUS servers but the user may set a unique port number for higher 

security. 

Protocol 

The protocol used by the server host. The user may choose one of the following: 

TACACS

 – Enter this parameter if the server host utilizes the TACACS protocol. 

XTACACS

 – Enter this parameter if the server host utilizes the XTACACS protocol. 

 – Enter this parameter if the server host utilizes the  protocol. 

RADIUS

 – Enter this parameter if the server host utilizes the RADIUS protocol. 

Timeout (1-255) 

Enter the time in seconds the Switch will wait for the server host to reply to an authentication 
request. The default value is 

5

 seconds. 

Key 

Authentication key to be shared with a configured  or RADIUS servers only. Specify 
an alphanumeric string up to 254 characters. 

Retransmit (1-20) 

Enter the value in the retransmit field to change how many times the device will resend an 
authentication request when the server does not respond. 

Click 

Apply

 to add the server host. Entries will be displayed in the table on the lower half of this window. 

 

Summary of Contents for DGS-3700-12

Page 1: ...User Manual Product Model DGS 3700 Series Layer 2 Managed Gigabit Ethernet Switch Release 2 00 ...

Page 2: ... the written permission of D Link Corporation is strictly forbidden Trademarks used in this text D Link and the D LINK logo are trademarks of D Link Corporation Microsoft and Windows are registered trademarks of Microsoft Corporation Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products D Link Corporation discla...

Page 3: ...ettings 17 Port Configuration 18 DDM 18 DDM Settings 18 DDM Temperature Threshold Settings 19 DDM Voltage Threshold Settings 19 DDM Bias Current Threshold Settings 20 DDM Tx Power Threshold Settings 21 DDM Rx Power Threshold Settings 21 DDM Status Table 22 Port Settings 22 Port Description Settings 24 Port Error Disabled 24 Jumbo Frame Settings 25 Serial Port Settings 25 Warning Temperature Settin...

Page 4: ...to v1 6 43 Single IP Settings 43 Topology 44 Tool Tips 47 Right Click 47 Group Icon 48 Commander Switch Icon 49 Member Switch Icon 49 Candidate Switch Icon 49 Menu Bar 50 File 50 Group 50 Device 50 View 50 Help 50 SNMP Settings 51 Traps 51 MIBs 52 SNMP Global Settings 52 SNMP Traps Settings 52 SNMP Linkchange Traps Settings 52 SNMP View Table Settings 53 SNMP Community Table Settings 54 SNMP Group...

Page 5: ...8 802 1v Protocol VLAN 72 802 1v Protocol Group Settings 72 802 1v Protocol VLAN Settings 72 GVRP 73 GVRP Global Settings 74 GVRP Port Settings 74 MAC based VLAN Settings 75 PVID Auto Assign Settings 76 Subnet VLAN 76 Subnet VLAN Settings 76 VLAN Precedence Settings 77 VLAN Counter Settings 78 Voice VLAN 79 Voice VLAN Global Settings 79 Voice VLAN Port Settings 80 Voice VLAN OUI Settings 80 Voice ...

Page 6: ...s 105 IGMP Snooping Static Group Settings 106 IGMP Router Port 106 IGMP Snooping Group 107 IGMP Snooping Forwarding Table 108 IGMP Snooping Counter 108 IGMP Host Table 109 MLD Snooping 110 MLD Control Messages 110 MLD Snooping Settings 110 MLD Snooping Rate Limit Settings 112 MLD Snooping Static Group Settings 113 MLD Router Port 114 MLD Snooping Group 114 MLD Snooping Forwarding Table 115 MLD Sno...

Page 7: ...4 LLDP Dot3 TLVs Settings 135 LLDP Statistics System 136 LLDP Local Port Information 136 LLDP Remote Port Information 139 LLDP MED 139 LLDP MED System Settings 139 LLDP MEP Port Settings 140 LLDP MED Local Port Information 141 LLDP MED Remote Port Information 141 L3 Features 142 IPv4 Static Default Route Settings 142 IPv4 Route Table 144 IPv6 Static Default Route Settings 144 IPv6 Route Table 145 ...

Page 8: ...ess Control 196 Authentication Server 196 Authenticator 197 Client 198 Authentication Process 198 Understanding 802 1X Port based and Host based Network Access Control 199 Port Based Network Access Control 199 Host Based Network Access Control 200 802 1X Global Settings 200 802 1X Port Settings 201 802 1X User Settings 202 Guest VLAN Settings 203 Limitations Using the Guest VLAN 203 RADIUS 204 Aut...

Page 9: ...Mode 224 Compound Authentication Settings 224 Compound Authentication Guest VLAN Settings 225 Port Security 226 Port Security Settings 226 Port Security VLAN Settings 227 Port Security Entries 227 BPDU Attack Protection Settings 228 Loopback Detection Settings 229 Traffic Segmentation Settings 230 NetBIOS Filtering Settings 230 DHCP Server Screening 231 DHCP Server Screening Port Settings 231 DHCP...

Page 10: ... Settings 254 DHCP Relay Option 61 Default Settings 254 DHCP Server 255 DHCP Server Global Settings 255 DHCP Server Exclude Address Settings 257 DHCP Server Pool Settings 257 DHCP Server Manual Binding 259 DHCP Server Dynamic Binding 259 DHCP Conflict IP 260 DHCP Local Relay Settings 260 DHCPv6 Relay 260 DHCPv6 Relay Global Settings 260 DHCPv6 Relay Settings 261 DNS 262 DNS Relay 262 DNS Relay Glo...

Page 11: ...84 UMB_cast RX 285 Transmitted TX 287 Errors 289 Received RX 289 Transmitted TX 291 Packet Size 293 VLAN Counter Statistics 294 Historical Counter Utilization 295 Historical Counter 295 Historical Utilization 296 Mirror 296 Port Mirror 296 RSPAN Settings 297 sFlow 298 sFlow Global Settings 298 sFlow Analyzer Server Settings 298 sFlow Flow Sampler Settings 299 sFlow Counter Poller Settings 300 Ping...

Page 12: ...net User Manual 10 Configuration File Backup Restore 305 Upload Log File 306 Reset 306 Download Firmware 307 Reboot System 307 Mitigating ARP Spoofing Attacks Using Packet Content ACL 308 System Log Entries 316 Glossary 327 Password Recovery Procedure 329 ...

Page 13: ...Boldface Typewriter Font Indicates commands and responses to prompts that must be typed exactly as printed in the manual Initial capital letter Indicates a window name Names of keys on the keyboard have initial capitals For example Click Enter Italics Indicates a window name or a field Also can indicate a variables or parameter that is replaced with an appropriate word or string For example type f...

Page 14: ...ferent ways to access the same internal switching software and configure it Thus all settings encountered in Web based management are the same as those found in the console program Login to Web Manager To begin managing the Switch simply run the browser you have installed on your computer and point it to the IP address you have defined for the device The URL in the address bar should read somethin...

Page 15: ...der or window to be displayed The folder icons can be opened to display the hyper linked window buttons and subfolders contained within them Area 2 Presents a graphical near real time image of the front panel of the Switch This area displays the Switch s ports and expansion modules showing port activity duplex mode or flow control depending on the specified mode Click the D Link logo in the upper ...

Page 16: ...col Tunneling Settings Spanning Tree Link Aggregation FDB L2 Multicast Control ERPS Settings Local Loopback Port Settings and LLDP L3 Features IPv4 Static Default Route Settings IPv4 Route Table IPv6 Static Default Route Settings IPv6 Route Table and IP Forwarding Table QoS 802 1p Settings Bandwidth Control Traffic Control Settings DSCP HOL Blocking Prevention Sceduling Settings Management Packet ...

Page 17: ...ndow click the DGS 3700 12 DGS 3700 12G Web Management Tool folder This window shows the Switch s MAC Address assigned by the factory and unchangeable the Boot PROM Version Firmware Version Hardware Version and Serial Number as well as other information about different settings on the Switch This information is helpful to keep track of PROM and firmware updates and to obtain the Switch s MAC addre...

Page 18: ...tem Name Enter a system name for the Switch if so desired This name will identify it in the Switch network System Location Enter the location of the Switch if so desired System Contact Enter a contact name for the Switch if so desired Click Apply to implement changes made Dual Configuration Settings The following window is used to configure firmware information set in the Switch The DGS 3700 Serie...

Page 19: ...lete Click the Delete button under this heading to delete this configuration file from the Switch s memory Firmware Information Settings The following window allows the user to view information about current firmware images stored on the Switch To view this window click System Configuration Firmware Information Settings as shown below Figure 2 4 Firmware Information window This window holds the fo...

Page 20: ... Port Configuration This section contains information for configuring various attributes and properties for individual physical ports including port speed and flow control DDM This folder contains windows that perform Digital Diagnostic Monitoring functions on the Switch There are windows that allow the user to view the digital diagnostic monitoring status of SFP modules inserting to the Switch an...

Page 21: ...ds can be configured Parameter Description From Port To Port Specifies a port or range of ports to be configured High Alarm This is the highest threshold for the alarm When the operating parameter rises above this value action associated with the alarm will be taken Low Alarm This is the lowest threshold for the alarm When the operating parameter falls below this value action associated with the a...

Page 22: ...to implement changes made DDM Bias Current Threshold Settings This table is used to configure the threshold of the bias current for specific ports on the Switch To view this window click System Configuration Port Configuration DDM DDM Bias Current Threshold Settings as shown below Figure 2 8 DDM Bias Current Threshold Settings window The following fields can be configured Parameter Description Fro...

Page 23: ...will be taken Low Alarm This is the lowest threshold for the alarm When the operating parameter falls below this value action associated with the alarm will be taken High Warning This is the highest threshold for the warning When the operating parameter rises above this value action associated with the warning will be taken Low Warning This is the lowest threshold for the warning When the operatin...

Page 24: ...r the warning When the operating parameter falls below this value action associated with the warning will be taken Click Apply to implement changes made DDM Status Table This window displays the current operating digital diagnostic monitoring parameters and their values on the SFP module for specified ports To view this window click System Configuration Port Configuration DDM DDM Status Table as s...

Page 25: ... other than Auto The Switch allows the user to configure two types of gigabit connections 1000M Full_M and 1000M Full_S Gigabit connections only support full duplex connections and take on certain characteristics that are different from the other choices listed The 1000M Full_M master and 1000M Full_S slave parameters refer to connections running a 1000BASE T cable for connection between the Switc...

Page 26: ...r may assign names to various ports on the Switch Use the From Port To Port pull down menu to choose a port or range of ports to describe and then enter a description of the port s Click Apply to set the descriptions in the Port Description Table The Medium Type applies only to the Combo ports If configuring the Combo ports this defines the type of tranport medium used SFP ports should be nominate...

Page 27: ... as shown below Figure 2 15 Jumbo Frame window Click Apply to implement changes made Serial Port Settings The following window contains information about the Serial Port Settings including the Baud Rate and the Auto Logout settings To view this window click System Configuration Serial Port Settings as shown below Figure 2 16 Serial Port Settings window The fields that can be configured are describ...

Page 28: ...perature exceeds the threshold traps will be sent and the event will be logged if these options are enabled Low Threshold 500 500 Set the temperature lower threshold in degrees Celsius If system temperature drops below the threshold traps will be sent and the event will be logged if these options are enabled Click Apply to implement changes made System Log Configuration This section contains infor...

Page 29: ...Log Trigger This method will save log files to the Switch every time a log event occurs on the Switch Minutes 1 65535 Enter a time interval in minutes for which you would like a log entry to be made To add a new entry enter the appropriate information and click Apply System Log Server Settings The Switch can send Syslog messages to up to four designated servers using the System Log Server To view ...

Page 30: ...er subsystem network news subsystem UUCP subsystem clock daemon security authorization messages FTP daemon 12 13 14 15 16 17 18 19 20 21 22 23 NTP subsystem log audit log alert clock daemon local use 0 local0 local use 1 local1 local use 2 local2 local use 3 local3 local use 4 local4 local use 5 local5 local use 6 local6 local use 7 local7 Status Choose Enabled or Disabled to activate or deactivat...

Page 31: ...r alerts The current settings are displayed in the bottom half of the window To view this window click System Configuration System Log Configuration System Severity Settings as shown below Figure 2 21 System Severity Settings window Use the drop down menus to configure the parameters described below Parameter Description System Severity Choose how the alerts are used from the drop down menu Select...

Page 32: ...he 24 hour time system End Time Use this parameter to identify the ending time of the time range in hours minutes and seconds based on the 24 hour time system Weekdays Use the check boxes to select the corresponding days of the week that this time range is to be enabled Tick the Select All Days check box to configure this time range for every day of the week Click Apply to implement changes made C...

Page 33: ... users can be authenticated through either the local authentication method of the Switch or through the Access Authentication Control feature discussed later in this document Once the user has logged in to the Switch in the Operator level certain security screens and windows will not be made available to view or to configure Only Admin level users have access to these features Table 2 1 below summ...

Page 34: ...Control feature discussed later in this document Once the user has logged in to the Switch in the Operator level certain security screens and windows will not be made available to view or to configure Only Admin level users have access to these features There are three levels of user privileges Admin Operator and User Some menu selections available to users with Admin privileges may not be availab...

Page 35: ...P information for specific devices Static entries can be defined in the ARP Table When static entries are defined a permanent entry is entered and is used to translate IP address to MAC addresses To view this window click Management ARP Static ARP Settings as shown below Figure 3 1 Static ARP Settings window The following fields can be set Parameter Description ARP Aging Time 0 65535 The user may ...

Page 36: ...e ARP Table window IPv6 Neighbor Settings This window allows the user to create and configure IPv6 Neighbor settings on the Switch The Switch s current IPv6 neighbor settings will be displayed in the table at the bottom of this window To view this window click Management IPv6 Neighbor Settings as shown below Figure 3 3 IPv6 Neighbor Settings window The following parameters can be configured Parame...

Page 37: ...en changed read the introduction of the DGS 3700 Series CLI Manual for more information To view this window click Management IP Interface System IP Address Settings as shown below Figure 3 4 System IP Address Settings window The upper part of the window allows users to manually assign the Switch s IP address subnet mask and default gateway address 1 Select Static at the top of the screen 2 Enter t...

Page 38: ...P Interface that is currently being used on the Switch Management VLAN Name This allows the entry of a VLAN Name from which a management station will be allowed to manage the Switch using TCP IP in band via web manager or Telnet Management stations that are on VLANs other than the one entered here will not be able to manage the Switch in band unless their IP addresses are entered in the Security I...

Page 39: ...e the x s represents the corresponding number of subnets in CIDR notation The IP interface named System on the Switch can be assigned an IP address and subnet mask which can then be used to connect a management station to the Switch s Telnet or Web based management agent The system message Success indicated that the command was executed successfully The Switch can now be configured and managed via...

Page 40: ...nd a Default Gateway for the Switch These fields should be of the form xxx xxx xxx xxx where each xxx is a number represented in decimal form between 0 and 255 This address should be a unique address on the network assigned for use by the network administrator DHCP The Switch will send out a DHCP broadcast request when it is powered up The DHCP protocol allows IP addresses network masks and defaul...

Page 41: ... window Click Apply to allow changes to take effect To view this window click Management IP Interface Interface Settings IPv6 Edit as shown below Figure 3 7 IPv6 Interface Settings Edit IPv6 window To configure IPv6 interface settings enter an IPv6 Address and click Apply The new entry will appear in the table at the bottom of the window After making the desired changes click the Apply button The ...

Page 42: ...ame and be configured to deliver this information in the data field of the DHCP reply packet The TFTP server must be running and have the requested configuration file in its base directory when the request is received from the Switch Consult the DHCP server and TFTP server software instructions for information on loading a configuration file If the Switch is unable to complete the autoconfiguratio...

Page 43: ...ets will be dropped To view this window click Management Out of Band Management Settings as shown below Figure 3 9 Out of Band Management Settings window The following parameters may be configured Parameter Description IP Address Enter the IP address of the interface Subnet Mask Enter the Subnet mask of the interface Gateway Enter the default gateway of the out of band management networks Status A...

Page 44: ...ows intermediate devices that do not support SIM This enables the user to manage switches that are more than one hop away from the CS The SIM group is a group of switches that are managed as a single entity SIM switches may take on three different roles 1 Commander Switch CS This is a switch that has been manually configured as the controlling device for a group and takes on the following characte...

Page 45: ...powered down if it has become the member of another group or if it has been configured to be a Commander Switch the rediscovery process cannot occur 3 This version will support multiple switch upload and downloads for firmware configuration files and log files as follows Firmware The switch now supports multiple MS firmware downloads from a TFTP server Configuration Files This switch now supports ...

Page 46: ...rval 30 90 The user may set the discovery protocol interval in seconds that the Switch will send out discovery packets Returning information to a Commander Switch will include information about other switches connected to it Ex MS CaS The user may set the Discovery Interval from 30 to 90 seconds Hold Time Count 100 255 This parameter may be set for the time in seconds the Switch will hold informat...

Page 47: ...tify it Remote Port Displays the number of the physical port on the CS that the MS or CaS is connected to The CS will have no entry in this field Speed Displays the connection speed between the CS and the MS or CaS Local Port Displays the number of the physical port on the MS or CaS that the CS is connected to The CS will have no entry in this field MAC Address Displays the MAC address of the corr...

Page 48: ... the Single IP Management Group are connected to other groups and devices Possible icons in this screen are as follows Icon Description Group Layer 2 commander switch Layer 3 commander switch Commander switch of other group Layer 2 member switch Layer 3 member switch Member switch of other group Layer 2 candidate switch Layer 3 candidate switch ...

Page 49: ...display the same information about a specific device as the Tree view does See the window below for an example Figure 3 15 Device Information Utilizing the Tool Tip Setting the mouse cursor over a line between two devices will display the connection speed between the two devices as shown below Figure 3 16 Port Speed Utilizing the Tool Tip Right Click Right clicking on a device will allow the user ...

Page 50: ...switch that was right clicked MAC Address Displays the MAC Address of the corresponding Switch Local Port No Displays the number of the physical port on the MS or CaS that the CS is connected to The CS will have no entry in this field Remote Port No Displays the number of the physical port on the CS that the MS or CaS is connected to The CS will have no entry in this field Port Speed Displays the ...

Page 51: ...r icon The following options may appear for the user to configure Remove from group Remove a member from a group Configure Launch the web management to configure the Switch Property To pop up a window to display the device information Candidate Switch Icon Figure 3 21 Right Clicking a Candidate icon The following options may appear for the user to configure Add to group Add a candidate to a group ...

Page 52: ... Will set display properties such as polling interval and the views to open at SIM startup Group Add to group Add a candidate to a group Clicking this option will reveal the following dialog for the user to enter a password for authentication from the Candidate Switch before being added to the SIM group Click OK to enter the password or Cancel to exit the window Figure 3 24 Input password window R...

Page 53: ...Switch SNMP must use the same community string SNMP packets from any station that has not been authenticated are ignored dropped The default community strings for the Switch used for SNMP v 1 and v 2 management access are public Allows authorized management stations to retrieve MIB objects private Allows authorized management stations to retrieve and modify MIB objects SNMPv3 uses a more sophistic...

Page 54: ...s 1 2c and 3 The administrator can specify the SNMP version used to monitor and control the Switch The three versions of SNMP vary in the level of security provided between the management station and the network device SNMP settings are configured using the windows located on the SNMP V3 folder of the web manager Workstations on the network that are allowed SNMP privileged access to the Switch can...

Page 55: ...P View Table Settings window The following parameters can be set Parameter Description View Name Type an alphanumeric string of up to 32 characters This is used to identify the new SNMP view being created Subtree OID Type the Object Identifier OID Subtree for the view The OID identifies an object tree MIB tree that will be included or excluded from access by an SNMP manager View Type Select Includ...

Page 56: ... Parameter Description Community Name Type an alphanumeric string of up to 32 characters that is used to identify members of an SNMP community This string is used like a password to give remote SNMP managers access to MIB objects in the Switch s SNMP agent View Name Type an alphanumeric string of up to 32 characters that is used to identify the group of MIB objects that a remote SNMP manager is al...

Page 57: ...work management strategies It includes improvements in the Structure of Management Information SMI and adds some security features SNMPv3 Specifies that the SNMP version 3 will be used SNMPv3 provides secure access to devices through a combination of authentication and encrypting packets over the network Security Level The Security Level settings only apply to SNMPv3 NoAuthNoPriv Specifies that th...

Page 58: ...tes that SNMP version 3 is in use SNMP V3 Encryption None Indicates that there is no SNMP V3 Encryption Password Indicates that there is SNMP V3 Encryption through a password Key Indicates that there is SNMP V3 Encryption through a key Auth Protocol by Password MD5 Indicates that the HMAC MD5 96 authentication level will be used SHA Indicates that the HMAC SHA authentication protocol will be used ...

Page 59: ... the Switch User based Security Model SNMPv1 Specifies that SNMP version 1 will be used SNMPV2c Specifies that SNMP version 2 will be used SNMPV3 To specify that the SNMP version 3 will be used Security Level NoAuthNoPriv To specify a NoAuthNoPriv security level AuthNoPriv To specify an AuthNoPriv security level AuthPriv To specify an AuthPriv security level Community String SNMP V3 User Name Type...

Page 60: ...ith during transit Authentication determines if an SNMP message is from a valid source Encryption scrambles the contents of messages to prevent it being viewed by an unauthorized source Security Level When SNMPv3 is in use it is necessary to choose the security level Use the drop down menu to select from the following noauth_nopriv Specifies that there will be no authorization and no encryption of...

Page 61: ...well known TCP port for the Telnet protocol is 23 To view this window click Management Telnet Settings as shown below Figure 3 37 Telnet Settings window Web Settings Web based management is enabled by default If you choose to disable this by selecting Disabled you will lose the ability to configure the system through the Web interface as soon as these settings are applied To view this window click...

Page 62: ...a and 7 assigned to the highest The highest priority tag 7 is generally only used for data associated with video or audio applications which are sensitive to even slight delays or for data from specified end users whose data transmissions warrant special consideration The Switch allows you to further tailor how priority tagged data packets are handled on your network Using queues to manage priorit...

Page 63: ...ed IEEE 802 1Q VLANs Some relevant terms Tagging The act of putting 802 1Q VLAN information into the header of a packet Untagging The act of stripping 802 1Q VLAN information out of the packet header Ingress port A port on a switch where packets are flowing into the Switch and VLAN decisions must be made Egress port A port on a switch where packets are flowing out of the Switch either to another s...

Page 64: ...r priority are used by 802 1p The VID is the VLAN identifier and is used by the 802 1Q standard Because the VID is 12 bits long 4094 unique VLANs can be identified The tag is inserted into the packet header making the entire packet longer by 4 octets All of the information originally contained in the packet is retained The main characteristics of IEEE 802 1Q are as follows Assigns packets to VLANs...

Page 65: ...E Q Tag The EtherType and VLAN ID are inserted after the MAC source address but before the original EtherType Length or Logical Link Control Because the packet is now a bit longer than it was originally the Cyclic Redundancy Check CRC must be recalculated Figure 4 3 Adding an IEEE Q Tag ...

Page 66: ...ch has memory in its VLAN table to store them Because some devices on a network may be tag unaware a decision must be made at each port on a tag aware device before packets are transmitted should the packets to be transmitted have a tag or not If the transmitting port is connected to a tag unaware device the packet should be untagged If the transmitting port is connected to a tag aware device the ...

Page 67: ...of switch ports Thus all devices connected to a port are members of the VLAN s the port belongs to whether there is a single computer directly connected to a switch or an entire department On port based VLANs NICs do not need to be able to identify 802 1Q tags in packet headers NICs send and receive normal Ethernet packets If the packet s destination lies on the same segment communications take pl...

Page 68: ...te L2 Virtual Private Networks and also create transparent LANs for their customers which will connect two or more customer LAN points without over complicating configurations on the client s side Not only will over complication be avoided but also now the administrator has over 4000 VLANs in which over 4000 VLANs can be placed therefore greatly expanding the VLAN network and enabling greater supp...

Page 69: ...ons for Double VLANs Some rules and regulations apply with the implementation of the Double VLAN procedure 1 All ports must be configured for the SPVID and its corresponding TPID on the Service Provider s edge switch 2 All ports must be configured as Access Ports or Uplink ports Access ports can only be Ethernet ports while Uplink ports must be Gigabit ports 3 Provider Edge switches must allow fra...

Page 70: ...Settings window To create a new 802 1Q VLAN entry or edit an existing one click the Add Edit VLAN tab at the top of the 802 1Q VLAN Settings window A new window will appear as shown below to configure the port settings and to assign a unique name and number to the new VLAN See the table below for a description of the parameters in the new window NOTE After all IP interfaces are set for your config...

Page 71: ...indow click the VLAN List tab at the top of the window To change an existing 802 1Q VLAN entry click the corresponding Edit button A new window will appear to configure the port settings and to assign a unique name and number to the new VLAN See the table below for a description of the parameters in the new window NOTE The Switch supports up to 4k static VLAN entries ...

Page 72: ...e Switch to send out GVRP packets to outside sources notifying that they may join the existing VLAN Port Settings Allows an individual port to be specified as member of a VLAN Tagged Specifies the port as 802 1Q tagged Checking the box will designate the port as tagged Untagged Specifies the port as 802 1Q untagged Checking the box will designate the port as untagged Forbidden Select this to speci...

Page 73: ...ch Settings tab Parameter Description VID List e g 2 5 Enter a VLAN ID List that can be added deleted or configured Advertisement Enabling this function will allow the Switch to send out GVRP packets to outside sources notifying that they may join the existing VLAN Port List e g 1 5 Allows an individual port list to be added or deleted as a member of the VLAN Tagged Specifies the port as 802 1Q ta...

Page 74: ...iously created groups To view this window click L2 Features VLAN 802 1v Protocol VLAN 802 1v Protocol Group Settings as shown below Figure 4 10 802 1v Protocol Group Settings window The following fields can be set Parameter Description Group ID Select an ID number for the group between 1 and 16 Group Name This is used to identify the new Protocol VLAN group Type an alphanumeric string of up to 32 ...

Page 75: ...ity are forwarded to the CoS queue specified previously by the user Click the corresponding box if you want to set the 802 1p default priority of a packet to the value entered in the Priority 0 7 field which meets the criteria specified previously in this command before forwarding it on to the specified CoS queue Otherwise a packet will have its incoming 802 1p user priority re written to its orig...

Page 76: ... from a host and the Switch issuing a group membership query The default is 600 The Leave Time must be greater than 2 join times Leave All Time 100 100000 The time in milliseconds that specifies the amount of time the Switch will take to Leave All groups The default is 10000 The Leave All Time must be greater than the Leave Time NNI BPDU Address This specifies the GVRP s pdu MAC address of the NNI...

Page 77: ...e port will compare the VID of the incoming packet to its PVID If the two are unequal the port will drop the packet If the two are equal the port will receive the packet Ingress Check This field can be toggled using the space bar between Enabled and Disabled Enabled enables the port to check if the ingress port is a member port of the VLAN that the VID of an incoming packet indicates If it is not ...

Page 78: ...st When a user removes a port from the untagged membership of the PVID s VLAN the port s PVID will be assigned to a default VLAN When PVID Auto Assign is Disabled PVID can only be changed by PVID configuration user changes explicitly The VLAN configuration will not automatically change the PVID The default setting is Enabled To view this window click L2 Features VLAN PVID Auto Assign Settings as s...

Page 79: ...ion and click Add to create a new entry To search for a particular entry enter the appropriate information and click Find To remove an entry click Delete To view all entries on the Switch click Show All To remove all entries click Delete All VLAN Precedence Settings The VLAN precedence settings are used to configure VLAN classification precedence on each port You can specify the order of MAC based...

Page 80: ...t VLAN Specifies that the subnet VLAN classification is given precedence over the MAC based VLAN classification Click Apply to implement changes made VLAN Counter Settings The VLAN Counter Settings table is used to create the control entry for VLAN traffic flow statistsics The user can create control entries to count statistics for specific VLANs or to count statistics for specific ports on specif...

Page 81: ...f an IP phone call will be deteriorated if the data is unevenly sent the quality of service QoS for voice traffic shall be configured to ensure the transmission priority of voice packet is higher than normal traffic The switches determine whether a received packet is a voice packet by checking its source MAC address If the source MAC addresses of packets comply with the organizationally unique ide...

Page 82: ...Configure the state of the port Enabled or Disabled Mode Configure the mode of the port Auto If the mode is Auto the port may become the voice VLAN member port by auto learning If the MAC address of the received packet matches the configured OUI the port will be learned as dynamic member port The dynamic membership will be removed via the aging out mechanism manual If the mode is set to Manual the...

Page 83: ...evice This window is used to display voice devices that are connected to the ports The start time is the time when the device is detected on this port the activate time is the latest time saw the device sending the traffic To view this window click L2 Features VLAN Voice VLAN Voice VLAN Device as shown below Figure 4 22 Voice VLAN Device window Browse VLAN This window allows the VLAN status for ea...

Page 84: ...rry traffic from multiple users across a network Q in Q is used to maintain customer specific VLAN and Layer 2 protocol configurations even when the same VLAN ID is being used by different customers This is achieved by inserting SPVLAN tags into the customer s frames when they enter the service provider s network and then removing the tags when the frames leave the network Customers of a service p...

Page 85: ...nd a specified network will occur NNI To select a network to network interface specifies that communication between two specified networks will occur Missdrop Use the drop down menu to enable or disable missdrop If missdrop is enabled the packet that does not match any assignment rule in the Q in Q profile will be dropped If disabled then the packet will be assigned to the PVID of the receiving po...

Page 86: ...a priority for the VLAN ranging from 0 7 With 7 having the highest priority Click Apply to make a new entry and Delete All to remove a VLAN Translation entry Q in Q and VLAN Translation Rules For ingress untagged packets at UNI ports The switch does not reference the VLAN translation table Check switch VLAN tables The sequence mac based VLAN subnet based VLAN protocl based VLAN port based VLAN If ...

Page 87: ...llows multiple VLANs to be mapped to a single spanning tree instance which will provide multiple pathways across the network Therefore these MSTP configurations will balance the traffic load preventing wide scale disruptions when a single spanning tree instance fails This will allow for faster convergences of new topologies for the failed instance Frames designated for these VLANs will be processe...

Page 88: ...ings configured for STP are also used for RSTP This section introduces some new Spanning Tree concepts and illustrates the main differences between the two protocols Port Transition States An essential difference between the three protocols is in the way ports transition to a forwarding state and in the way this transition relates to the role of the port forwarding or not forwarding in the topolog...

Page 89: ...ility MSTP or RSTP can interoperate with legacy equipment and is capable of automatically adjusting BPDU packets to 802 1D format when necessary However any segment using 802 1D STP will not benefit from the rapid transition and rapid topology change detection of MSTP or RSTP The protocol also provides for a variable used for migration in the event that legacy equipment on a segment is updated to ...

Page 90: ...een 6 and 40 seconds The default value is 20 Bridge Hello Time 1 2 Sec The Hello Time can be set from 1 to 2 seconds This is the interval between two transmissions of BPDU packets sent by the Root Bridge to tell all other switches that it is indeed the Root Bridge The default is 15 Bridge Forward Delay 4 30 Sec The Forward Delay can be from 4 to 30 seconds Any port on the Switch spends this time i...

Page 91: ... connection to the network for the group Redundant links will be blocked just as redundant links are blocked on the switch level The STP on the switch level blocks redundant links between switches and similar network devices The port level STP will block redundant links within an STP Group It is advisable to define an STP Group to correspond to a VLAN group of ports The following fields can be set...

Page 92: ...oint P2P shared link P2P ports are similar to edge ports however they are restricted in that a P2P port must operate in full duplex Like edge ports P2P ports transition to a forwarding state rapidly thus benefiting from RSTP A p2p value of false indicates that the port cannot have p2p status Auto allows the port to have p2p status whenever possible and operate as if the p2p status were true If the...

Page 93: ...this field will show the MAC address to the device running MSTP This field can be set in the STP Bridge Global Set tings window Revision Level 0 65535 This value along with the Configuration Name will identify the MSTP region configured on the Switch The user may choose a value between 0 and 65535 with a default setting of 0 MSTI ID This field shows the MSTI IDs currently set on the Switch This fi...

Page 94: ...ime To view this window click L2 Features Spanning Tree STP Instance Settings as shown below Figure 4 31 STP Instance Settings window The following information can be set Parameter Description MSTI ID Displays the MSTI ID of the instance being modified An entry of 0 in this field denotes the CIST default MSTI Priority Enter the new priority in the Priority field The user may set a priority value b...

Page 95: ...s shown below Figure 4 33 MSTP Port Information window The following parameters can be viewed or set Parameter Description Port Use the drop down menu to select a port Instance ID Displays the MSTI ID of the instance being configured The range is from 0 to 15 An entry of 0 in this field denotes the CIST default MSTI Internal Path cost 1 200000000 This parameter is set to represent the relative cos...

Page 96: ...d Figure 4 34 Example of Port Trunk Group The Switch treats all ports in a trunk group as a single port Data transmitted to a specific host destination address will always be transmitted over the same port in a trunk group This allows packets in a data stream to arrive in the same order they were sent NOTE If any ports within the trunk group become disconnected packets intended for the disconnecte...

Page 97: ...the calculation of port cost and in determining the state of the link aggregation group If two redundant link aggregation groups are configured on the Switch STP will block one entire group in the same way STP will block a single port that has a redundant link To view this window click L2 Features Link Aggreagation Port Trunking as shown below Figure 4 35 Port Trunking Settings window The followin...

Page 98: ... the selected port Activity Active Active LACP ports are capable of processing and sending LACP control frames This allows LACP compliant devices to negotiate the aggregated link so the group may be changed dynamically as needs require In order to utilize the ability to change an aggregated port group that is to add or subtract ports from the group at least one of the participating devices must de...

Page 99: ...dd an entry to the Static Unicast Forwarding Table define the following parameters To delete an entry in the Static Unicast Forwarding Table click the corresponding Delete button The fields that can be configured are described below Parameter Description VLAN Name The VLAN Name of the VLAN on which the associated unicast MAC address resides MAC Address The MAC address to which packets will be stat...

Page 100: ...esponding MAC address belongs to Multicast MAC Address The static destination MAC address of the multicast packets This must be a multicast MAC address Port Allows the selection of ports that will be members of the static multicast group and ports that are either forbidden from joining dynamically or that can join the multicast group dynamically using GMRP The options are None No restrictions on t...

Page 101: ... window The fields that can be configured are described below Parameter Description State Enable or disable MAC notification globally on the Switch Interval The time in seconds between notifications Value range to use is 1 to 2147483647 History Size The maximum number of entries listed in the history log used for notification Up to 500 entries can be specified From Port Select a beginning port to ...

Page 102: ... configured are described below Parameter Description MAC Address Aging Time 10 1000000 This field specifies the length of time a learned MAC Address will remain in the forwarding table without being accessed that is how long a learned MAC Address is allowed to remain idle To change this option type in a different value representing the MAC address age out time in seconds The MAC Address Aging Tim...

Page 103: ...eter Description Port The port to which the MAC address below corresponds VLAN Name Enter a VLAN Name for the forwarding table to be browsed by MAC Address Enter a MAC address for the forwarding table to be browsed by Security Tick this check box to enable the security function This displays the FDB entries that are created by the security module Find Allows the user to move to a sector of the dat...

Page 104: ...r Find by IP Address Click the View All Entries button to display all the ARP and FDB table entries To view this window click L2 Features FDB ARP FDB Table as shown below Figure 4 42 ARP and FDB Table window The fields that can be configured are described below Parameter Description Port Select the port number to use for this configuration MAC Address Enter the MAC address to use for this configur...

Page 105: ...h can open or close a port to a specific multicast group member based on IGMP messages sent from the device to the IGMP host or vice versa The Switch monitors IGMP messages and discontinues forwarding multicast packets when there are no longer hosts requesting that they continue IGMP Snooping Settings Use this window to enable or disable IGMP Snooping on the Switch To modify the settings click the...

Page 106: ...riven learning group will expire for the specified VLAN Querier State Choose Enabled to enable transmitting IGMP Query packets or Disabled to disable The default is Disabled Fast Leave This parameter allows the user to enable the Fast Leave function Enabled this function will allow members of a multicast group to leave the group immediately without the implementation of the Last Member Query Timer...

Page 107: ...dow click L2 Features L2 Multicast Control IGMP Snooping IGMP Snooping Rate Limit Settings as shown below Figure 4 46 IGMP Snooping Rate Limit Settings window The following parameters can be configured Parameter Description Port List Specifies a port or range of ports that will be configured VLAN List Specifies a VLAN or range of VLANs that will be configured Rate Limit 1 1000 Configures the rate ...

Page 108: ...atic group information Click Apply to implement changes made To search for an entry enter the appropriate information and click Find to remove and entry enter the appropriate information and click Delete IGMP Router Port Users can display which of the Switch s ports are currently configured as router ports A router port configured by a user using the console or Web based management interfaces is d...

Page 109: ...t or Port List Click the appropriate radio button fill in the corresponding field in the top left hand corner and then click Find The fields that can be configured are described below Parameter Description VLAN Name The VLAN Name of the multicast group VID List The VID List of the multicast group Port List The ports of the multicast group Group IPv4 Address Enter the IPv4 address Data Driven Tick ...

Page 110: ...n VLAN Name The VLAN Name of the multicast group VID List The VID List of the multicast group Click Apply to implement changes made IGMP Snooping Counter This window allows users to configure the IGMP snooping counter To view this window click L2 Features L2 Multicast Control IGMP Snooping IGMP Snooping Counter as shown below Figure 4 51 IGMP Snooping Counter window The fields that can be configur...

Page 111: ...t Control IGMP Snooping IGMP Host Table as shown below Figure 4 52 IGMP Host Table window The fields that can be configured are described below Parameter Description VLAN Name The VLAN Name of the multicast group VID List The VID List of the multicast group Port List The Port List of the multicast group Group Address The Group Address of the multicast group Click Apply to implement changes made ...

Page 112: ... ask if any link is requesting multicast data There are two types of MLD query messages emitted by the router The General Query is used to advertise all multicast addresses that are ready to send multicast data to all listening ports and the Multicast Specific query which advertises a specific multicast address that is ready These two types of messages are distinguished by a multicast destination ...

Page 113: ...s interval Last Listener Query Interval 1 25 sec Specifies the maximum amount of time between group specific query messages including those sent in response to leave group messages Enter a value between 1 and 25 The default is 1 second Data Driven Group Expiry Time 1 65535 Specifies the data driven group expiry in seconds The user may specify a time between 1 and 65535 with a default setting of 26...

Page 114: ...w this window click L2 Features L2 Multicast Control MLD Snooping MLD Snooping Rate Limit Settings as shown below Figure 4 56 MLD Snooping Rate Limit Settings window The following parameters may be viewed or modified Parameter Description Port List Specifies a port or range ports to configure or display VLAN List Specifies a VLAN or range of VLANs to configure or display Rate Limit Specifies the r...

Page 115: ...MLD Snooping Static Group Settings window The following parameters may be viewed or modified Parameter Description VLAN Name Specifies the name of the VLAN for which to configure the MLD snooping static group information VID List Specifies the list of the VLAN IDs for which to configure the MLD snooping static group information IPv6 Address Specifies the static group IPv6 address for which to conf...

Page 116: ...MLD Router Port as shown below Figure 4 59 MLD Router Port window Enter a VID VLAN ID in the field at the top of the window and click the Find button NOTE The abbreviations used on this page are Static Router Port S Dynamic Router Port D and Forbidden Router Port F MLD Snooping Group Users can view MLD Snooping Groups present on the Switch MLD Snooping is an IPv6 function comparable to IGMP Snoopi...

Page 117: ...e fields that can be configured are described below Parameter Description VLAN Name Enter the VLAN Name of the multicast group VID List Click the radio button and enter the VID List of the multicast group Click Apply to implement changes made MLD Snooping Counter This window allows users to configure the IGMP snooping counter To view this window click L2 Features L2 Multicast Control MLD Snooping ...

Page 118: ...e VID List of the host information to be displayed Port List The port range of the host information to be displayed Group Address The group IPv6 address of the host information to be displayed Multicast VLAN The Multicast VLAN section includes IGMP Multicast Group Profile Settings IGMP Snooping Multicast VLAN Settings MLD Multicast Group Profile Settings and MLD Snooping Multicast VLAN Settings IG...

Page 119: ...effect IGMP Multicast VLAN Forward Unmatched Enable or disable IGMP multicast VLAN forward unmatched Click Apply to let the change take effect VLAN Name This is the VLAN Name that along with the VLAN ID identifies the VLAN the user wishes to modify the IGMP Snooping Settings for VID 2 4094 This is the VLAN ID that along with the VLAN Name identifies the VLAN the user wishes to modify the IGMP Snoo...

Page 120: ...Ports Tick the desired tagged member ports or click either Select All or Clear All Untagged Source ports Tick the desired untagged source ports or click either Select All or Clear All Tagged Source Ports Tick the desired tagged source ports or click either Select All or Clear All Click Apply to implement changes made MLD Multicast Group Profile Settings This window allows the user to create MLD mu...

Page 121: ...e the change MLD Multicast VLAN Forward Unmatched Choose Enabled to enable or Disabled to disable forwarding of unmatched packets that is packets that do not match a valid destination address of the MLD VLAN This is disabled by default Click the Apply button to make the change VLAN Name This is the VLAN Name that along with the VLAN ID identifies the MLD VLAN being added VID 2 4094 This is the VLA...

Page 122: ... tagged source ports or click either Select All or Clear All Click Apply to implement changes made Multicast Filtering The Multicast Filtering section includes IPv4 Multicast Filtering and IPv6 Multicast Filtering IPv4 Multicast Filtering The IPv4 Multicast Filtering section includes IPv4 Multicast Profile Settings IPv4 Limited Multicast Range Settings and IPv4 Max Multicast Group Settings IPv4 Mu...

Page 123: ...ngs click the hyperlinked Group List Figure 4 74 IP Multicast Address Group List Settings window Enter the multicast Address List starting with the lowest in the range and then click Add To return to the IPv4 Multicast Profile Settings window click the Back button IPv4 Limited Multicast Range Settings This window enables the user to configure the ports or VLANs on the switch that will be involved ...

Page 124: ... enter the information and click Apply To search for an entry click Find IPv6 Multicast Filtering The IPv6 Multicast Filtering section includes IPv6 Multicast Profile Settings IPv6 Limited Multicast Range Settings and IPv6 Max Multicast Group Settings IPv6 Multicast Profile Settings This window allows the user to add a profile to which multicast IPv6 address es reports are to be received on specif...

Page 125: ... Group List Settings click the hyperlinked Group List Figure 4 79 Multicast Address Group List Settings window Enter the multicast Address List starting with the lowest in the range and click Add To return to the IPv6 Multicast Profile Settings window click the Back button IPv6 Limited Multicast Range Settings This window enables the user to configure the ports or VLANs on the switch that will be ...

Page 126: ...or VID or enter a group of consecutively numbered ports or VIDS in the format n n 1 for a group of sequentially numbered ports or VIDs Enter or select the parameters in the menus that follow and click Apply to create the group Max Group 1 1024 Set a value for the maximum number of IPv6 multicast groups allowed to be learned Note This is only configurable if the option Infinite is NOT ticked By def...

Page 127: ...e Apply button to apply the filter settings Multicast Filtering Mode This drop down menu instructs the Switch what action to take when it receives a multicast packet that requires forwarding to a port Forward All Groups This will instruct the Switch to forward all multicast packets regardless of whether or not the destination is an unregistered multicast group residing within the range of ports sp...

Page 128: ...g Protection Link The link designated by ERPS mechanism that is blocked during the Idle state to prevent loops on a Bridged ring RPL Owner The node connected to RPL that blocks traffic on RPL during the Idle state and unblocks during the Protected state R APS Ring Automatic Protection Switching Protocol messages defined in Y 1731 and G 8032 used to coordinate the protection actions over the ring t...

Page 129: ...L Owner status Ring MEL Protected VLAN Hold Off Timer Guard Time and WTR Time can be modified in the ERPS Settings Edit window If CFM Connectivity Fault Management and ERPS are used at the same time the R APS PDU is one of a suite of Ethernet OAM PDU The behavior for forwarding of R APS PDU should follow the Ethernet OAM If the MEL of R APS PDU is not higher than the level of the MEP maintenance e...

Page 130: ...n the ring are functioning If there is a link failure on the ring however the RPL port is unblocked by the RPL Owner node in order to allow an alternate path around the ring RPL Owner Tick the check box and toggle between Enabled and Disabled to enable or disable the device as an RPL owner node This node blocks or unblocks the RPL as required by network conditions An Ethernet Ring Automatic Protec...

Page 131: ...on of ERPS due to an intermittent signal failure defect Click Apply to implement changes made ERPS Sub Ring Settings To view and modify ERPS Sub Ring settings click the corresponding Sub Ring Information link on the table at the bottom of the ERPS Settings window Figure 4 85 ERPS Sub Ring Settings window The following parameters may be configured Parameter Description Sub Ring R APS VLAN 1 4094 En...

Page 132: ... loopback is performed while the Internal or External represents the local loopback mode State Select Enable to start internal loopback test for external loopback set port s to external loopback mode Select Disable to stop internal loopback test for external loopback recover port s from external loopback mode Click Apply to implement changes LLDP The Link Layer Discovery Protocol LLDP allows stati...

Page 133: ...eighbors To change the packet transmission interval enter a value in seconds 5 to 32768 Message TX Hold Multiplier 2 10 This function calculates the Time to Live for creating and transmitting the LLDP advertisements to LLDP neighbors by changing the multiplier used by an LLDP Switch When the Time to Live for an advertisement expires the advertised data is then deleted from the neighbor Switch s MI...

Page 134: ...ill include new available information information timeout and information updates The changing type includes any data update insert remove The default is Disabled Admin Status This function controls the local LLDP agent and allows it to send and receive LLDP frames on the ports This option contains TX RX TX and RX or Disabled TX The local LLDP agent can only transmit LLDP frames RX The local LLDP ...

Page 135: ...in the search LLDP Basic TLVs Settings This window is used to enable the settings for the Basic TLVs Settings An active LLDP port on the Switch always includes mandatory data in its outbound advertisements There are four optional data types that can be configured for an individual port or group of ports to exclude one or more of these data types from outbound LLDP advertisements The mandatory data...

Page 136: ... set Parameter Description From Port To Port Use the pull down menu to select a range of ports to be configured Dot1 TLV PVID Use the drop down menu to enable or disable the advertised PVID This TLV optional data type determines whether the IEEE 802 1 organizationally defined port VLAN TLV transmission is allowed on a given LLDP transmission capable port Dot1 TLV Protocol VLAN Use the drop down me...

Page 137: ...w Figure 4 92 LLDP Dot3 TLVs Settings window The following parameters can be set Parameter Description From Port To Port Use the drop down menu to select a range of ports to be configured MAC PHY Configuration Status This TLV optional data type indicates that the LLDP agent should transmit MAC PHY configuration status TLV This indicates it is possible for two ends of an IEEE 802 3 link to be confi...

Page 138: ... this window click L2 Features LLDP LLDP LLDP Statistics System as shown below Figure 4 93 LLDP Statistics System window LLDP Local Port Information This window displays the information on a per port basis currently available for populating outbound LLDP advertisements in the local port brief table shown below To view this window click L2 Features LLDP LLDP LLDP Local Port Information as shown bel...

Page 139: ...ed Show Detail for the category to be viewed The detail display examples are listed below Management Address Count Figure 4 96 LLDP Local Port Information Management Address Count Detail display To return to the LLDP Local Port Information window click the Back button PPVID Entries Figure 4 97 LLDP Local Port Information PPVID Entries Detail display To return to the LLDP Local Port Information win...

Page 140: ...e LLDP Local Port Information window click the Back button MAC PHY Configuration Status Figure 4 100 LLDP Local Port Information MAC PHY Configuration StatusDetail display To return to the LLDP Local Port Information window click the Back button Link Aggregation Figure 4 101 LLDP Local Port Information Link Aggregation Detail display To return to the LLDP Local Port Information window click the Ba...

Page 141: ... port and then click Show Normal which will display the following window Figure 4 103 LLDP Remote Port Information Show Normal window LLDP MED LLDP MED System Settings On this window the user can configure the fast start repeat count To view this window click L2 Features LLDP LLDP MED LLDP MED System Settings as shown below Figure 4 104 LLDP MED System Settings window The following parameters can ...

Page 142: ... MED LLDP MED Port Settings as shown below Figure 4 105 LLDP MED Port Settings window The following parameters can be set Parameter Description From Port To Port Specify a range of ports to be configured NTCS Enable or disable the notification topology change status State Enable or disable TLVs Capabilities This TLV type indicates that LLDP agent should transmit LLDP MED capabilities TLV If a user...

Page 143: ... shown below Figure 4 106 LLDP MED Local Port Information window LLDP MED Remote Port Information On this window the LLDP MEP Remote Port Information will be displayed To view this window click L2 Features LLDP LLDP MED LLDP MED Remote Port Information as shown below Figure 4 107 LLDP MED Remote Port Information window Click the Show Normal button to view the normal layout of the Remote Port Infor...

Page 144: ...e route is considered as a backup static route for when the primary static route is down If the primary route is lost the backup route will uplink and its status will become Active Entries into the Switch s forwarding table can be made using both an IP address subnet mask and a gateway To view this window click L3 Features IPv4 Static Default Route Settings as shown below Figure 5 1 IPv4 Static De...

Page 145: ...DGS 3700 12 DGS 3700 12G Series Layer 2 Gigabit Ethernet User Manual 143 Click Apply to implement changes made ...

Page 146: ... be configured are described below Parameter Description IPv6 Address Prefix Length The IPv6 address and corresponding Prefix Length of the IPv6 static route entry To use the default route for this configuration tick the Default option Interface Name The IP Interface where the static IPv6 route is created Nexthop Address The corresponding IPv6 address for the next hop Gateway address in IPv6 forma...

Page 147: ...atic IPv6 entries configured To view this window click L3 Features IPv6 Route Table as shown below Figure 5 4 IPv6 Route Table window IP Forwarding Table On this window the user can view the current IPv4 forwarding table To view this window click L3 Features IP Forwarding Table as shown below Figure 5 5 IP Forwarding Table window ...

Page 148: ...DGS 3700 12 DGS 3700 12G Series Layer 2 Gigabit Ethernet User Manual 146 ...

Page 149: ...n implementation of the IEEE 802 1p standard that allows network administrators a method of reserving bandwidth for important functions that require a large bandwidth or have a high priority such as VoIP voice over Internet Protocol web browsing applications file server applications or video conferencing Not only can a larger bandwidth be created but other less critical traffic can be limited so e...

Page 150: ...For example let s say a user wishes to have a videoconference between two remotely set computers The administrator can add priority tags to the video packets being sent out utilizing the Access Profile commands Then on the receiving end the administrator instructs the Switch to examine packets for this tag acquires the tagged packets and maps them to a class queue on the Switch Then in turn the ad...

Page 151: ...the higher priority queues are transmitted first Multiple strict priority queues empty based on their priority tags Only when these queues are empty are packets of lower priority transmitted For weighted round robin queuing the number of packets sent from each priority queue depends upon the assigned weight For a configuration of 8 CoS queues A H with their respective weight value 8 1 When each qu...

Page 152: ...efault Priority Settings as shown below Figure 6 2 802 1p Default Priority Settings window This window allows you to assign a default 802 1p priority to any given port on the Switch Priority values are numbered from 0 the lowest priority to 7 the highest priority Click Apply to implement your settings The following parameters can be set or are displayed Parameter Description From Port To Port A co...

Page 153: ... the Switch you can then assign this Class to each of the eight levels of 802 1p priorities Click Apply to set your changes The following parameters can be set or are displayed Parameter Description From Port To Port A consecutive group of ports may be configured starting with the selected port Priority The 802 1p user priority to associate with the class_id 0 7 the number of the hardware queue wi...

Page 154: ...lick QoS 802 1p Settings 802 1p Map Settings as shown below Figure 6 4 802 1p Map Settings window The following parameters may be set Parameter Description From Port To Port Select a consecutive group of ports to be configured Priority List 0 7 Enter a source priority of incoming packets Color Specify the color Red Yellow or Green Click Apply to implement changes ...

Page 155: ...om Port To Port A consecutive group of ports may be configured starting with the selected port Type This drop down menu allows you to select among RX receive TX transmit and Both This setting will determine whether the bandwidth ceiling is applied to receiving transmitting or both receiving and transmitting packets No Limit This drop down menu allows you to select Enabled or Disabled to specify wh...

Page 156: ...e A consecutive group of queues may be configured starting with the selected queue Min Rate 64 1024000 The minimum rate is a limitation When it is specified packet transmitted from the queue will not go below the specified limitation even though the bandwidth is available The value must be between 64 and 1024000 in Kbits per second Tick the No Limit check box if there will be no lower limit on the...

Page 157: ...has counters for these two types of packets Once a storm has been detected that is once the packet threshold set below has been exceeded the Switch will shutdown the port to all incoming traffic with the exception of STP BPDU packets for a time period specified using the CountDown field If the packet storm discontinues before the Countdown timer expires the port will again allow all incoming traff...

Page 158: ...lementations The possible time settings for this field are 0 3 30 minutes 0 is disable forever state port will not enter shutdown forever mode Time Interval 5 600 The Interval will set the time between Multicast and Broadcast packet counts sent from the Switch s chip to the Traffic Control function These packet counts are the determining factor in deciding when incoming packets exceed the Threshol...

Page 159: ...ill still be forwarding BPDUs to the Switch s CPU NOTE Ports that are in Shutdown Forever mode will be seen as link down in all windows and screens until the user recovers these ports DSCP The DSCP section includes DSCP Trust Settings and DSCP Map Settings DSCP Trust Settings This window is used to enable DSCP Trust Settings on the Switch To view this window click QoS DSCP DSCP Trust Settings as s...

Page 160: ...e a DSCP Map Choose between DSCP Priority DSCP DSCP and DSCP Color DSCP List 0 63 This field allows the user to enter a DSCP value in the space provided which will instruct the Switch to examine the DiffServ Code part of each packet header The user may choose a value between 0 and 63 Priority The switch will map the DSCP List to the Priority specified When the DSCP Trust is enabled per port Click ...

Page 161: ...Port To Port Enter the port or port list you wish to configure Class ID Select the Class ID from 0 to 7 to configure for the QoS parameters Scheduling Mechanism Strict The highest class of service is the first to process traffic That is the highest class of service will finish before other queues empty Weight Use the weighted round robin WRR algorithm to handle packets in an even distribution in p...

Page 162: ...ow Figure 6 12 QoS Scheduling Mechanism window The following parameters can be configured Parameter Description From Port To Port Enter the port or port list you wish to configure Scheduling Mechanism Strict The highest class of service is the first to process traffic That is the highest class of service will finish before other queues empty Weighted Round Robin Use the weighted round robin WRR al...

Page 163: ...oactively drop or mark frames before congestion becomes excessive The goal is to detect the onset of persistent congestion and take proactive action so that TCP sources contributing to the congestion back off gracefully insuring good network utilization while minimizing frame loss This proactive approach starts discarding specific colored packets before the packet buffer becomes full If this queue...

Page 164: ...ll not be dropped even it reach the threshold Threshold Low 0 100 Threshold Low refers to the drop red packets it might also include yellow packets Threshold High 0 100 Threshold High refers to the drop yellow or green packets depending on the drop mode Drop Rate Low There are eight drop rates as shown below the user may determine the drop rate for the expected packet Configure Value Drop rate for...

Page 165: ...12 access profiles The rules used to define the access profiles are limited to a total of 1536 rules for the Switch ACL Configuration Wizard The ACL Configuration Wizard will aid with the creation of access profiles and ACL rules The wizard will create the access rule and profile automatically To view this window click ACL ACL Configuration Wizard as shown below Figure 7 1 ACL Configuration Wizard...

Page 166: ...the user can choose among Ports VLAN Name or VLAN ID and enter the appropriate information Click Apply to implement changes made Access Profile List Creating an access profile is divided into two basic parts The first is to specify which part or parts of a frame the Switch will examine such as the MAC source address or the IP destination address The second part is entering the criteria the Switch ...

Page 167: ...Layer 2 Gigabit Ethernet User Manual 165 Figure 7 3 Add ACL Profile window If creating an Ethernet ACL enter the Profile ID and Profile Name and click Select The following window will appear Figure 7 4 Add ACL Profile window Ethernet ...

Page 168: ...rame s header Select IPv6 to instruct the Switch to examine the IPv6 address in each frame s header Select Packet Content Mask to specify a mask to check the content of the packet header 802 1Q VLAN Selecting this option instructs the Switch to examine the VLAN identifier of each packet header and use this as the full or partial criterion for VLAN Mask 0 FFF 802 1p Selecting this option instructs ...

Page 169: ...rule click the Add Rule button on the Access Rule List window above The following window opens Figure 7 8 Add Access Rule window Ethernet To set the Access Rule for Ethernet adjust the following parameters and click Apply Parameter Description Access ID 1 128 Type in a unique identifier number for this access This value can be set from 1 to 128 Auto Assign Ticking this check box will instruct the ...

Page 170: ...teria specified previously in this command before forwarding it on to the specified CoS queue Otherwise a packet will have its incoming 802 1p user priority re written to its original value before being forwarded by the Switch Replace DSCP 0 63 Select this option to instruct the Switch to replace the DSCP value in a packet that meets the selected criteria with the value entered in the adjacent fie...

Page 171: ...click Create To return to the Access Profile List window click Back The following parameters can be set for IPv4 Parameter Description VLAN Selecting this option instructs the Switch to examine the VLAN part of each packet header and use this as the or part of the criterion for forwarding VLAN Mask 0 FFF Selecting this option and entering a VLAN mask instructs the Switch to examine the VLAN mask p...

Page 172: ... which flag bits to filter Flag bits are parts of a packet that determine what to do with the packet The user may filter packets by filtering certain flag bits within the packets by checking the boxes corresponding to the flag bits of the TCP field The user may choose between urg urgent ack acknowledgement psh push rst reset syn synchronize fin finish src port mask Specify a TCP port mask for the ...

Page 173: ...click Show All Profiles To add a rule to a previously configured entry click on the corresponding Add View Rules on the Access Profile List window Next click on Add Rule of the Access Rule List window This will reveal the following window Figure 7 14 Add Access Rule window IPv4 The following parameters may be configured for the IPv4 filter Parameter Description Access ID 1 128 Type in a unique ide...

Page 174: ... DSCP value in a packet that meets the selected criteria with the value entered in the adjacent field Replace ToS Precedence Select this option to instruct the Switch to replace the Type of Service as part of the packet header VLAN Mask Allows the entry of a name for a previously configured VLAN VLAN ID Allows the entry of a VLAN ID for a previously configured VLAN DSCP Selecting this option instr...

Page 175: ...The following parameters can be set for IPv6 Parameter Description IPv6 Class Ticking this check box will instruct the Switch to examine the class field of the IPv6 header This class field is a part of the packet header that is similar to the Type of Service ToS or Precedence bits field in IPv4 IPv6 Flow Label Ticking this check box will instruct the Switch to examine the flow label field of the I...

Page 176: ... the Access Profile List window shown below To add another Access Profile click Add ACL Profile To delete a profile click the corresponding Delete button To view the specific configurations for an entry click the Show Details button To add a rule to the Access Profile entry click the Add View Rules button Figure 7 18 Access Profile List window IPv6 To view the configurations for previously configu...

Page 177: ... the 802 1p default priority of a packet to the value entered in the Priority field which meets the criteria specified previously in this command before forwarding it on to the specified CoS queue Otherwise a packet will have its incoming 802 1p user priority re written to its original value before being forwarded by the Switch Replace Priority Enter a replace priority manually if you want to re w...

Page 178: ...ect on one port or a range of ports VLAN Name Specifies the access rule will take effect on the VLAN Name specified VLAN ID Specifies the access rule will take effect on the VLAN ID specified Click Apply to display the following Access Rule List window Figure 7 21 Access Rule List window IPv6 To view the configurations for previously configured rules click on the corresponding Show Details button ...

Page 179: ... can be configured A chunk mask presents four bytes Four offset_chunks can be selected from a possible 32 predefined offset_chunks as described below offset_chunk_1 offset_chunk_2 offset_chunk_3 offset_chunk_4 chunk0 chunk1 chunk2 chunk29 chunk30 chunk31 B126 B127 B0 B1 B2 B3 B4 B5 B6 B7 B8 B9 B114 B115 B116 B117 B118 B119 B120 B121 B122 B123 B124 B125 Example offset_chunk_1 0 0xffffffff will matc...

Page 180: ...ew the specific configurations for an entry click the Show Details button To add a rule to the Access Profile entry click the Add View Rules button Figure 7 24 Access Profile List window Packet Content To view configurations for previously configured entries click on the corresponding Show Details button which will display the following window Figure 7 25 Access Profile Detail Information window P...

Page 181: ...e 802 1p default priority of a packet to the value entered in the Priority field which meets the criteria specified previously in this command before forwarding it on to the specified CoS queue Otherwise a packet will have its incoming 802 1p user priority re written to its original value before being forwarded by the Switch Replace DSCP Select this option to instruct the Switch to replace the DSC...

Page 182: ...es CPU Interface filtering This added feature increases the running security of the Switch by enabling the user to create a list of access rules for packets destined for the Switch s CPU interface Employed similarly to the Access Profile feature previously mentioned CPU interface filtering examines Ethernet IP and Packet Content Mask packet headers destined for the CPU and will either forward them...

Page 183: ...ddress based profile configuration and Packet Content Mask The window shown below is the Add CPU ACL Profile window for Ethernet Figure 7 30 Add CPU ACL Profile window Ethernet Parameter Description Profile ID This value can be set from 1 to 5 Select ACL Type Select profile based on Ethernet MAC Address IPv4 address IPv6 address or packet content mask This will change the window according to the r...

Page 184: ...e value in each frame s header Click Create to set this entry in the Switch s memory To view the settings of a previously correctly created profile click the corresponding Show Details button on the CPU Access Profile List window The following window opens Figure 7 31 CPU Access Profile Detail Information window Ethernet The window shown below is the Add CPU ACL Profile window for IPv4 Figure 7 32...

Page 185: ...field in each frame s header Select Type to further specify that the access profile will apply an IGMP type value Select TCP to use the TCP port number contained in an incoming packet as the forwarding criterion Selecting TCP requires a source port mask and or a destination port mask is to be specified The user may also identify which flag bits to filter Flag bits are parts of a packet that determ...

Page 186: ... Switch to examine the layer 2 part of each packet header Select IPv4 to instruct the Switch to examine the IPv4 address in each frame s header Select IPv6 to instruct the Switch to examine the IPv6 address in each frame s header Select Packet Content Mask to specify a mask to check the content of the packet header IPv6 Class Ticking this check box will instruct the Switch to examine the class fie...

Page 187: ...itch s memory To view the settings of a previously correctly created profile click the corresponding Show Details button on the CPU Access Profile List window The following window opens Figure 7 35 CPU Access Profile Detail Information window IPv6 The window shown below is the Add CPU ACL Profile window for Packet Content Figure 7 36 Add CPU ACL Profile window Packet Content The following paramete...

Page 188: ...e packet from byte 16 to byte 31 32 47 Enter a value in hex form to mask the packet from byte 32 to byte 47 48 63 Enter a value in hex form to mask the packet from byte 48 to byte 63 64 79 Enter a value in hex form to mask the packet from byte 64 to byte 79 Click Create to set this entry in the Switch s memory To view the settings of a previously correctly created profile click the corresponding S...

Page 189: ... to be filtered Ethernet Type 0 FFFF Selecting this option instructs the Switch to examine the Ethernet type value in each frame s header Time Range Name Tick the check box and enter the name of the Time Range settings that has been previously configured in the Time Range Settings window This will set specific times when this access rule will be implemented on the Switch Ports Specifies the access...

Page 190: ...ction Select Permit to specify that the packets that match the access profile are forwarded by the Switch according to any additional rule added see below Select Deny to specify the packets that match the access profile to be filtered DSCP Selecting this option instructs the Switch to examine the DiffServ Code part of each packet header Enter a value between 0 and 63 Time Range Name Tick the check...

Page 191: ...following window Figure 7 44 CPU Access Rule List window IPv6 To remove a previously created rule click the corresponding Delete Rules button To add a new Access Rule click the Add Rule button Figure 7 45 Add CPU Access Rule window IPv6 To set the Access Rule for IPv6 adjust the following parameters and click Apply Parameter Description Access ID 1 100 Enter a unique identifier number for this acc...

Page 192: ...ed in the Time Range Settings window This will set specific times when this access rule will be implemented on the Switch Ports Specifies the access rule can take effect on one port or a range of ports To view the settings of a previously correctly configured rule click the corresponding Show Details button on the CPU Access Rule List window to view the following window Figure 7 46 CPU Access Rule...

Page 193: ...er a value in hex form to mask the packet from the beginning of the packet to the 15th byte Offset 16 31 Enter a value in hex form to mask the packet from byte 16 to byte 31 Offset 32 47 Enter a value in hex form to mask the packet from byte 32 to byte 47 Offset 48 63 Enter a value in hex form to mask the packet from byte 48 to byte 63 Offset 64 79 Enter a value in hex form to mask the packet from...

Page 194: ...s create an ACL rule to filter packets a metering rule can be created to associate with this ACL rule to limit traffic The step of bandwidth is 64kbps Due to limited metering rules not all ACL rules can associate with a metering rule To view this window click ACL ACL Flow Meter as shown below Figure 7 51 ACL Flow Meter window The following fields may be configured Parameter Description Profile ID ...

Page 195: ...nter a value to limit size of packet bursts The range for rate limit value is 1 to 16384 Kbps The default value is 4 Kbyte The parameter is optional Rate Exceeded Choose an action to take if the defined rate is exceeded The options are to Drop Packet or Remark DSCP requires entry of a DSCP value between 0 and 63 trTCM Two Rate Three Color Marker marks packets green yellow or red based on two rates...

Page 196: ...yte The maximum value is 16 1024 The range is 0 to 16384 Action Conform Specifies the action when the packet is in green color mode Replace DSCP Allows you to change the dscp of the packet Counter Allows you to set the counter of the packet Exceed Specifies the action when the packet is in yellow color mode Permit Permits the packet Replace DSCP Allows you to change the DSCP of the packet Counter ...

Page 197: ...Binding MPB MAC based Access Control Web based Access Control WAC Compound Authentication Port Security BPDU Attack Protection Loopback Detection Settings Traffic Segmentation NetBIOS Filtering Settings DHCP Server Screening Access Authentication Control SSL Settings SSH Trusted Host Settings Safeguard Engine Settings ...

Page 198: ...il authorization is granted The 802 1X Access Control method holds three roles each of which are vital to creating and maintaining a stable and working Access Control security method Figure 8 2 The three roles of 802 1X The following section will explain the three roles of Client Authenticator and Authentication Server in greater detail Authentication Server The Authentication Server is a remote d...

Page 199: ...ed to pass through the Authenticator before access is granted to the Client The second purpose of the Authenticator is to verify the information gathered from the Client with the Authentication Server and to then relay that information back to the Client Three steps must be implemented on the Switch to properly configure the Authenticator 1 The 802 1X State must be Enabled Security 802 1X 802 1X G...

Page 200: ... authentication is made This port is locked until the point when a Client with the correct username and password and MAC address if 802 1X is enabled by MAC address is granted access and therefore successfully unlocks the port Once unlocked normal traffic is allowed to pass through the port The following figure displays a more detailed explanation of how the authentication process is completed bet...

Page 201: ...te of the Port and initiate the process of authenticating the attached device if the Port is unauthorized This is the Port Based Network Access Control Port Based Network Access Control Figure 8 7 Example of Typical Port Based Configuration Once the connected device has successfully been authenticated the Port then becomes Authorized and all subsequent traffic on the Port is not subject to access ...

Page 202: ...g it to the shared media segment as consisting of a number of distinct logical Ports each logical Port being independently controlled from the point of view of EAPOL exchanges and authorization state The Switch learns each attached devices individual MAC addresses and effectively creates a logical Port that the attached device can then use to communicate with the LAN via the Switch 802 1X Global S...

Page 203: ...Specify the maximum number of users that can be authenticated via 802 1X authentication RADIUS Authentication Choose Enabled to enable RADIUS Authentication or Disabled to disable RADIUS authentication Click Apply to implement your configuration changes 802 1X Port Settings This window is used to configure the 802 1X Port Settings To view this window click Security 802 1X 802 1X Port Settings as s...

Page 204: ...e Switch cannot provide authentication services to the client through the interface If Auto is selected it will enable 802 1X and cause the port to begin in the unauthorized state allowing only EAPOL frames to be sent and received through the port The authentication process begins when the link state of the port transitions from down to up or when an EAPOL start frame is received The Switch then r...

Page 205: ...itch Upon initial entry to the Switch the client wishing services on the Switch will need to be authenticated by a remote RADIUS Server or local authentication on the Switch to be placed in a fully operational VLAN If authenticated and the authenticator processes the VLAN placement information that client will be accepted into the fully operational target VLAN and normal switch functions will be o...

Page 206: ...e and associated ports will be listed in the lower part of the window NOTE For more information and configuration examples for the 802 1X Guest VLAN function please refer to the Guest VLAN Configuration Example located on the D Link website RADIUS The RADIUS section includes Authentication RADIUS Server Settings RADIUS Accounting Settings RADIUS Authentication and RADIUS Account Client Authenticat...

Page 207: ...itch The following is a list of information that will be sent to the RADIUS server when an event triggers the Switch to send these informational packets Account Session ID Account Status Type Account Terminate Cause Account Authentication Account Delay Time Account Session Time Username Service Type NAS IP Address NAS Identifier Calling Station ID There are three types of Accounting that can be en...

Page 208: ...ddresses The number of RADIUS Access Response packets received from unknown addresses Identifier The NAS Identifier of the RADIUS authentication client This is not necessarily the same as sysName in MIB II ServerIndex The identification number assigned to each RADIUS Authentication server that the client shares a secret with AuthServerAddress The conceptual table listing the RADIUS authentication ...

Page 209: ...llenge a timeout or retransmission Timeouts The number of authentication timeouts to this server After a timeout the client may retry to the same server send to a different server or give up A retry to the same server is counted as a retransmit as well as a timeout A send to a different server is counted as a Request as well as a timeout UnknownTypes The number of RADIUS packets of unknown type wh...

Page 210: ...g timeouts to this server After a timeout it may retry to the same server send to a different server or give up A retry to the same server is counted as a retransmit as well as a timeout A send to a different server is counted as an Accounting Request as well as a timeout UnknownTypes The number of RADIUS packets of unknown type which were received from this server on the accounting port PacketsDr...

Page 211: ... the Switch log when an ARP packet is received that doesn t match the IP MAC binding configuration set on the Switch DHCP Snoop IPv4 Use the pull down menu to enable or disable DHCP snooping for IPv4 IP MAC Binding DHCP Snoop IPv6 Use the pull down menu to enable or disable the DHCP snooping for IPv6 IP MAC Binding ND Snoop Choose to enable or disable Neighbor Discovery Snooping for IPv6 ARP Inspe...

Page 212: ...urce MAC address is blocked by the software The port will check ARP packets and IP broadcast packets by IP MAC port binding entries When the packet is found by the entry the MAC address will be set to dynamic state If the packet is not found by the entry the MAC address will be set to block Other packets will be bypassed IPv6 State Use the pull down menu to enable or disable these ports for IP MAC...

Page 213: ...e only the ACL mode entries will be active ACL Choosing this entry will allow only packets from the source IP MAC binding entry created here All other packets with a different IP address will be discarded by the Switch This mode can only be used if the ACL Mode has been enabled in the IMP Global Settings window as seen previously Stop Learning Threshold Specifies the maximum number of IP MAC Port ...

Page 214: ... MAC Block List window DHCP Snooping The DHCP Snooping section includes DHCP Snooping Maximum Entry Settings and DHCP Snooping Entry DHCP Snooping Maximum Entry Settings This window is used to configure DHCP snooping maximum entry settings To view this window click Security IP MAC Port Binding DHCP Snooping DHCP Snooping Maximum Entry Settings as shown below Figure 8 22 DHCP Snooping Maximum Entry...

Page 215: ...s or tick the All check box Tick IPv4 or IPv6 To find a DHCP snooping port select the port or ports in the top half of the window and click Find To clear the fields click Clear To display all the DHCP snooping entries click View All ND Snoop The ND Snoop section includes ND Snoop Maximum Entry Settings and ND Snoop Entry ND Snoop Maximum Entry Settings This window is used to configure ND snooping ...

Page 216: ...ost based MAC the method determines the MAC access rights A MAC user must be authenticated before being granted access to a network Both local authentication and remote RADIUS server authentication methods are supported In MAC based Access Control MAC user information in a local database or a RADIUS server database is searched for authentication Following the authentication result users achieve di...

Page 217: ...or set Parameter Description MAC based Access Control Global Settings MAC based Access Control State Click the radio buttons to globally enable or disable the MAC based Access Control function on the Switch Method Use the pull down menu to choose the type of authentication to be used when authentication MAC addresses on a given port The user may choose between the following methods Local Use this ...

Page 218: ... the MAC based Access Control function on individual ports Mode Select Port based or Host based mode Aging Time 1 1440 The time period during which an authenticated host will be kept in an authenticated state When the aging time is timed out the host will be moved back to an unauthenticated state The range is between 1 and 1440 minutes The default is 1440 Alternatively tick the Infinite check box ...

Page 219: ...corresponding Edit button To delete a MAC address entry enter its parameters into the appropriate fields and click Delete By MAC to delete MAC addresses of the same VLAN enter its parameters into the appropriate fields and click Delete By VLAN To search for a MAC or a VLAN enter the information in the appropriate fields and click Find By MAC or Find By VLAN MAC based Access Control Authentication ...

Page 220: ...f the Switch to make the communication possible The host PC and other servers IP configurations do not depend on the virtual IP of WAC The virtual IP does not respond to any ICMP packets or ARP requests which means it is not allowed to configure a virtual IP on the same subnet as the Switch s IPIF IP interface or the same subnet as the host PCs subnet As all packets to a virtual IP from authentica...

Page 221: ...HTTP packets such as the Access Profile function The user needs to be very careful when setting filter functions for the target VLAN so that these HTTP packets are not denied by the Switch 2 If a RADIUS server is to be used for authentication the user must first establish a RADIUS Server with the appropriate parameters including the target VLAN before enabling Web Authentication on the Switch ...

Page 222: ...s window Security Web based Access Control WAC WAC User Settings seen below RADIUS Choose this parameter to use a remote RADIUS server as the authenticating method for users trying to access the network via the switch This RADIUS server must have already been pre assigned by the administrator using the Authentic RADIUS Server window Security 802 1X Authentic RADIUS Server Redirection Path Enter th...

Page 223: ...94 Click the button and enter a VID in this field Password Enter the password the administrator has chosen for the selected user This field is case sensitive and must be a complete alphanumeric string This field is for administrators who have selected Local as their Web based authenticator Confirmation Retype the password entered in the previous field Click Apply to implement changes made WAC Port...

Page 224: ...ed if it fails to pass authentication Enter a value between 0 and 300 seconds The default value is 60 seconds Click Apply to implement changes made WAC Authentication State This window is used to configure the Switch for Web Authentication Settings To view this window click Security Web based Access Control WAC WAC Authentication State as shown below Figure 8 33 WAC Authentication State window The...

Page 225: ...always be denied authentication NOTE A successful authentication should direct the client to the stated web page If the client does not reach this web page yet does not receive a Fail message the client will already be authenticated and therefore should refresh the current browser window or attempt to open a different web page Compound Authentication Modern networks employ many authentication meth...

Page 226: ...If a client fails one of the authentication methods access will be denied Compound Authentication Settings Users can configure Authorization Network State Settings and Compound Authentication methods for a port or ports on the Switch To view this window click Security Compound Authentication Compound Authentication Settings as shown below Figure 8 34 Compound Authentication Settings window The fol...

Page 227: ...be granted access to the network If the user fails the authorization this port will keep trying the next authentication method When Host based is selected users are authenticated individually Click Apply to implement changes Compound Authentication Guest VLAN Settings Users can assign ports to or remove ports from a Guest VLAN To view this window click Security Compound Authentication Compound Aut...

Page 228: ... Security Port Security Port Security Settings as shown below Figure 8 36 Port Security Settings window The following parameters can be set Parameter Description From Port To Port A consecutive group of ports may be configured starting with the selected port Admin State This pull down menu is used to enable or disable Port Security locked MAC address table for the selected ports Lock Address Mode ...

Page 229: ...security entries that can be learned by this VLAN If this parameter is set to 0 no user can get authorization on this VLAN If the setting is smaller than the number of current learned entries on the VLAN the command will be rejected The default value is No Limit Click Apply to implement changes Port Security Entries This window is used to configure port security entries by MAC address port number ...

Page 230: ... setting in determination of BPDU handling That is when a port is configured as BPDU tunnel port for STP it will forward STP BPDU But if the port is BPDU protection enabled Then the port will not forward STP BPDU To view this window click Security BPDU Attack Protection as shown below Figure 8 39 BPDU Protection Settings window The fields that can be configured are described below Parameter Descri...

Page 231: ...or disable this function using the pull down menu To view this window click Security Loopback Detection Settings as shown below Figure 8 40 Loopback Detection Settings window The following parameters can be configured Parameter Description Loopback Detection State Used to Enable or Disable loopback detection The default is Disabled Mode Use the drop down menu to toggle between Port Based and VLAN ...

Page 232: ...check boxes to select which of the ports on the Switch will be able to forward packets These ports will be allowed to receive packets from the port specified above Clicking the Apply button will enter the combination of transmitting port and allowed receiving ports into the Switch s Current Traffic Segmentation Table NetBIOS Filtering Settings NetBIOS is an application programming interface provid...

Page 233: ...l also create other access rules These rules are used to block all DHCP server packets In addition to a permit DHCP entry it will also create one access profile and one access rule entry the first time the DHCP client MAC address is used as the client MAC address The Source IP address is the same as the DHCP server s IP address UDP port number 67 These rules are used to permit the DHCP server pack...

Page 234: ...it Entry Settings This function allows the user not only to restrict all DHCP Server packets but also to receive any specified DHCP server packet by any specified DHCP client it is useful when one or more DHCP servers are present on the network and both provide DHCP services to different distinct groups of clients The first time the DHCP filter is enabled it will create both an access profile entr...

Page 235: ...on a device other than the Switch called an Authentication Server Host and it must include usernames and passwords for authentication When the user is prompted by the Switch to enter usernames and passwords for authentication the Switch contacts the TACACS XTACACS TACACS RADIUS server to verify and the server will respond with one of three messages The server verifies the username and password and...

Page 236: ...t use the Enable Admin window to promote to admin privilege level To view this window click Security Access Authentication Control Enable Admin as shown below Figure 8 45 Enable Admin window Authentication Policy Settings This command will enable an administrator defined authentication policy for users trying to access the Switch When enabled the device will check the Login Method List and choose ...

Page 237: ...ist The user may use the default Method List or other Method List configured by the user See the Login Method Lists window in this section for more information Enable Method List Using the pull down menu configure an application for normal login on the user level utilizing a previously configured method list The user may use the default Method List or other Method List configured by the user See t...

Page 238: ...splayed Figure 8 49 Authentication Server Group Settings Edit window To add an Authentication Server Host to the list enter its IP address in the IP Address field choose the protocol associated with the IP address of the Authentication Server Host and click Add to add this Authentication Server Host to the group NOTE The user must configure Authentication Server Hosts using the Authentication Serv...

Page 239: ...rameters to add an Authentication Server Host Parameter Description IP Address The IP address of the remote server host the user wishes to add Port 1 65535 Enter a number between 1 and 65535 to define the virtual port number of the authentication protocol on a server host The default port number is 49 for TACACS XTACACS TACACS servers and 1813 for RADIUS servers but the user may set a unique port ...

Page 240: ...ilege level the user must use the Enable Admin window to promote his privilege level See the Enable Admin part of this section for more detailed information But when the user logins to the device successfully through RADIUS server or local method three kinds of privilege levels can be assigned to the user and the user cannot use the Enable Admin window to promote to admin privilege level To view t...

Page 241: ...t to the first TACACS host in the server group If no verification is found the Switch will send an authentication request to the second TACACS host in the server group and so on until the list is exhausted At that point the Switch will restart the same sequence with the following protocol listed XTACACS If no authentication takes place using the XTACACS list the Local Enable password set in the Sw...

Page 242: ...e it to a new password New Local Enable Password Enter the new password that you wish to set on the Switch to authenticate users attempting to access Administrator Level privileges on the Switch The user may set a password of up to 15 characters Confirm Local Enable Password Confirm the new password entered above Entering a different password here from the one set in the New Local Enabled field wi...

Page 243: ...g from a third source in a file form called a certificate This function of the Switch cannot be executed without the presence and implementation of the certificate file and can be downloaded to the Switch by utilizing a TFTP server The Switch supports SSLv3 and TLSv1 Other versions of SSL may not be compatible with this Switch and may cause problems upon authentication and transfer of messages fro...

Page 244: ...disable this ciphersuite This field is enabled by default RSA with 3DES EDE CBC SHA This ciphersuite combines the RSA key exchange CBC Block Cipher 3DES_EDE encryption and the SHA Hash Algorithm Use the pull down menu to enable or disable this ciphersuite This field is enabled by default DHE DSS with 3DES EDE CBC SHA This ciphersuite combines the DSA Diffie Hellman key exchange CBC Block Cipher 3D...

Page 245: ...ing a password This password is used to logon to the Switch once a secure communication path has been established using the SSH protocol 2 Configure the User Account to use a specified authorization method to identify users that are allowed to establish SSH connections with the Switch using the SSH User Authentication Lists window There are three choices as to the method SSH will use to authorize ...

Page 246: ...gories of algorithms listed and specific algorithms of each may be enabled or disabled by checking the boxes All algorithms are enabled by default To view this window click Security SSH SSH Authentication Method and Algorithm Settings as shown below Figure 8 56 SSH Authentication Method and Algorithm Settings window The following algorithms may be set Parameter Description SSH Authentication Mode ...

Page 247: ...thentication Code mechanism utilizing the Secure Hash algorithm The default is enabled HMAC MD5 Tick the check box to enable the HMAC Hash for Message Authentication Code mechanism utilizing the MD5 Message Digest encryption algorithm The default is enabled Public Key Algorithm HMAC RSA Tick the check box to enable the HMAC Hash for Message Authentication Code mechanism utilizing the RSA encryptio...

Page 248: ... Enter an alphanumeric string of no more than 32 characters to identify the remote SSH user This parameter is only used in conjunction with the Host Based choice in the Auth Mode field Host IP Enter the corresponding IP address of the SSH user This parameter is only used in conjunction with the Host Based choice in the Auth Mode field Click Apply to implement changes made NOTE To set the SSH User ...

Page 249: ...ch only receives a small amount of ARP or IP broadcast packets for a calculated time interval Every five seconds the Switch will check to see if there are too many packets flooding the Switch If the threshold has been crossed the Switch will do a rate limit and only allow a small amount of ARP and IP broadcast packets for five seconds After another five second checking interval arrives the Switch ...

Page 250: ...e detected at 5 second intervals First stop 5 seconds second stop 10 seconds third stop 20 seconds Once the flooding is no longer detected the wait period for limiting ARP and IP broadcast packets will return to 5 seconds and the process will resume Once in Exhausted mode the packet flow will decrease by half of the level that caused the Switch to enter Exhausted mode After the packet flow has sta...

Page 251: ...ore the Safeguard Engine mechanism is enabled Once the CPU utilization reaches this percentage level the Switch will move into the Exhausted state Falling Threshold Used to configure the acceptable level of CPU utilization as a percentage where the Switch leaves the Exhausted state and returns to normal mode Trap log Use the pull down menu to enable or disable the sending of messages to the device...

Page 252: ...e in seconds that the Switch will wait before forwarding a DHCP REQUEST packet If the value in the seconds field of the packet is less than the relay time threshold the packet will be dropped The range is between 0 and 65 536 seconds with a default value of 0 seconds To view this window click Network Application DHCP DHCP Relay DHCP Relay Global Settings as shown below Figure 9 1 DHCP Relay Global...

Page 253: ...heck the validity of the packet s option 82 field If the switch receives a packet that contains the option 82 field from a DHCP client the switch drops the packet because it is invalid In packets received from DHCP servers the relay agent will drop invalid messages Disabled When the field is toggled to Disabled the relay agent will not check the validity of the packet s option 82 field DHCP Relay ...

Page 254: ..._relay option_82 command configures the DHCP relay agent information option 82 setting of the switch The formats for the circuit ID sub option and the remote ID sub option are as follows NOTE For the circuit ID sub option of a standalone switch the module field is always zero Circuit ID sub option format 1 2 3 4 5 6 7 1 6 0 4 VLAN Module Port 1 byte 1 byte 1 byte 1 byte 2 bytes 1 byte 1 byte 1 Sub...

Page 255: ...e configured per IP Interface Click Apply to implement changes made DHCP Relay Option 60 Server Settings This window allows the user to configure the DHCP Relay Option 60 Default servers When there are no matching servers found for the packet based on option 60 the relay servers will be determined by the default relay server setting Similiarly when there is no match found for the packet the relay ...

Page 256: ...cters Server IP Enter the relay server IP address Match Type Use the drop down menu to select either Exact Match or Partial Match Exact Match The option 60 string in the packet must fully match the specified string Partial Match The option 60 string in the packet only needs to partially match the specified string Click Add to add a new entry To search for a particular entry enter the correct IP Ad...

Page 257: ... IP information that the DHCP client then utilizes and sets on its local configurations The user can configure many DHCP related parameters that it will utilize on its locally attached network to control and limit the IP settings of clients desiring an automatic IP configuration such as the lease time of the allotted IP address the range of IP addresses that will be allowed in its DHCP pool the ab...

Page 258: ...Layer 2 Gigabit Ethernet User Manual 256 server will discard the current IP address and try another IP address Ping Timeout Choose the amount of time the DHCP server must waits before timing out a ping packet The default value is 100 ...

Page 259: ...clude Address Settings as shown below Figure 9 8 DHCP Server Exclude Address Settings window The fields that can be configured are described below Parameter Description Begin Address Enter the starting IP Address End Address Enter the ending IP Address Click Apply to implement changes made DHCP Server Pool Settings To view this window click Network Application DHCP DHCP Server DHCP Server Pool Set...

Page 260: ...xt server information is not specified it will not be provided to the client If this option is input twice for the same pool the second command will overwrite the first command It is allowed to specify the next server but not specify the boot file or specify the boot file but not specify the next server DNS Server Address IP address of DNS server Specifies the IP address of a DNS server that is av...

Page 261: ...HCP DHCP Server DHCP Server Manual Binding as shown below Figure 9 11 DHCP Server Manual Binding window The fields that can be configured are described below Parameter Description Pool Name Enter the DHCP Server Pool name IP Address IP address which will be assigned to specified client Hardware Address Enter the hardware address Type Either Ethernet or IEEE802 can be specified DHCP Server Dynamic ...

Page 262: ...tion of the DHCP local relay for VLAN To view this window click Network Application DHCP DHCP Local Relay Settings as shown below Figure 9 14 DHCP Local Relay Settings window The following parameters may be configured Parameter Description DHCP Local Relay State This is used to enable or disable DHCP Local Relay service on the Switch The default is Disabled VLAN Name Enter a name of the VLAN to be...

Page 263: ...Relay Settings window The following parameters may be configured Parameter Description DHCPv6 Relay State Settings Enter a valid Interface Name choose to enable or disable DHCPv6 relay status for the interfaces and click the Apply button to put the settings into effect To apply to all interfaces optional click the All option box Add DHCPv6 Server Address Enter a valid Interface Name and DHCPv6 Ser...

Page 264: ...o the complete name translation The client makes a query containing the name the type of answer required and a code specifying whether the domain name system should do the entire name translation or simply return the address of the next DNS server if the server receiving the query cannot resolve the name When a DNS server receives a query it checks to see if the name is in its sub domain If it is ...

Page 265: ...Settings To view this window click Network Application DNS DNS Relay DNS Relay Static Settings as shown below Figure 9 18 DNS Relay Static Settings window The fields that can be configured are described below Parameter Description Domain Name Enter the domain name IP Address Enter the DNS Relay IP Address Click Apply to implement changes made SNTP SNTP or Simple Network Time Protocol is used by th...

Page 266: ...Current Time Displays the Current Time Time Source Displays the time source for the system SNTP First Server The IP address of the primary server from which the SNTP information will be taken SNTP Second Server The IP address of the secondary server from which the SNTP information will be taken SNTP Poll Interval In Seconds 30 99999 The interval in seconds between requests for updated SNTP informa...

Page 267: ... will constitute your local DST offset 30 60 90 or 120 minutes Time Zone Offset From GMT In HH MM Use these pull down menus to specify your local time zone s offset from Greenwich Mean Time GMT DST Repeating Settings Using repeating mode will enable DST seasonal time adjustment Repeating mode requires that the DST beginning and ending date be specified using a formula For example specify to begin ...

Page 268: ...stment Annual mode requires that the DST beginning and ending date be specified concisely For example specify to begin DST on April 3 and end DST on October 14 From Month Enter the month DST will start on each year From Day Enter the day of the month DST will start on each year From Time In HH MM Enter the time of day DST will start on each year To Month Enter the month DST will end on each year T...

Page 269: ...been developed in order to meet the new operational management needs created by the application of Ethernet technologies to MANs and WANs Ethernet CFM provides Ethernet network service providers with various benefits such as end to end service level OAM and lower operating expenses all operated on top of a familiar Ethernet platform CFM introduces some new terms and concepts to Ethernet these are ...

Page 270: ... port on which a MIP is configured is blocked by Spanning Tree Protocol the MIP cannot receive CFM messages or relay them toward the bridge relay function side The MIP can however receive and respond to CFM messages from the bridge port CFM messages include Continuity Check Messages CCMs Loopback messages LBMs and Link Trace Messages LTMs CFM uses standard Ethernet frames that can be sourced termi...

Page 271: ...tch in a MA the setting must be auto in order for the MIPs to be created on this device Explicit MIPs can be created on any ports in this MD only if the next existent lower level has a MEP configured on that port and that port is not configured with a MEP of this MD SenderID TLV This is the control transmission of the SenderID TLV None Don t transmit sender ID TLV This is the default value Chassis...

Page 272: ... default value SenderID This is the control transmission of the sender ID TLV This is the control transmission of the sender ID TLV None Don t transmit sender ID TLV This is the default value Chassis Transmit sender ID TLV with chassis ID information Manage Transmit sender ID TLV with manage address information Chassis Manage Transmit sender ID TLV with chassis ID information and manage address in...

Page 273: ...EP Direction This is the MEP direction Inward Inward facing up MEP An Inward facing MEP drops all CFM frames at its level or lower that are received from the Inward side and forwards all CFM frames at a higher level regardless of the origin of the frame Inward or Outward Outward Outward facing down MEP An Outward facing port drops all CFM frames at it level or lower coming from the bridge relay fu...

Page 274: ...M transmission state is enabled Disabled The CCM transmission state is disabled This is the default value Fault Alarm This is the control types of the fault alarms sent by the MEP All All types of fault alarms will be sent MAC Status Only the fault alarms whose priority is equal to or higher than Some Remote MEP MAC Status Error are sent Remote CCM Only the fault alarms whose priority is equal to ...

Page 275: ...ggered before the fault can be re alarmed The unit is in centiseconds The range is 250 to 1000 The default value is 1000 Click Apply to implement changes made To view the CFM Extension AIS Settings window click the Edit AIS button on the CFM MEP Information window The following window opens Figure 10 7 CFM Extension AIS Settings window The fields that can be configured are described below Paramete...

Page 276: ...0 and 7 Click Apply to implement changes made CFM Port Settings This table is used to enable or disable the connectivity fault management function on a per port basis CFM is disabled on all ports by default To view this window click OAM CFM CFM Port Settings as shown below Figure 10 9 CFM Port Settings window Enter the port list you wish to Enable and click Apply The fields that can be configured ...

Page 277: ...een 1 and 8191 MD Max 22 characters The Maintenance Domain Name MA Max 22 characters The Maintenance Association Name MAC Address The destination MAC address LBMs Number 1 65535 The number of LBMs to be sent the default value is 4 LBM Payload Length 0 1500 The payload length of the LBM to be sent the default value is 0 LBM Payload Pattern Max 1500 characters The arbitary amount of data to be inclu...

Page 278: ...nfigured Parameter Description MEP Name The name of the Maintenance End Point MEP ID 1 8191 The ID for the Maintenance End Point between 1 and 8191 MD Name The Maintenance Domain Name MA Name The Maintenance Association Name MAC Address The destination MAC address TTL 2 255 The linktrace message TTL value The default value is 64 PDU Priority The 802 1p priority to be set in the transmitted LTM If ...

Page 279: ...w click OAM CFM CFM Fault Table as shown below Figure 10 13 CFM Fault Table window CFM MP Table This window is used to browse the CFM port MP list on the Switch To view this window click OAM CFM CFM MP Table as shown below Figure 10 14 CFM MP Table window Click Find to see the entry displayed in the table Parameter Description Port The port to which the MAC address below corresponds Level 0 7 The ...

Page 280: ...started To view this window click OAM Ethernet OAM Ethernet OAM Settings as shown below Figure 10 15 Ethernet OAM Settings window The following parameters can be configured Parameter Description From Port To Port Specify a range of ports to be configured Mode Specify to operate in either Active mode or Passive mode The default mode is Active State Specify that the OAM function state is Enabled or ...

Page 281: ...g symbol errors If the number of error symbols or error frames is equal to or greater than the specified threshold within the period specified by the Window option and the event notification state Notify is enabled it generates an event to notify the remote OAM peer Use the Link Monitor menu to define the type of link monitor and set the threshold window and notifications status Critical Link Even...

Page 282: ... and click Find To remove an entry enter the appropriate information and click Clear To view this window click OAM Ethernet OAM Ethernet OAM Event Log as shown below Figure 10 17 Ethernet OAM Event Log window Ethernet OAM Statistics This window displays the Ethernet OAM Statistic information on each port of the Switch To clear information for a particular port or list of ports enter the ports and ...

Page 283: ... State Enable or disable the administration state This indicates these ports unidirectional link detection status The default state is Disabled Discovery Time 5 65535 Enter the port neighbor discovery time between 5 and 65535 seconds If the discovery is timed out the unidirectional link detection will start The default discovery time is 5 seconds Click Apply to create a new entry Cable Diagnostics...

Page 284: ...w click Monitoring Utilization CPU Utilization as shown below Figure 11 1 CPU Utilization window To view the CPU utilization by port use the real time graphic of the Switch and or switch stack at the top of the web page by simply clicking on a port Click Apply to implement the configured settings The window will automatically refresh with new updated statistics Change the view parameters as follow...

Page 285: ...To view this window click Monitoring Utilization Port Utilization as shown below Figure 11 3 Port Utilization window To select a port to view these statistics or select the port by using the Port pull down menu The user may also use the real time graphic of the Switch at the top of the web page by simply clicking on a port Change the view parameters as follows Parameter Description Port Use the dr...

Page 286: ...iewed as either a line graph or a table Three windows are offered in the Packets folder to view and configure these settings Received RX This table displays the RX packets on the Switch To select a port to view these statistics for select the port by using the Port pull down menu The user may also use the real time graphic of the Switch at the top of the web page by simply clicking on a port To vi...

Page 287: ...address Multicast Count the total number of good packets that were received by a multicast address Broadcast Count the total number of good packets that were received by a broadcast address Show Hide Check whether to display Bytes and Packets Clear Clicking this button clears all statistics counters on this window Clicking this button instructs the Switch to display a table rather than a line grap...

Page 288: ...arameter Description Port Use the drop down menu to choose the port that will display statistics Time Interval Select the desired setting between 1s and 60s where s stands for seconds The default value is one second Record Number Select number of times the Switch will be polled between 20 and 200 The default value is 200 Bytes Count the number of bytes successfully sent on the port Packets Count t...

Page 289: ...utton instructs the Switch to display a table rather than a line graph View Table Clicking this button instructs the Switch to display a line graph rather than a table View Graphic Transmitted TX To select a port to view these statistics or select the port by using the Port pull down menu The user may also use the real time graphic of the Switch at the top of the web page by simply clicking on a p...

Page 290: ...number of bytes successfully sent on the port Packets Count the number of packets successfully sent on the port Unicast Count the total number of good packets that were transmitted by a unicast address Multicast Count the total number of good packets that were transmitted by a multicast address Broadcast Count the total number of good packets that were transmitted by a broadcast address Show Hide ...

Page 291: ...r select the port by using the Port pull down menu The user may also use the real time graphic of the Switch at the top of the web page by simply clicking on a port To view this window click Monitoring Statistics Port Statistics Errors Received RX as shown below Figure 11 10 Received RX window for errors To view the Received RX Table window for errors click the link View Table which will show the ...

Page 292: ...ger than 1518 octets and less than the MAX_PKT_LEN Internally MAX_PKT_LEN is equal to 1536 Fragment The number of packets less than 64 bytes with either bad framing or an invalid CRC These are normally the result of collisions Jabber Count invalid packets received that were longer than 1518 octets and less than the MAX_PKT_LEN Internally MAX_PKT_LEN is equal to 1536 Drop The number of packets that...

Page 293: ...lick Monitoring Statistics Port Statistics Errors Transmitted TX as shown below Figure 11 12 Transmitted TX window for errors To view the Transmitted TX Table window click the link View Table which will show the following table Figure 11 13 Transmitted TX Table window for errors The following fields may be set or viewed Parameter Description Port Use the drop down menu to choose the port that will...

Page 294: ...ansmission of a packet ExColl Excessive Collisions The number of packets for which transmission failed due to excessive collisions SingColl Single Collision Frames The number of successfully transmitted packets for which transmission is inhibited by more than one collision Collision An estimate of the total number of collisions on this network segment Show Hide Check whether or not to display ExDe...

Page 295: ...statistics for select the port by using the Port pull down menu The user may also use the real time graphic of the Switch at the top of the web page by simply clicking on a port To view this window click Monitoring Statistics Packet Size as shown below Figure 11 14 Packet Size window To view the Packet Size Table window click the link View Table which will show the following table Figure 11 15 Pac...

Page 296: ...g framing bits but including FCS octets 512 1023 The total number of packets including bad packets received that were between 512 and 1023 octets in length inclusive excluding framing bits but including FCS octets 1024 1518 The total number of packets including bad packets received that were between 1024 and 1518 octets in length inclusive excluding framing bits but including FCS octets Show Hide ...

Page 297: ...for each port with one being the most recent 15 minutes of data The Switch also displays statistics based on a per day basis with a maximum of two historical statistic entries supported To view this window click Monitoring Statistics Historical Counter Utilization Historical Counter as shown below Figure 11 17 Historical Counter window The following parameters may be configured Parameter Descripti...

Page 298: ...ion relating to 15 minute intervals or 1 day intervals 15 Minute Specifies historical utilization information based on 15 minute intervals 1 Day Specifies historical utilization information based on one day intervals Slot 1 5 Specifies the slot number to display 1 5 Specifes that the 15 minute intervals will be displayed in chronological order with 1 being the most recent 1 2 Specifies that the da...

Page 299: ...e mirroring cannot be a member of a trunk group Please note a target port and a source port cannot be the same port RSPAN Settings This table controls the RSPAN function The purpose of the RSPAN function is to mirror the packets to a remote switch The packet travels from the switch where the monitored packet is received through the intermediate switch then to the switch where the sniffer is attach...

Page 300: ...gurations can also be viewed in this table To view this window click Monitoring sFlow sFlow Global Settings as shown below Figure 11 22 sFlow Global Settings window Select Disabled or Enabled and click Apply sFlow Analyzer Server Settings This window is used to configure the sFlow analyzer server settings Users can specify more than one analyzer server with the same IP address but with different U...

Page 301: ...sFlow Flow Sampler Settings This table is used to create sFlow flow sampler settings on the Switch By configuring the sampling function for a port a sample packet received by this port will be encapsulated and forwarded to the analyzer server depending on active rate To view this window click Monitoring sFlow sFlow Flow Sampler Settings as shown below Figure 11 24 sFlow Flow Sampler Settings windo...

Page 302: ...on From Port To Port Specifies the port or list of ports to be configured Analyzer Server ID 1 4 The analyzer server id specifies the ID of a server analyzer where the packet will be forwarded Interval 20 120 Specifies the maximum number of seconds between successive statistic counter information To disable the interval tick the Disabled check box Click Apply to implement the changes made Ping Tes...

Page 303: ...times radio button which will tell the ping program to keep sending ICMP Echo packets to the specified IP address until the program is stopped Or the user may opt to choose a specific number of times to ping the Target IP Address by entering a number between 1 and 255 Size Use this parameter to set the datagram size of the packet or the number of bytes in each ping packet Users may set a size betw...

Page 304: ... route option will cross while seeking the network path between two devices The range for the TTL is 1 to 60 hops Port The port number The value range is from 30000 to 64900 Timeout Defines the timeout period while waiting for a response from the remote device A value of 1 to 65535 seconds can be specified The default is 5 seconds Probe The number of probing The range is from 1 to 9 If unspecified...

Page 305: ...on file indexed as Image file 1 To use this file for configuration it must be designated as the Boot configuration To view this window click Save Save Configuration ID 1 as shown below Figure 12 1 Save Configuration ID 1 window Save Configuration ID 2 This window is used to save the configuration file indexed as Image file 2 To use this file for configuration it must be designated as the Boot conf...

Page 306: ...uration log only To view this window click Save Save Log as shown below Figure 12 3 Save Log window Save All This window is used to save the current configuration settings to the current Boot Up Configuration file and save the current log To view this window click Save Save All as shown below Figure 12 4 Save All window ...

Page 307: ...le Backup Restore as shown below Figure 12 5 Configuration File Backup Restore window To restore the configuration file to a TFTP server enter the TFTP Server IP address either IPv4 or IPv6 file path name select the desired Configuration ID and then click Restore To backup the configuration file to a TFTP server enter the TFTP Server IP address either IPv4 or IPv6 file path name select the desired...

Page 308: ...figuration parameters to their factory defaults NOTE Only the Reset System option will enter the factory default parameters into the Switch s non volatile RAM and then restart the Switch All other options enter the factory defaults into the current configuration but do not save this configuration Reset System will return the Switch s configuration to the state it was when it left the factory NOTE ...

Page 309: ... button to select the Source File and select the desired Image ID Click Download to initiate the file transfer Reboot System The following window is used to restart the Switch To view this window click Tools Reboot System as shown below Figure 12 9 Reboot System window Clicking the Yes radio button will instruct the Switch to save the current configuration to non volatile RAM before restarting the...

Page 310: ...tructure is shown in Figure 1 Figure 1 In the mean time PC A s MAC address will be written into the Sender H W Address and its IP address will be written into the Sender Protocol Address in ARP payload As PC B s MAC address is unknown the Target H W Address will be 00 00 00 00 00 00 while PC B s IP address will be written into the Target Protocol Address shown in Table 1 H W type Protocol type H W...

Page 311: ... not in its Forwarding Table the switch will learn PC A s MAC and the associated port into its Forwarding Table Port1 00 20 5C 01 11 11 In addition when the switch receives the broadcast ARP request it will flood the frame to all ports except the source port port 1 see Figure 2 Figure 2 When the switch floods the frame of ARP requests to the network all PCs will receive and examine the frame but o...

Page 312: ...arget H W address Target protocol address ARP reply 00 20 5C 01 11 11 10 10 10 1 00 20 5C 01 22 22 Table ARP Payload 10 10 10 2 When PC B replies the query the Destination Address in the Ethernet frame will be changed to PC A s MAC address The Source Address will be changed to PC B s MAC address see Table 4 Destination address Source address Ether type ARP FCS 00 20 5C 01 11 11 00 20 5C 01 22 22 T...

Page 313: ... traffic meant for that IP address would be mistakenly re directed to the node specified by the attacker IP spoofing attack is caused by Gratuitous ARP that occurs when a host sends an ARP request to resolve its own IP address Figure 4 shows a hacker within a LAN to initiate ARP spoofing attack Figure 4 In the Gratuitous ARP packet the Sender protocol address and Target protocol address are filled...

Page 314: ...tent or specified MAC address to the IP address of the network s default gateway The malicious attacker only needs to broadcast ONE Gratuitous ARP to the network claiming it is the gateway so that the whole network operation will be turned down as all packets to the Internet will be directed to the wrong node Likewise the attacker can either choose to forward the traffic to the actual default gate...

Page 315: ...t the Sender MAC address and Sender IP address in the ARP protocol can pass through the switch In this example it is the gateway s ARP 2 The switch will deny all other ARP packets which claim they are from the gateway s IP The design of Packet Content ACL on the DGS 3700 Series enables users to inspect any offset_chunk An offset_chunk is a 4 byte block in a HEX format which is utilized to match th...

Page 316: ...t Chunk25 Offset Chunk26 Offset Chunk27 Offset Chunk28 Offset Chunk129 Offset Chunk30 Byte 63 67 71 75 79 83 87 91 95 99 103 107 111 115 119 123 Byte 64 68 72 76 80 84 88 92 96 100 104 108 112 116 120 124 Byte 65 69 73 77 81 85 89 93 97 101 105 109 113 117 121 125 Byte 66 70 74 78 82 86 90 94 98 102 106 110 114 118 122 126 Table 6 Chunk and Packet offset Indicates a completed ARP packet contained ...

Page 317: ...DGS 3700 12 DGS 3700 12G Series Layer 2 Gigabit Ethernet User Manual 315 ...

Page 318: ...ide Fan failed Side Fan failed Critical Side Fan recovered Side Fan recovered Critical Upload Download Firmware upgraded successfully Firmware upgraded by console telnet WEB SSH SNMP SIM successfully Username username Informational Firmware upgrade was unsuccessful Firmware upgrade by console telnet WEB SSH SNMP SIM was unsuccessful Username username Warning Configuration successfully downloaded C...

Page 319: ...l login through Web SSL Successful login through Web SSL Username username Informational Login failed through Web SSL Login failed through Web SSL Username username Warning Logout through Web SSL Logout through Web SSL Username username Informational Web SSL session timed out Web SSL session timed out Username username Informational Telnet Successful login through Telnet Successful login through T...

Page 320: ...ational Successful login through Console authenticated by AAA local method Successful login through Console authenticated by AAA local method Username username Informational Login failed through Console authenticated by AAA local method Login failed through Console authenticated by AAA local method Username username Warning Successful login through Web authenticated by AAA local method Successful ...

Page 321: ... SSH authenticated by AAA none method Successful login through SSH from userIP authenticated by AAA none method Username username MAC macaddr Informational Successful login through Console authenticated by AAA server Successful login through Console authenticated by AAA server serverIP Username username Informational Login failed through Console authenticated by AAA server Login failed through Con...

Page 322: ...rough Web from userIP authenticated by AAA local_enable method Username username MAC macaddr Warning Successful Enable Admin through Telnet authenticated by AAA local_enable method Successful Enable Admin through Telnet from userIP authenticated by AAA local_enable method Username username MAC macaddr Informational Enable Admin failed through Telnet authenticated by AAA local_enable method Enable ...

Page 323: ...name username MAC macaddr Warning Successful Enable Admin through SSH authenticated by AAA server Successful Enable Admin through SSH from userIP authenticated by AAA server serverIP Username username MAC macaddr Informational Enable Admin failed through SSH authenticated by AAA server Enable Admin failed through SSH from userIP authenticated by AAA server serverIP Username username MAC macaddr Wa...

Page 324: ... AAA Successful Enable from userIP Module AAA Informational Enable failed from user Module AAA Enable failed from userIP Module AAA Warning AAA server response is wrong AAA server serverIP Protocol protocol response is wrong Warning AAA doesn t support this functionality AAA doesn t support this functionality Informational Port Security Port security has exceeded its maximum learning size and will...

Page 325: ...ction Remote MEPID mepid MAC macaddr Critical Error CFM CCM packet is detected CFM remote setting error MD Level mdlevel VLAN vlanid Local Port unitID portNum Direction mepdirection Remote MEPID mepid MAC macaddr Warning Can not receive remote MEP s CCM packet CFM remote down MD Level mdlevel VLAN vlanid Local Port unitID portNum Direction mepdirection Warning Remote MEP s MAC reports an error sta...

Page 326: ...client authenticated by RADIUS server successfully This egress bandwidth will assign to the port Radius server ipaddr assigned egress bandwith egressBandwidth to port portNum account username Informational 802 1p default priority assigned from RADIUS server after RADIUS client authenticated by RADIUS server successfully This 802 1p default priority will assign to the port Radius server ipaddr assi...

Page 327: ...tification 1 3 6 1 4 1 171 11 101 2 2 100 1 2 0 1 swL2macNotifyInfo V2 L2Mgmt MIB Warning SwIpMacBindingViolationTrap 1 3 6 1 4 1 171 12 23 5 0 1 swIpMacBindingPortIndex swIpMacBindingViolationIP swIpMacBindingViolationMac V2 IPMacBind MIB Warning swPktStormOccurred 1 3 6 1 4 1 171 12 25 5 0 1 swPktStormCtrlPortIndex V2 PktStormCtrl MIB Warning swPktStormCleared 1 3 6 1 4 1 171 12 25 5 0 2 swPktSt...

Page 328: ... 0 1 swExternalAlarm V2 EQUIPMENT MIB Warning SwDdmAlarmTrap 1 3 6 1 4 1 171 12 72 4 0 1 swDdmAlarmTrap V2 DDM MIB Warning SwDdmWarningTrap 1 3 6 1 4 1 171 12 72 4 0 2 swDdmWarningTrap V2 DDM MIB Warning swL2PortLoopOccurred 1 3 6 1 4 1 171 11 102 1 1 2 100 1 2 0 3 swL2PortLoopOccurred V2 L2Mgmt MIB Warning swL2PortLoopRestart 1 3 6 1 4 1 171 11 102 1 1 2 100 1 2 0 4 swL2PortLoopRestart V2 L2Mgmt ...

Page 329: ... local or remote networks no matter what higher level protocols are involved Bridges form a single logical network centralizing network administration broadcast A message sent to all destination devices on the network broadcast storm Multiple simultaneous broadcasts that typically absorb available network bandwidth and can cause network failure console port The port on the Switch accepting a termi...

Page 330: ...SLIP Serial Line Internet Protocol A protocol which allows IP to run over a serial line connection SNMP Simple Network Management Protocol A protocol originally designed to be used in managing TCP IP internets SNMP is presently implemented on a wide range of computers and networking equipment and may be used to manage many aspects of network and end station operation Spanning Tree Protocol STP A b...

Page 331: ...overy feature on D Link devices to easily recover passwords Complete these steps to reset the password 1 For security reasons the Password Recovery feature requires the user to physically access the device Therefore this feature is only applicable when there is a direct connection to the console port of the device It is necessary for the user needs to attach a terminal or PC with terminal emulatio...

Page 332: ... Password Recovery Mode and restarts the switch A confirmation message will be displayed to allow the user to save the current settings reboot force_agree This command forces the switch to restart reset account This command deletes all the previously created accounts reset password username This command resets the password of the specified user If a username is not specified the password of all us...

Reviews:

No comments

Related manuals for DGS-3700-12

Habitat M10 Installation Manual preview
M10
Brand: Habitat Pages: 48
IBM E12 Quick Reference Manual preview
E12
Brand: IBM Pages: 4
Multitech MultiConnect SE MTS2EA Specification Sheet preview
MultiConnect SE MTS2EA
Brand: Multitech Pages: 2
I-O Wireless WBC11 User Manual preview
WBC11
Brand: I-O Wireless Pages: 55
iBall Baton 150m Configuration Manual preview
150m
Brand: iBall Baton Pages: 9
RuggedCom RUGGEDMAX WIN7000 Installation Manual preview
RUGGEDMAX WIN7000
Brand: RuggedCom Pages: 42
Idis DR-8400 Installation Manual preview
DR-8400
Brand: Idis Pages: 31
Ericsson Marconi OMS 1200 Product Description preview
Marconi OMS 1200
Brand: Ericsson Pages: 136
HGST Ultrastar Serv24 S2122-N24-4 Installation Manual preview
Ultrastar Serv24 S2122-N24-4
Brand: HGST Pages: 36
Airlinkplus ASW224 User Manual preview
ASW224
Brand: Airlinkplus Pages: 20
H3C SecPath F1070 Manual preview
SecPath F1070
Brand: H3C Pages: 68
EXAGATE SYSGuard 6001 Quick Installation Manual preview
SYSGuard 6001
Brand: EXAGATE Pages: 7
Digisol DG-SR2004 User Manual preview
DG-SR2004
Brand: Digisol Pages: 73
Linksys WAG120N Datasheet preview
WAG120N
Brand: Linksys Pages: 2
Extreme Networks ACC-BKT-AX-BEAM Accessories Manual preview
ACC-BKT-AX-BEAM
Brand: Extreme Networks Pages: 35
Paradyne Hotwire 5620 RTU Installation Instructions Manual preview
Hotwire 5620 RTU
Brand: Paradyne Pages: 20
Patton electronics SmartNode 4634 Series Quick Start Manual preview
SmartNode 4634 Series
Brand: Patton electronics Pages: 12
TP-Link TL-WR840N Quick Installation Manual preview
TL-WR840N
Brand: TP-Link Pages: 2

Brands by name

Popular brands

Load more brands