manualshive.com logo in svg

D-Link DWS-4026, User Manual

Share
Download
D-Link DWS-4026 User Manual Download Page 346

D-Link Unified Access System

Software User Manual

12/10/09

Page 346

Configuring Access Control Lists

Document

34CSFP6XXUWS-SWUM100-D7

The ACL Table at the bottom of the page shows the current size of the ACL table versus the maximum size of the ACL table.
The current size is equal to the number of configured IPv4 and IPv6 ACLs plus the number of configured MAC ACLs. The
maximum size is 100. 

To add an IP ACL, select the type of ACL to add from the 

IP ACL

 menu, enter an ACL ID in the appropriate field, and

then click 

Submit

.

To delete an IP ACL, select the ACL ID from the 

IP ACL

 menu, and then click 

Delete

. The 

Delete

 button only appears if

a configured IP ACL is selected.

IP ACL Rule Configuration

Use the 

IP ACL Rule Configuration

 page to define rules for IP-based ACLs created using the IP Access Control List

Configuration page. The access list definition includes rules that specify whether traffic matching the criteria is forwarded
normally or discarded. Additionally, you can specify to assign traffic to a particular queue and/or mirror the traffic to a
particular port.

To display the IP ACL 

Rule Configuration

 page, click 

LAN > QoS > Access Control Lists > IP Access Control Lists >

Rule Configuration

 in the navigation menu.

The fields available on the page depend on whether you select a standard, extended, or named IP ACL from the IP ACL
field, whether the rule action is permit or deny, and whether you select Create Rule or an existing rule from the Rule field. 

Figure 243

 shows the fields available when Create Rule is selected in the 

Rule

 field.

Table 218:  IP ACL Configuration Fields

Field

Description

IP ACL

Select a type of ACL to create, or select an existing ACL to delete from the dropdown 
menu. You can create the following types of IP ACLs:

• Standard IP ACL

: Allows you to permit or deny traffic from a source IP address.

• Extended IP ACL

: Allows you to permit or deny specific types of layer 3 or layer 4 

traffic from a source IP address to a destination IP address. This type of ACL provides 
more granularity and filtering capabilities than the standard IP ACL.

• Named IP ACL

: Allows you to create an Extended IP ACL that is identified by a name 

rather than a number. These ACLs have the same capabilities as Extended IP ACLs 
with respect to match criteria and actions supported.

IP ACL ID

Enter an ID number for the ACL to configure. This field appears if you select Create 
Standard IP ACL or Create Extended IP ACL from the 

IP ACL

 dropdown menu. For a 

standard IP ACL, the acceptable ID values are 1-99. For an extended IP ACL, the 
acceptable ID values are 101-199. 

IP ACL Name

This field appears if you select Create New Named IP ACL from the 

IP ACL

 dropdown 

menu. Specify an IP ACL Name string which includes only alphanumeric characters. 
The name must start with an alphabetic character. This field will display the name of 
the currently selected IP ACL if the ACL has already been created.

There is an implicit "deny all" rule at the end of an ACL list. This means that if an ACL is applied to a
packet and if none of the explicit rules match, then the final implicit "deny all" rule applies and the packet
is dropped.

Summary of Contents for DWS-4026

Page 1: ...User Manual Product Model DWS 4000 Series DWL 8600AP Unified Wired Wireless Access System Release 1 0 Copyright 2009 All rights reserved ...

Page 2: ...nvironment this product may cause radio interference in which case the user may be required to take adequate measures Warnung Dies ist ein Produkt der Klasse A Im Wohnbereich kann dieses Produkt Funkstoerungen verursachen In diesem Fall kann vom Benutzer verlangt werden angemessene Massnahmen zu ergreifen Precaución Este es un producto de Clase A En un entorno doméstico puede causar interferencias...

Page 3: ...UWS Administrator s Guide CAUTION RISK OF EXPLOSION IF BATTERY IS REPLACED BY AN INCORRECT TYPE DISPLOSE OF USED BATTERIES ACCORDING TO THE INSTRUCTIONS ...

Page 4: ...UWS Administrator s Guide ...

Page 5: ...rface 48 Device View 49 Navigation Tree View 50 Configuration and Monitoring Options 51 Help Page Access 51 Using the Command Line Interface 52 Using SNMP 53 Section 2 System Administration 55 Viewing ARP Cache 56 Viewing Inventory Information 57 Viewing the Dual Image Status 57 System Description 58 Defining System Information 60 Switch Configuration 60 Card Configuration 61 PoE Configuration 62 ...

Page 6: ...rt Mirroring 79 Adding a Port Mirroring Session 80 Removing or Modifying a Port Mirroring Session 81 Configuring and Searching the Forwarding Database 82 Configuration 82 Search 83 Searching the Forwarding Database 83 Managing Logs 84 Buffered Log Configuration 85 Viewing Buffered Log Messages 85 Command Logger Configuration 86 Console Log Configuration 86 Event Log 87 Hosts Configuration 89 Addin...

Page 7: ...ation 109 Port Summary 112 Port Description 115 Multiple Port Mirroring 115 Multiple Port Mirroring 115 Adding a Port Mirroring Session 116 Removing or Modifying a Port Mirroring Session 117 Double VLAN Tunneling 117 Double VLAN Tunneling Summary 118 Configuring sFlow 120 sFlow Agent Summary 120 sFlow Receiver Configuration 121 sFlow Poller Configuration 122 Counter Sampling 122 sFlow Sampler Conf...

Page 8: ...File From Switch TFTP 145 Uploading Files 146 Multiple Image Service 146 HTTP File Download 147 Erase Startup config File 148 AutoInstall 148 TraceRoute 149 Trap Log 151 Managing the DHCP Server 152 Global Configuration 152 Pool Configuration 154 Pool Options 157 Reset Configuration 158 DHCP Server Summary 158 Bindings Information 158 Server Statistics 160 Conflicts Information 161 Configuring DNS...

Page 9: ...DHCP Snooping Binding Configuration 178 DHCP Snooping Statistics 181 Configuring DHCP L2 Relay 182 DHCP L2 Relay Global Configuration 182 DHCP L2 Relay Interface Configuration 183 DHCP L2 Relay VLAN Configuration 184 DHCP L2 Relay Interface Statistics 184 Managing VLANs 186 VLAN Configuration 186 VLAN Status 188 VLAN Port Configuration 189 VLAN Port Summary 190 Reset VLAN Configuration 191 Configu...

Page 10: ...n 208 DAI Configuration 208 DAI VLAN Configuration 209 DAI Interface Configuration 210 DAI ARP ACL Configuration 211 DAI ARP ACL Rule Configuration 211 Dynamic ARP Inspection Statistics 212 Configuring IGMP Snooping 214 Global Configuration and Status 215 Interface Configuration 216 VLAN Configuration 217 VLAN Status 218 Multicast Router Configuration 219 Multicast Router Status 219 Multicast Rout...

Page 11: ...r VLAN Configuration Summary 236 MLD Snooping Querier VLAN Status 237 Creating Port Channels Trunking 238 Port Channel Configuration 238 Port Channel Status 240 Viewing Multicast Forwarding Database Information 241 MFDB Table 241 MFDB GMRP Table 242 MFDB IGMP Snooping Table 243 MFDB MLD Snooping Table 244 MFDB Statistics 244 Configuring Spanning Tree Protocol 246 Switch Configuration Status 247 CS...

Page 12: ...erface Summary 274 LLDP Local Device Information 274 LLDP MED Remote Device Information 276 Section 4 Configuring L3 Features 279 Configuring ARP 279 ARP Create 280 ARP Table Configuration 281 Configuring Global and Interface IP Settings 283 IP Configuration 283 IP Interface Configuration 285 Helper IP Interface Configuration 286 IP Statistics 287 Managing the BOOTP DHCP Relay Agent 290 BOOTP DHCP...

Page 13: ...10 Deleting a VLAN Router Interface 310 VLAN Routing Summary 311 Virtual Router Redundancy Protocol VRRP 312 VRRP Configuration 312 Virtual Router Configuration 313 Configuring a Secondary VRRP Address 314 Creating a New Virtual Router 314 Modifying a Virtual Router 314 VRRP Interface Tracking Configuration 315 VRRP Interface Tracking 316 VRRP Route Tracking Configuration 316 VRRP Route Tracking 3...

Page 14: ... Configuration 338 CoS Interface Queue Configuration 340 Configuring Auto VoIP 342 Auto VoIP Configuration 342 Section 6 Configuring Access Control Lists 344 IP Access Control Lists 345 IP ACL Configuration 345 IP ACL Rule Configuration 346 MAC Access Control Lists 351 MAC ACL Configuration 351 MAC ACL Rule Configuration 352 ACL Interface Configuration 355 Assigning an ACL to an Interface 356 Remo...

Page 15: ...ent Interface Association Status 381 Viewing the Client CP Association Status 382 SNMP Trap Configuration 382 Port Access Control 383 Global Port Access Control Configuration 384 Port Configuration 385 Port Access Entity Capability Configuration 386 Supplicant Port Configuration 387 User Login Configuration 389 Port Access Privileges 390 RADIUS Settings 391 RADIUS Configuration 391 RADIUS Server C...

Page 16: ...P Option 408 Discovery and Peer Switches 411 Basic Setup 411 Wireless Global Configuration 411 Wireless Discovery Configuration 414 L3 IP Discovery 415 L2 VLAN Discovery 416 Profile 416 Radio 417 SSID Configuration 423 Managing Virtual Access Point Configuration 423 Configuring the Default Network 424 Configuring AP Security 431 Valid Access Point Summary 436 Valid Access Point Configuration 437 L...

Page 17: ... Point Neighbor APs 467 Viewing Clients Associated with Neighbor Access Points 468 Viewing Managed Access Point VAPs 469 Viewing Distributed Tunneling Information 469 Managed Access Point Statistics 470 Viewing Managed Access Point Ethernet Statistics 471 Viewing Detailed Managed Access Point Statistics 471 Viewing Managed Access Point Radio Statistics 472 Viewing Managed Access Point VAP Statisti...

Page 18: ...Rogue Classification 497 Viewing Detected Client Pre Authentication History 498 Viewing Detected Client Triangulation 499 Viewing Detected Client Roam History 500 Detected Client Pre Authentication Summary 500 Detected Client Roam History Summary 501 Ad Hoc Client Status 502 AP Authentication Failure Status 503 AP De Authentication Attack Status 505 Configuring Advanced Settings 506 Advanced Globa...

Page 19: ...w Graph 531 Graphing the WLAN Components 533 Understanding the Menu Bar Options 535 Legend Menu 536 Managing the Graph 538 Appendix A Configuration Examples 539 Configuring VLANs 539 Configuring Multiple Spanning Tree Protocol 542 Configuring VLAN Routing 545 Configuring 802 1X Network Access Control 548 Configuring a Virtual Access Point 550 Configuring Differentiated Services for VoIP 554 Append...

Page 20: ...D Link Unified Access System Software User Manual 12 10 09 Page 20 34CSFP6XXUWS SWUM100 D7 ...

Page 21: ...3 Figure 14 PoE Status 64 Figure 15 Serial Port 65 Figure 16 Network Connectivity IPv4 66 Figure 17 Network Connectivity IPv6 66 Figure 18 DHCP Client Options 68 Figure 19 HTTP Configuration 69 Figure 20 User Accounts 70 Figure 21 Authentication List Configuration 72 Figure 22 Authentication List Configuration 73 Figure 23 Login Session 75 Figure 24 Login Session 76 Figure 25 User Login 77 Figure ...

Page 22: ... Summer Time Configuration 103 Figure 49 Summer Time Recurring Configuration 104 Figure 50 Clock Detail 105 Figure 51 Card Configuration 106 Figure 52 Slot Summary 108 Figure 53 Port Configuration 109 Figure 54 Port Summary 112 Figure 55 Port Description 115 Figure 56 Multiple Port Mirroring 116 Figure 57 Multiple Port Mirroring Add Source Ports 116 Figure 58 Double VLAN Tunneling 118 Figure 59 Do...

Page 23: ...g 151 Figure 84 DHCP Server Global Configuration 152 Figure 85 Pool Configuration 154 Figure 86 Pool Options 157 Figure 87 Reset Configuration 158 Figure 88 Bindings Information 159 Figure 89 Server Statistics 160 Figure 90 Conflicts Information 161 Figure 91 DNS Global Configuration 162 Figure 92 DNS Server Configuration 163 Figure 93 DNS Host Name Mapping Configuration 164 Figure 94 DNS Host Nam...

Page 24: ...otocol based VLAN Summary 195 Figure 120 IP Subnet based VLAN Configuration 197 Figure 121 IP Subnet based VLAN Summary 198 Figure 122 MAC based VLAN Configuration 199 Figure 123 MAC based VLAN Summary 200 Figure 124 Voice VLAN Configuration 200 Figure 125 MAC Filter Configuration 202 Figure 126 MAC Filter Summary 203 Figure 127 GARP Status 204 Figure 128 GARP Switch Configuration 206 Figure 129 G...

Page 25: ...e 153 MLD Snooping Multicast Router Status 231 Figure 154 Multicast Router VLAN Configuration 232 Figure 155 MLD Snooping Multicast Router VLAN Status 233 Figure 156 MLD Snooping Querier Configuration 234 Figure 157 MLD Snooping Querier VLAN Configuration 235 Figure 158 MLD Snooping Querier VLAN Configuration Summary 236 Figure 159 MLD Snooping Querier VLAN Status 237 Figure 160 Port Channel Confi...

Page 26: ...272 Figure 188 LLDP MED Interface Configure 273 Figure 189 LLDP MED Interface Summary 274 Figure 190 LLDP MED Local Device Information 275 Figure 191 LLDP Remote Device Information 276 Figure 192 ARP Create 280 Figure 193 ARP Table Configuration 281 Figure 194 IP Configuration 283 Figure 195 IP Interface Configuration 285 Figure 196 Helper IP Interface Configuration 287 Figure 197 IP Statistics 28...

Page 27: ...re 223 Virtual Router Status 318 Figure 224 Virtual Router Statistics Virtual Router Configured 319 Figure 225 Loopback Configuration Create 321 Figure 226 Configured Loopback Interface 322 Figure 227 Loopbacks Configuration IPv4 Entry 323 Figure 228 Loopbacks Summary 324 Figure 229 Diffserv Configuration 327 Figure 230 Diffserv Class Configuration 328 Figure 231 Diffserv Class Configuration 328 F...

Page 28: ...Logout Page 366 Figure 257 CP Web Page Customization Logout Success Page 367 Figure 258 Captive Portal Local User Summary 369 Figure 259 Adding a New User 370 Figure 260 Local User Configuration 371 Figure 261 Interface Association 374 Figure 262 Global Captive Portal Status 375 Figure 263 CP Activation and Activity Status 376 Figure 264 Interface Activation Status 377 Figure 265 Interface Capabil...

Page 29: ...Configuration 412 Figure 292 Wireless Discovery Configuration 415 Figure 293 AP Hardware Capabilities 417 Figure 294 Radio Settings 418 Figure 295 VAP Settings 423 Figure 296 Configuring Network Settings 425 Figure 297 AP Network Security Options 431 Figure 298 Static WEP Configuration 432 Figure 299 WPA Personal Configuration 434 Figure 300 Adding a Valid AP 436 Figure 301 Configuring a Valid AP ...

Page 30: ... Figure 329 Associated Client Association Summary Statistics 483 Figure 330 Associated Client Statistics Session Summary 483 Figure 331 Associated Client Association Detail Statistics 484 Figure 332 Associated Client Session Detail Statistics 485 Figure 333 Peer Switch Status 486 Figure 334 Peer Switch Configuration Status 486 Figure 335 Peer Switch Managed AP Status 487 Figure 336 RF Scan 489 Fig...

Page 31: ...plying the AP Profile 517 Figure 361 Adding a Profile 518 Figure 362 QoS Configuration 519 Figure 363 Peer Switch Configuration Request Status 522 Figure 364 Peer Switch Configuration Enable Disable 523 Figure 365 WIDS AP Configuration 525 Figure 366 WIDS Client Configuration 528 Figure 367 Sample WLAN Visualization 530 Figure 368 Multiple Graphs 533 Figure 369 List View and Tabbed View 534 Figure...

Page 32: ...D Link Unified Access System Software User Manual 12 10 09 Page 32 Document 34CSFP6XXUWS SWUM100 D7 ...

Page 33: ...hentication List Configuration Fields 73 Table 15 Authentication Profile Fields 73 Table 16 Login Fields 75 Table 17 Login Session Fields 76 Table 18 User Login Fields 77 Table 19 Denial of Service Configuration Fields 78 Table 20 Multiple Port Mirroring Fields 80 Table 21 Multiple Port Mirroring Add Source Fields 80 Table 22 Forwarding Database Search Fields 83 Table 23 Buffered Log Fields 85 Tab...

Page 34: ... Source Fields 117 Table 48 Double VLAN Tunneling Fields 118 Table 49 Double VLAN Tunneling Summary Fields 119 Table 50 sFlow Agent Summary 120 Table 51 sFlow Receiver Configuration 121 Table 52 sFlow Poller Configuration 123 Table 53 sFlow Sampler Configuration 124 Table 54 Community Configuration Fields 126 Table 55 Trap Receiver Configuration Fields 127 Table 56 Trap Flags Configuration Fields ...

Page 35: ...n 170 Table 83 ISDP Cache Table 171 Table 84 ISDP Interface Configuration 172 Table 85 ISDP Statistics 173 Table 86 DHCP Snooping Configuration 176 Table 87 DHCP Snooping VLAN Configuration 177 Table 88 DHCP Snooping Interface Configuration 178 Table 89 DHCP Snooping Static Binding Configuration 180 Table 90 DHCP Snooping Static Binding List 180 Table 91 DHCP Snooping Dynamic Binding List 181 Tabl...

Page 36: ...ion and Status Fields 215 Table 120 IGMP Snooping Interface Configuration Fields 216 Table 121 IGMP Snooping VLAN Configuration Fields 217 Table 122 IGMP Snooping VLAN Status Fields 218 Table 123 Multicast Router Configuration Fields 219 Table 124 Multicast Router Status Fields 220 Table 125 Multicast Router VLAN Configuration Fields 221 Table 126 Multicast Router VLAN Status Fields 222 Table 127 ...

Page 37: ...panning Tree CST Port Configuration Status Fields 253 Table 154 Spanning Tree MST Port Configuration Status Fields 255 Table 155 Spanning Tree Statistics Fields 257 Table 156 Port Security Interface Configuration Fields 259 Table 157 Port Security Static Fields 260 Table 158 Port Security Dynamic Fields 261 Table 159 Port Security Violation Status Fields 262 Table 160 LLDP Global Configuration Fie...

Page 38: ... 300 Table 188 Router Discovery Status Fields 301 Table 189 Route Table Fields 302 Table 190 Best Routes Table Fields 304 Table 191 Configured Routes Fields 305 Table 192 Route Entry Create Fields 306 Table 193 Route Preferences Configuration Fields 308 Table 194 VLAN Routing Configuration Fields 310 Table 195 VLAN Routing Summary Fields 311 Table 196 VRRP Configuration 312 Table 197 Virtual Route...

Page 39: ...uration Fields 356 Table 223 Captive Portal Global Configuration 360 Table 224 Captive Portal Summary 361 Table 225 CP Configuration 363 Table 226 CP Web Page Customization 367 Table 227 Local User Summary 370 Table 228 Local User Configuration 370 Table 229 Local User Configuration 371 Table 230 Captive Portal User RADIUS Attributes 372 Table 231 Global Captive Portal Configuration 374 Table 232 ...

Page 40: ...le 256 Secure Shell Configuration Fields 403 Table 257 Basic Wireless Global Configuration 412 Table 258 L3 VLAN Discovery 416 Table 259 Profile 417 Table 260 Radio Settings 418 Table 261 Advanced Radio Configuration 421 Table 262 Default VAP Configuration 423 Table 263 Wireless Network Configuration 426 Table 264 Static WEP 432 Table 265 WPA Security 434 Table 266 Valid Access Point Summary 436 T...

Page 41: ...71 Table 294 Managed Access Point Radio Statistics 472 Table 295 Managed Access Point VAP Statistics 474 Table 296 Managed Access Point Distributed Tunneling Statistics 474 Table 297 Associated Client Status Summary 476 Table 298 Detailed Associated Client Status 477 Table 299 Associated Client QoS Status 479 Table 300 Associated Client Neighbor AP Status 479 Table 301 Associated Client Distribute...

Page 42: ...325 Ad Hoc Client Status 502 Table 326 Access Point Authentication Failure Status 504 Table 327 Access Point Authentication Failure Details 505 Table 328 AP De Authentication Attack Status 506 Table 329 General Global Configurations 507 Table 330 SNMP Traps 509 Table 331 Distributed Tunneling Configuration 511 Table 332 Known Client Summary 512 Table 333 Known Client Configuration 512 Table 334 Wi...

Page 43: ... Started on page 45 contains information about performing the initial system configuration and accessing the user interfaces Section 2 System Administration on page 55 describes how to configure administrative features such as SNMP DHCP and port information Section 3 Configuring L2 Features on page 175 describes how to manage and monitor the layer 2 switching features Section 4 Configuring L3 Feat...

Page 44: ...ecific functionality of the software packages including issues and workarounds DOCUMENT CONVENTIONS This section describes the conventions this document uses This guide uses the typographical conventions described in Table 1 A note provides more information about a feature or technology Caution A caution provides information about critical aspects of the configuration combinations of settings even...

Page 45: ...r an SNMP based network management system You can also continue to manage the switch through the terminal interface via the EIA 232 port To connect to the switch and configure or view network information use the following steps 1 Using a straight through modem cable connect a VT100 ANSI terminal or a workstation to the console serial port If you attached a PC Apple or UNIX workstation start a term...

Page 46: ...teway enter network ipv6 address address prefix length eui64 network ipv6 gateway gateway To view the network information enter show network 7 To save these changes so they are retained during a switch reset enter the following command copy system running config nvram startup config or use the command write memory After the switch is connected to the network you can use the IP address for remote a...

Page 47: ...ods Web User Interface Command Line Interface CLI Simple Network Management Protocol SNMP Each of the standards based management methods allows you to configure and monitor the components of the D Link software The method you use to manage the system depends on your network size and requirements and on your preference This guide describes how to use the Web based interface to manage and monitor th...

Page 48: ...owser address field 2 Type the user name and password into the fields on the login screen and then click Login The user name and password are the same as those you use to log on to the command line interface By default the user name is admin and there is no password Passwords are case sensitive 3 After the system authenticates you the System Description page displays Figure 1 shows the layout of t...

Page 49: ...ates if a port is currently active Green indicates that the port is enabled red indicates that an error has occurred on the port and blue indicates that the link is disabled Figure 2 shows the Device View Figure 2 Device View Click the port you want to view or configure to see a menu that displays statistics and configuration options Click the menu option to access the page that contains the confi...

Page 50: ...d to hide the feature s components The tree consists of a combination of folders subfolders and configuration and status HTML pages Click the folder to view the options in that folder Each folder contains either subfolders or HTML pages or a combination of both Figure 4 shows an example of a folder subfolder and HTML page in the navigation menu When you click a folder or subfolder that is preceded...

Page 51: ... configuring and managing the switch The online help pages are context sensitive For example if the IP Addressing page is open the help topic for that page displays if you click Help Figure 6 shows the link to click to access online help on each page Table 2 Common Command Buttons Button Function Submit Clicking the Submit button sends the updated configuration to the switch Configuration changes ...

Page 52: ...ivileged EXEC mode To display the commands available in the current mode enter a question mark at the command prompt To display the available command keywords or parameters enter a question mark after each word you type at the command prompt If there are no additional command keywords or parameters or if additional parameters are optional the following message appears in the output cr Press Enter ...

Page 53: ...he D Link CLI Command Reference To configure an SNMPv3 profile by using the Web interface use the following steps 1 Select Administration User Accounts from the hierarchical tree on the left side of the Web interface 2 From the User menu select Create to create a new user 3 Enter a new user name in the User Name field 4 Enter a new user password in the Password field and then retype it in the Conf...

Page 54: ...D Link Unified Access System Software User Manual 12 10 09 Page 54 Understanding the User Interfaces Document 34CSFP6XXUWS SWUM100 D7 ...

Page 55: ...uration PoE Configuration Serial Port IP Address Network DHCP Client Options HTTP Configuration User Accounts Authentication List Configuration User Login Denial of Service Protection Multiple Port Mirroring Managing Logs Telnet Sessions Outbound Telnet Client Configuration Ping Test Configuring SNTP Settings Configuring and Viewing Device Slot Information Multiple Port Mirroring Configuring sFlow...

Page 56: ... in the ARP cache The ARP cache can support 1024 entries although this size is user configurable to any value less than 1024 When multiple network interfaces are supported by a device as is typical of a router either a single ARP cache is used for all interfaces or a separate cache is maintained per interface While the latter approach is useful when network addressing is not unique per interface t...

Page 57: ...ng Inventory Information page in the navigation tree Figure 8 Inventory Information VIEWING THE DUAL IMAGE STATUS The Dual Image feature allows the switch to have two D Link software images in the permanent storage One image is the active image and the second image is the backup This feature reduces the system down time during upgrades and downgrades You can use the Dual Image Status page to view ...

Page 58: ...iption page click LAN Administration System Description in the navigation tree Table 4 Dual Image Status Fields Field Description Unit Displays the unit ID of the switch Image1 Ver Displays the version of the image1 code file Image2 Ver Displays the version of the image2 code file Current active Displays the currently active image on this unit Next active Displays the image to be used on the next ...

Page 59: ...t person for this switch You may use up to 31 alpha numeric characters The factory default is blank IP Address The IP Address assigned to the network interface To change the IP address see Serial Port on page 65 System Object ID The base object ID for the switch s enterprise MIB System Time yyyy mm dd h m s Enter the current date and time that the switch will follow using the on board real time cl...

Page 60: ...ng a port when the port becomes oversubscribed and dropping all traffic for small bursts of time during the congestion condition This can lead to high priority and or network control traffic loss When 802 3x flow control is enabled lower speed switches can communicate with higher speed switches by requesting that the higher speed switch refrains from sending packets Transmissions are temporarily h...

Page 61: ...selecting one of the following options on the pulldown entry field Enable When the multicast traffic on any Ethernet port exceeds the configured threshold the switch blocks discards the multicast traffic Disable The switch does not block multicast traffic if traffic on any Ethernet port exceeds the configured threshold The factory default is disabled Multicast Storm Recovery Level Specify the data...

Page 62: ... of possible supported card types which can be plugged into the slot This is visible only for slots which do not have any cards plugged into them and which have not already been pre configured This field is not visible to read only users Inserted Card Model Displays the model identifier of the card plugged into the selected slot If no card has been plugged in this field is not shown Inserted Card ...

Page 63: ...d Description System Usage Threshold Sets threshold level at which a trap is sent if the total power consumed is greater than or equal to the specified percentage of total power available Slot Port Select the slot and port with the information to configure Admin Mode Enables or disables the ability of the port to deliver power Priority The switch may not be able to supply power to all connected de...

Page 64: ...hernet PoE technology allows IP telephones wireless LAN Access Points Web Cameras and many other appliances to receive power as well as data over existing LAN cabling without needing to modify the existing Ethernet infrastructure To display the PoE status click LAN Monitoring PoE Status page in the navigation tree Figure 14 PoE Status ...

Page 65: ...e system If you want the switch to retain the new values across a power cycle you must perform a save Table 9 Serial Port Fields Field Description Serial Port Login Timeout minutes Indicates how many minutes of inactivity should occur on a serial port connection before the switch closes the connection Enter a number between 0 and 160 The factory default is 5 Entering 0 disables the timeout Baud Ra...

Page 66: ...eters associated with the switch s network interface do not affect the configuration of the front panel ports through which traffic is switched or routed The Network Connectivity page allows you to change the IP information using the Web interface To access the page click LAN Administration IP Address in the navigation tree Note that the page displays differently depending on the IP protocol versi...

Page 67: ... between each byte Bit 1 of byte 0 must be set to a 1 and bit 0 to a 0 i e byte 0 must have a value between x 40 and x 7F MAC Address Type Select the MAC address to use for in band connectivity The factory default is to use the burned in MAC address Burned In Use the factory default MAC address Locally Administered Use the MAC address you entered in the Locally Administered MAC Address field Netwo...

Page 68: ...n IPv6 is selected as the protocol IPv6 Mode Enables or disables IPv6 mode on the interface IPv6 Prefix If no IPv6 address displays select Add and then enter an IPv6 prefix length Select the EUI64 option if the last 64 bits are to be derived from the MAC address For example you can enter 2001 64 and select the EUI64 option to have the 64 bit address calculated from the MAC address IPv6 Gateway Ent...

Page 69: ...e web Java Mode This applies to both secure and un secure HTTP connections The currently configured value is shown when the web page is displayed The default value is Enable HTTP Session Soft Timeout This field is used to set the inactivity timeout for HTTP sessions The value must be in the range of 0 to 60 minutes A value of zero corresponds to an infinite timeout The default value is 5 minutes T...

Page 70: ...sign passwords and set security parameters for the default accounts You can also add up to five read only accounts You can delete all accounts except for the Read Write account To access the User Accounts page click LAN Administration User Accounts in the navigation tree Figure 20 User Accounts Only a user with Read Write privileges may alter data on this screen and only one account can exist with...

Page 71: ...dicates whether the user is currently locked out A user is locked out after a configurable number of failed login attempts See Denial of Service Protection on page 78 for instructions on configuring this number Password Expiration Date Indicates the date when this user s current password will expire This is determined by the date the password was created and the number of days specified in the agi...

Page 72: ...dures to delete any of the Read Only user accounts 1 From the User menu select the user to delete The screen refreshes 2 Click Delete to delete the user This button is only visible when you have selected a user account with Read Only access You cannot delete the Read Write user If you want the switch to retain the new values across a power cycle you must perform a save AUTHENTICATION LIST CONFIGUR...

Page 73: ...s follows local The user s locally stored ID and password will be used for authentication Since the local method does not time out if you select this option as the first method no other method will be tried even if you have specified more than one method radius The user s ID and password will be authenticated using the RADIUS server If you select RADIUS or TACACS as the first method and an error o...

Page 74: ...ication List To modify an authentication list use the following procedures 1 Select an existing list from the Authentication List menu 2 From the Method 1 field select the initial login method 3 If desired select the second and third login method from the Method 2 and Method 3 fields 4 Click Submit to apply the changes to the system To retain the changes across a power cycle you must perform a sav...

Page 75: ... only fields Click Refresh to update the information on the screen To assign users to a specific authentication list see User Login on page 77 To configure the 802 1X port security users see Port Access Control on page 383 Table 16 Login Fields Field Description Authentication List Identifies the name of the authentication login list summarized in this row Method List Shows the order of the login ...

Page 76: ...ng read only fields Click Refresh to update the information on the screen Table 17 Login Session Fields Field Description ID Identifies the ID of this row User Name Shows the user name of the user who is currently logged on to the switch Connection From Shows the IP address of the system from which the user is connected If the connection is a local serial connection the Connection From field entry...

Page 77: ... to prevent full lockout from switch configuration If you assign a user to a login list that requires remote authentication the user s access to the switch from all CLI Web and telnet sessions will be blocked until the authentication is complete For more information see the Max Number of Retransmits field in RADIUS Settings on page 391 1 Select the user name from the User field s menu or select No...

Page 78: ...ervice page click LAN Administration Denial of Service Protection in the navigation menu Figure 26 Denial of Service Table 19 Denial of Service Configuration Fields Field Description Denial of Service First Fragment Enable or disable this option by selecting the corresponding line on the pulldown entry field Enabling First Fragment DoS prevention causes the switch to drop packets that have a TCP h...

Page 79: ...MP Size Specify the Max ICMP Pkt Size allowed If ICMP DoS prevention is enabled the switch will drop ICMP ping packets that have a size greater than this configured Max ICMP Pkt Size The factory default is disabled Denial of Service L4 Port Enable or disable this option by selecting the corresponding line on the pulldown entry field Enabling L4 Port DoS prevention causes the switch to drop packets...

Page 80: ... Configure the following fields Table 20 Multiple Port Mirroring Fields Field Description Session Specifies the monitoring session Mode Enables you to turn on of off Multiple Port Mirroring The default is Disabled off Source Port Lists the source ports that have been added from the Add Source Port page Destination Port Select the port to which port traffic may be copied A Port will be removed from...

Page 81: ...Port 2 Select one or more source ports to remove from the session Use the CTRL key to select multiple ports to remove 3 Click Remove The source ports are removed from the port mirroring session and the device is updated Source Port Select the unit and port from which traffic is mirrored Up to eight source ports can be mirrored to a destination port Direction Select the type traffic monitored on th...

Page 82: ...RATION Use the Configuration page to set the amount of time to keep a learned MAC address entry in the forwarding database The forwarding database contains static entries which are never aged out and dynamically learned entries which are removed if they are not updated within a given time To access the Configuration page click LAN L2 Features Forwarding DB Configuration in the navigation tree Figu...

Page 83: ... displayed MAC Address Search This field allows you to search for an individual MAC address in the forwarding database table MAC Address A unicast MAC address for which the switch has forwarding and or filtering information The format is a two byte hexadecimal VLAN ID number followed by a six byte MAC address with each byte separated by colons For example 01 23 45 67 89 AB CD EF where 01 23 is the...

Page 84: ... faults or errors occurring on the platform as well as changes in configuration or other occurrences These messages are stored both locally on the platform and forwarded to one or more centralized points of collection for monitoring purposes as well as long term archival storage Local and remote configuration of the logging capability includes filtering of messages logged or forwarded based on sev...

Page 85: ...page click LAN Monitoring Log Buffered Log in the navigation menu Figure 31 Buffered Log The rest of the page displays the buffered log messages The following example shows a log message for a non stacking system 15 Aug 24 05 34 05 STK0 MSTP 2110 mspt_api c 318 237 Interface 12 transitioned to root state on message age timer expiry This log message has a severity level of 7 15 mod 8 which is a deb...

Page 86: ...on in the navigation menu Figure 32 Command Logger Configuration If you change the administrative mode click Submit to apply the change to the system CONSOLE LOG CONFIGURATION Use the Console Log Configuration page to control logging to any serial device attached to the switch To access the Console Log Configuration page click LAN Administration Log Console Log Configuration in the navigation menu...

Page 87: ...o the device attached to the switch serial port Severity Filter Use the menu to select the severity of the logs to print to the console Logs with the severity level you select and all logs of greater severity print For example if you select Error the logged messages include Error Critical Alert and Emergency The default severity level is Alert 1 The severity can be one of the following levels Emer...

Page 88: ...e number of the entry within the event log The most recent entry is first Filename The D Link source code filename identifying the code that detected the event Line The line number within the source file of the code that detected the event Task ID The OS assigned ID of the task reporting the event Code The event code passed to the event log handler by the code reporting the event Time The time the...

Page 89: ...uration After you add a logging host the screen displays additional fields as Figure 36 shows Figure 36 Host Configuration with Logging Host Adding a Remote Logging Host Use the following procedures to add configure or delete a remote logging host 1 From the Host field select Add to add a new host or select the IP address of an existing host to configure the host If you are adding a new host enter...

Page 90: ... both In other words on system startup if the startup log is configured it stores messages up to its limit The operation log if configured then begins to store the messages The system keeps up to three versions of the persistent logs named FILE 1 txt FILE 2 txt and FILE 3 txt Upon system startup FILE 3 txt is removed FILE 2 txt is renamed FILE 3 txt FILE 1 txt is renamed FILE 2 txt FILE 1 txt is c...

Page 91: ...e following levels Emergency 0 The highest level warning level If the device is down or not functioning properly an emergency log is saved to the device Alert 1 The second highest warning level An alert log is saved if there is a serious device malfunction such as all device features being down Critical 2 The third highest warning level A critical log is saved if a critical device malfunction occu...

Page 92: ... Figure 39 System Log If you make any changes to the page click Submit to apply the change to the system Table 29 Syslog Configuration Fields Field Description Admin Status Specifies whether to send log messages to the remote syslog hosts configured on the switch Enable Messages will be sent to all configured hosts syslog collectors or relays using the values configured for each host For informati...

Page 93: ... system If you want the switch to retain the new values across a power cycle you must perform a save Table 30 Telnet Session Configuration Fields Field Description Telnet Session Timeout minutes Specify how many minutes of inactivity should occur on a telnet session before the session is logged off You may enter any number from 1 to 160 The factory default is 5 Note When you change the timeout val...

Page 94: ...net If you change any data click Submit to apply the changes to the system If you want the switch to retain the new values across a power cycle you must perform a save Table 31 Outbound Telnet Fields Field Description Admin Mode Specifies whether the Outbound Telnet service is Enabled or Disabled The default value is Enabled Enable Users can initiate outbound telnet sessions from the switch CLI Di...

Page 95: ...tration Ping Test in the navigation menu Figure 42 Ping Click Submit to send the ping If successful the results display as shown in Figure 82 Table 32 Ping Fields Field Description Hostname IP Address Enter the IP address or the host name of the station you want the switch to ping The initial value is blank This information is not retained across a power cycle Count Specify the number of pings to ...

Page 96: ...ceived by the server T3 Time at which the server sent a reply T4 Time at which the client received the server s reply The device can poll Unicast and Broadcast server types for the server time Polling for Unicast information is used for polling a server for which the IP address is known SNTP servers that have been configured on the device are the only ones that are polled for synchronization infor...

Page 97: ...le 33 SNTP Global Configuration Fields Field Description Client Mode Use drop down list specify the SNTP client mode which is one of the following modes Disable SNTP is not operational No SNTP requests are sent from the client nor are any received SNTP messages processed Unicast SNTP operates in a point to point fashion A unicast client sends a request to a designated server at its unicast address...

Page 98: ...ge is 6 to 10 Default value is 6 Unicast Poll Timeout Specifies the number of seconds to wait for an SNTP response when configured in unicast mode Allowed range is 1 to 30 Default value is 5 Unicast Poll Retry Specifies the number of times to retry a request to an SNTP server after the first time out before attempting to use the next configured server when configured in unicast mode Allowed range ...

Page 99: ...r Status page click LAN Monitoring SNTP Summary Server Status in the navigation menu Figure 45 SNTP Server Status Priority Specifies the priority of this server entry in determining the sequence of servers to which SNTP requests are sent Values are 1 to 3 and the default is 1 Servers with lowest numbers have priority Version Enter the protocol version number Values are 1 to 4 and the default is 4 ...

Page 100: ...ed Request Timed Out A directed SNTP request timed out without receiving a response from the SNTP server Bad Date Encoded The time provided by the SNTP server is not valid Version Not Supported The SNTP version supported by the server is not compatible with the version supported by the client Server Unsynchronized The SNTP server is not synchronized with its peers This is indicated via the leap in...

Page 101: ... without receiving a response from the SNTP server Bad Date Encoded The time provided by the SNTP server is not valid Version Not Supported The SNTP version supported by the server is not compatible with the version supported by the client Server Unsynchronized The SNTP server is not synchronized with its peers This is indicated via the leap indicator field on the SNTP message Server Kiss Of Death...

Page 102: ...e Configuration If you change any of the settings on the page click Submit to apply the changes to system Table 37 Time Zone Configuration Fields Field Description Hours offset Set the hours difference from UTC Range 12 to 13 Minutes offset Set the minutes difference from UTC Range 0 59 Zone Set the acronym of the time zone Range 0 4 characters ...

Page 103: ... to be repeated every year Location This field displays only when the Recurring check box is selected The summer time configuration is predefined for the United States and European Union To set the summer time for a location other than the USA or EU select None Start Month Select the starting month Start Date Select the starting date This field displays only when the Recurring check box is cleared...

Page 104: ...ring summer time in the range 0 to 1440 Zone Set the acronym of the time zone to be displayed when summer time is in effect The range is 0 to 4 characters Field Description Summertime Enable or disable summer time mode Recurring Select the check box to indicate that the configuration is to be repeated every year Location This field displays only when the Recurring check box is selected The summer ...

Page 105: ...lay the Clock Detail page click LAN Monitoring Clock Detail in the navigation menu The following figure shows the Clock Detail page when Summertime is enabled Figure 50 Clock Detail Click Refresh to update the page with the most current information Table 40 Clock Detail Field Description Current Time This section displays the current time Time Zone This section displays the time zone settings Summ...

Page 106: ...d Configuration in the navigation menu Figure 51 shows the fields that display when the slot contains a card Figure 51 Card Configuration Table 41 Card Configuration Fields Field Description Unit Indicates the unit in the stack for which data is to be displayed or configured Slot Indicates the slot in the selected unit for which data is to be displayed or configured Slot Status Indicates whether a...

Page 107: ...d into the selected slot If no card has been plugged in this field is not shown Inserted Card Description Displays the description of the card plugged into the selected slot If no card has been plugged in this field is not shown Configured Card Model Displays the model identifier of the card pre configured for the selected slot If no card has been pre configured this field is not shown Configured ...

Page 108: ...ee Figure 52 Slot Summary Click Refresh to display the most current information from the router Table 42 Slot Summary Fields Field Description Slot Identifies the slot using the format unit slot Status Displays whether the slot is empty or full Administrative State Displays whether the slot is administratively enabled or disabled Power State Displays whether the slot is powered on of off Card Mode...

Page 109: ...e following pages Port Configuration Port Description PORT CONFIGURATION Use the Port Configuration page to configure the physical interfaces on the switch To access the Port Configuration page click LAN Administration Port Configuration Port Configuration in the navigation tree Figure 53 Port Configuration Table 43 Port Configuration Fields Field Description Slot Port Select the port from the men...

Page 110: ...the switch blocks discards the broadcast traffic Disable The port does not block broadcast traffic if traffic on the port exceeds the configured threshold The factory default is disabled Broadcast Storm Recovery Level Specify the data rate at which storm control activates The value is a percentage of port speed and ranges from 0 100 The factory default is 5 percent of port speed Multicast Storm Re...

Page 111: ...e Speed Full Duplex The port speeds available from the menu depend on the platform on which the D Link software is running and which port you select In half duplex mode the transmissions are two way In other words the port can send and receive traffic at the same time Physical Status Indicates the port speed and duplex mode Link Status Indicates whether the Link is up or down Link Trap This object...

Page 112: ...the selected MST ID will generate a screen refresh If STP is disabled which is the default the MST ID field shows the static value CST instead of a menu Slot Port Identifies the port that the information in the rest of the row is associated with The field is Slot Port for non stacking platforms Port Type For most ports this field is blank Otherwise the possible values are Mirrored Indicates that t...

Page 113: ... The factory default is disabled Bcast Storm Level Shows the Broadcast Storm Recovery Level which is the data rate at which storm control activates The value is a percentage of port speed and ranges from 0 100 The factory default is 5 percent of port speed Mcast Storm Mode Shows the Multicast Storm Recovery Mode which is one of the following Enabled When the multicast traffic on the specified Ethe...

Page 114: ...lf Duplex The port speeds available from the menu depend on the platform on which the D Link software is running and which port you select In half duplex mode the transmissions are one way In other words the port does not send and receive traffic at the same time Speed Full Duplex The port speeds available from the menu depend on the platform on which the D Link software is running and which port ...

Page 115: ...h port is configured as a destination port You have the ability to configure how traffic is mirrored on a source port Packets that are received on the source port that are transmitted on a port or are both received and transmitted can be mirrored to the destination port Table 45 Port Description Fields Field Description Slot Port Select the interface for which data is to be displayed or configured...

Page 116: ...rt mirroring sessions To access the Multiple Port Mirroring page click LAN Administration Multiple Port Mirroring in the navigation menu Figure 56 Multiple Port Mirroring Adding a Port Mirroring Session 1 From the Port Mirroring page click Add Source Port to display the Add Source Port page Figure 57 Multiple Port Mirroring Add Source Ports Table 46 Multiple Port Mirroring Fields Field Description...

Page 117: ...preserving individual customer s VLAN identification when they enter their own 802 1Q domain With the introduction of this second tag you do not need to divide the 4k VLAN ID space to send traffic on an Ethernet based MAN With Double VLAN Tunneling enabled every frame that is transmitted from an interface has a DVlan Tag attached while every packet that is received from an interface has a tag remo...

Page 118: ... physical interface for which you want to display or configure data Select All to set the parameters for all ports to same values For non stacking platforms the field name is Slot Port Mode This specifies the administrative mode for Double VLAN Tagging Enable Double VLAN Tagging is enabled for the specified port or All ports Disable Double VLAN Tagging is disabled for the specified port or All por...

Page 119: ...data For non stacking platforms the field name is Slot Port Interface Mode This specifies the administrative mode for Double VLAN Tagging Enable Double VLAN Tagging is enabled for the specified port or All ports Disable Double VLAN Tagging is disabled for the specified port or All ports which is the default value EtherType The two byte hex EtherType to be used as the first 16 bits of the Double VL...

Page 120: ...pling are designed as part of an integrated system Both types of samples are combined in sFlow datagrams Packet Flow Sampling will cause a steady but random stream of sFlow datagrams to be sent to the sFlow Collector Counter samples may be taken opportunistically in order to fill these datagrams In order to perform Packet Flow Sampling an sFlow Sampler Instance is configured with a Sampling Rate T...

Page 121: ...sFlow Receiver Configuration Table 51 sFlow Receiver Configuration Field Description Receiver Index Selects the receiver for which data is to be displayed or configured The allowed range is 1 to 8 Receiver Owner String The entity making use of this sFlowRcvrTable entry The empty string indicates that the entry is currently unclaimed and the receiver configuration is reset to the default values An ...

Page 122: ... a short period i e five seconds of failing to meet the required Sampling Interval Periodically i e every second the sFlow Agent examines the list of counter sources and sends any counters that need to be sent to meet the sampling interval requirement To access the sFlow Poller Configuration page click LAN Administration sFlow Poller Configuration in the navigation tree sFlow Receiver Timeout The ...

Page 123: ...tion interface is assigned by the switching routing function At this point a decision is made on whether or not to sample the packet The mechanism involves a counter that is decremented with each packet When the counter reaches zero a sample is taken When a sample is taken the counter that indicates how many packets to skip before taking the next sample is reset The value of the counter is set to ...

Page 124: ...he network Access rights to the SNMP agent are controlled by access strings SNMP V3 SNMP v3 also applies access control and a new traps mechanism to SNMPv1 and SNMPv2 PDUs In addition the User Security Model USM is defined for SNMPv3 and includes Authentication Provides data integrity and data origin authentication Field Description Slot Port The sFlow Datasource for this sFlow sampler This Agent ...

Page 125: ...ased on Object IDs OID OIDs are used by the system to manage device features SNMP v3 supports the following features Security Feature Access Control Traps Authentication or Privacy Keys are modified in the SNMPv3 User Security Model USM Use the SNMP page to define SNMP parameters To display the SNMP page click LAN Administration SNMP Manager in the navigation tree SNMP COMMUNITY CONFIGURATION Acce...

Page 126: ... community or to create a new one A valid entry is a case sensitive string of up to 16 characters Client IP Address Taken together the Client IP Address and Client IP Mask denote a range of IP addresses from which SNMP clients may use that community to access this device If either IP Address or IP Mask value is 0 0 0 0 access is allowed from any IP address Otherwise every client s IP address is AN...

Page 127: ...le 55 Trap Receiver Configuration Fields Field Description Community When this field is set to Create you can configure new SNMP trap receiver information in the rest of the fields If you have already configured an SNMP trap receiver you can select it from the drop down menu to change the settings or delete it SNMP Community Name Enter the community string for the SNMP trap packet to be sent to th...

Page 128: ... generate captive portal SNMP traps The factory default is Disable which prevents the SNMP agent on the switch from generating any captive portal SNMP traps even if they are individually enabled Global Wireless Traps Enable or disable activation of Global Wireless traps by selecting the corresponding line on the pulldown entry field The factory default is enabled Link Up Down Enable or disable act...

Page 129: ...the number and type of traffic transmitted from and received on the switch SWITCH DETAILED The Switch Detailed page shows detailed statistical information about the traffic the switch handles To access the Switch Detailed page click LAN Monitoring System Statistics Switch Detail in the navigation menu Table 57 Supported MIBs Fields Field Description Name The RFC number if applicable and the name o...

Page 130: ...gher layer protocol Multicast Packets Received The total number of packets received that were directed to a multicast address Note that this number does not include packets directed to the broadcast address Broadcast Packets Received The total number of packets received that were directed to the broadcast address Note that this does not include multicast packets Receive Packets Discarded The numbe...

Page 131: ... The number of outbound packets which were chosen to be discarded even though no errors had been detected to prevent their being deliverable to a higher layer protocol A possible reason for discarding a packet could be to free up buffer space Most Address Entries Ever Used The highest number of Forwarding Database Address Table entries that have been learned by this switch since the most recent re...

Page 132: ...received that were directed to the broadcast address Note that this does not include multicast packets Packets Received With Error The number of inbound packets that contained errors preventing them from being deliverable to a higher layer protocol Packets Transmitted Without Errors The total number of packets transmitted out of the interface Broadcast Packets Transmitted The total number of packe...

Page 133: ...cess the Port Detailed page click LAN Monitoring System Statistics Port Detailed in the navigation tree Figure 70 shows some but not all of the fields on the Port Detailed page Figure 70 Port Detailed Table 60 Port Fields Field Description Slot Port Use the drop down menu to select the interface for which data is to be displayed or configured ifIndex This field indicates the ifIndex of the interfa...

Page 134: ...or transmitted that were between 2048 and 4095 octets in length inclusive excluding framing bits but including FCS octets Packets RX and TX 4096 9216 Octets The total number of packets including bad packets received or transmitted that were between 4096 and 9216 octets in length inclusive excluding framing bits but including FCS octets Octets Received The total number of octets of data including t...

Page 135: ...an 64 octets in length with GOOD CRC excluding framing bits but including FCS octets Alignment Errors The total number of packets received that had a length excluding framing bits but including FCS octets of between 64 and 1518 octets inclusive but had a bad Frame Check Sequence FCS with a non integral number of octets Rx FCS Errors The total number of packets received that had a length excluding ...

Page 136: ...total number of packets including bad packets received that were between 512 and 1023 octets in length inclusive excluding framing bits but including FCS octets Packets Transmitted 1024 1518 Octets The total number of packets including bad packets received that were between 1024 and 1518 octets in length inclusive excluding framing bits but including FCS octets Maximum Frame Size The maximum ether...

Page 137: ... egress filtering being enabled Lost No Carrier Frames Loss of the carrier detection occurs when the carrier signal of the hardware is undetectable It could be because the carrier signal was not present or was present but could not be detected Each such event causes this counter to increase Protocol Statistics STP BPDUs Received Number of STP BPDUs received at the selected port STP BPDUs Transmitt...

Page 138: ...gured ifIndex This field indicates the ifIndex of the interface table entry associated with this port on an adapter Total Packets Received Without Errors The total number of packets received that were without errors Packets Received With Error The number of inbound packets that contained errors preventing them from being deliverable to a higher layer protocol Broadcast Packets Received The total n...

Page 139: ... Image Service HTTP File Download TraceRoute Trap Log SAVE ALL APPLIED CHANGES When you click Submit the changes are applied to the system and saved in the running configuration file However these changes are not saved to non volatile memory and will be lost if the system resets Use the Save All Applied Changes page to make the changes you submit persist across a system reset To access the Save Al...

Page 140: ...O DEFAULTS Use the Reset Configuration to Defaults page to reset the system configuration to the factory default values To access the Reset Configuration to Defaults page click Tool Reset Configuration in the navigation tree Figure 74 Reset Configuration to Defaults Click Reset to restore the factory default settings The screen refreshes and asks you to confirm the reset Click Reset again to compl...

Page 141: ...cess the Reset Passwords to Defaults page click Tool Reset Password in the navigation tree Figure 75 Reset Passwords to Defaults Click Reset to restore the passwords for the default users to the factory defaults When the password for the read write user admin changes you must re authenticate with the username and default password ...

Page 142: ...wnload File to Switch page to download the image file the configuration files CLI banner file and SSH or SSL files from a TFTP server to the switch You can also download files via HTTP See HTTP File Download on page 147 for more information To access the Download File to Switch page click Tool Download File in the navigation tree Figure 76 Download File to Switch ...

Page 143: ...iles SSH must be administratively disabled and there can be no active SSH sessions SSH 2 RSA Key PEM File SSH 2 Rivest Shamir Adleman RSA Key File PEM Encoded To download SSH key files SSH must be administratively disabled and there can be no active SSH sessions SSH 2 DSA Key PEM File SSH 2 Digital Signature Algorithm DSA Key File PEM Encoded To download SSH key files SSH must be administratively ...

Page 144: ...on the switch to overwrite If you are downloading another type of file the Image Name field is not available 3 Verify the IP address of the TFTP server and ensure that the software image or other file to be downloaded is available on the TFTP server 4 Complete the TFTP Server IP Address and TFTP File Name full path without TFTP server IP address fields 5 Click the Start File Transfer check box and...

Page 145: ...tent log sometimes referred to as the event log Buffered Log Retrieves the system buffered in memory log Trap Log Retrieves the system trap records Image Name Specify the code image to upload either image1 or image2 This field is only visible when Code is selected as the File Type The factory default is image1 TFTP Server Address Type Specify either IPv4 or IPv6 address to indicate the format of t...

Page 146: ...ppears After the software is downloaded to the device a message appears indicating that the file transfer operation completed successfully MULTIPLE IMAGE SERVICE The system maintains two versions of the D Link software in permanent storage One image is the active image and the second image is the backup image The active image is loaded during subsequent switch restarts This feature reduces switch ...

Page 147: ...ILE DOWNLOAD Use the HTTP File Download page to download files of various types to the switch using an HTTP session i e via your web browser To display this page click Tool HTTP File Download in the navigation menu Figure 79 HTTP File Download Table 64 Multiple Image Service Fields Field Description Image Name Select Image1 or Image2 from the menu to activate on the next reload or to be deleted Cu...

Page 148: ...sh default Configuration Choose this option to update the switch s configuration If the file has errors the update will be stopped SSH 1 RSA Key File SSH 1 Rivest Shamir Adleman RSA Key File SSH 2 RSA Key PEM File SSH 2 Rivest Shamir Adleman RSA Key File PEM Encoded SSH 2 DSA Key PEM File SSH 2 Digital Signature Algorithm DSA Key File PEM Encoded SSL Trusted Root Certificate PEM File SSL Trusted R...

Page 149: ...ion tree Field Description AutoInstall Mode Select Start to initiate sending a request to a DHCP server to obtain an IP address of a server and the configuration file name If it obtains the server address AutoInstall proceeds to search for and download a configuration file from the server If successful it applies the configuration file to the switch After starting the AutoInstall process you can m...

Page 150: ...me of the station you want the switch to discover path for Probes Per Hop Enter the number of times each hop should be probed MaxTTL Enter the maximum time to live for a packet in number of hops InitTTL Enter the initial time to live for a packet in number of hops MaxFail Enter the maximum number of failures allowed in the session Interval Enter the time between probes in seconds Port Enter the UD...

Page 151: ...ription Number of Traps Since Last Reset The number of traps generated since the trap log entries were last cleared Trap Log Capacity The maximum number of traps stored in the log If the number of traps exceeds the capacity the entries will overwrite the oldest entries Number of Traps Since Log Last Viewed The number of traps that have occurred since the traps were last displayed Displaying the tr...

Page 152: ...Summary Server Statistics Conflicts Information GLOBAL CONFIGURATION Use the Global Configuration page to configure DHCP global parameters To display the page click LAN Administration DHCP Server Global Configuration in the navigation tree Figure 84 DHCP Server Global Configuration Table 69 DHCP Server Global Configuration Fields Field Description Admin Mode Enables or disables DHCP server operati...

Page 153: ...dresses Use the From and To fields to specify the IP addresses that the server should not assign to the client If you want to exclude a range of addresses set the range boundaries Note It is strongly recommended not to add thousands of addresses in the range The larger the range more time will be taken by the DHCP server to assign an IP address From To exclude an address range specify the low addr...

Page 154: ...dministration DHCP Server Pool Configuration in the navigation tree In Figure 85 some of the blank fields where you add IP addresses have been edited out of the image for display purposes You can add up to eight addresses in the Default Router Addresses DNS Server Addresses NetBIOS name Server Addresses and IP Address Value fields If you select Dynamic or Manual from the Type of Binding drop down ...

Page 155: ... dynamic pool You can enter a value in Network Mask or Prefix Length to specify the subnet mask but do not enter a value in both fields The valid range is 0 to 32 Client Name For manual bindings this field specifies a name for the client to which the DHCP server will statically assign an IP address This field is optional Hardware Address For manual bindings this field specifies the MAC address of ...

Page 156: ...ies the list of NetBIOS name server IP addresses for the pool You can specify up to eight addresses in order of preference NetBIOS Node Type Specifies the NetBIOS node type for DHCP clients p node Peer to Peer Uses point to point name queries to a name server m node Mixed Uses broadcasts first then uses queries the name server h node Hybrid Uses queries the name server first and then uses broadcas...

Page 157: ...ns page contains the following fields Table 71 Pool Options Fields Field Description Pool Name Select the DHCP pool to with the options you want to view or configure Option Code Displays the DHCP option code configured for the selected Pool Option Type Specifies the type of option associated with the option code configured for the selected pool The possible values are as follows Ascii The option t...

Page 158: ...o view information about the IP address bindings in the DHCP server database To access the DHCP Server Bindings Information page click LAN Monitoring DHCP Server Summary Binding Information in the navigation tree Table 72 Reset Configuration Fields Field Description Clear Specifies what to clear from the DHCP server database All Dynamic Bindings Deletes all dynamic bindings from all address pools ...

Page 159: ... Specific Binding Show a specific binding When you select this option the screen refreshes and the Binding IP Address field appears Binding IP Address Specify the IP address for which you want to view binding information This field is only available if you select Specific Binding from the DHCP Binding field IP Address Displays the client IP address Hardware Address Displays the client MAC address ...

Page 160: ...e number of expired bindings on the DHCP server Malformed Messages Shows the number of the malformed messages Message Received DHCPDISCOVER Shows the number of DHCPDISCOVER messages received by the DHCP server DHCPREQUEST Shows the number of DHCPREQUEST messages received by the DHCP server DHCPDECLINE Shows the number of DHCPDECLINE messages received by the DHCP server DHCPRELEASE Shows the number...

Page 161: ...re 90 Conflicts Information Table 75 Conflicts Information Fields Field Description DHCP Conflicts Select the DHCP conflicts to display All Conflicts Show all conflicts Specific Conflict Show a specific conflict When you select this option the screen refreshes and the Conflict IP Address field appears Conflict IP Address Specify the IP address for which you want to view conflict information This f...

Page 162: ...Client The default is Disable Default Domain Name Enter the default domain name for DNS client messages The name should be no longer than 255 characters When the system is performing a lookup on an unqualified hostname this field is provided as the domain name e g if default domain name is com and the user enters hotmail then hotmail is changed to hotmail com to resolve the name By default no defa...

Page 163: ...nter an IP address in standard IPv4 or IPv6 dot notation in the DNS Server Address and click Submit The server appears in the list below The precedence is set in the order created To change precedence you must remove the server s by clicking the Remove box and then Submit and add the server s in the preferred order DNS HOST NAME IP MAPPING CONFIGURATION Use this page to configure DNS host names fo...

Page 164: ...T NAME IP MAPPING SUMMARY Use this page to configure static and dynamic DNS host names for hosts on the network The host names are associated with IPv4 or IPv6 addresses on the network which are assigned to particular hosts To access this page click LAN Monitoring DNS Server Host Name IP Mapping Summary in the navigation tree Figure 94 DNS Host Name IP Mapping Summary Table 78 DNS Host Name Mappin...

Page 165: ...nfirm removal and the Host Name IP Mapping dynamic entries are cleared Click Refresh to refresh the page with the most current data from the switch Host Name The host name of the static entry Inet Address The IP4 or IPv6 address of the static entry Remove Select to remove a Host Name IP Mapping entry from the Host Name IP Mapping list Field Description DNS Dynamic Entries Host Name The host name o...

Page 166: ...eceived by the server T3 Time at which the server sent a reply T4 Time at which the client received the server s reply The device can poll Unicast and Broadcast server types for the server time Polling for Unicast information is used for polling a server for which the IP address is known SNTP servers that have been configured on the device are the only ones that are polled for synchronization info...

Page 167: ...NTP Global Configuration Fields Field Description Client Mode Use drop down list specify the SNTP client mode which is one of the following modes Disable SNTP is not operational No SNTP requests are sent from the client nor are any received SNTP messages processed Unicast SNTP operates in a point to point fashion A unicast client sends a request to a designated server at its unicast address and ex...

Page 168: ...dcasts received prior to the expiry of this interval are discarded Allowed range is 6 to 10 Default value is 6 Unicast Poll Timeout Specifies the number of seconds to wait for an SNTP response when configured in unicast mode Allowed range is 1 to 30 Default value is 5 Unicast Poll Retry Specifies the number of times to retry a request to an SNTP server after the first time out before attempting to...

Page 169: ... and then click Delete The entry is removed and the device is updated Table 81 SNTP Server Configuration Fields Field Description Server Select the IP address of a user defined SNTP server to view or modify information about an SNTP server or select Create to configure a new SNTP server You can define up to three SNTP servers Address Hostname Enter the IP address or the hostname of the SNTP server...

Page 170: ... CONFIGURATION From the ISDP Global Configuration page you can configure the ISDP settings for the switch such as the administrative mode To display the ISDP Global Configuration page click LAN Administration ISDP Global Configuration in the navigation tree Figure 97 ISDP Global Configuration The following table describes the fields available on the ISDP Global Configuration page Table 82 ISDP Glo...

Page 171: ...ndicates that the device uses layer 2 MAC address as the format for its Device ID other Indicates that the device uses its platform specific format as the format for its Device ID Device ID Format Indicates the Device ID format of the device serialNumber Indicates that the value is in the form of an ASCII string containing the device serial number macAddress Indicates that the value is in the form...

Page 172: ...ng for the neighbor Holdtime Displays the ISDP holdtime for the neighbor Capability Displays the ISDP Functional Capabilities for the neighbor Platform Displays the ISDP Hardware Platform for the neighbor Port ID Displays the ISDP port ID string for the neighbor Protocol Version Displays the ISDP Protocol Version for the neighbor Last Time Changed Displays when entry was last modified If ISDP is e...

Page 173: ...kets Received Displays the number of v2 ISDP PDUs received ISDPv2 Packets Transmitted Displays the number of v2 ISDP PDUs transmitted ISDP Bad Header Displays the number of ISDP PDUs that were received with bad headers ISDP Checksum Error Displays the number of ISDP PDUs that were received with checksum errors ISDP Transmission Failure Displays the number of ISDP PDUs transmission failures Invalid...

Page 174: ...D Link Unified Access System Software User Manual 12 10 09 Page 174 Configuring and Viewing ISDP Information Document 34CSFP6XXUWS SWUM100 D7 ...

Page 175: ...ubnet Based VLANs Managing MAC Based VLANs Voice VLAN Configuration Creating MAC Filters Configuring GARP Configuring Dynamic ARP Inspection Configuring IGMP Snooping Configuring IGMP Snooping Queriers Configuring MLD Snooping Configuring MLD Snooping Queriers Creating Port Channels Trunking Viewing Multicast Forwarding Database Information Configuring Spanning Tree Protocol Configuring Port Secur...

Page 176: ...h drops DHCP packets whose source MAC address does not match the client hardware address This feature is a configurable option The hardware identifies all incoming DHCP packets on ports where DHCP snooping is enabled DHCP snooping is enabled on a port if a DHCP snooping is enabled globally and b the port is a member of a VLAN where DHCP snooping is enabled On untrusted ports the hardware traps all...

Page 177: ...nfiguration in the navigation tree Figure 102 DHCP Snooping VLAN Configuration Click Submit to apply the new configuration and cause the change to take effect These changes will not be retained across a power cycle unless a Save configuration is performed DHCP SNOOPING INTERFACE CONFIGURATION The hardware rate limits DHCP packets sent to the CPU from untrusted interfaces to 15 packets per second T...

Page 178: ...guration Click Submit to apply the new configuration and cause the change to take effect These changes will not be retained across a power cycle unless a Save configuration is performed DHCP SNOOPING BINDING CONFIGURATION The DHCP snooping application uses DHCP messages to build and maintain the binding database The binding database only includes data for clients on untrusted ports DHCP snooping c...

Page 179: ...g file and populates the binding database A checksum failure or a connection problem to the external configured server will cause the switch to loose the bindings and will cause a host s data loss if IP Source Guard IPSG and or DAI is enabled When a switch learns of new bindings or when it loses bindings the switch immediately updates the entries in the database The switch also updates the entries...

Page 180: ...ding Configuration Field Description Slot Port Select the interface to add a binding into the DHCP snooping database MAC Address Specify the MAC address for the binding to be added This is the Key to the binding database VLAN ID Select the VLAN from the list for the binding rule The range of the VLAN ID is 1 to 3965 IP Address Specify a valid IP address for the binding rule Table 90 DHCP Snooping ...

Page 181: ... the DHCP Snooping Statistics page click LAN Monitoring DHCP Snooping Statistics in the navigation tree Figure 106 DHCP Snooping Statistics Page Lists the number of pages the static binding entries occupy Select the Page Number from this list to display the particular Page entries Table 91 DHCP Snooping Dynamic Binding List Field Description Slot Port Displays the interface MAC Address Displays th...

Page 182: ...s information is added as suboptions in the DHCP Option 82 packets see sections 3 1 and 3 2 of RFC3046 The switch removes this option from packets that it relays from L3 Relay agents DHCP servers to clients These sub options may be used by the DHCP server to affect how it treats the client and also may be used by the relay agent to limit broadcast replies to the specific circuit or attachment poin...

Page 183: ...pply the changes to system Table 93 DHCP L2 Relay Interface Configuration Field Description Slot Port Select the slot port to configure this feature on DHCP L2 Relay Mode Enable or disable L2 Relay mode on the selected interface DHCP L2 Relay Trust Mode Enable or disable L2 Relay Trust Mode on the selected interface Trusted interfaces usually connect to other agents or servers participating in the...

Page 184: ...P L2 Relay VLAN Configuration Field Description VLAN ID Select a VLAN ID from the list for configuration This is an S VID as indicated by the service provider that identifies a VLAN that is authorized to relay DHCP packets through the provider network DHCP L2 Relay Mode Enable or disable the selected VLAN for DHCP L2 relay services DHCP L2 Relay Circuit Id When enabled if a client sends a DHCP req...

Page 185: ...ropped Untrusted Client Msgs With Option 82 If the selected interface is configured in untrusted mode this field shows the number of messages received on the interface from a DHCP client that contained Option 82 data These messages are dropped Trusted Server Msgs Without Option 82 If the selected interface is configured in trusted mode this field shows the number of messages received on the interf...

Page 186: ...nt or project membership The only physical requirement is that the end station and the port to which it is connected both belong to the same VLAN Each VLAN in a network has an associated VLAN ID which appears in the IEEE 802 1Q tag in the Layer 2 header of packets transmitted on a VLAN An end station may omit the tag or the VLAN portion of the tag in which case the first switch port to receive the...

Page 187: ...e a VLAN using this screen its type will always be Static A VLAN that is created by GVRP registration initially has a type of Dynamic You can use this pulldown menu to change its type to Static Slot Port Indicates which port is associated with the fields on this line Status Indicates the current value of the participation parameter for the port Participation Use this field to specify whether a por...

Page 188: ... To access the VLAN Status page click LAN Monitoring VLAN Summary VLAN Status in the navigation tree Figure 112 VLAN Status Click Refresh to display the latest information from the router Table 97 VLAN Status Fields Field Description VLAN ID The VLAN Identifier VID of the VLAN The range of the VLAN ID is 1 to 3965 VLAN Name The name of the VLAN VLAN ID 1 is always named Default VLAN Type The VLAN ...

Page 189: ...to untagged or priority tagged frames received on this port The factory default is 1 Acceptable Frame Types Specify how you want the port to handle untagged and priority tagged frames Whichever you select VLAN tagged frames will be forwarded in accordance with the IEEE 802 1Q VLAN standard The factory default is Admit All VLAN Only The port will discard any untagged or priority tagged frames it re...

Page 190: ...isplays the actual VLAN ID in use for the port If the port was acquired by another module the actual value may differ from the configured VLAN ID For example if the port is a member of a port channel and the port channel has a different port VLAN ID setting than the configured value then the two may differ Acceptable Frame Types Indicates how the port handles untagged and priority tagged frames VL...

Page 191: ...urn all VLAN parameters for all interfaces to the factory default values To access the Reset Configuration page click LAN L2 Features VLAN Reset Configuration in the navigation tree Figure 115 Reset VLAN Configuration When you click Reset the screen refreshes and you are asked to confirm the reset Click Reset again to restore all default VLAN settings for the ports on the system ...

Page 192: ...ort groups and to assign physical ports to a group To display the Protected Port Configuration page click LAN L2 Features Protected Ports Configuration in the navigation tree Figure 116 Protected Port Configuration Table 100 Protected Port Configuration Fields Field Description Group ID The protected ports can be combined into a logical group Traffic can flow between protected ports belonging to d...

Page 193: ...PORTS SUMMARY Use the Protected Ports Summary page to view information about protected port groups and their included ports To view the Protected Ports Summary page click LAN Monitoring Protected Ports Summary in the navigation tree Figure 117 Protected Ports Summary Click Refresh to reload the page and display the most current information Table 101 Protected Ports Summary Fields Field Description...

Page 194: ...ed packets are always handled according to the IEEE 802 1Q standard and are not included in protocol based VLANs If you assign a port to a protocol based VLAN for a specific protocol untagged frames received on that port for that protocol will be assigned the protocol based VLAN ID Untagged frames received on the port for other protocols will be assigned the Port VLAN ID PVID which is either the d...

Page 195: ...name of an existing group You can enter up to 16 characters Group ID Shows the number that identifies the group you create Group IDs are automatically assigned when you create a group Protocols Select one or more protocols to associate with this group CTRL click to select multiple protocols IP IP is a network layer protocol that provides a connectionless service for the delivery of data ARP Addres...

Page 196: ...rotocol that provides a connectionless service for the delivery of data ARP Address Resolution Protocol ARP is a low level protocol that dynamically maps network layer addresses to physical medium access control MAC addresses IPX The Internetwork Packet Exchange IPX is a connectionless datagram Network layer protocol that forwards data over a network VLAN Specifies the VLAN ID associated with this...

Page 197: ...ubnet based VLAN Configuration page click LAN L2 Features VLAN IP Subnet based VLAN in the navigation menu Figure 120 IP Subnet based VLAN Configuration If you make any changes on this page click Submit to apply the changes to the system To delete an existing binding select the source IP address from the IP Address drop down menu and then click Delete Table 104 IP Subnet based VLAN Configuration F...

Page 198: ...No IP Subnet based VLAN Configured message To access the IP Subnet based VLAN Summary page click LAN Monitoring VLAN Summary IP Subnet based VLAN Summary in the navigation tree Figure 121 IP Subnet based VLAN Summary Click Refresh to reload the page and display the most current information Table 105 IP Subnet based VLAN Summary Fields Field Description IP Address Shows the packet source IP address...

Page 199: ...are specified the MAC to VLAN configurations are shared across all ports of the switch To display the MAC based VLAN Configuration page click LAN L2 Features VLAN MAC based VLAN Configuration in the navigation menu Figure 122 MAC based VLAN Configuration If you make any changes click Submit to apply the changes to the system MAC BASED VLAN SUMMARY Use the MAC based VLAN Summary page to view inform...

Page 200: ...c is under management control and that network attached clients cannot initiate a direct attack on voice components A QoS protocol based on the IEEE 802 1P class of service CoS protocol uses classification and scheduling to send network traffic from the switch in a predictable manner The system uses the source MAC of the traffic traveling through the port to identify the IP phone data flow Voice V...

Page 201: ...n the service will not be operational None The voice VLAN service is disabled on this interface however unlike Disable mode the CoS override feature is still operational on the port VLAN ID The voice VLAN packets are uniquely identified by a number you assign All voice traffic carries this VLAN ID to distinguish it from other data traffic which is assigned the port s default VLAN ID However voice ...

Page 202: ...ration Fields Field Description MAC Filter If no MAC filters are configured on the system Create Filter is the only item in the drop down menu If one or more MAC filters exist the list also contains the MAC address and associated VLAN ID of a configured filter MAC Address The MAC address of the filter in the format 00 01 1A B2 53 4D You can only change this field when you have selected the Create ...

Page 203: ... create the filter Deleting MAC Filters To delete a filter select it from the MAC Filter drop down menu and click Delete To delete all configured filters from the forwarding database click Delete All MAC FILTER SUMMARY Use the MAC Filter Summary page to associate a MAC address with a VLAN and one or more source ports To access the MAC Filter Summary page click LAN Monitoring Filters MAC Filter Sum...

Page 204: ... networking devices attached to the same segment GMRP enables the group membership information to be disseminated across all networking devices in the bridged LAN that support GMRP The operation of GVRP and GMRP relies upon the services provided by GARP GARP STATUS Use the GARP Status page to view GARP settings for the system and for each interface To access the GARP Status page click LAN Monitori...

Page 205: ...t be active and Join Time Leave Time and Leave All Time have no effect Join Timer centisecs Shows the time between the transmission of GARP PDUs registering or re registering membership for a VLAN or multicast group in centiseconds Leave Timer centisecs Displays time lapse in centiseconds that the switch waits before leaving its GARP state Leave time is activated by a Leave All Time message sent r...

Page 206: ...ation If you make any changes to the page click Submit to apply the changes to the system Table 111 GARP Switch Configuration Fields Field Description Switch GVRP Mode Shows the GARP VLAN Registration Protocol administrative mode for the switch The switch GVRP mode must be enabled for the ports to function in GARP protocols even if GVRP is enabled on a port Switch GMRP Mode Shows the GARP Multicas...

Page 207: ...e mode for the port by selecting enable or disable from the pulldown menu If you select disable the protocol will not be active and Join Time Leave Time and Leave All Time have no effect The factory default is disable GARP Timers GARP Join Timer centisecs Specify the time between the transmission of GARP PDUs registering or re registering membership for a VLAN or multicast group in centiseconds En...

Page 208: ... can optionally configure additional ARP packet validation DAI CONFIGURATION Use the DAI Configuration page to configure global DAI settings To display the DAI Configuration page click LAN L2 Features Dynamic ARP Inspection DAI Configuration in the navigation tree Figure 130 Dynamic ARP Inspection Configuration GARP Leave All Timer centisecs Displays time lapse in centiseconds that all switches wa...

Page 209: ...on for the ARP packets will be enabled The default is Disable Validate Destination MAC Select the DAI Destination MAC Validation Mode for the switch If you select Enable Destination MAC validation for the ARP Response packets will be enabled The default is Disable Validate IP Select the DAI IP Validation Mode for the switch If you select Enable IP Address validation for the ARP packets will be ena...

Page 210: ...CP snooping database in case the ARP ACL rules do not match If Enabled then the ARP Packet will be validated by the ARP ACL Rules only If Disabled then the ARP Packet needs further validation by using the DHCP Snooping entries The default is Disable Table 115 Dynamic ARP Inspection Interface Configuration Field Description Slot Port Select the physical interface for which data is to be displayed o...

Page 211: ...u selected in the Remove column Click Refresh to refresh the page with the most current data from the switch DAI ARP ACL RULE CONFIGURATION Use the DAI ARP ACL Rule Configuration page to add or remove DAI ARP ACL Rules To display the DAI ARP ACL Rule Configuration page click LAN L2 Features Dynamic ARP Inspection DAI ARP ACL Rule Configuration in the navigation tree Table 116 Dynamic ARP Inspectio...

Page 212: ...isplay the statistics per VLAN To display the DAI Statistics page click LAN Monitoring Dynamic ARP Inspection Statistics in the navigation tree Table 117 Dynamic ARP Inspection ARP ACL Rule Configuration Field Description ARP ACL Name Select the ARP ACL for which information is to be displayed or configured Sender IP Address To create a new rule for the selected ARP ACL enter in this field the Sen...

Page 213: ...se there was a matching DHCP snooping binding entry found ACL Permits The number or ARP packets that were permitted by DAI because there was a matching ARP ACL rule found for this VLAN Bad Source MAC The number of ARP packets that were dropped by DAI because the sender MAC address in the ARP packet did not match the source MAC in the Ethernet header Bad Dest MAC The number of ARP packets that were...

Page 214: ... into each of the remaining network segments in accordance with the IEEE MAC Bridge standard Eventually the packet is made accessible to all nodes connected to the network This approach works well for broadcast packets that are intended to be seen or processed by all connected nodes In the case of multicast packets however this approach could lead to less efficient use of network bandwidth particu...

Page 215: ...ff Perform a save if you want the changes to remain in effect over a power cycle Table 119 IGMP Snooping Global Configuration and Status Fields Field Description Admin Mode Select the administrative mode for IGMP Snooping for the switch from the pulldown menu The default is disable Multicast Control Frame Count Shows the number of multicast control frames that have been processed by the CPU Interf...

Page 216: ...terface from the group The valid range is from 2 to 3600 seconds The default is 260 seconds Max Response Time Specify the amount of time you want the switch to wait after sending a query on an interface because it did not receive a report for a particular group on that interface Enter a value greater or equal to 1 and less than the Group Membership Interval in seconds The default is 10 seconds The...

Page 217: ...e fast leave admin mode only on VLANs where only one host is connected to each layer 2 LAN port This prevents the inadvertent dropping of the other hosts that were connected to the same layer 2 LAN port but were still interested in receiving multicast traffic directed to that group Also fast leave processing is supported only with IGMP version 2 hosts Group Membership Interval The Group Membership...

Page 218: ...ays the VLAN IDs for which the IGMP Snooping mode is Enabled Admin Mode Shows the IGMP Snooping Mode for the VLAN ID Fast Leave Admin Mode Indicates whether IGMP Snooping Fast leave is active on the VLAN Group Membership Interval Shows the amount of time in seconds that a switch will wait for a report from a particular group on a particular interface which is participating in the VLAN before delet...

Page 219: ...ee Figure 140 Multicast Router Configuration If you enable or disable multicast router configuration on an interface click Submit to apply the new settings to the switch MULTICAST ROUTER STATUS Use the IGMP Snooping Multicast Router Status page to see whether a particular interface is configured as a multicast router interface To access the IGMP Snooping Multicast Router Statistics page click LAN ...

Page 220: ...UWS SWUM100 D7 Click Refresh to re display the page with the latest information from the router Table 124 Multicast Router Status Fields Field Description Slot Port Select the physical or LAG interface to display Multicast Router Shows whether the specified interface is configured as a multicast router interface ...

Page 221: ...Multicast Router VLAN Configuration in the navigation tree Figure 142 Multicast Router VLAN Configuration If you enable or disable multicast router configuration for VLANs on an interface click Submit to apply the new settings to the switch Table 125 Multicast Router VLAN Configuration Fields Field Description Slot Port Select the physical or LAG interface to display VLAN ID Enter the VLAN ID to c...

Page 222: ...oping Status Multicast Router VLAN Status in the navigation tree Figure 143 Multicast Router VLAN Status The IGMP Snooping Multicast Router VLAN Status page contains the following fields Click Refresh to re display the page with the latest information from the router Table 126 Multicast Router VLAN Status Fields Description Slot Port Select the physical or LAG interface to display VLAN ID If a VLA...

Page 223: ...ted parameters Users must have Read Write access privileges to change the data on this page To access this page click LAN L2 Features IGMP Snooping Querier Querier Configuration in the navigation tree Figure 144 IGMP Snooping Querier Configuration Table 127 IGMP Snooping Querier Configuration Fields Field Description Snooping Querier Admin Mode Select the administrative mode for IGMP Snooping for ...

Page 224: ...y the new settings Click Refresh to re display the page with the latest information from the switch Table 128 IGMP Snooping Querier VLAN Configuration Fields Field Description VLAN ID Specifies VLAN ID for which the IGMP Snooping Querier is to be enabled Select New Entry to create a new VLAN ID for IGMP Snooping Querier Election Participate Mode Enables or disables Querier Participate Mode When th...

Page 225: ...outer Table 129 IGMP Snooping Querier VLAN Configuration Summary Fields Field Description VLAN ID Specifies the VLAN ID on which IGMP Snooping Querier is administratively enabled Querier Election Participate Mode Displays the querier election participate mode on the VLAN When this mode is disabled up on seeing a query of the same version in the VLAN the snooping querier moves to non querier state ...

Page 226: ...oping switch will send out periodic queries with a time interval equal to the configured querier query interval If the snooping switch sees a better querier numerically lower in the VLAN it moves to non querier mode Non Querier The snooping switch is in non querier mode in the VLAN If the querier expiry interval timer expires the snooping switch moves into querier mode Disabled The snooping querie...

Page 227: ...3 MLD is a subprotocol of Internet Control Message Protocol version 6 ICMPv6 and MLD messages are a subset of ICMPv6 messages The switch can snoop on both MLDv1 and MLDv2 protocol packets and bridge IPv6 multicast data based on destination IPv6 multicast MAC addresses The switch can be configured to perform MLD snooping and IGMP snooping simultaneously CONFIGURATION AND STATUS Use the MLD Snooping...

Page 228: ...d interface for MLD Snooping for the switch from the pulldown menu The default is Disable Group Membership Interval Specify the amount of time you want the switch to wait for a report for a particular group on a particular interface before it deletes that interface from the group The valid range is from 2 to 3600 seconds The default is 260 seconds Max Response Time Specify the amount of time you w...

Page 229: ...plays the VLAN IDs for which the MLD Snooping mode is Enabled Admin Mode Shows the MLD Snooping Mode for the VLAN ID Fast Leave Admin Mode Indicates whether MLD Snooping Fast leave is active on the VLAN Group Membership Interval Shows the amount of time in seconds that a switch will wait for a report from a particular group on a particular interface which is participating in the VLAN before deleti...

Page 230: ...r that multicast group without first sending out MAC based general queries to the interface Enable fast leave admin mode only on VLANs where only one host is connected to each layer 2 LAN port This prevents the inadvertent dropping of the other hosts that were connected to the same layer 2 LAN port but were still interested in receiving multicast traffic directed to that group Group Membership Int...

Page 231: ...tree Figure 152 MLD Snooping Multicast Router Configuration If you enable or disable multicast router configuration on an interface click Submit to apply the new settings to the switch MULTICAST ROUTER STATUS Use the MLD Snooping Multicast Router Status page to view multicast router functionality on selected ports To access this page click LAN Monitoring MLD Snooping Multicast Router Status in the...

Page 232: ...ch MULTICAST ROUTER VLAN STATUS Use the MLD Snooping Multicast Router VLAN Status page to view multicast router settings for VLANs on a specific interface To access the MLD Snooping Multicast Router VLAN Statistics page click LAN Monitoring MLD Snooping Multicast Router VLAN Status in the navigation tree Table 136 MLD Snooping Multicast Router Status Fields Field Description Slot Port Select the s...

Page 233: ...ge contains the following fields Click Refresh to re display the page with the latest information from the router Table 138 MLD Snooping Multicast Router VLAN Status Fields Description Slot Port Select the physical or LAG interface to display VLAN ID If a VLAN is enabled for multicast routing on the interface this field displays its ID Multicast Router Indicates that the multicast router is enable...

Page 234: ... configure related parameters Users must have Read Write access privileges to change the data on this page To access this page click LAN L2 Features MLD Snooping Querier MLD Snooping Querier Configuration in the navigation tree Figure 156 MLD Snooping Querier Configuration Table 139 MLD Snooping Querier Configuration Fields Field Description Snooping Querier Admin Mode Select the administrative mo...

Page 235: ...efresh to display the page with the latest information from the switch To remove a querier from the network select its VLAN ID and click Delete Table 140 MLD Snooping Querier VLAN Configuration Fields Field Description VLAN ID Specifies VLAN ID for which MLD Snooping Querier is to be enabled You can select New Entry to create a new VLAN ID for the MLD Snooping feature Querier Election Participate ...

Page 236: ...Table 141 MLD Snooping Querier VLAN Configuration Summary Fields Field Description VLAN ID Specifies the VLAN ID on which MLD Snooping Querier is administratively enabled Querier Election Participate Mode Displays the querier election participate mode on the VLAN When this mode is disabled up on seeing a query of the same version in the VLAN the snooping querier moves to non querier state When thi...

Page 237: ...ping switch will send out periodic queries with a time interval equal to the configured querier query interval If the snooping switch sees a better querier in the VLAN i e with a numerically lower value it moves to non querier mode Non Querier The snooping switch is in non querier mode in the VLAN If the querier expiry interval timer expires the snooping switch moves into querier mode Disabled The...

Page 238: ...s nor receives LACPDUs PORT CHANNEL CONFIGURATION Use the Port Channel Configuration page to group one or more full duplex Ethernet links to be aggregated together to form a port channel which is also known as a link aggregation group LAG The switch treats the port channel as if it were a single link To access the Port Channel Configuration page click LAN L2 Features Trunking Configuration in the ...

Page 239: ...eans it does not transmit or process received LAGPDUs The member ports do not transmit LAGPDUs and all the LAGPDUs it may receive are dropped A static port channel interface does not require a partner system to be able to aggregate its member ports Disable The port channel is dynamically maintained The interface transmits and processes LAGPDUs and requires a partner system Load Balance Select the ...

Page 240: ...is Port Channel which is one of the following Static The port channel is statically maintained Dynamic The port channel is dynamically maintained Admin Mode Select enable or disable from the pulldown menu When the Port Channel is disabled no traffic will flow and LACPDUs will be dropped but the links that form the Port Channel will not be released The factory default is enable Link State Indicates...

Page 241: ... members of that multicast group This Multicast Support folder contains links to the following pages MFDB Table MFDB GMRP Table MFDB IGMP Snooping Table MFDB Statistics MFDB TABLE Use the MFDB Table page to view the port membership information for all active multicast address entries The key for an entry consists of a VLAN ID and MAC address pair Entries may contain data for more than one protocol...

Page 242: ...he address exists that entry will be displayed An exact match is required MAC Address The multicast MAC address for which you requested data Component This is the component that is responsible for this entry in the Multicast Forwarding Database Possible values are MLD Snooping GMRP IGMP Snooping and Static Filtering Type This displays the type of the entry Static entries are those that are configu...

Page 243: ... table as a result of a learning process or protocol Description The text description of this multicast table entry Possible values are Management Configured Network Configured and Network Assisted Slot Port The list of interfaces that are designated for forwarding Fwd and filtering Flt for the associated address Table 147 MFDB IGMP Snooping Table Fields Field Description MAC Address A VLAN ID mul...

Page 244: ...rding database Stats page to view statistical information about the MFDB table To access the Stats page click LAN Monitoring Multicast Forwarding Database Statistics in the navigation tree Table 148 MLD Snooping Table Fields Field Description MAC Address A VLAN ID multicast MAC address pair for which the switch has forwarding and or filtering information The format is 8 two digit hexadecimal numbe...

Page 245: ...e 149 Multicast Forwarding Database Statistics Fields Field Description Max MFDB Entries Shows the maximum number of entries that the Multicast Forwarding Database table can hold Most MFDB Entries Since Last Reset The largest number of entries that have been present in the Multicast Forwarding Database table since the system was last reset This value is also known as the MFDB high water mark Curre...

Page 246: ... effect chief among the effects is the rapid transitioning of the port to Forwarding The difference between the RSTP and the traditional STP IEEE 802 1D is the ability to configure and recognize full duplex connectivity and ports which are connected to end stations resulting in rapid transitioning of the port to Forwarding state and the suppression of Topology Change Notification These features ar...

Page 247: ...the switch IEEE 802 1D Spanning Tree Protocol STP IEEE 802 1w Rapid Spanning Tree Protocol RSTP IEEE 802 1s Multiple Spanning Tree Protocol MSTP Configuration Name Name used to identify the configuration currently being used It may be up to 32 alphanumeric characters Configuration Revision Level Number used to identify the configuration currently being used The values allowed are between 0 and 655...

Page 248: ...or bridges are running STP each is assigned a priority After exchanging BPDUs the switch with the lowest priority value becomes the root bridge The bridge priority is a multiple of 4096 If you specify a priority that is not a multiple of 4096 the priority is automatically set to the next lowest priority that is a multiple of 4096 For example if the priority is attempted to be set to any value betw...

Page 249: ...port drops the BPDUs received Spanning Tree Tx Hold Count Configure the maximum number of BPDUs the bridge is allowed to send within the hello time window The default value is 6 Bridge Identifier The bridge identifier for the CST It is made up using the bridge priority and the base MAC address of the bridge Time Since Topology Change Displays the total amount of time since the last topographic cha...

Page 250: ...ning Tree MST Configuration Identification in the navigation tree If no MST instances exist or if you select Create from the MST field the MST Configuration Status page looks like the screen in Figure 169 Figure 169 Spanning Tree MST Configuration Status Figure 170 shows an example of the page with an MST instance configured Figure 170 Spanning Tree MST Configuration Status Table 152 Spanning Tree...

Page 251: ...priority is 32768 The valid range is 0 61440 VLAN ID This gives a list box of all VLANs on the switch The VLANs associated with the MST instance which is selected are highlighted on the list These can be selected or unselected for reconfiguring the association of VLANs to MST instances Bridge Identifier The bridge identifier for the selected MST instance It is made up using the bridge priority and...

Page 252: ...TATUS Use the Spanning Tree CST Port Configuration Status page to configure Common Spanning Tree CST and Internal Spanning Tree on a specific port on the switch To display the Spanning Tree CST Port Configuration Status page click LAN L2 Features Spanning Tree CST Port Configuration in the navigation tree Figure 171 Spanning Tree CST Port Configuration Status ...

Page 253: ...e spanning tree It takes a value in the range of 1 to 200000000 Auto calculate External Port Path Cost Displays whether the external path cost is automatically calculated Enabled or not Disabled External Path cost will be calculated based on the link speed of the port if the configured value for External Port Path Cost is zero BPDU Filter Enable or disable the BPDU Filter which filters the BPDU tr...

Page 254: ...e Configuring the auto edge mode of a port allows the port to become an edge port if it does not see BPDUs for some duration The possible values are Enable or Disable Edge Port Indicates whether the port is enabled as an edge port Point to point MAC Derived value of the point to point status Root Guard Configuring the root guard mode sets a port to discard any superior information received by the ...

Page 255: ... the VLAN s associated with the MST Port Priority The priority for a particular port within the MST The port priority is set in multiples of 16 If you specify a value that is not a multiple of 16 the priority is set to the priority is automatically set to the next lowest priority that is a multiple of 16 For example if you set a value between 0 and 15 the priority is set to 0 If you specify a numb...

Page 256: ...rd traffic and learn new MAC addresses Port Role Each MST Bridge Port that is enabled is assigned a Port Role for each spanning tree The port role will be one of the following values Root Port Designated Port Alternate Port Backup Port Master Port or Disabled Port Designated Root Root Bridge for the selected MST instance It is made up using the bridge priority and the base MAC address of the bridg...

Page 257: ...ee Statistics Click Refresh to update the screen with most recent data Table 155 Spanning Tree Statistics Fields Field Description Slot Port Select a physical or port channel interface to view its statistics STP BPDUs Received Number of STP BPDUs received at the selected port STP BPDUs Transmitted Number of STP BPDUs transmitted from the selected port RSTP BPDUs Received Number of RSTP BPDUs recei...

Page 258: ...Note that you can effectively disable dynamic locking by setting the number of allowable dynamic entries to zero Static locking allows you to specify a list of MAC addresses that are allowed on a port The behavior of packets is the same as for dynamic locking only packets with an allowable source MAC address can be forwarded To see the MAC addresses learned on a specific port see Configuring and S...

Page 259: ... Dynamically Learned MAC Addresses Allowed Sets the maximum number of dynamically learned MAC addresses on the selected interface Once the limit is reached no more addresses are learned on the port Any packets with source MAC addresses that were not already learned are discarded You can effectively disable dynamic locking by setting the number of allowable dynamic entries to zero Add a Static MAC ...

Page 260: ...ve the MAC address from the port and apply the new settings to the system The screen refreshes and the MAC address no longer appears in the table on the page Table 157 Port Security Static Fields Field Description Slot Port Select the physical interface or the LAG on which to view the dynamically learned MAC addresses MAC Address This column lists the static MAC addresses if any configured on the ...

Page 261: ...ow many addresses can be learned on the locked port To access the Port Security Dynamic page click LAN Monitoring Port Security Port Security Dynamic in the navigation tree Figure 177 Port Security Dynamic Table 158 Port Security Dynamic Fields Field Description Slot Port Select the physical interface or the LAG on which to view the dynamically learned MAC addresses MAC Address This column lists t...

Page 262: ...ation Status page click LAN Monitoring Port Security Port Security Violation in the navigation tree Figure 178 Port Security Violation Status Table 159 Port Security Violation Status Fields Field Description Slot Port Select the physical interface or the LAG on which to view security violation information Last Violation MAC Address Displays the source MAC address of the last packet that was discar...

Page 263: ...are disabled on all ports The application is responsible for starting each transmit and receive state machine appropriately based on the configured status and operational state of the port D Link allows LLDP to have multiple LLDP neighbors per interface The number of such neighbors is limited by the memory constraints A product specific constant defines the maximum number of neighbors supported by...

Page 264: ...ick Submit to apply the new settings to the system Table 160 LLDP Global Configuration Fields Field Description Transmit Interval Specifies the interval at which LLDP frames are transmitted The default is 30 seconds and the valid range is 1 32768 seconds Transmit Hold Multiplier Specifies multiplier on the transmit interval to assign to TTL The default is 4 and the range is 2 10 Re Initialization ...

Page 265: ...ve LLDP PDUs The default is disabled Notify When notifications are enabled LLDP interacts with the Trap Manager to notify subscribers of remote data change statistics The default is disabled Transmit Management Information Select the check box to enable the transmission of management address instance Clear the check box to disable management information transmission The default is disabled Optiona...

Page 266: ...ption Interface Displays all the ports on which LLDP 802 1AB can be configured Link Status Displays whether the link status of the ports is up or down Transmit Displays the LLDP 802 1AB transmit mode of the interface Receive Displays the LLDP 802 1AB receive mode of the interface Notify Displays the LLDP 802 1AB notification mode of the interface Optional TLV s Shows the LLDP 802 1AB optional type...

Page 267: ...articular MAC Service Access Point MSAP has been deleted from the tables associated with the remote systems Total Drops Displays the number of times a complete set of information advertised by a particular MAC Service Access Point MSAP could not be entered into tables associated with the remote systems because of insufficient resources Total Ageouts Displays the number of times a complete set of i...

Page 268: ...er of age outs that occurred on a given port An age out is the number of times the complete set of information advertised by a particular MAC Service Access Point MSAP has been deleted from tables associated with remote entries because the information timeliness interval had expired TLV Discards Displays the number of LLDP TLVs Type Length Value sets discarded for any reason by the LLDP agent on t...

Page 269: ...nent associated with the local system Port ID Subtype Displays the string describing the source of the port identifier Port ID Identifies the physical address of the port System Name Displays the system name of the local system System Description Displays the description of the selected port associated with the local system Port Description Displays the user defined description of the port System ...

Page 270: ...te device the following fields display Remote ID Displays the remote client identifier assigned to the remote system Chassis ID Subtype Identifies the type of data displayed in the Chassis ID field on the remote system Chassis ID Identifies the chassis component associated with the remote system Port ID Subtype Identifies the type of data displayed in the remote system s Port ID field Port ID Iden...

Page 271: ...ice Summary Click Refresh to update the information on the screen with the most current data Table 167 LLDP Remote Device Summary Columns Field Description Local Interface Shows the slot port on the local system that can receive LLDP frames advertised by a remote system Chassis ID Identifies the chassis component associated with the remote system Port ID Identifies the physical address of the port...

Page 272: ... Local Device Information LLDP MED Remote Device Information LLDP MED Global Configuration Use this page to set global parameters for LLDP MED operation To display this page click LAN L2 Features LLDP LLDP MED Global Configuration in the navigation tree Figure 187 LLDP Global Configuration Click Submit to updated the switch The changes take effect but will not be retained across a power cycle unle...

Page 273: ...ay the summary of All interfaces The summary of individual interfaces is visible from the Interface Configuration page The Interface Configuration page for the All option will always display the LLDP MED mode and notification mode as disabled and check boxes for Transmit TLVs will always be unchecked LLDP MED Mode Enables or disables LLDP MED mode for the selected interface By enabling MED you wil...

Page 274: ...LLDP MED information advertised on the selected local interface To display this page click LAN Monitoring LLDP Status LLDP MED Local Device Information in the navigation tree Table 170 LLDP MED Interface Summary Fields Field Description Interface Specifies all the ports on which LLDP MED can be configured Link Status Specifies the link status of the ports as Up Down MED Status Specifies the transm...

Page 275: ...s been transmitted only then would this information be displayed Vlan Id Specifies the VLAN id associated with a particular policy type Priority Specifies the priority associated with a particular policy type DSCP Specifies the DSCP associated with a particular policy type Unknown Bit Status Specifies the unknown bit associated with a particular policy type Tagged Bit Status Specifies the tagged b...

Page 276: ...this port Priority Specifies PSE port power priority Extended PoE PD Specifies if extended PD TLV is present in LLDP frame Required Specifies required power device power value in tenths of watts on the port of local device Source Specifies power source of this port Priority Specifies PD port power priority Table 172 LLDP MED Local Device Information Fields Field Description Local Interface Specifi...

Page 277: ...ardware Revisions Specifies hardware version of the remote device Firmware Revisions Specifies firmware version of the remote device Software Revisions Specifies software version of the remote device Serial Number Specifies serial number of the remote device Manufacturer Name Specifies manufacturer s name of the remote device Model Name Specifies model name of the remote device Asset ID Specifies ...

Page 278: ...D Link Unified Access System Software User Manual 12 10 09 Page 278 Managing LLDP Document 34CSFP6XXUWS SWUM100 D7 ...

Page 279: ... address with a layer 3 IPv4 address D Link software features both dynamic and manual ARP configuration With manual ARP configuration you can statically add entries into the ARP table ARP is a necessary part of the internet protocol IP and is used to translate an IP address to a media MAC address defined by a local area network LAN such as Ethernet A station needing to send an IP packet must learn...

Page 280: ...eb pages that configure and display ARP detail ARP Create ARP Table Configuration ARP CREATE Use the ARP Create page to add an entry to the Address Resolution Protocol table To display the page click LAN L3 Features ARP ARP Create in the navigation tree Figure 192 ARP Create After you enter an IP address and the associated MAC address click Submit to apply the changes to the system and create the ...

Page 281: ...s Enter the value you want the switch to use for the ARP response timeout You must enter a valid integer which represents the number of seconds the switch waits for a response to an ARP request The range for this field is 1 to 10 seconds The default value for Response Time is 1 second Retries Enter an integer which specifies the maximum number of times an ARP request is retried The range for this ...

Page 282: ...ntries All Dynamic and Gateway Entries Specific Dynamic Gateway Entry Specific Static Entry Remove IP Address This field appears only if you select Specific Dynamic Gateway Entry or Specific Static Entry in the Remove from Table menu This field allows you to enter the IP Address against the entry that is to be removed from the ARP Table Table 175 ARP Table Fields Field Description IP Address The I...

Page 283: ...if a TTL value is not supplied by the transport layer protocol Routing Mode Select Enable or Disable from the dropdown menu You must enable routing for the switch before you can route through any of the interfaces Routing is also enabled or disabled per VLAN interface The default value is Disable ICMP Echo Replies Select Enable or Disable from the dropdown menu If you select Enable then only the r...

Page 284: ...t Burst Size To control the ICMP error packets you can specify the number of ICMP error packets that are allowed per burst interval By default the burst size is 100 packets When the burst interval is zero then configuring this field is not a valid option The valid burst size range is 1 to 200 Maximum Next Hops The maximum number of hops supported by the switch This is a read only value Table 176 I...

Page 285: ...k and defines the portion of the interface s IP address that is used to identify the attached network Routing Mode Setting this Enables or Disables routing for an interface By default routing is disabled on port based routing interfaces and enabled on VLAN based routing interfaces Administrative Mode The Administrative Mode of the interface The default value is Enable Link Speed Data Rate An integ...

Page 286: ... to the interface configuration MAC Address The burned in physical address of the specified interface The format is six two digit hexadecimal numbers separated by colons for example 00 06 29 32 81 40 This value is valid for physical interfaces For logical interfaces such as VLAN routing interfaces the field displays the system MAC address Encapsulation Type Select the link layer encapsulation type...

Page 287: ...o cancel the configuration on the screen and reset the data on the screen to the latest value of the switch IP STATISTICS The statistics reported on the IP Statistics page are as specified in RFC 1213 To display the page click LAN Monitoring L3 Status IP Statistics in the navigation tree Figure 197 IP Statistics Field Description Slot Port The interface for which data is to be displayed or configu...

Page 288: ...e assembly IpInDelivers The total number of input datagrams successfully delivered to IP user protocols including ICMP IpOutRequests The total number of IP datagrams which local IP user protocols including ICMP supplied to IP in requests for transmission Note that this counter does not include any datagrams counted in ipForwDatagrams IpOutDiscards The number of output IP datagrams for which no pro...

Page 289: ...f ICMP Timestamp Reply messages received IcmpInAddrMasks The number of ICMP Address Mask Request messages received IcmpInAddrMaskReps The number of ICMP Address Mask Reply messages received IcmpOutMsgs The total number of ICMP messages which this entity attempted to send Note that this counter includes all those counted by icmpOutErrors IcmpOutErrors The number of ICMP messages which this entity d...

Page 290: ...onfigured destination The server responds with a unicast BOOTREPLY addressed to the relay agent closest to the client as indicated by giaddr field Upon reception of the BOOTREPLY from the server the agent forwards this reply as broadcast or unicast on the interface that had received the BOOTREQUEST This interface can be identified by giaddr field The Unified Switch also supports DHCP relay agent o...

Page 291: ...IP address of the BOOTP DHCP server or the IP address of the next BOOTP DHCP Relay Agent Note This configuration is deprecated Use Helper IP Interface Configuration on page 286 to achieve the same functionality Admin Mode Select Enable or Disable from the dropdown menu When you select Enable BOOTP DHCP requests are forwarded to the IP address you entered in the Server IP address field Minimum Wait...

Page 292: ...uests are forwarded to the IP address you entered in the Server IP address field Minimum Wait Time secs The Minimum time in seconds This value is compared to the time stamp in the client s request packets which should represent the time since the client was powered up Packets are only forwarded when the time stamp exceeds the minimum wait time Circuit ID Option Mode This is the Relay agent option ...

Page 293: ...route table the router may modify delete or add the route to its route table The L3 Features RIP menu page contains links to the following web pages that configure and display RIP parameters and data RIP Configuration RIP Interface Summary RIP Interface Configuration RIP Interface Summary RIP Route Redistribution Summary RIP CONFIGURATION Use the RIP Configuration page to enable and configure or d...

Page 294: ...oison Reverse A route is included in updates sent to the router from which it was learned but the metric is set to infinity Auto Summary Mode Select Enable or Disable from the dropdown menu If you select Enable groups of adjacent routes are summarized into single entries in order to reduce the total number of entries The default is Disable Host Routes Accept Mode Select Enable or Disable from the ...

Page 295: ...version 1 or version 1c on an interface you must first enable network directed broadcast mode on the corresponding interface The default value is Disable Authentication Type You may select an authentication type other than None by clicking the Modify button You then see a new screen where you can select the authentication type from the dropdown menu Possible values are None This is the initial int...

Page 296: ...Y Use the RIP Interface Summary page to display RIP configuration status on an interface To display the page click LAN Monitoring L3 Status RIP Interface Summary in the navigation tree Figure 203 RIP Interface Summary Table 184 RIP Interface Summary Fields Field Description Slot Port The interface such as the routing enabled VLAN on which RIP is enabled IP Address The IP Address of the router inte...

Page 297: ...ted packets are received Both packets are received in either format None no RIP control packets are received RIP Admin Mode Specifies whether RIP is Enabled or Disabled on the interface Link State Specifies whether the RIP interface is up or down Table 185 RIP Route Redistribution Configuration Fields Field Description Configured Source If any Source Routes have already been configured for redistr...

Page 298: ... the destination of the route The destination netmask in the access list serves as a wildcard mask indicating which bits in the route s destination mask are significant for the filtering operation If you make changes to the page click Submit to apply the changes to the system To delete a configured route click Delete RIP ROUTE REDISTRIBUTION SUMMARY Use the RIP Route Redistribution Summary page to...

Page 299: ... Routing Router Discovery folder contains links to the following web pages that configure and display Router Discovery data Router Discovery Configuration Router Discovery Status ROUTER DISCOVERY CONFIGURATION Use the Router Discovery Configuration page to enter or change Router Discovery parameters To display the page click LAN L3 Features Router Discovery Configuration in the navigation tree Fig...

Page 300: ... be used to advertise the router Maximum Advertise Interval secs Enter the maximum time in seconds allowed between router advertisements sent from the interface Minimum Advertise Interval secs Enter the minimum time in seconds allowed between router advertisements sent from the interface Advertise Lifetime secs Enter the value in seconds to be used as the lifetime field in router advertisements se...

Page 301: ...port To display the page click LAN L3 Features Router Discovery Status in the navigation tree Figure 207 Router Discovery Status Table 188 Router Discovery Status Fields Field Description Slot Port The router interface for which data is displayed Advertise Mode The values are Enable or Disable Enable denotes that Router Discovery is enabled on that interface Advertise Address The IP Address used t...

Page 302: ...information To display the page click LAN Monitoring L3 Status Route Table in the navigation tree Figure 208 Route Table Maximum Advertise Interval secs The maximum time in seconds allowed between router advertisements sent from the interface Minimum Advertise Interval secs The minimum time in seconds allowed between router advertisements sent from the interface Advertise Lifetime secs The value i...

Page 303: ...ork Protocol This field tells which protocol created the specified route The possibilities are one of the following Local Static Default RIP Next Hop Slot Port The outgoing router interface to use when forwarding traffic to the destination Next Hop IP Address The outgoing router IP address to use when forwarding traffic to the next router if any in the path towards the destination The next router ...

Page 304: ...n tree Figure 209 Best Routes Table Click Refresh to update the information on the screen Table 190 Best Routes Table Fields Field Description Total Number of Routes The total number of routes in the route table Network Address The IP route prefix for the destination Subnet Mask Also referred to as the subnet network mask this indicates the portion of the IP interface address that identifies the a...

Page 305: ... IP Address field Static Enter values for Network Address Subnet Mask Next Hop IP Address and Preference Static Reject Packets to these destinations will be dropped If you select Static as the route type the screen refreshes and additional fields appear as Figure 213 shows Table 191 Configured Routes Fields Field Description Network Address The IP route prefix for the destination Subnet Mask Also ...

Page 306: ...his indicates the portion of the IP interface address that identifies the attached network Protocol This field tells which protocol created the specified route Possible values are Local Static Default RIP Next Hop IP Address The outgoing router IP address to use when forwarding traffic to the next router if any in the path towards the destination The next router is always one of the adjacent neigh...

Page 307: ...r Page 307 4 Click Submit The new route is added and you are returned to the Configured Routes page Deleting a Route Click Delete to remove a configured route Route Type Specifies whether the route is to be a Default route or a Static route Table 192 Route Entry Create Fields Cont Field Description ...

Page 308: ...e lowest preference value When there are multiple routes to a destination the preference values are used to determine the preferred route To display the page click LAN L3 Features Router Route Preferences Configuration in the navigation tree Figure 214 Route Preferences Configuration If you make changes to the page click Submit to apply the changes to the system Table 193 Route Preferences Configu...

Page 309: ...d on a routed VLAN Since a port can be configured to belong to more than one VLAN VLAN routing might be enabled for all of the VLANs on the port or for a subset VLAN Routing can be used to allow more than one physical port to reside on the same subnet It could also be used when a VLAN spans multiple physical networks or when additional segmentation or security is required This section shows how to...

Page 310: ...ete the selected VLAN routing interface Table 194 VLAN Routing Configuration Fields Field Description VLAN ID Enter the ID of a VLAN to configure for VLAN Routing Initially the field will display the ID of the first VLAN After you enter a new VLAN ID and click Create the non configurable data will be displayed Slot Port The logical slot and port number assigned to the VLAN Routing Interface MAC Ad...

Page 311: ...AN whose data is displayed in the current table row Slot Port The logical slot and port number assigned to the VLAN Routing Interface MAC Address The MAC Address assigned to the VLAN Routing Interface IP Address The configured IP Address of the VLAN Routing Interface Note that if a VLAN is created and the IP address is not configured the page by default shows an IP address of 0 0 0 0 To configure ...

Page 312: ...the event that the VRRP Router controlling these IP Addresses formally known as the Master fails the group of IP Addresses and the default forwarding role is taken over by a Backup VRRP Router The LAN L3 Features VRRP folder and LAN Monitoring L3 Status folder contain links to the following web pages that configure and display VRRP parameters and data VRRP Configuration Virtual Router Configuratio...

Page 313: ... or Disable from the dropdown menu If you select Enable a backup router preempts the master router if it has a priority greater than the master virtual router s priority provided that the master is not the owner of the virtual router s IP address The default is Enable Configured Priority Enter the priority value to be used by the VRRP router in the election for the master virtual router If the Vir...

Page 314: ... secondary IP address Click Cancel to return to the Virtual Router Configuration page Creating a New Virtual Router 1 From the Virtual Router Configuration page select Create from the VRID and Slot Port menu 2 Specify the VRID the virtual router address and the interface for the new virtual router 3 Define the remaining fields as needed 4 Click Create to apply the changes to the system The new vir...

Page 315: ...e Tracking page Click Submit to apply the new configuration Configuration changes take effect immediately These changes will not be retained across a power cycle unless a Save configuration is performed Click Refresh to refresh the page with the most current data from the switch Click Cancel to return to the Virtual Router Configuration page Table 198 VRRP Interface Tracking Configuration Fields F...

Page 316: ... Configuration to track specific route IP states within the router that can alter the priority level of a virtual router for a VRRP group To display the page click LAN L3 Features VRRP Virtual Router Configuration in the navigation tree then click the Track Route button Figure 221 VRRP Route Tracking Configuration Table 199 VRRP Track Interface Fields Field Description Slot Port The interface asso...

Page 317: ... 200 VRRP Route Tracking Configuration Fields Field Description Slot Port The interface associated with the Virtual Router ID Virtual Router ID The Virtual Router ID for which tracking data is to be displayed S No The serial number for this row Tracking Route Pfx The prefix of the tracked route Tracking Route PfxLen The prefix length of the tracked route Priority Decrement Enter the priority decre...

Page 318: ...e If the Virtual Router is a backup router it does not preempt the master router even if its priority is greater Advertisement Interval secs The time in seconds between the transmission of advertisement packets by this virtual router Virtual IP Address The IP Address associated with the Virtual Router Interface IP Address The actual IP Address associated with the interface used by the Virtual Rout...

Page 319: ...g L3 Status Virtual Router Statistics in the navigation tree Figure 224 shows the fields on the Virtual Router Statistics page for a switch that has one or more virtual routers configured Figure 224 Virtual Router Statistics Virtual Router Configured The Virtual Router Statistics page contains the fields listed below Many of the fields display only when there is a valid VRRP configuration Status T...

Page 320: ...rtisements received by this virtual router Advertisement Interval Errors The total number of VRRP advertisement packets received for which the advertisement interval was different than the one configured for the local virtual router Authentication Failure The total number of VRRP packets received that did not pass the authentication check IP TTL Errors The total number of VRRP packets received by ...

Page 321: ...e existing active interfaces Thus given reachability from a remote client the address of the loopback can be used to communicate with the router through various services such as telnet and SSH In this way the address on a loopback behaves identically to any of the local addresses of the router in terms of the processing of incoming packets The LAN L3 Features Loopbacks folder and LAN Monitoring L3...

Page 322: ...Pv4 or IPv6 to configure the corresponding attributes on the loopback interface The protocol selected affects the fields that are displayed on this page IPv4 Address The primary IPv4 address for this interface in dotted decimal notation This option only displays when the Protocol specified is IPv4 IPv4 Subnet Mask The primary IPv4 subnet mask for this interface in dotted decimal notation This opti...

Page 323: ...k the Add Secondary button The secondary address is saved and the web page reappears showing the primary and secondary loopback addresses Configuring an Existing Loopback 1 Open the Loopback Configuration page 2 Specify the loopback to configure in the Loopback menu 3 Change field values as desired in the remaining fields 4 Click Apply Changes The new configuration is saved and the device is updat...

Page 324: ...ry of configured loopbacks To display the page click LAN Monitoring L3 Status Loopback Summary in the navigation tree Figure 228 Loopbacks Summary Click Refresh to update the information on the screen Table 206 Loopbacks Summary Fields Field Description Loopback Interface The ID of the configured loopback interface Addresses A list of the addresses configured on the loopback interface ...

Page 325: ...a packet is queued for transmission in a port the rate at which it is serviced depends on how the queue is configured and possibly the amount of traffic present in the other queues of the port If a delay is necessary packets get held in the queue until the scheduler authorizes the queue for transmission As queues become full packets have no place to be held for transmission and get dropped by the ...

Page 326: ...Add a policy to an inbound interface Packets are classified and processed based on defined criteria The classification criteria is defined by a class The processing is defined by a policy s attributes Policy attributes may be defined on a per class instance basis and it is these attributes that are applied when a match occurs A policy can contain multiples classes When the policy is active the act...

Page 327: ...isplay the page click LAN Quality of Service Differentiated Services Diffserv Configuration in the navigation menu Figure 229 Diffserv Configuration If you change the DiffServ admin mode click Submit to apply the change to the system Table 207 Diffserv Configuration Fields Field Description Diffserv Admin Mode Turns admin mode on and off The default value is Enable While disabled the DiffServ conf...

Page 328: ...e match criteria in a class The logic is a Boolean logical AND for this criteria To display the page click LAN QoS Differentiated Services Class Configuration in the navigation menu The fields available on the Class Configuration page depend on whether you create a new class or configure a class that has already been created Figure 230 shows the Class Configuration page when the Class Selector opt...

Page 329: ...packets are matched to the rule The valid range is 0 65535 Any All packets are considered to match the specified class and no additional input information is needed IP DSCP Matches the packet s DSCP to the class criteria s when selected Select the DSCP type from the menu or enter a DSCP value to match If you select Other enter a custom value in the DSCP Value field that appears The valid range is ...

Page 330: ...e policy statements To display the page click LAN QoS Differentiated Services Policy Configuration in the navigation menu The fields available on the Policy Configuration page depend on whether you create a new class or configure a class that has already been created Class Match Selector cont IPv4 EtherType Requires a frames Ethertype to match the Ethertype listed you select Table 208 Diffserv Cla...

Page 331: ...t it from the menu and then click Delete Policy Name If you select Create from the Policy Selector menu enter a name to associate with the class es The name is a case sensitive alphanumeric string from 1 to 31 characters uniquely identifying a policy To modify the name of an existing policy select it from the Policy Selector menu and enter a new name in the Policy Name field and then click Rename ...

Page 332: ...le entering an appropriate value Table 210 describes all fields available on these pages Member Class List The menu lists all DiffServ classes that have been added to the policy names To remove a DiffServ class from a policy select the name of the class from the list and then click Remove Selected Class This list is automatically updated as a new class is added or removed from the policy Table 210...

Page 333: ...tream with the IP Precedence value you enter in the IP Precedence Value field Police Simple Use this attribute to establish the traffic policing style for the specified class The simple form of the police command uses a single data rate and burst size resulting in two outcomes conform and violate The conforming data rate is specified in kilobits per second Kbps and is an integer from 1 to 42949672...

Page 334: ... are marked by DiffServ with the specified IP Precedence value before being presented to the system forwarding element This selection requires that the Mark IP Precedence value field be set Send default These packets are presented unmodified by DiffServ to the system forwarding element Table 211 Service Configuration Fields Field Description Slot Port Selects the interface physical LAG or All to b...

Page 335: ...llowing features Mapping 802 1p Priority Trust Mode Configuration IP DSCP Mapping Configuration CoS Interface Configuration CoS Interface Queue Configuration Configuring Auto VoIP MAPPING 802 1P PRIORITY The IEEE 802 1p feature allows traffic prioritization at the MAC level The switch can prioritize traffic based on the 802 1p tag attached to the L2 frame Each port on the switch has multiple queue...

Page 336: ... trust any incoming packet priority designation and uses the port default priority value instead All packets arriving at the ingress of an untrusted port are directed to a specific CoS queue on the appropriate egress port s in accordance with the configured default priority of the ingress port This process is also used for cases where a trusted port mapping is unable to be honored such as when a n...

Page 337: ...ription Slot Port The menu contains all CoS configurable interfaces Select the Global option to apply the same trust mode to all interfaces Select an individual interface from the menu to override the global settings on a per interface basis Interface Trust Mode Specifies whether or not an interface or all interfaces if the Slot Port field is set to Global trust a particular packet marking when th...

Page 338: ...uration page to apply an interface shaping rate to all ports or to a specific port To display the CoS Interface Configuration page click LAN QoS Class of Service CoS Interface Configuration in the navigation menu Table 214 IP DSCP Mapping Configuration Fields Field Description Slot Port The menu contains all CoS configurable interfaces The only option is Global which means that the IP DSCP mapping...

Page 339: ... CoS configurable interface to be affected by the Interface Shaping Rate Select Global to apply a rate to all interfaces Select an individual port to override the global setting Interface Shaping Rate Sets the limit on how much traffic can leave a port The limit on maximum transmission bandwidth has the effect of smoothing temporary traffic bursts over time so that the transmitted traffic rate is ...

Page 340: ...LAG or Global to configure Minimum Bandwidth Allocated Shows the sum of individual Minimum Bandwidth values for all queues in the interface The sum cannot exceed the defined maximum of 100 This value is considered while configuring the Minimum Bandwidth for a queue in the selected interface Queue ID Use the menu to select the queue per interface to be configured Minimum Bandwidth Specify the minim...

Page 341: ... interface To reset the defaults for all interfaces select Global from the Slot Port menu before you click the button Queue Management Type Displays the type of queue depth management techniques used for all queues on this interface Queue Management Type can only be Taildrop The default value is Taildrop All packets on a queue are safe until congestion occurs At this point any additional packets q...

Page 342: ...ol protocols Session Initiation Protocol SIP H 323 Skinny Client Control Protocol SCCP When a call control protocol is detected the switch assigns the traffic in that session to the highest CoS queue which is generally used for time sensitive traffic AUTO VOIP CONFIGURATION Use the Auto VoIP Configuration page to configure the Auto VoIP settings To display the Auto VoIP Configuration page click LA...

Page 343: ...are User Manual D Link Unified Access System 12 10 09 Document 34CSFP6XXUWS SWUM100 D7 Configuring Auto VoIP Page 343 is performed Click Refresh to update the page with the most current data from the switch ...

Page 344: ...ch types of traffic are forwarded or blocked and above all provide security for the network D Link software supports IPv4 and MAC ACLs The total number of MAC and IP ACLs supported by D Link software is 100 The Access Control Lists folder contains links to the following folders and web pages IP Access Control Lists MAC Access Control Lists ACL Interface Configuration You first create an IPv4 based...

Page 345: ...er 20 can receive TCP packets However if a UDP packet is received the packet is dropped The IP Access Control List folder contains links to the following web pages that allow you to configure and view IP ACLs IP ACL Configuration IP ACL Rule Configuration First you use the IP ACL Configuration page to define the IP ACL type and assign an ID to it Then you use the IP ACL Rule Configuration page to ...

Page 346: ...e field Figure 243 shows the fields available when Create Rule is selected in the Rule field Table 218 IP ACL Configuration Fields Field Description IP ACL Select a type of ACL to create or select an existing ACL to delete from the dropdown menu You can create the following types of IP ACLs Standard IP ACL Allows you to permit or deny traffic from a source IP address Extended IP ACL Allows you to ...

Page 347: ...ule Configuration Extended ACL Rule Table 219 shows all possible fields on the IP ACL Rule Configuration page The actual fields available on the page depend on what type of rule you configure whether you create a new rule or modify an existing rule and whether the rule action is Permit or Deny Table 219 IP ACL Rule Configuration Fields Field Description IP ACL The menu contains the existing IP ACL...

Page 348: ...s field is only visible when the Action is Permit Use this field to specify the specific egress interface where the matching traffic stream is copied in addition to being forwarded normally by the device Click Configure and then select an interface from the dropdown list Packets that meet the rule are mirrored on the interface you select Click Submit or Cancel to return to the Rule Configuration p...

Page 349: ... Source L4 Keyword Select the desired L4 keyword from a list of source ports on which the rule can be based If you select a keyword other than Other the screen refreshes and the Source L4 Port Number field disappears Source L4 Port Number If the source L4 keyword is Other enter a user defined Port ID by which packets are matched to the rule Destination IP Address Requires a packet s destination po...

Page 350: ...P DSCP is selected by selecting one of the DSCP keyword values from a menu If a value is to be selected by specifying its numeric value then select the Other option in the menu and a text box will appear where you can enter the numeric value of the DSCP IP Precedence The IP Precedence field in a packet is defined as the high order three bits of the Service Type octet in the IP header This is an op...

Page 351: ...e not checked for a match On this menu the interfaces to which an MAC ACL applies must be specified Rules for the MAC ACL are specified created using the MAC ACL Rule Configuration menu This folder links to the following pages MAC ACL Configuration MAC ACL Rule Configuration First you use the MAC ACL Configuration page to define the ACL type and assign an ID to it Then you use the MAC ACL Rule Con...

Page 352: ... The access list definition includes rules that specify whether traffic matching the criteria is forwarded normally or discarded A default deny all rule is the last rule of every list To display the MAC ACL Rule Configuration page click LAN QoS Access Control Lists MAC Access Control Lists Rule Configuration in the navigation menu The fields available on the page depend on whether the rule action ...

Page 353: ...ion Deny Action Figure 248 shows the fields available when you create a rule for a MAC ACL Figure 248 MAC ACL Rule Configuration Permit Action Table 221 shows all possible fields on the MAC ACL Rule Configuration page The actual fields available on the page depend on whether you create a new rule or modify an existing rule and whether the rule action is Permit or Deny ...

Page 354: ... Requires a packet to match the criteria of this ACL Click Configure and then select True or False from the dropdown list Then click Submit or Cancel to return to the Rule Configuration page Match Every is exclusive to the other filtering rules so if Match Every is True the other rules on the screen do not appear False indicates that it is not mandatory for every packet to match the selected ACL R...

Page 355: ...e To display the ACL Interface Configuration page click LAN QoS Access Control Lists Interface Configuration in the navigation menu Ethertype User Value This field only appears if you select User Value from the EtherType dropdown list The value you enter specifies a customized Ethertype to compare against an Ethernet frame The valid range of values is 0x0600 to 0xFFFF Source MAC Address Requires a...

Page 356: ...filtering means the system applies the ACL rules to packets as they enter the interface ACL Type Use the menu to select the ACL type to which incoming packets are matched Packets can be matched to IP or MAC based ACLs IP MAC ACL Select the ACL of the specified type to apply to the interface from the dropdown menu Sequence Number Assigns the priority of this ACL If more than one ACL is applied to a...

Page 357: ...g Access Control Lists Page 357 Removing an ACL from an Interface If an ACL is bound to an interface the Remove button appears on the page when you select the interface from the Slot Port menu To remove the ACL from the interface select the type of ACL to remove and its ID or name and then click Remove ...

Page 358: ...D Link Unified Access System Software User Manual 12 10 09 Page 358 Configuring Access Control Lists Document 34CSFP6XXUWS SWUM100 D7 ...

Page 359: ...base of authorized Captive Portal users before access is granted The database can be stored locally on the switch or on a RADIUS server The Captive Portal folder contains links to the following pages that help you view and configure system Captive Portal settings Captive Portal Global Configuration CP Configuration Local User Interface Association CP Global Status Interface Status Client Connectio...

Page 360: ...ional port for HTTP traffic Enter a port number between 0 65535 excluding ports 80 443 and the configured switch management secure port Additional HTTP Secure Port HTTP traffic over SSL HTTPS uses port 443 but you can configure an additional port for HTTPS traffic Enter a port number between 0 65535 excluding ports 80 443 and the configured switch management secure port Peer Switch StatisticsRepor...

Page 361: ...curity Captive Portal CP Configuration Figure 251 Captive Portal Summary To create a CP configuration enter the configuration name in the text box and click Add After you add the configuration the CP Configuration page for that configuration appears and a new tab with the name of that configuration is created To delete an existing CP select the check box for the CP to remove and then click Delete ...

Page 362: ...settings Figure 252 Captive Portal Configuration Table 225 describes the fields on the CP Configuration page Verification Specifies which type of user verification to perform Guest The user does not need to be authenticated by a database Local The switch uses a local database to authenticated users RADIUS The switch uses a database on a remote RADIUS server to authenticate users To configure autho...

Page 363: ...irect Mode is enabled RADIUS Auth Server If the verification mode is RADIUS click the button and select the name of the RADIUS server used for client authentications The switch acts as the RADIUS client and performs all RADIUS transactions on behalf of the clients To configure RADIUS server information go to LAN Security RADIUS RADIUS Authentication Server Configuration Idle Timeout Enter the numb...

Page 364: ...vailable on the CP WEB Customization page depend on the category you select from the menu After you modify the fields within a category make sure you click Submit before you select a different category otherwise your changes are not saved To see an example of the Authentication Welcome Logout or Logout Success page click Preview The page opens in a new browser window To configure the portal users ...

Page 365: ... D Link Unified Access System 12 10 09 Document 34CSFP6XXUWS SWUM100 D7 Captive Portal Configuration Page 365 Figure 253 CP Web Page Customization Global Parameters Figure 254 CP Web Page Customization Authentication page ...

Page 366: ...d Access System Software User Manual 12 10 09 Page 366 Captive Portal Configuration Document 34CSFP6XXUWS SWUM100 D7 Figure 255 CP Web Page Customization Welcome Page Figure 256 CP Web Page Customization Logout Page ...

Page 367: ...age to select it To specify that no background image is to be used select No Selection Branding Image Select the name of the image file to display on the top left corner of the page This image is used for branding purposes such as the company logo Use the drop down menu to display the file names of the available images Click the button to display the available images Click the image to select it T...

Page 368: ...to display that instructs users to authenticate This text appears under the button Denied Message Enter the text to display when the user does not provide valid authentication information This message displays after the user clicks the button to connect to the network Resource Message Enter the text to display when the system has rejected authentication due to system resource limitations This mess...

Page 369: ...ge title This is the text that identifies the page Instructional Text Enter the detailed text to display that confirms that the user has been authenticated and instructs the user how to deauthenticate Button Label Enter the text to display on the button the user clicks to deauthenticate Confirmation Text Enter the detailed text to display that prompts users to confirm the deauthentication process ...

Page 370: ... for the new user return to the Local User Summary page and click the name of the new user The captive portal Global Status page displays the maximum number of users the Local User database supports Figure 259 Adding a New User The following table describes the fields available when you add a new user to the local CP database After you complete the fields click Add to add the user and return to th...

Page 371: ...r group by default Table 229 Local User Configuration Field Description User Name Enter the name of the user Password Enter a password for the user The password length can be from 8 to 64 characters User Group Assign the user to at least one User Group To assign a user to more than one group press the Ctrl key and click each group New users are assigned to the 1 Default user group by default Sessi...

Page 372: ...ve when using the captive portal After this limit has been reached the user will be disconnected Max Transmit Enter the maximum number of bytes that the user is allowed to transmit when using the captive portal After this limit has been reached the user will be disconnected Max Total Enter the maximum number of bytes the user is allowed to transfer sum of bytes transmitted and received After this ...

Page 373: ...is 0 or not present then use the value configured for the captive portal Integer Optional D Link Max Output Octets 171 125 Maximum number of octets the user is allowed to receive After this limit has been reached the user will be disconnected If the attribute is 0 or not present then use the value configured for the captive portal Integer Optional D Link Max Total Octets 171 126 Maximum number of ...

Page 374: ...e interfaces 3 Click Delete The interface is removed from the Associated Interface list and appears in the Interface List Table 231 Global Captive Portal Configuration Field Description CP Configuration Lists the captive portals configured on the switch by number and name Associated Interfaces Lists the interfaces that are currently associated with the selected captive portal Wireless interfaces a...

Page 375: ...al Status Shows whether the CP feature is enabled CP Global Disable Reason Indicates the reason for the CP to be disabled which can be one of the following None Administratively Disabled No IPv4 Address Routing Enabled but no IPv4 routing interface Supported Local Users Shows the number of entries that the Local User database supports Configured Local Users Shows the number of users configured in ...

Page 376: ...dicates whether the captive portal is enabled or disabled Disable Reason If the captive portal is disabled then this field indicates the reason The portal instance may be disabled for the following reasons None CP is enabled Administratively Disabled RADIUS Authentication mode enabled but RADIUS server is not defined Not associated with any interfaces The associated interfaces do not exist or do n...

Page 377: ...e Interface Capability Status page contains information about interfaces that can have CPs associated with them The page also contains status information for various capabilities Specifically this page indicates what services are provided through the CP to clients connected on this interface The list of services is determined by the interface capabilities Table 234 Interface Activation Status Fiel...

Page 378: ...onnected through the captive portal From this page you can manually force the captive portal to disconnect one or more authenticated clients The list of wireless clients is sorted by client MAC address Table 235 Interface and Capability Status Parameter Description Bytes Received Counter Shows whether the interface supports displaying the number of bytes received from each client Bytes Transmitted...

Page 379: ...e To force the captive portal to disconnect an authenticated client select the check box next to the client MAC address and click Delete To disconnect all clients from all captive portals click Delete All Viewing Client Details The Client Detail page shows detailed information about each client connected to the network through a captive portal Table 236 Client Summary Field Description MAC Address...

Page 380: ...ing Protocol Shows the current connection protocol which is either HTTP or HTTPS Session Time Shows the amount of time that has passed since the client was authorized Switch Type Shows whether the switch handling authentication for this client is the local switch or a peer switch in the cluster User Name Displays the user name or Guest ID of the connected client Interface Identifies the interface ...

Page 381: ...atus page to view clients that are authenticated to a specific interface Figure 269 Interface Client Status The drop down menu lists each interface on the switch To view information about the clients connected to a CP on this interface select it from the list Table 239 describes the fields on the Interface Client Status page Table 238 Client Interface Association Connection Statistics Field Descri...

Page 382: ...nt If the MAC address is marked with an asterisk the authenticated client is authenticated by a peer switch In order words the cluster controller was not the authenticator IP Address Identifies the IP address of the wireless client CP Configuration Identifies the captive portal the client used to access the network Protocol Shows the current connection protocol which is either HTTP or HTTPS Verifi...

Page 383: ...directional control This is the default authentication mode The 802 1X network has three components You can configure the Captive Portal traps only if the Captive Portal Trap Mode is enabled which you configure on the LAN Administration SNMP Manager Trap Flags page Table 241 SNMP Trap Configuration Field Description Captive Portal Trap Mode Displays the captive portal trap mode status To enable or...

Page 384: ...figuration Port Access Privileges RADIUS Settings GLOBAL PORT ACCESS CONTROL CONFIGURATION Use the Port Based Access Control Configuration page to enable or disable port access control on the system To display the Port Based Authentication page click LAN Security Port Access Control Configuration in the navigation menu Figure 272 Port Access Control Port Configuration If you change the mode click ...

Page 385: ...e port authorization state The control mode is only set if the link status of the port is link up The possible field values are Auto Automatically detects the mode of the interface Force Authorized Places the interface into an authorized state without being authenticated The interface sends and receives normal traffic without client port based authentication Force Unauthorized Denies the selected ...

Page 386: ... is 30 Guest VLAN ID Defines the Guest VLAN ID on the interface The valid range is 0 to 3965 The default value is 0 Enter zero 0 to clear the Guest VLAN ID on the interface Guest VLAN Period secs Defines the Guest VLAN period for the selected port The Guest VLAN period is the value in seconds of the timer used by the Guest VLAN Authentication The Guest VLAN timeout must be a value in the range of ...

Page 387: ...erational parameters for the port SUPPLICANT PORT CONFIGURATION After you have configured a port as a supplicant use this page to configure operational properties of the port To access the Supplicant Port Configuration page click LAN Security Port Access Control Supplicant Port Configuration Figure 275 Port Access Control Supplicant Port Configuration Table 244 PAE Capability Configuration Field D...

Page 388: ...ds and receives normal traffic without client port based authentication Force Unauthorized Denies the selected interface system access by moving the interface into unauthorized state The switch cannot provide authentication services to supplicants through this interface Start Period Enter the wait interval period in seconds for the supplicant to receive the authenticator s EAP Identity request mes...

Page 389: ...pply the changes to the system Click Refresh to update the page with the most current information Table 246 Port Access Control user Login Configuration Fields Field Description Users The drop down menu contains the user names configured on the system Select a user name to associate with a login list for 802 1X port security When you select the user the screen refreshes and the list in the Login f...

Page 390: ... the navigation menu Figure 277 Port Access Privileges Table 247 Port Access Privileges Fields Field Description Port Selects the port to grant or deny access To grant or deny port access privileges to a user on all ports select All from the drop down menu Users Lists the users configured on the system The users that are highlighted have access to the selected port By default all users have access...

Page 391: ...ains links to the following pages that help you view and configure system RADIUS settings RADIUS Configuration RADIUS Server Configuration RADIUS Accounting Server Configuration Clear Statistics RADIUS CONFIGURATION Use the RADIUS Configuration page to view and configure various settings for the RADIUS servers configured on the system To access the RADIUS Configuration page click LAN Security RADI...

Page 392: ...ups The number of accounting server groups configured on the system An accounting server group contains one or more configured authentication servers that share the same RADIUS server name Max Number of Retransmits The value of the maximum number of times a request packet is retransmitted The valid range is 1 15 Consideration to maximum delay time should be given when configuring RADIUS max retran...

Page 393: ...u to select the IP address of the RADIUS server to view or configure Select Add to configure additional RADIUS servers Port Identifies the authentication port the server uses to verify the RADIUS server authentication The port is a UDP port and the valid range is 1 65535 The default port for RADIUS authentication is 1812 Secret Shared secret text string used for authenticating and encrypting all R...

Page 394: ...erver Secret Configured Indicates whether the shared secret for this server has been configured Current Indicates whether the selected RADIUS server is the current server Yes or a backup server No If more than one RADIUS server is configured with the same name the switch selects one of the servers to be the current server from the group of servers with the same name When the switch sends a RADIUS ...

Page 395: ...current server for the authentication server group If no asterisk is present the server is a backup server If more than one RADIUS server is configured with the same name the switch selects one of the servers to be the current server from the group of servers with the same name When the switch sends a RADIUS request to the named server the request is directed to the server selected as the current ...

Page 396: ...wn menu to select the IP address of the accounting server to view or configure Select Add to configure additional RADIUS servers Port Identifies the authentication port the server uses to verify the RADIUS accounting server authentication The port is a UDP port and the valid range is 1 65535 The default port for RADIUS accounting is 1813 Secret Specifies the shared secret to use with the specified...

Page 397: ...Figure 285 RADIUS Clear Statistics To clear all statistics for the RADIUS authentication and accounting server click Clear Table 252 Named Accounting Server Fields Field Description RADIUS Accounting Server Name Shows the RADIUS accounting server name Multiple RADIUS accounting servers can have the same name In this case RADIUS clients can use RADIUS servers with the same name as backups for each ...

Page 398: ... ensures network security through encrypted protocol exchanges between the device and TACACS server The TACACS folder contains links to the following web pages TACACS Configuration TACACS Server Configuration TACACS CONFIGURATION The TACACS Configuration page contains the TACACS settings for communication between the switch and the TACACS server you configure To display the TACACS Configuration pa...

Page 399: ...erver select the IP address of the server from the RADIUS Server IP Address drop down menu and then click Remove Table 254 TACACS Configuration Fields Field Description TACACS Server Use the drop down menu to select the IP address of the TACACS server to view or configure If fewer than five TACACS servers are configured on the system the Add option is also available Select Add to configure additio...

Page 400: ...Field Description Admin Mode Enables or Disables the Administrative Mode of Secure HTTP The currently configured value is shown when the web page is displayed The default value is Disable You can only download SSL certificates when the HTTPS Admin mode is disabled TLS Version 1 Enables or Disables Transport Layer Security Version 1 0 The currently configured value is shown when the web page is dis...

Page 401: ... from the TFTP server is on the server in the appropriate directory The file is in the correct format The switch has a path to the TFTP server Use the following procedures to download an SSL certificate 1 Click the Download Certificates button at the bottom of the page The Download Certificates button links to the File Download page as Figure 289 shows HTTPS Session Hard Timeout Sets the hard time...

Page 402: ...yption Parameter File PEM Encoded 3 Verify the IP address of the TFTP server and ensure that the software image or other file to be downloaded is available on the TFTP server 4 Complete the TFTP Server IP Address and TFTP File Name full path without TFTP server IP address fields 5 Select the Start File Transfer check box and then click Submit After you click Submit the screen refreshes and a File ...

Page 403: ...is shown when the web page is displayed The default value is Disable SSH Version 1 This select field is used to Enable or Disable Protocol Level 1 for SSH The currently configured value is shown when the web page is displayed The default value is Enable SSH Version 2 This select field is used to Enable or Disable Protocol Level 2 for SSH The currently configured value is shown when the web page is...

Page 404: ...ing key file RSA or DSA if it is present If you make changes to the page click Submit to apply the changes to the system Downloading SSH Host Keys For the switch to accept SSH connections from a management station the switch needs SSH host keys or certificates The switch can generate its own keys or certificates or you can generate these externally i e off line and download them to the switch To d...

Page 405: ...eless clients 200 per radio The switch tracks the status and statistics for all associated WLAN traffic and devices In order to support larger networks wireless switches can be configured to belong to a cluster peer group Clusters can contain up to 8 switches that share various information about UAPs and their associated wireless clients Each cluster can support up to 256 APs and a total of 8000 w...

Page 406: ... Mode the Administrator Web UI and SNMP services on the UAP are disabled Access is limited to the CLI through a serial cable connection The Standalone Mode is appropriate for small networks with only a few APs The Managed Mode is useful for any size network If you start out with APs in Standalone Mode you can easily transition the APs to Managed Mode when you add a Unified Switch to the network By...

Page 407: ...hed If all these conditions are met then the switch sends an invitation message to the AP to start the SSL TCP connection If the AP does not receive an invitation from the first Unified Switch configured in its list it sends a UDP discovery message to the second Unified Switch configured in the list five seconds after sending the message to the first Unified Switch When an IP address of a Unified ...

Page 408: ...chdog 0 Configuring the DHCP Option You can configure the IP address of the Unified Switch as an option in the DHCP response to the DHCP request that the AP sends the DHCP server The AP can learn up to four switch IP addresses or DNS names through DHCP option 43 the Vendor Information option in the DHCP response If you configured a static IP address in the AP the AP ignores DHCP option 43 The form...

Page 409: ...the address length 04 followed by the IP address in hexadecimal format You repeat the data type and address length codes for each address you enter For example to add the four switch IP addresses 192 168 1 10 192 168 2 10 192 168 3 10 and 192 168 4 16 to Option 43 you enter the following hexadecimal numbers into the Data Entry field 01 04 0C A8 01 0A 01 04 0C A8 02 0A 01 04 0C A8 03 0A 01 04 0C A8...

Page 410: ...k Unified Access System Software User Manual 12 10 09 Page 410 D Link Unified Access System Components Document 34CSFP6XXUWS SWUM100 D7 4 Click OK The following figure shows a scope with Option 43 configured ...

Page 411: ...t each AP is allowed to be managed by any switch in a cluster If the Unified Switch that manages an AP goes down one of the backup switches takes over the management responsibilities To use one or more switches as a backup for an AP use one of the following discovery methods If the AP and any of the peer switches are in the same L2 broadcast domain L2 Discovery is enabled and all the devices use t...

Page 412: ...witching functionality on the system Clear the option to administratively disable the WLAN switch If you clear the option all peer switches and APs that are associated with this switch are disassociated Disabling the WLAN switch does not affect non WLAN features on the switch such as VLAN or STP functionality WLAN Switch Operational Status Shows the operational status of the switch The status can ...

Page 413: ... In this context the loopback interface does not refer to the loopback interface with the 127 0 0 1 IP address When you configure a loopback interface for the wireless interface on the switch it is essentially a permanent logical interface and cannot have an IP address of 127 0 0 1 You must create a dedicated subnet for the loopback interface and other devices on the network must be able to contac...

Page 414: ...ehalf of the APs and wireless clients RADIUS Authentication Server Configured Indicates whether the RADIUS authentication server is configured To configure RADIUS server information go to LAN Security RADIUS Server Configuration RADIUS Accounting Server Name Enter the name of the RADIUS server used for reporting wireless client associations and disassociations when a network level RADIUS accountin...

Page 415: ...dresses in the Unified Switch for potential peer switches and APs The switch sends association invitations to all IP addresses in this list If the device accepts the invitation and is successfully validated by the switch the switch and the AP or peer switch are associated This discovery method mechanism is useful for peer switch discovery and AP discovery when the devices are in different IP subne...

Page 416: ...thentication Failure Status list and the failure type is listed as No Database Entry To view information about whether the switch discovered any peer switches navigate to the WLAN Monitoring Peer Switch page PROFILE The switch can support APs that have different hardware capabilities such as the supported number of radios and the supported IEEE 802 11 modes APs that use the same profile should hav...

Page 417: ...02 11a mode IEEE 802 11a and IEEE 802 11n modes 5 GHz IEEE 802 11n mode Radio 2 can broadcast in one of the following modes IEEE 802 11b and IEEE 802 11g modes IEEE 802 11b IEEE 802 11g and IEEE 802 11n modes 2 4 GHz IEEE 802 11n mode You configure the default radio settings from the WLAN Basic Setup Radio tab which the following figure shows Table 259 Profile Field Description Hardware Type ID Se...

Page 418: ...ble 260 Radio Settings Field Description 1 802 11b g n 2 802 11a n From this field you can select the radio that you want to configure By default Radio 1 operates in IEEE 802 11a n mode and Radio 2 operates in IEEE 802 11b g n mode If you change the mode the labels for the radios change accordingly Changes to the settings apply only to the selected radio State Specify whether you want the radio on...

Page 419: ...orks with 802 11n devices that operate in the 2 4 GHz frequency that do not need to support 802 11a or 802 11b g devices IEEE 802 11n can achieve a higher throughput when it does not need to be compatible with legacy devices 802 11b g or 802 11a RTS Threshold Specify a Request to Send RTS Threshold value between 0 and 2347 The RTS threshold indicates the number of octets in an MPDU below which an ...

Page 420: ... RF signal might interfere with other APs within range Automatic power uses a proprietary algorithm to automatically adjust the RF signal to broadcast far enough to reach wireless clients but not so far that it interferes with RF signals broadcast by other APs The power level algorithm increases or decreases the power level in 10 increments based on presence or absence of packet retransmission err...

Page 421: ... DWL 8600AP can scan both bands RF Scan Duration This field controls the amount of time the radio spends scanning the other channel in milliseconds during an RF scan Rate Limiting Enabling multicast and broadcast rate limiting can improve overall network performance by limiting the number of packets transmitted across the network This feature is disabled by default Note The available rate limit va...

Page 422: ...sion attempts on frame sizes greater than the RTS Threshold The range is 1 255 Transmit Lifetime Shows the number of milliseconds to wait before terminating attempts to transmit the MSDU after the initial transmission Receive Lifetime Shows the number of milliseconds to wait before terminating attempts to reassemble the MMPDU or MSDU after the initial reception of a fragmented MMPDU or MSDU Statio...

Page 423: ...ctly to a MAC address A network is a logical entity that you apply to a VAP Networks are identified by a network number and an associated SSID The SSID does not need to be unique for each network You can create and modify a network in one place and apply the network to one or more VAP as needed This allows you to mix networks within different profiles without having to reconfigure everything When ...

Page 424: ...the VAPs on each radio Enabling a VAP on one radio does not automatically enable it on the other radio Note You cannot disable the default VAP VAP0 To configure additional networks click WLAN Administration Advanced Configuration Networks Edit Click Edit to modify settings for the corresponding network When you click Edit the Wireless Network Configuration page appears VLAN Shows the VLAN ID of th...

Page 425: ... 10 09 Document 34CSFP6XXUWS SWUM100 D7 Basic Setup Page 425 Figure 296 Configuring Network Settings Table 263 describes the fields on the Wireless Network Configuration page After you change the wireless network settings click Submit to save the changes ...

Page 426: ...th and are isolated on that network The D Link Unified Switch supports the configuration of a wireless VLAN You can configure each VAP to be on a unique VLAN or on the same VLAN as other VAPs When a wireless client connects to the AP by using this network SSID the AP tags the client s traffic with the VLAN ID you configure in this field By default all networks use VLAN 1 which is also untagged by ...

Page 427: ...TTP is selected as the redirect type Wireless ARP Suppression Mode Enable the mode to allow the APs to reduce the number of broadcasted ARP requests on the wireless interfaces Reducing broadcasts helps conserve power on the wireless clients The wireless clients that use power save mode must wake up and use more power when they detect broadcast frames Note Enabling this feature slightly degrades AP...

Page 428: ...less Global Configuration page RADIUS Accounting Server Status Indicates whether the RADIUS accounting server is configured To configure RADIUS accounting server information go to LAN Security RADIUS Accounting Server Configuration RADIUS Use Network Configuration This field controls whether the VAP uses the network RADIUS settings or the global RADIUS settings Enable Use RADIUS Servers defined on...

Page 429: ...lass The processing is defined by a policy s attributes Client QoS Bandwidth Limit Down Enter the maximum allowed transmission rate from the AP to the wireless client in bits per second The valid range is 0 4294967295 bps A non zero configured value is rounded down to the nearest 64 Kbps value for use in the AP but to no less than 64 Kbps A value of 0 means that the bandwidth maximum limit is not ...

Page 430: ...he Policy Class Definition page define policy statements to define what happens to a packet when it matches the class criteria Client QoS DiffServ Policy Up Select the name of the DiffServ policy applied to traffic sent to the AP in the inbound up direction Only existing DiffServ policies are listed in the menu To create a DiffServ policy use the pages in the LAN QoS Differentiated Services folder...

Page 431: ...s not encrypted and any wireless client can associate with the AP This security mode can be useful during initial network configuration or for problem solving but it is not recommended for regular use on the internal network because it is not secure Using Static or Dynamic WEP Wired Equivalent Privacy WEP is a data encryption protocol for 802 11 wireless networks If you select this security mechan...

Page 432: ...the keys If you select WEP IEEE 802 1X the screen refreshes and there are no more fields to configure The AP uses the global RADIUS server or the RADIUS server you specify for the wireless network For information about how to configure the global RADIUS server settings on the Unified Switch see Wireless Global Configuration on page 411 Authentication Choose the authentication type Open System No a...

Page 433: ...the access point and its client stations Using WPA WPA2 Personal or Enterprise WPA and WPA2 are Wi Fi Alliance IEEE 802 11i standards which include AES CCMP and TKIP mechanisms The WPA WPA2 Personal employs a pre shared key to perform an initial check of credentials The WPA WPA2 Enterprise security uses a RADIUS server to authenticate users If you select WPA WPA2 as the security mode additional fi...

Page 434: ...ort WPA If all client stations on the network support the original WPA but none support the newer WPA2 then select WPA WPA2 If all client stations on the network support WPA2 D Link suggests using WPA2 which provides the best security per the IEEE 802 11i standard WPA and WPA2 If you have a mix of clients some of which support WPA2 and others which support only the original WPA select both of the ...

Page 435: ...uthentication Limit Enter the number of pre authentications that can be in progress simultaneously on an AP The limit prevents too much load on the RADIUS server This does not prevent the pre authentication from being attempted again when the load is lighter A value of 0 represents no limit Key Caching Hold Time Enter the amount of minutes a PMK will be held by the AP This applies to Pairwise Mast...

Page 436: ...Adding a Valid AP Table 266 Valid Access Point Summary Field Description AP Database Identifies the total number of APs that have been added to the AP database Managed AP Identifies the number of APs in the database with an AP Mode set to Managed Rogue AP Identifies the number of APs in the database with an AP Mode set to Rogue Standalone AP Identifies the number of APs in the database with an AP ...

Page 437: ...se the local database for AP validation the switch maintains the database of access points that you validate When you add the MAC address of an AP to the database you can specify whether the AP is a managed AP standalone AP or a rogue If the AP is to be managed by the switch you can assign an AP profile to the device When the switch collects and reports information from the RF scan it can assign t...

Page 438: ... 63 alphanumeric characters The password in this field must match the password configured on the AP Profile If you configure multiple AP Profiles you can select the profile to assign to this AP For more information about configuring AP Profiles see Advanced Global Settings on page 506 Channel The Channel defines the portion of the radio spectrum that the radio uses for transmitting and receiving T...

Page 439: ...affects how far an AP broadcasts its RF signal If the power level is too low wireless clients will not detect the signal or experience poor WLAN performance If the power level is too high the RF signal might interfere with other APs within range The default value of 0 indicates that the AP uses the power level set in the AP profile Note The power level you set for an AP in the valid AP database is...

Page 440: ...mary Field Description OUI Value Enter the OUI that represents the company ID in the format XX XX XX where XX is a hexadecimal number between 00 and FF The first three bytes of the MAC address represents the company ID assignment Note The first byte of the OUI must have the least significant bit set to 0 For example 02 FF FF is a valid OUI but 03 FF FF is not OUI Description Enter the organization...

Page 441: ...ged once the AP is back online RF MANAGEMENT The radio frequency RF broadcast channel defines the portion of the radio spectrum that the radio on the access point uses for transmitting and receiving The range of available channels for an access point is determined by the IEEE 802 11 mode also referred to as band of the access point Each AP is a dual band system capable of operating in multiple mod...

Page 442: ...n power level affects how far an AP broadcasts its signal If the power level is too low wireless clients will not detect the signal or experience poor WLAN performance If the power level is too high the RF signal might interfere with other APs within range or broadcast the signal beyond the desired physical boundaries which can create a security risk Automatic power uses a proprietary algorithm to...

Page 443: ...e The APs changed in previous iterations cannot be assigned new channels in the next iteration This history prevents the same APs from being changed time after time Channel Plan Interval If you select the Interval channel plan mode you can specify the frequency at which the channel plan calculation and assignment occurs The interval time is in hours and you can specify an interval that ranges betw...

Page 444: ... 802 11a n 2 4 GHz 802 11b g n The 5 GHz and 2 4 GHz radios use different channel plans so the switch tracks the channel history separately for each radio The channel information that displays on the page is only for the radio you select Operational Status This field shows whether the switch is using the automatic channel adjustment algorithm on the AP radios Last Iteration The number in this fiel...

Page 445: ...n for the proposed assignments to be applied Apply In Progress The switch is applying the proposed channel plan and adjusting the channel on the APs listed in the table Apply Complete The algorithm and channel adjustment are complete After the channel plan runs a table shows any APs that the algorithm recommends for new channel assignments The current channel shows the current operating channel an...

Page 446: ...djustment algorithm has not been manually run since the last switch reboot Algorithm In Progress The power adjustment algorithm is running Algorithm Complete The power adjustment algorithm has finished running A table displays to indicate proposed power adjustments Each entry shows the AP along with the current and new power levels To accept the proposed change click Apply You must manually apply ...

Page 447: ...he host where the upgrade file is located The host must have a TFTP server installed and running File Path Enter the file path on the TFTP server where the software is located You may enter up to 96 characters File Name Enter the name of the upgrade file You may enter up to 32 characters and the file extension tar must be included Group Size When you upgrade multiple APs each AP contacts the TFTP ...

Page 448: ... reset command has been sent to the AP Success All APs are connected to the Unified Switch Status per AP A table also appears and lists each AP its download status and the software version it is downloading The status for an individual AP can have one of the following values Requested A download is planned for this AP but the AP is not in the current download group so it hasn t been told to start ...

Page 449: ... is based on the value configured in the RADIUS or local Valid AP database Debug To help you troubleshoot you can enable Telnet access to the AP so that you can debug the device from the CLI The Debug field shows the debug status and can be one of the following Disabled Set Requested Set in Progress Enabled To change the status click the Debug status link The Managed AP Debug page appears Link Tab...

Page 450: ...tatus which can be one of the following None Debugging has not been enabled or disabled Set Requested A request has been made to change the debug status Set Complete Debugging has been enabled or disabled Password Enter the admin password for the AP the default is admin Confirm Password Since the password is encrypted you must retype the password to confirm the password Enable Debug Select or clea...

Page 451: ...t use 5 GHz modes some countries have a regulatory domain that requires radar detection For these countries based on the country code setting the radio automatically uses the 802 11h protocol for selecting the channel if radar is detected on the statically assigned channel Interference can occur when multiple access points within range of each other are broadcasting on the same or overlapping chan...

Page 452: ...tics Managed AP Status Associated Client Status Statistics Peer Switch Status WIRELESS GLOBAL STATUS STATISTICS The Unified Switch periodically collects information from the APs it manages and from associated peer switches The information on the Global page shows status and statistics about the switch and all of the objects associated with it You can access the global WLAN statistics by clicking W...

Page 453: ...ally for the operational status to be enabled IP Address IP address of the switch Peer Switches Number of peer WLAN switches detected on the network Cluster Controller Indicates whether this switch is the Cluster Controller for the cluster Among a group of peer switches one of the switches is automatically elected or configured to be the Cluster Controller The Cluster Controller gathers status and...

Page 454: ...EE 802 11a n IEEE 802 11b g n 5 GHz IEEE 802 11n 2 4GHz IEEE 802 11n Maximum Associated Clients Maximum number of clients that can associate with the wireless system This is the maximum number of entries allowed in the Associated Client database Detected Clients Number of wireless clients detected in the WLAN Maximum Detected Clients Maximum number of clients that can be detected by the switch The...

Page 455: ...on the Wireless Global Status page WLAN Packets Receive Dropped Total packets received across all APs managed by the switch that were dropped Distributed Tunnel Packets Transmitted Total number of packets sent by all APs via distributed tunnels Distributed Tunnel Roamed Clients Total number of clients that successfully roamed away from Home AP using distributed tunneling Distributed Tunnel Clients...

Page 456: ...bal statistics Total Clients Total number of clients in the database This total includes clients with an Associated Authenticated or Disassociated status Authenticated Clients Total number of clients in the associated client database with an Authenticated status IP Address IP address of the switch Cluster Priority Cluster priority value of the switch The switch with highest priority in a cluster b...

Page 457: ... address in the L3 IP Discovery list and was unable to authenticate or validate the device If the device is an access point an entry appears in the AP failure list with a failure reason Viewing the Peer Switch Configuration Received Status The Peer Switch Configuration feature allows you to send the critical wireless configuration from one switch to all other switches In addition to keeping the sw...

Page 458: ...status when wireless configuration is received from a peer switch The possible status values are as follows Not Started Receiving Configuration Saving Configuration Applying AP Profile Configuration Success Failure Invalid Code Version Failure Invalid Hardware Version Failure Invalid Configuration Last Configuration Received Peer Switch IP Address Indicates the last switch from which this switch r...

Page 459: ...ields available on the AP Hardware Radio Capability page Table 279 AP Hardware Capability Summary Field Description Hardware Type Description Includes a description of the platform and the supported IEEE 802 11 modes Radio Count Specifies whether the hardware supports one radio or two radios Image Type Specifies the type of software the hardware requires Dual Boot Indicates whether this AP hardwar...

Page 460: ...be managed by the switch the next time it is discovered select the check box next to the MAC address of the AP and click Manage You will be presented with the Valid Access Point Configuration page You can then configure the AP and click Submit to save the AP in the local Valid AP database If you use a RADIUS server for AP validation you must add the MAC address of the AP to the AP database on the ...

Page 461: ... the AP and it s operating in managed mode No Database Entry The MAC address of the AP does not appear in the local or RADIUS Valid AP database Authentication Failed AP The AP failed to be authenticated by the Unified Switch or RADIUS server Failed The Unified Switch lost contact with the AP a failed entry will remain in the managed AP database unless you remove it Note that a managed AP will temp...

Page 462: ... and number of associated wireless clients for all managed APs Radio Detail Shows detailed status for a radio interface Use the radio button to navigate between the two radio interfaces Neighbor APs Shows the neighbor APs that the specified AP has discovered through periodic RF scans on the selected radio interface Neighbor Clients Shows information about wireless clients associated with an AP or ...

Page 463: ... turned down All the clients associated with the AP get disassociated The radios become operational if and when that AP is managed again by a switch Configuration Status This status indicates if the AP is configured successfully with the assigned profile The status is one of the following Not Configured The profile has not been sent to the AP yet the AP may be discovered but not yet authenticated ...

Page 464: ...ut it is not configured Managed The AP profile configuration has been applied to the AP and it s operating in managed mode Connection Failed The Unified Switch lost contact with the AP a failed entry will remain in the managed AP database unless you remove it Note that a managed AP will temporarily show a failed status during a reset Note When management connectivity is lost for a managed AP then ...

Page 465: ...er switch Switch MAC Address Identifies the MAC address of the switch that is managing the AP Switch IP Address Identifies the IP address of the switch that is managing the AP Profile The AP profile configuration currently applied to the managed AP the profile is assigned to the AP in the valid AP database Note Once an AP is discovered and managed by the Unified Switch if the profile is changed in...

Page 466: ...lly or on the RADIUS server Radio Indicates the radio interface and configured mode of the radio if the radio is disabled the radio mode will be displayed as Off instead of showing the configured mode Channel If radio is operational the current operating channel for the radio Transmit Power If radio is operational the current transmit power for the radio Authenticated Clients Total count of client...

Page 467: ...nticated with the AP for each VAP enabled on the radio Transmit Power If radio is operational the current transmit power for the radio Fixed Power Indicator This flag indicates if a fixed power setting is configured and assigned to the radio a fixed transmit power can be configured in the valid AP database locally or on a RADIUS server Manual Power Adjustment Status Indicates the current state of ...

Page 468: ...P MAC address For D Link APs this is always a VAP MAC address The neighbor AP MAC address may be cross referenced in the RF Scan status SSID Service Set ID of the neighbor AP network RSSI Received Signal Strength Indication this is an indicator of the signal strength relative to the neighbor and may give an idea of the neighbor s distance from the managed AP The range is 1 100 where 1 is the weake...

Page 469: ...covery methods for the neighbor client One or more of the following values may be displayed RF Scan Discovered The client was reported from an RF scan on the radio Note that client stations are difficult to detect via RF scan the other methods are more common for client neighbor detection Probe Request The managed AP received a probe request from the client Associated to Managed AP This neighbor c...

Page 470: ...ed interfaces on each AP the switch manages Detail Shows the number and type of packets transmitted and received on a specific AP Radio Shows per radio information about the number and type of packets transmitted and received for a specific AP VAP Shows per VAP information about the number of packets transmitted and received and the number of wireless client failures for a specific AP Table 290 Di...

Page 471: ...s also displayed with the MAC address Link Table 293 describes the fields you see on the Detail page for the managed access point statistics Table 291 Managed Access Point WLAN Summary Statistics Field Description MAC Address The Ethernet address of the Unified Switch managed AP Packets Received Total packets received by the AP on the wireless network Bytes Received Total bytes received by the AP ...

Page 472: ... AP on the wireless network that were dropped Ethernet Packets Received Total packets received by the AP on the wired network Ethernet Bytes Received Total bytes received by the AP on the wired network Ethernet Packets Transmitted Total packets transmitted by the AP on the wired network Ethernet Bytes Transmitted Total bytes transmitted by the AP on the wired network Multicast Packets Received Tot...

Page 473: ...ully transmitted MSDU frames where the multicast bit is set in the destination MAC address Duplicate Frame Count Number of times a frame is received and the Sequence Control field indicates is a duplicate Failed Transmit Count Number of times a MSDU is not transmitted successfully due to transmit attempts exceeding either the short retry limit or the long retry limit Transmit Retry Count Number of...

Page 474: ...ess point statistics Table 295 Managed Access Point VAP Statistics Field Description WLAN Packets Received Total packets received by the AP on this VAP WLAN Bytes Received Total bytes received by the AP on this VAP WLAN Packets Transmitted Total packets transmitted by the AP on this VAP WLAN Bytes Transmitted Total bytes transmitted by the AP on this VAP WLAN Packets Receive Dropped Number of pack...

Page 475: ...ress of all clients connected to specific networks VAP Status Shows the clients associated with a specific VAP on a AP Statistics Shows statistics about wireless clients that are associated with APs managed by the switch and contains the following information Association Summary Shows the statistics for a wireless client while it is associated with a single AP Session Summary If a wireless client ...

Page 476: ...ated Clients Summary page for the associated client status Table 297 Associated Client Status Summary Field Description MAC Address The Ethernet address of the client station If the MAC address is followed by an asterisk the client is associated with an AP managed by a peer switch AP MAC Address The Ethernet address of the AP SSID The network on which the client is connected BSSID The Ethernet MAC...

Page 477: ...d AP MAC Address This field indicates the base AP Ethernet MAC address for the managed AP Status Indicates whether or not the client has associated and or authenticated The valid values are Associated The client is current associated to the managed AP Authenticated The client is currently associated and authenticated to the managed AP Disassociated The client has disassociated from the managed AP ...

Page 478: ...f the switch that manages the AP to which the wireless client is associated Switch IP Address Shows the IP address of the switch that manages the AP to which the wireless client is associated Location The descriptive location configured for the managed AP Radio Displays the managed AP radio interface the client is associated to and its configured mode VLAN If client is on a VAP using VLAN data for...

Page 479: ...QoS Operational Status Shows whether QoS is enforced for the client Bandwidth Limit Down Shows the maximum rate at which the client receives traffic from the AP in bits per second The rate shown in this field is the configured value rounded down to the nearest 64 kbps A value of 0 means no bandwidth limiting is in effect in this direction Bandwidth Limit Up Shows the maximum rate at which the clie...

Page 480: ...ne or more discovery methods for the neighbor client One or more of the following values may be displayed RF Scan The client was reported from an RF scan on the radio Note that client stations are difficult to detect via RF scan the other methods are more common for client neighbor detection Probe Request The managed AP received a probe request from the client Associated to Managed AP This neighbo...

Page 481: ...t Status Each AP has 16 Virtual Access Points VAPs per radio and every VAP has a unique MAC address BSSID The WLAN Monitoring Client Associated Clients VAP Status tab displays the VAP Associated Client Status page which shows information about the VAPs on the managed AP that have associated wireless clients To disconnect a client from an AP select the box next to the BSSID and then click Disassoci...

Page 482: ...ith a single AP as well as throughout the roaming session The statistics on the WLAN Monitoring Client Associated Clients Statistics Association Summary displays the Associated Client Statistics page This page shows information about the traffic a wireless client receives and transmits while it is associated with a single AP Field Description BSSID Indicates the Ethernet MAC address for the manage...

Page 483: ...ate If the client closes the wireless connection or roams out of the range of an AP managed by the switch the session ends Table 305 Associated Client Association Summary Statistics Field Description MAC Address The Ethernet address of the client station Packets Received Packets received from the client station Bytes Received Bytes received from the client station Packets Transmitted Packets trans...

Page 484: ...t an associated client Each client is identified by its MAC address Table 307 Associated Client Association Detail Statistics Field Description Packets Received Total packets received from the client station Bytes Received Total bytes received from the client station Packets Transmitted Total packets transmitted to the client station Bytes Transmitted Total bytes transmitted to the client station ...

Page 485: ...ated to those APs Table 308 Associated Client Session Detail Statistics Field Description Packets Received Total packets received from the client station Bytes Received Total bytes received from the client station Packets Transmitted Total packets transmitted to the client station Bytes Transmitted Total bytes transmitted to the client station Packets Receive Dropped Number of packets received fro...

Page 486: ...ribes the fields available on the Peer Switch Status page Table 309 Peer Switch Status Field Description IP Address IP address of the peer wireless switch in the cluster Vendor ID Vendor ID of the peer switch software Software Version The software version for the given peer switch Protocol Version Indicates the protocol version supported by the software on the peer switch Discovery Reason The disc...

Page 487: ...ch in the cluster that received configuration information Configuration Switch IP Address Shows the IP Address of the switch that sent the configuration information Configuration Identifies which parts of the configuration the switch received from the peer switch The possible configuration elements can be one or more of the following Global Discovery Channel Power AP Database Channel Power AP Prof...

Page 488: ...within that frequency Scan Sentry Disables normal operation of the radio and performs a continuous radio scan In this mode no beacons are sent and no clients are allowed to associate with the AP When Scan Other Channels or Scan Sentry modes are enabled the AP scans all available channels on each radio When the scan is complete the AP sends information it collected during the RF scan to the switch ...

Page 489: ...SSID Service Set ID of the network which is broadcast in the detected beacon frame Physical Mode Indicates the 802 11 mode being used on the AP Channel Transmit channel of the AP Status Indicates the managed status of the AP whether this is a valid AP known to the switch or a Rogue on the network The valid values are Managed The neighbor AP is managed by the wireless system Standalone The AP is ma...

Page 490: ...n list The list repopulates as the APs are discovered Manage To configure a Rogue AP to be managed by the switch the next time it is discovered select the check box next to the MAC address of a detected AP and click Manage The switch adds the AP to the Valid AP database as a Managed AP and assigns it the default AP profile Then you can use the switch to configure the AP settings If you use a RADIU...

Page 491: ...ction algorithms Unknown The AP is detected in the network but is not classified as a threat by the threat detection algorithms Initial Status If the AP is not rogue the initial status is equal to Status Managed Standalone or Unknown For rogue APs the initial status is the classification prior to this AP becoming rogue Transmit Rate Indicates the rate at which the AP is currently transmitting data...

Page 492: ...o classify the AP as a rogue The WIDS RF Security encompasses three functions Detect wireless devices by listening to control and data frames in the air Classify whether the wireless device is a threat by comparing the received data to various databases as well as sending trace frames into the wired network and listening for the trace frames on the wireless network Take action to protect the netwo...

Page 493: ... VAP MAC For D Link APs this is always a VAP MAC address Test Description Identifies the tests that were performed which includes the following Administrator Configured rogue AP Managed SSID received form an unknown AP Managed SSID received from an AP without SSID Beacon Received from a fake managed AP on a invalid channel Managed SSID detected with incorrect security configuration Invalid SSID re...

Page 494: ...AC address of the client To clear the rogue status of all clients listed as rogues in the Detected Client database click Acknowledge All Rogues The status of an acknowledge client is returned to the status it had when it was first detected If the detected client fails any of the tests that classify it as a threat it will be listed as a Rogue again To delete individual clients from the Detected Cli...

Page 495: ...ts that classify it as a threat it will be listed as a Rogue again Table 317 Detected Client Status Field Description MAC Address The Ethernet address of the client Client Name Shows the name of the client if available from the Known Client Database If client is not in the database then the field is blank Client Status Shows the client status which can be one of the following Authenticated The wir...

Page 496: ...ed clients database Client Name Shows the name of the client if available from the Known Client Database If the client is not in the database then the field is blank RSSI If the client is authenticated with the managed AP this field displays the last RSSI value reported by the AP with which the client is authenticated The RSSI is a percentage from 1 100 A value of 0 means the AP is not detected Si...

Page 497: ... client De Auth Collection Interval Shows the amount of time spent in each de authentication collection period The deauthentication collection helps the switch decide whether the client is a threat Highest De Auth Msgs Shows the largest number of de authentication messages that the switch detected during a deauthentication collection interval Authentication Failures Shows the number of 802 1X Auth...

Page 498: ...e detected wireless client Test Description Identifies the tests that were performed which includes the following Client is not listed in the Known Clients database Client exceeds the configured rate for transmitting 802 11 authentication requests Client exceeds the configured rate for transmitting probe requests Client exceeds the configured rate for transmitting de authentication requests Client...

Page 499: ...io 2 VAP MAC Address VAP MAC address to which the client roamed SSID SSID Name used by the VAP Age Time since the history entry was added User Name Indicates the user name of client that authenticated via 802 1X Pre Authentication Status Indicates whether the client successfully authenticated and shows a status of Success or Failure Table 321 Detected Client Triangulation Field Description Detecte...

Page 500: ...entication the target AP must have a VAP with an SSID and security configuration that matches that of the client including MAC authentication encryption method and pre shared key or RADIUS parameters The the AP that the client is associated with captures all pre authentication requests and sends them to the switch Signal Strength Received signal strength in dBm The possible range is 127 to 127 How...

Page 501: ... each client The Detected Client Roam History Summary page lists each client that has roamed from at least one AP and provides information about the roaming history Figure 347 Detected Client Roam History Summary Table 324 describes the fields on the Detected Client Roam History Summary page Table 323 Detected Client Pre Authentication History Summary Field Description MAC Address MAC address of t...

Page 502: ...to the WLAN Administration Advanced Configuration Clients Known Client page and click the MAC address of the client to view or configure The switch does not remove MAC entries from this list even when a client successfully authenticates with an AP The historical ad hoc data gives you more time to take action against clients that establish ad hoc networks on the WLAN Clearing the list does not disa...

Page 503: ...ured in the RADIUS client for the RADIUS server was rejected by the server RADIUS Challenged The RADIUS server is configured to use the Challenge Response authentication mode which is incompatible with the AP RADIUS Unreachable The RADIUS server that the AP is configured to use is unreachable Invalid RADIUS Response The AP received a response packet from the RADIUS server that was not recognized o...

Page 504: ... the failed AP on the Rogue RF Scan page However some APs that attempt to contact the switch on the wired network might not be detected during the RF scan Figure 350 AP Authentication Failure Details Table 327 describes the fields on the detailed Access Point Authentication Failure Status page Table 326 Access Point Authentication Failure Status Field Description MAC Address The Ethernet address o...

Page 505: ...s system does not attempt to use the attack because that attack may deny service to a legitimate AP and provide another avenue for a hacker to attack the system Table 327 Access Point Authentication Failure Details Field Description MAC Address The Ethernet address of the AP IP Address The network IP address of the AP Last Failure Type Indicates the last type of failure that occurred which can be ...

Page 506: ... information for the AP Figure 351 AP De Authentication Attack Status Table 328 describes the fields on the AP De Authentication Attack Status page CONFIGURING ADVANCED SETTINGS The Advanced Configuration folder contains links to the following pages Advanced Global Settings Known Client AP Profiles Peer Switch WIDS Security ADVANCED GLOBAL SETTINGS The fields on the advanced Wireless Global Config...

Page 507: ...ailure Status Timeout This value determines how long to keep an entry in the AP Authentication Failure Status list Each entry in the status list shows an age and when the age reaches the value you configure in the timeout field the entry is deleted MAC Authentication Mode Select the global action to take on wireless clients in the white list Select this option to specify that any wireless clients ...

Page 508: ...cal MTU of the ports on which the traffic flows Note f any of the following conditions are true you do not need to increase the tunnel IP MTU size The wireless network does not use L3 tunneling The tunneling mode is used only for voice traffic which typically has small packets The tunneling mode is used only for TCP based protocols such as HTTP This is because the AP automatically reduces the maxi...

Page 509: ...enabled which you configure on the LAN Administration SNMP Manager Trap Flags page Table 330 SNMP Traps Field Description AP Failure Traps If you enable this field the SNMP agent sends a trap if an AP fails to associate or authenticate with the switch AP State Change Traps If you enable this field the SNMP agent sends a trap for one of the following reasons Managed AP Discovered Managed AP Failed ...

Page 510: ...vered Configuration command received from peer switch The switch need not be Cluster Controller for generating this trap RF Scan Traps If you enable this field the SNMP agent sends a trap when the RF scan detects a new AP wireless client or ad hoc client Rogue AP Traps If you enable this field the SNMP agent sends a trap when the switch discovers a rogue AP The agent also sends a trap every Rogue ...

Page 511: ...ry Table 332 on page 512 describes the fields on Known Client Summary page Table 331 Distributed Tunneling Configuration Field Description Distributed Tunnel Clients Specify the maximum number of distributed tunneling clients that can roam away from the Home AP at the same time Distributed Tunnel Idle Timeout Specify the number of seconds of no activity by the client before the tunnel to that clie...

Page 512: ...Table 333 describes the fields on Known Client Configuration page Table 332 Known Client Summary Field Description MAC Address Shows the MAC address of the known client Name Shows the descriptive name configured for the client when it was added to the Known Client database Authentication Action When MAC authentication is enabled on the network this field shows the action to take on a wireless clie...

Page 513: ...to access the network Deny Prohibit the client with the specified MAC address from accessing the network Global Action Use the global white list or black list action configured on the Advanced Global Configuration page to determine how to handle the client Table 334 Wireless Network List Field Description ID Shows an automatically generated unique identifier for the network IDs up to 16 are assign...

Page 514: ...requirements than the users in other buildings The administrator of this WLAN has created two AP profiles on the switch in addition to the default profile Figure 357 Multiple AP Profiles Building 1 contains the main lobby and several conference rooms The WLAN users in this location are primarily non employees and guests The APs in Building 1 uses the default AP profile with no additional networks ...

Page 515: ...e of the profile in the Profile Name field and then click Add Figure 358 Adding a Profile After you add the profile the Global Configuration page for the profile appears and a new tab with the name of the profile appears a the top of the page When you add a new profile it has the default AP settings Figure 359 shows the layout for AP Profile configuration Figure 359 Configuring an AP Profile It is...

Page 516: ...ion about the fields on the Network page see SSID Configuration on page 423 For more information about the fields on the QoS page see Access Point Profile QoS Configuration on page 518 Applying an AP Profile After you update an AP Profile on the Unified Switch the changes are not applied to the access points that use that profile until you explicitly apply the profile on the WLAN Administration Ad...

Page 517: ...ing applied to all APs that use this profile During this process the APs reset and all wireless clients are disassociated from the AP Configured The profile is configured but no APs managed by the switch currently use this profile From the WLAN Administration Advanced Configuration AP Profile Access Point Profile Summary page you can create copy or delete AP profiles You can create up to 16 AP pro...

Page 518: ...s traffic like Voice over IP VoIP other types of audio video and streaming media as well as traditional IP data over the D Link Unified Switch To display the QoS Configuration page for an AP profile click WLAN Advanced Configuration AP Profiles select the tab corresponding to the profile and click the QoS tab Click the radio button corresponding to the radio interface you want to configure QoS is ...

Page 519: ...d maximum wait times through Contention Windows for transmission The settings described here apply to data transmission behavior on the access point only not to that of the client stations AP Enhanced Distributed Channel Access EDCA Parameters affect traffic flowing from the access point to the client station Station Enhanced Distributed Channel Access EDCA Parameters affect traffic flowing from t...

Page 520: ...1 or 1024 The value for cwmin must be lower than the value for cwmax cwMax Maximum Contention Window The value specified here in the Maximum Contention Window is the upper limit in milliseconds for the doubling of the random backoff value This doubling continues until either the data frame is sent or the Maximum Contention Window size is reached Once the Maximum Contention Window size is reached r...

Page 521: ... parameter is used by the algorithm that determines the initial random backoff wait time window for data transmission during a period of contention for The value specified in the Minimum Contention Window is the upper limit in milliseconds of a range from which the initial random backoff wait time is determined The first random number generated will be a number between 0 and the number specified h...

Page 522: ...able 338 Peer Switch Configuration Request Status Field Description Configuration Request Status Indicates the global status for a configuration push operation to one or more peer switches The status can be one of the following Not Started Receiving Configuration Saving Configuration Success Failure Invalid Code Version Failure Invalid Hardware Version Failure Invalid Configuration Total Count Ind...

Page 523: ...e configuration does not include the switch IP address since that is a unique setting To view current basic global settings click the WLAN Administration Basic Setup Global tab To view current advanced global settings click the WLAN Advanced Configuration Global page Discovery Enable this field to include the L2 and L3 discovery information including the VLAN list and IP list in the configuration ...

Page 524: ... tab Known Client Enable this field to include the Known Client Database in the configuration that the switch pushes to its peers To view the contents of the local AP Database click the WLAN Administration Advanced Configuration Clients Known Client page Captive Portal Enable this field to include the Captive Portal information in the configuration that the switch pushes to its peers To view the C...

Page 525: ...the valid AP database on the switch or on the RADIUS server and the AP type is marked as Rogue then the AP state is Rogue Managed SSID from an unknown AP This test checks whether an unknown AP is using the managed network SSID A hacker may set up an AP with managed SSID to fool users into associating with the AP and revealing password and other secure information Administrators with large networks...

Page 526: ...tch any configured SSID then the AP is marked as rogue AP is operating on an illegal channel The purpose of this test is to detect hackers or incorrectly configured devices that are operating on channels that are not legal in the country where the wireless system is set up Note In order for the wireless system to detect this threat the wireless network must contain one or more radios that operate ...

Page 527: ...a single RF Scan report On the WIDS Client Configuration page you can set thresholds for each type of message sent and the APs monitor whether any clients exceed those thresholds or tests Rogue Detected Trap Interval Specify the interval in seconds between transmissions of the SNMP trap telling the administrator that rogue APs are present in the RF Scan database If you set the value to 0 the trap ...

Page 528: ...ction of Deny or if the action is Global Action and it is globally set to Black List the client fails this test Configured Authentication Rate Test This test checks whether the client has exceeded the configured rate for transmitting 802 11 authentication requests Configured Probe Requests Rate Test This test checks whether the client has exceeded the configured rate for transmitting probe request...

Page 529: ...the switch detects a client on the network it performs a lookup in the Known Client database Specify whether the switch should use the local or RADIUS database for these lookups Known Client Database Radius Server Name If the known client database lookup method is RADIUS then this field specifies the RADIUS server name Rogue Detected Trap Interval Specify the interval in seconds between transmissi...

Page 530: ...as your office floor plan to provide a site context and site related information You can upload up to 16 images with a total size limit of 1 MB Images that you upload should be in one of the following two file formats GIF Graphics Interchange Format JPG Joint Photographic Experts Group Additionally D Link recommends that you do not use color images since the WLAN components might not show up as we...

Page 531: ...container views that are used to hold un graphed components The right pane is an area where graph definitions are shown This graph pane is initially blank and must be defined before WLAN components can be placed Creating a New Graph To create a new graph and load the background image launch the WLAN Visualization tool and use the following steps 1 From the WLAN Visualization menu bar click Edit Ne...

Page 532: ...ay the WLAN Visualization tool presents the radio frequency RF coverage of the access points so it is important to be as accurate as possible when you specify the length For example in the following graphs the background image is the same and the APs are in the same location in both images The only difference between the images is that the first image was set up with a graph definition length of 2...

Page 533: ...section Graphing the WLAN Components The WLAN Visualization tool automatically shows the WLAN components that the switch has discovered The panel lists the following component types Switches Unified Switch and peer switches Managed Access Points RF Scan Access Points These components appear in the panel on the left until you drag them onto the graph From the View menu you can choose to view the co...

Page 534: ... a tool tip appears to provide additional information about the ungraphed component as shown in Figure 370 Figure 370 Component Tool Tip To graph a component that is listed in the panel click the component and drag it to the location in the graph that represents the physical location of the component in the building Once you move a switch or access point to the graph area it is removed from the pa...

Page 535: ...can force a refresh to manually update the view Reconnect and Refresh Disconnects the client application from the switch and re connects it Exit Exits the WLAN Visualization application Edit New Graph Opens a window that allows you to create and configure a new graph including the name background image and scale factor for the graph Edit Graph Opens the window for an existing graph You can change ...

Page 536: ... image is based on the assigned channel of the associated radio If two APs use the same channel or channels that are close together and are within each other s transmission range the APs will interfere with each other and wireless clients will experience poor WLAN performance To reduce interference you can take one of the following steps Reduce the transmit power on the APs Physically place the AP...

Page 537: ...h but it is in a transitional state The AP could be waiting to be authenticated or it has been validated and authenticated but not configured Green The AP profile configuration has been applied to the AP and it is operating in managed mode Red The switch has lost contact with the AP the AP is being reset or the AP has experienced an authentication failure When a radio is operating in Sentry Mode t...

Page 538: ...or corresponds to the channel that the radio is using for transmission The available channels depend on the mode and country of operation You can also right click the object to access a variety of information MANAGING THE GRAPH After you place a component on the graph you can right click the component to learn more information about it un graph it or link to a page on the Web UI to manage or monit...

Page 539: ...tiple Spanning Tree Protocol Configuring 802 1X Network Access Control Configuring a Virtual Access Point Configuring Differentiated Services for VoIP CONFIGURING VLANS The diagram in this section shows a switch with four ports configured to handle the traffic for two VLANs Port 0 2 handles traffic for both VLANs while port 0 1 is a member of VLAN 2 only and ports 0 3 and 0 4 are members of VLAN 3...

Page 540: ...ecify that these ports are members of VLAN 2 8 From the Tagging menu select Tagged in the first row All to specify that frames will always be transmitted tagged from ports that are members of VLAN 2 9 Click Submit 10 Select VLAN 3 from the VLAN ID and Name List 11 Select the Participate option in the VLAN field 12 For ports 0 2 0 3 and 0 4 select Include from the Participation menu to specify that...

Page 541: ...0 D7 Configuring VLANs Page 541 18 From the Slot Port menu select 0 2 19 In the Port VLAN ID field enter 3 to assign VLAN 3 as the default VLAN for the port 20 In the Acceptable Frame Types field select VLAN Only to specify that untagged frames will be rejected on receipt 21 Click Submit ...

Page 542: ...o add VLAN 20 2 Enable MSTP on the switch and change the configuration name 3 Changing the configuration name allows all the bridges that want to be part of the same region to join a Go to the LAN L2 Features Spanning Tree Switch Configuration Status page b From the STP Mode menu select Enable c In the Configuration Name field enter dlink d Click Submit 4 Create two MST instances a Go to the LAN L...

Page 543: ...LAN 10 to select it from the VLAN ID field d Click Submit 6 Use similar procedures to associate MST instance 20 to VLAN 20 and assign it a bridge priority value of 61440 By using a lower priority for MST 20 MST 10 becomes the root bridge 7 Enable STP on port 0 1 a Go to the LAN Administration Port Configuration Port Configuration page b From the Slot Portt mode select port 0 1 c From the STP Mode ...

Page 544: ...WUM100 D7 8 Use similar procedures to enable STP on port 0 2 9 Force port 0 2 to be the root port for MST 20 which is the non root bridge a Go to the LAN L2 Features Spanning Tree MST Port Configuration Status page b From the MST ID menu select 20 c From the Slot Port menu select 0 2 d In the Port Priority field enter 64 e Click Submit ...

Page 545: ...you would use to configure D Link Unified Access System software to provide the VLAN routing support shown in the diagram Figure 376 VLAN Routing Example Network Diagram Use the following screens to perform the same configuration using the Web Interface 1 From the LAN L2 Features VLAN VLAN Configuration page perform the following configuration Create VLANs 10 and 20 Include interfaces 0 1 and 0 2 ...

Page 546: ...VLAN routing interfaces VLAN 10 is assigned ID 4 1 and VLAN 20 is assigned ID 4 2 7 To enable routing on the switch go to the LAN L3 Features IP Configuration page select Enable from the Routing Mode menu and click Submit 8 Go to the LAN L3 Features IP Interface Configuration page to configure the IP addresses and subnet masks for the virtual router ports a From the Unit Slot Port menu select 4 1 ...

Page 547: ...k Unified Access System 12 10 09 Document 34CSFP6XXUWS SWUM100 D7 Configuring VLAN Routing Page 547 Select interface 4 2 from the Slot Port menu and configure it with an IP address of 192 150 4 1 and subnet mask of 255 255 255 0 ...

Page 548: ...located Figure 377 Switch with 802 1X Network Access Control If a user or supplicant attempts to communicate via the switch on any interface except interface 0 1 the system challenges the supplicant for login credentials The system encrypts the provided information and transmits it to the RADIUS server If the RADIUS server grants access the system sets the 802 1X port state of the interface to aut...

Page 549: ...k Submit 10 Create an authentication list a Go to the LAN Administration Authentication List Configuration page b Enter radiusList in the Authentication List Name field c Click Submit d Select RADIUS from the Method 1 menu and then click Submit 11 To set radiusList as the default login list for users that are not configured on the system go to the LAN Security Port Access Control Login page select...

Page 550: ...page 554 1 Access the WLAN Administration Basic Setup page and then click the SSID tab By default Network 1 is enabled and uses Guest Network as the SSID 2 Configure the first VAP a Click Edit for Network 1 to access the Wireless Network Configuration page for that network b Delete the existing SSID and enter Visitor in the SSID field c In the VLAN field enter 10 d In the Redirect field select the...

Page 551: ... Edit 5 Configure the second VAP a Delete the existing SSID and enter Corporate in the SSID field b In the VLAN field enter 20 c From the Security option select WPA Additional security fields appear d Clear the WPA option so that only WPA2 clients can connect to the VAP e Select the CCMP AES option f Enter a WPA Key g Click Submit 6 Click the VAP tab to return to the Wireless Default VAP Configura...

Page 552: ...e L2 Distributed Tunneling Mode field select Enable to allow the clients to roam among APs in different subnets without losing their network connection i From the DiffServ Policy UP field select the policy to apply to traffic transmitted from wireless clients to the AP j Click Submit Because this VAP uses WPA Enterprise wireless clients must authenticate by using an external RADIUS server Make sur...

Page 553: ...Software User Manual D Link Unified Access System 12 10 09 Document 34CSFP6XXUWS SWUM100 D7 Configuring a Virtual Access Point Page 553 ...

Page 554: ...ice how to set up a class for UDP traffic have that traffic marked on the inbound side and then expedite the traffic on the outbound side The configuration script is for Router 1 in the accompanying diagram a similar script should be applied to Router 2 Figure 378 DiffServ VoIP Example Network Diagram 1 To set queue 5 on all ports to use strict priority mode go to the LAN QoS Class of Service CoS ...

Page 555: ...ield enter class_voip in the Class Name field select All as the Class Type and then click Submit 5 Select IPv4 as the Class Layer 3 Protocol and then click Submit 6 Select Protocol from the Class Match Selector menu and then click Add Match Criteria 7 Select UDP from the Protocol Keyword menu and then click Submit 8 Create a second DiffServ classifier named class_ef and define a single match crite...

Page 556: ...ned internally to use queue 5 of the egress port to which they are forwarded a Select pol_viop from the Policy Selector menu class_ef from the Member Class List menu and Assign Queue from the Policy Attribute Selector and then click Configure Selected Attribute b In the Queue ID Value field enter 5 and then click Submit c Select pol_viop from the Policy Selector menu class_voip from the Member Cla...

Page 557: ...ation pertaining to the product and in that case the product is being sold As Is without any warranty whatsoever including without limitation the Warranty as described herein notwithstanding anything stated herein to the contrary Submitting A Claim The customer shall return the product to the original purchase point based on its return policy In case the return policy period has expired and the pr...

Page 558: ...ms Inc Other trademarks or registered trademarks are the property of their respective owners Copyright Statement No part of this publication or documentation accompanying this product may be reproduced in any form or by any means or used to make any derivative such as translation transformation or adaptation without permission from D Link Corporation D Link Systems Inc as stipulated by the United ...

Page 559: ...Registration Register your D Link product online at http support dlink com register Product registration is entirely voluntary and failure to complete or return this form will not diminish your warranty rights ...

Page 560: ...e warranty period on this product U S and Canadian customers can contact D Link technical support through our website or by phone Tech Support for customers within the United States D Link Technical Support over the Telephone USA 877 DLINK 55 877 354 6555 D Link Technical Support over the Internet http support dlink com Tech Support for customers within Canada D Link Technical Support over the Tel...

Page 561: ... uk ftp ftp dlink co uk Technische Unterstützung Deutschland Web http www dlink de E Mail support dlink de Telefon 49 0 1805 2787 0 14 pro Minute Zeiten Mo Fr 09 00 17 30 Uhr Österreich Web http www dlink at E Mail support dlink at Telefon 43 0 820 480084 0 116 pro Minute Zeiten Mo Fr 09 00 17 30 Uhr Schweiz Web http www dlink ch E Mail support dlink ch Telefon 41 0 848 331100 0 08 CHF pro Minute ...

Page 562: ...0 15ppm anytime Tech Support for customers within Belgium 070 66 06 40 www dlink be 0 175ppm peak 0 0875ppm off peak Tech Support for customers within Luxemburg 32 70 66 06 40 www dlink be Asistencia Técnica Asistencia Técnica Telefónica de D Link 34 902 30 45 45 0 067 min De Lunes a Viernes de 9 00 a 19 00 http www dlink es Supporto tecnico Supporto Tecnico dal lunedì al venerdì dalle ore 9 00 al...

Page 563: ... PO PÁ od 09 00 do 17 00 Pevna linka 1 78 CZK min mobil 5 40 CZK min Technikai Támogatás Tel 06 1 461 3001 Fax 06 1 461 3004 Land Line 14 99 HUG min Mobile 49 99 HUF min email support dlink hu URL http www dlink hu Teknisk Support D Link Teknisk telefon Support 820 00 755 Hverdager 08 00 20 00 D Link Teknisk Support over Internett http www dlink no Teknisk Support D Link teknisk support over telef...

Page 564: ...εφαλληνίας 64 11251 Αθήνα Τηλ 210 86 11 114 Δευτέρα Παρασκευή 09 00 17 00 Φαξ 210 8611114 http www dlink gr support Assistência Técnica Assistência Técnica da D Link na Internet http www dlink pt e mail soporte dlink es Teknisk Support D Link Teknisk Support via telefon 0900 100 77 00 Vardagar 08 00 20 00 D Link Teknisk Support via Internet http www dlink se ...

Page 565: ...k biz hr Tehnična podpora Zahvaljujemo se vam ker ste izbrali D Link proizvod Za vse nadaljnje informacije podporo ter navodila za uporabo prosimo obiščite D Link ovo spletno stran www dlink eu www dlink biz sl Suport tehnica Vă mulţumim pentru alegerea produselor D Link Pentru mai multe informaţii suport şi manuale ale produselor vă rugăm să vizitaţi site ul D Link www dlink eu www dlink ro ...

Page 566: ...b www dlink co in E Mail helpdesk dlink co in Indonesia Malaysia Singapore and Thailand Tel 62 21 5731610 Indonesia Tel 1800 882 880 Malaysia Tel 65 6501 4200 Singapore Tel 66 2 719 8978 9 Thailand 24 7 for English Support only Web http www dlink com sg support E mail support dlink com sg Korea Tel 82 2 2028 1815 Monday to Friday 9 00am to 6 00pm Web http www d link co kr E mail arthur d link co k...

Page 567: ...92 21 4548158 92 21 4548310 Monday to Friday 10 00am to 6 00pm Web http support dlink me com E mail zkashif dlink me com South Africa and Sub Sahara Region Tel 27 12 665 2165 08600 DLINK for South Africa only Monday to Friday 8 30am to 9 00pm South Africa Time Web http www d link co za E mail support d link co za Turkey Tel 90 212 2895659 Monday to Friday 9 00am to 6 00pm Web http www dlink com tr...

Page 568: ...ink D Link предоставляет бесплатную поддержку для клиентов в течение гарантийного срока Клиенты могут обратиться в группу технической поддержки D Link по телефону или через Интернет Техническая поддержка D Link 7 495 744 00 99 Техническая поддержка через Интернет http www dlink ru e mail support dlink ru ...

Page 569: ...ombia 01800 9525465 Lunes a Viernes 06 00am a 19 00pm Costa Rica 0800 0521478 Lunes a Viernes 05 00am a 18 00pm Ecuador 1800 035465 Lunes a Viernes 06 00am a 19 00pm El Salvador 800 6335 Lunes a Viernes 05 00am a 18 00pm Guatemala 1800 8350255 Lunes a Viernes 05 00am a 18 00pm México 01800 1233201 Lunes a Viernes 06 00am a 19 00pm Panamá 011 008000525465 Lunes a Viernes 05 00am a 18 00pm Perú 0800...

Page 570: ...ra clientes no Brasil durante o período de vigência da garantia deste produto Suporte Técnico para clientes no Brasil Website para suporte www dlink com br suporte e mail suporte dlink com br Telefones para contato Clientes de São Paulo 2755 6950 Clientes das demais regiões 0800 70 24 104 Segunda à Sexta feira das 9 00h às 21 00h Sábado das 9 00h às 15 00h ...

Page 571: ...方式與D Link台灣 地區技術支援工程師聯絡 D Link 免付費技術諮詢專線 0800 002 615 服務時間 週一至週五 早上9 00到晚上9 00 不含周六 日及國定假日 網 站 http www dlink com tw 電子郵件 dssqa_service dlink com tw 如果您是台灣地區以外的用戶 請參考D Link網站全球各地 分公司的聯絡資訊以取得相關支援服務 產品保固期限 台灣區維修據點查詢 請參考以下網頁說明 http www dlink com tw 產品維修 使用者可直接送至全省聯強直營維修站或請洽您的原購買經銷商 ...

Page 572: ...okumentasi pengguna dapat diperoleh pada situs web D Link Dukungan Teknis untuk pelanggan Dukungan Teknis D Link melalui telepon Tel 62 21 5731610 Dukungan Teknis D Link melalui Internet Email support dlink co id Website http support dlink co id ...

Page 573: ...Technical Support この度は弊社製品をお買い上げいただき 誠にありがとうご ざいます 下記弊社 Web サイトからユーザ登録及び新製品登録を 行っていただくと ダウンロードサービスにて サポート情報 ファームウェア ユーザマニュアルを ダウンロードすることができます ディーリンクジャパン Web サイト URL http www dlink jp com ...

Page 574: ...技术支持 办公地址 北京市东城区北三环东路 36 号 环球贸易中心 B 座 26F 02 05 室 邮编 100013 技术支持中心电话 8008296688 028 66052968 技术支持中心传真 028 85176948 各地维修中心地址请登陆官方网站查询 网址 http www dlink com cn 办公时间 周一到周五 早09 00到晚18 00 ...

Page 575: ... site 1 employee 2 9 10 49 50 99 100 499 500 999 1000 or more 3 What network protocol s does your organization use XNS IPX TCP IP DECnet Others_____________________________ 4 What network operating system s does your organization use D Link LANsmart Novell NetWare NetWare Lite SCO Unix Xenix PC NFS 3Com 3 Open Cisco Network Banyan Vines DECnet Pathwork Windows NT Windows 98 Windows 2000 ME Windows...

Page 576: ......

Reviews:

No comments

Brands by name

Popular brands

Load more brands