manualshive.com logo in svg

D-Link DXS-3227 - xStack Switch - Stackable, Web/Installation Manual

Share
Download
D-Link DXS-3227 - xStack Switch - Stackable Web/Installation Manual Download Page 112

Configuring Device Security

Configuring Management Security

Page 111 

Configuring ARP Inspection

Classic 

Address Resolution Protocol

 is a TCP/IP protocol that translates IP addresses into MAC addresses. Clas-

sic ARP: 

Permits two hosts on the same network to communicate and send packets. 

Permits two hosts on different packets to communicate via a gateway. 

Permits routers to send packets via a host to a different router on the same network. 

Permits routers to send packets to a destination host via a local host. 

ARP Inspection eliminates man-in-the-middle attacks, where false ARP packets are inserted into the subnet. ARP 
requests and responses are inspected, and their MAC Address to IP Address binding is checked. Packets with 
invalid ARP Inspection Bindings are logged and dropped. Packets are classified as: 

Trusted

 — Indicates that the interface IP and MAC address are recognized, and recorded in the 

ARP Inspec-

tion List

. Trusted packets are forward without ARP Inspection. 

Untrusted

 — Indicates that the packet arrived from an interface that does not have a recognized IP and MAC 

addresses. The packet is checked for: 

Source MAC

 — Compares the packet’s source MAC address against the sender’s MAC address in the 

ARP request. This check is performed on both ARP requests and responses.

Destination MAC

 — Compares the packet’s destination MAC address against the destination interface’s 

MAC address. This check is performed for ARP responses.

IP Addresses

 — Compares the ARP body for invalid and unexpected IP addresses. Addresses include 

0.0.0.0, 255.255.255.255, and all IP Multicast addresses. If the packet’s IP address was not found in the 
ARP Inspection List, and DHCP snooping is enabled for a VLAN, a search of the DHCP Snooping 
Database is performed. If the IP address is found, the packet is valid and is forwarded. ARP inspection is 
performed only on untrusted interfaces.

The ARP Inspection section contains the following screens:

ARP Inspection Properties

Defining Trusted Interfaces

Defining the ARP Inspection List

Assigning ARP Inspection VLAN Settings

Summary of Contents for DXS-3227 - xStack Switch - Stackable

Page 1: ...Web Installation Guide ProductModel TM DXS DWS 3200Series Layer2 StackableGigabitEthernetSwitcheswithoptionalXGUplinks Release3 0 Copyright 2007 All rights reserved ...

Page 2: ...ations 18 LED Definitions 19 Port LEDs 19 System LEDs 22 Cable Port and Pinout Information 23 Pin Connections for the 10 100 1000 Ethernet Interface 23 Ports Pinout 24 Physical Dimensions 25 Mounting Device 26 Preparing for Installation 26 Installation Precautions 26 Site Requirements 27 Unpacking 27 Installing the Device 28 Desktop or Shelf Installation 28 Rack Installation 29 Connecting the Devi...

Page 3: ...PoE System Information 64 Defining PoE Interfaces 66 Stacking 69 Configuring Device Security 74 Configuring Management Security 75 Configuring Authentication Methods 75 Configuring Passwords 96 Configuring DHCP Snooping 102 Defining DHCP Snooping Properties 103 Defining DHCP Snooping on VLANs 105 Defining Trusted Interfaces 106 Adding Interfaces to the DHCP Snooping Database 108 Configuring DHCP O...

Page 4: ...LANs 174 Defining VLAN Properties 175 Defining VLAN Membership 177 Defining VLAN Interface Settings 179 Configuring GARP 181 Defining GARP 181 Defining GVRP 183 Defining VLAN Groups 185 Configuring Voice VLAN 190 IP Routing 195 Configuring IP Information 197 Configuring IP Information 197 Configuring IP Interfaces 197 Defining IP Addresses 198 Defining Default Gateways 201 Configuring ARP 202 Conf...

Page 5: ...ng SNMP Security 254 Defining SNMP Security 254 Defining SNMP Views 256 Defining SNMP Group Profiles 258 Defining SNMP Group Members 261 Defining SNMP Communities 264 Configuring SNMP Notifications 267 Defining SNMP Notification Global Parameters 267 Defining SNMP Notification Filters 269 Defining SNMP Notification Recipients 271 Configuring Quality of Service 275 Configuring Quality of Service 27...

Page 6: ...3 Copying Files 324 Managing System Files 325 Managing System Logs 327 Enabling System Logs 328 Viewing the Device Memory Logs 330 Clearing Device Memory Logs 330 Viewing the FLASH Logs 331 Clearing FLASH Logs 331 Defining Servers Log Parameters 332 Managing Device Diagnostics 334 Configuring Port Mirroring 334 Viewing Copper Cable Tests 337 Viewing Device Health 339 Viewing Optical Transceivers 3...

Page 7: ...ics 363 Viewing EAP Statistics 364 Resetting GVRP Statistics Counters 365 Managing RMON Statistics 366 Viewing RMON Statistics 367 Resetting RMON Statistics Counters 368 Configuring RMON History 369 Defining RMON Alarms 376 Viewing QoS Statistics 378 Viewing Aggregated Policer Statistics 378 Viewing Policer Statistics 379 Viewing Queue Statistics 380 Hardware Specifications 382 DXS 32XX Features 3...

Page 8: ...edded Web Interface web pages are easy to use and easy to navigate In addition The D Link Embedded Web Interface pro vides real time graphs and RMON statistics to help system administrators monitor network performance This preface provides an overview to the D Link Embedded Interface User Guide and includes the following sec tions DXS 3227 DXS 3227P DXS 3250 and DXS 3250E User Guide Overview Inten...

Page 9: ...vides information for managing IP routing Section 13 Configuring IP Information Provides information about defining device IP addresses ARP and Domain Name Servers Section 14 Defining the Forwarding Database Provides information about configuring and managing both static and dynamic MAC addresses Section 15 Configuring Spanning Tree Provides information about configuring Spanning Tree Protocol and...

Page 10: ...Preface Intended Audience Page 9 Intended Audience This guide is intended for network administrators familiar with IT concepts and terminology ...

Page 11: ...ons LED Definitions Cable Port and Pinout Information Physical Dimensions Viewing the Device The devices described in this section are stackable Gigabit Ethernet Managed Switches Device management is performed using an Embedded Web Server EWS or through a Command Line Interface CLI The device con figuration is performed via an RS 232 interface This section contains descriptions for the following D...

Page 12: ...ts on the front panel The 3250E is a 48 port Gigabit Ethernet Managed Switch The device contains 48 gigabit network ports and 4 SFP Ports on the front panel for network connectivity Figure 2 DXS 3250E Front Panel The device front panel is configured as follows 48 Giga Ethernet ports RJ 45 ports designated as 10 100 1000Base T The RJ 45 ports are designated as ports Ports 1 48 SFP SFP RS 232 Diagno...

Page 13: ...evice front panel is configured as follows 24 Giga Ethernet ports RJ 45 ports designated as 10 100 1000Base T The RJ 45 ports are designated as ports Ports 1 24 RS 232 Console port An asynchronous serial console port supporting the RS 232 electrical specification The port is used to connect the device to the console managing the device Four SFP Ports There are four SFP port which contains 1000Base...

Page 14: ...port is used to connect the device to the console managing the device Four SFP Ports There are four SFP port which contains 1000Base X fiber connections One XFP Port The 10 Gigabit Small Form Factor Pluggable XFP port provides protocol independent transmission and receiver functionality for 10Gbps Ethernet On the front panel there are the Port activity LEDs on each port with the system LEDs displa...

Page 15: ...s empty and all ports and connectors are located on the front panel The following figure illustrates the DXS 3227P back panel Figure 6 DXS 3227P Back Panel The DXS 3227P Back Panel is configured as follows Restore Defaults Button Restores device factory defaults The Restore Defaults button does not extend beyond the device s front panel surface This it to avoid accidental device resetting Two Opti...

Page 16: ...port The port is an RJ 45 port which supports half and full duplex mode 10 100 1000 Mbps SFP Port Small Form Factor Pluggable SFP Optical Transceivers are integrated duplex data GBIC links for bi directional communication over multimode optical fiber designed for high speed Fiber Channel data links The SFP port is designated as 1000Base X The SFP GBIC port can be removed and inserted as required T...

Page 17: ...t The XFP port is located on the DXS 3227 3227P front panel and an optional XFP module can be inserted into the device s back panel The XFP module can be removed and inserted as required as the figure below illustrates Caution It is recommended to disconnect the power from the switch before inserting or removing the XFP Module Figure 8 Inserting Removing XFP Module Figure 9 Inserting Removing XFP ...

Page 18: ...g or removing the CX 4 module Figure 10 Inserting Removing the CX 4 Module Stacking Ports The device can provide two stacking XFP or CX 4 ports One stacking port provides an Up connection while the second provides a Down stacking connection RS 232 Console Port The RS 232 port is an asynchronous serial console port supporting the RS 232 electrical specification The port is used to connect the devic...

Page 19: ... meters max 1000BASE LX Single mode fiber module 10km 1000BASE SX Multi mode fiber module 550m 1000BASE LH Single mode fiber module 40km 1000BASE ZX Single mode fiber module 80km Mini GBIC SFP Transceiver for 1000BASE LX Single mode fiber module 10km SFP Transceiver for 1000BASE SX Multi mode fiber module 550m SFP Transceiver for 1000BASE LH Single mode fiber module 40km SFP Transceiver for 1000BA...

Page 20: ...it Ethernet RJ 45 Port LEDs The LEDs on the three devices are differently indicated The following figure illustrates the DXS 3250 DXS 3250E port LEDs Figure 11 DXS 3250 DXS 3250E 1000Base T Gigabit Ethernet RJ 45 Port LEDs The DXS 3227 device has the LED indications on a LED panel on the left side of the device The following figure illustrates the port LEDs Figure 12 DXS 3227 1000Base T Gigabit Et...

Page 21: ...LED Indication Description Speed Green A 1000 Mbps link is established on the port Amber A 100 Mbps link is established on the port Off A 10 Mbps link is established on the port Link Activity LED Green A link is established on the port Flashing Green There is data transmission on the port Off No link is established on the port POE Off The port is currently not providing a 48 power volt Green The p...

Page 22: ...r port has one LED The LED indications are described in the following table Table 3 SFP LED Indications LED Indication Description Green A link is established on the port Flashing Green There is data transmission on the port Off No link is established on the port ...

Page 23: ...50 DXS 3250E are located on the left side of the devices The following figure illustrates the DXS 3250 DXS 3250E system LEDs Figure 14 DXS 3250 DXS 3250ESystem LEDs DXS 3227 DXS 3227P The system LEDs on the DXS 3227 devices are on the left side of the device The following figures illustrate the DXS 3227 and DXS 3227P system LEDs Figure 15 DXS 3227 DXS 3227P System LEDs ...

Page 24: ...ssed cables The following figure illustrates the pin alloca tion Figure 16 RJ 45 Pin Allocation Table 4 System LED Indications LED Description LED Indication Description PWR Green The device is powered up Off The device is not powered up FAN Red Indicates a faulty fan Off All fans are functioning correctly Fault Flashing Red The device is currently running POST Red The device detected POST running...

Page 25: ...r 10 100 1000 Base TX Pin Use 1 TxRx 1 2 TxRx 1 3 TxRx 2 4 TxRx 2 5 TxRx 3 6 TxRx 3 7 TxRx 4 8 TxRx 4 Table 6 CX 4 Pin Connections IB Pin Signal S16 TX3 S15 TX3 S14 TX2 S13 TX2 S12 TX1 S11 TX1 S10 TX0 S9 TX0 S8 RX3 S7 RX3 S6 RX2 S5 RX2 S4 RX1 S3 RX1 S2 RX0 S1 RX0 Table 7 Console RS 232 Pin Connections Pin Signal 3 TxD Transmit Data Transmits bytes out of PC 2 RxD Receive Data Receives bytes into P...

Page 26: ...ch DXS 3227 Width 440 mm 17 32 inch Depth 310mm 12 20 inch Height 45 mm 1 77 inch DXS 3227P Width 440 mm 17 32 inch Depth 430mm 16 93 inch Height 45 mm 1 77 inch 7 RTS Request To Send RTS CTS flow control 8 CTS Clear To Send RTS CTS flow control 6 DSR not connected in 3250 3250E 3227 P 4 DTR not connected in 3250 3250E 3227 P 1 DCD not connected in 3250 3250E 3227 P 9 RI not connected in 3250 3250...

Page 27: ...e components are to be serviced by trained service technicians only Ensure the power cable extension cable and or plug is not damaged Ensure the product is not exposed to water Ensure the device is not exposed to radiators and or heat sources Do not push foreign objects into the device as it may cause a fire or electric shock Use the device only with approved equipment Allow the product to cool be...

Page 28: ...ing Unpacking This section contains information for unpacking the device and includes the following topics Package Contents Unpacking Essentials Package Contents While unpacking the device ensure that the following items are included The device Four rubber feet with adhesive backing Rack kit An AC power cable Console RS 232 cable with DB 9 connector Documentation CD Unpacking Essentials Note Befor...

Page 29: ...ushioning feet on the bottom at each corner of the device Ensure the surface is be able to support the weight of the device and the device cables To install the device on a surface perform the following 1 Attach the rubber feet on the bottom of the device The following figure illustrates the rubber feet installation on the device Figure 17 Installing Rubber Feet 2 Set device down on a flat surface...

Page 30: ...k perform the following 1 Place the supplied rack mounting bracket on one side of the device ensuring the mounting holes on the device line up to the mounting holes on the rack mounting bracket The following figure illustrates where to mount the brackets Figure 18 Attaching the Mounting Brackets 2 Insert the supplied screws into the rack mounting holes and tighten with a screwdriver 3 Repeat the p...

Page 31: ...ng Device in a Rack 5 Secure the unit to the rack with the rack screws not provided Fasten the lower pair of screws before the upper pair of screws This ensures that the weight of the unit is evenly distributed during installation Ensure that the ventilation holes are not obstructed ...

Page 32: ...onnect to the device b Set the data rate to 9600 baud c Set the data format to 8 data bits 1 stop bit and no parity d Set flow control to none e Under Properties select VT100 for Emulation mode f Select Terminal keys for Function Arrow and Ctrl keys Ensure that the setting is for Terminal keys not Windows keys Note When using HyperTerminal with Microsoft Windows 2000 ensure that you have Windows 2...

Page 33: ...s automatically configures both devices to take maximum advantage of their abilities Auto negotiation is performed completely within the physical layers during link initiation without any additional overhead to either the MAC or higher protocol layers Auto negotiation allows the ports to do the following Advertise their abilities Acknowledge receipt and understanding of the common modes of operati...

Page 34: ...h the local terminal already connected the switch goes through Power On Self Test POST POST runs every time the device is initialized and checks hardware components to determine if the device is fully operational before completely booting If a critical problem is detected the program flow stops If POST passes successfully a valid executable image is loaded into RAM POST messages are displayed on t...

Page 35: ...tion on the Startup menu see Startup Menu Functions If the system boot is not interrupted by pressing Esc or Enter the system continues operation by decompressing and loading the code into RAM The code starts running from RAM and the list of numbered system ports and their states up or down are displayed Performing the Power On Self Test POST UART Channel Loopback Test PASS Testing the System SDRA...

Page 36: ... OK Running from RAM Running SW Ver x x x x Date 11 Jan 200x Time 15 43 13 HW version is Base Mac address is 00 00 b0 24 11 80 Dram size is xxM bytes Dram first block size is 47104K bytes Dram first PTR is 0x1200000 Flash size is xM Devices on SMI BUS smi dev id 16 dev type 0xd0411ab dev revision 0x1 Device configuration Prestera based Back to back system Slot 1 DB DX240 24G HW Rev xx xx Tapi Vers...

Page 37: ... must also be configured The following configurations are completed Static IP Address and Subnet Mask Static Route Configuration User Name SNMP Community strings Static IP Address and Subnet Mask IP interfaces can be configured on each port of the device After entering the configuration command it is recommended to check if a port was configured with the IP address by entering the show ip interfac...

Page 38: ...a local software agent The SNMP agents maintain a list of variables used to manage the device The variables are defined in the Management Information Base MIB The MIB presents the variables controlled by the agent The SNMP agent defines the MIB specification format as well as the format used to access the information over the network Access rights to the SNMP agents are controlled by access string...

Page 39: ... with read write access The public string allows authorized management stations to retrieve MIB objects while the private string allows authorized management stations to retrieve and modify MIB objects During initial configuration it is recommended to configure the device according to the network administrator requirements in accordance with using an SNMP based management station To configure SNMP...

Page 40: ...mask and default gateway Retrieving an IP Address From a DHCP Server When using the DHCP protocol to retrieve an IP address the device acts as a DHCP client To retrieve an IP address from a DHCP server perform the following steps 1 Select and connect any port to a DHCP server or to a subnet that has a DHCP server on it in order to retrieve the IP address 2 Enter the following commands to use the s...

Page 41: ...OTP protocol is supported and enables the switch to automatically download its IP host configuration from any standard BOOTP server in the network In this case the device acts as a BOOTP client To retrieve an IP address from a BOOTP server 1 Select and connect any port to a BOOTP server or subnet containing such a server to retrieve the IP address 2 At the system prompt enter the delete startup co...

Page 42: ...er name the default priority is 1 which allows access but not configuration rights A priority of 15 must be set to enable access and configuration rights to the device Although user names can be assigned privilege level 15 without a password it is recommended to always assign a password If there is no specified password privileged users can access the Web interface with any password Configuring an...

Page 43: ...for the content of the page to appear When initially enabling an http or https session enter admin for user name and user1 for password Note HTTP and HTTPS services require level 15 access and connect directly to the configuration level access Console config aaa authentication login default line Console config aaa authentication enable default line Console config line telnet Console config line lo...

Page 44: ...boots and runs when decompressing the system image from the flash memory area where a copy of the system image is stored When a new image is downloaded it is saved in the other area allocated for the addi tional system image copy On the next boot the switch decompresses and runs the currently active system image unless chosen otherwise To download an image through the TFTP server 1 Ensure that an ...

Page 45: ...er and programming it into the flash updates the boot image The boot image is loaded when the switch is powered on To download a boot file through the TFTP server 1 Ensure that an IP address is configured on one of the device ports and pings can be sent to a TFTP server 2 Ensure that the file to be downloaded the rfb file is saved on the TFTP server 3 Enter the command show version to verify which...

Page 46: ...ew software version must be downloaded to replace corrupted files update or upgrade the system software To download software from the Startup menu 1 On the Startup menu press 1 The following prompt is displayed 2 When using HyperTerminal click Transfer on the HyperTerminal menu bar 3 From the Transfer menu click Send File The Send File window is displayed 4 Enter the file path for the file to be d...

Page 47: ...ed If the flash is erased all software files must be downloaded and installed again To erase the FLASH 1 From the Startup menu press 3 within 6 seconds The following message is displayed 2 Confirm by pressing Y The following message is displayed 3 Enter the first flash block to be erased and press Enter The following message is displayed 4 Enter the last flash block to be erased and press Enter Th...

Page 48: ...n the Startup menu The procedure enables the user to enter the device once without a password To recover a lost password for the local terminal only 1 From the Startup menu select 4 and press Enter The password is deleted 2 To ensure device security reconfigure passwords for applicable management methods ...

Page 49: ...tting Started This section provides an introduction to the user interface and includes the following topics Starting the D Link Embedded Web Interface Understanding the D Link Embedded Web Interface Using Screen and Table Options Rebooting the Device Logging Off from the Device ...

Page 50: ... 2 Ensure that pop up blockers are disabled If pop up blockers are enable edit add and device information messages may not open 3 Enter the device IP address in the address bar and press Enter The Enter Network Password Page opens Figure 20 Enter Network Password Page 4 Enter your user name and password Notes The device is configured with a user name that is admin and a password that is blank and ...

Page 51: ...ser Guide Page 50 5 Click The D Link Embedded Web Interface Home Page opens Notes The screen captures in this Guide represent the 48 port device The Web pages in the 24 port device may vary slightly Figure 21 D Link Embedded Web Interface Home Page ...

Page 52: ... the home page the port LED indicators provide a visual repre sentation of the ports on the D Link front panel Tab Area Located under the LED indicators the tab area contains a list of the device features and their components Device View Located in the main part of the home page the device view provides a view of the device an information or table area and configuration instructions Figure 22 D Li...

Page 53: ...DXS 3227P device Each product has an individual Device Representation Figure 23 Device Representation Table 9 Interface Components View Description 1 Tree View Tree View provides easy navigation through the configurable device features The main branches expand to display the sub features 2 Device View Device View provides information about device ports current configuration and status table inform...

Page 54: ...he following Table 10 D Link Web Interface Configuration Buttons Button Button Name Description Clear Logs Clears system logs Create Enables creation of configuration entries Edit Modifies configuration settings Submit Saves configuration changes to the device Test Performs cable tests Query Queries the device table Table 11 D Link Web Interface Information Tabs Tab Tab Name Description Help Opens...

Page 55: ...formation Deleting Configuration Information Adding Configuration Information User defined information can be added to specific D Link Web Interface pages by opening a new Add page To add information to tables or D Link Web Interface pages 1 Open a D Link Web Interface page 2 Click An add page opens such as the Add SNTP Interface Page Figure 24 Add SNTP Interface 3 Define the fields 4 Click The co...

Page 56: ...ation page such as the IP Interface Settings Page opens Figure 25 IP Interface Settings Page 4 Modify the fields 5 Click The fields are modified and the information is saved to the device Deleting Configuration Information 1 Open The D Link Embedded Web Interface page 2 Select a table row 3 Select the Remove checkbox 4 Click The information is deleted and the device is updated ...

Page 57: ...ges from the running configuration file to the startup configuration file before rebooting the device For instructions see Copying Files To reboot the device 1 Click System General Reboot The Reboot page opens Figure 26 Reboot Page 2 Click A confirmation message is displayed 3 Click The device is reboot and a prompt for a user name and password is displayed 4 Enter a user name and password to reco...

Page 58: ...Getting Started Logging Off from the Device Page 57 Logging Off from the Device 1 Click The Logout Page opens 2 Click The D Link Embedded Web Interface Home Page closes ...

Page 59: ...EWS User Guide Page 58 Section 5 Managing Device Information This section contains information for setting general system information and includes the following sections Defining the System Description Enabling Jumbo Frames Rebooting the Device ...

Page 60: ...fines the user defined device name The field range is 0 160 characters System Location Defines the location where the system is currently running The field range is 0 160 characters System Contact Defines the name of the contact person The field range is 0 160 characters System Object ID Displays the vendor s authoritative identification of the network management sub system contained in the entity...

Page 61: ...XS 3250E EWS User Guide Page 60 Hardware Version Displays the installed device hardware version number Boot Version Displays the current Boot version running on the device Software Version Displays the installed software version number ...

Page 62: ... processing time and fewer interruptions To define advanced system settings 1 Click System General Mode The Mode Page opens Figure 28 Mode Page The Mode Page contains the following field Enable Jumbo Frames Indicates if Jumbo Frames are enabled on the device The possible field values are Checked Enables Jumbo Frames on the device Unchecked Disables Jumbo Frames on the device 2 Check the Enable Jum...

Page 63: ...booting the Device The Reboot page enables rebooting the device from both local and remote locations To prevent the current con figuration from being lost save all changes from the running configuration file to the startup configuration file before rebooting the device ...

Page 64: ...f placing network devices next to power sources Power over Ethernet can be used with IP Phones Wireless Access Points IP Gateways PDAs Audio and video remote monitoring Powered Devices are devices which receive power from the device power supplies for example IP phones Pow ered Devices are connected to the device via Ethernet ports PoE is enabled for the DXS 3227P only This section includes the fo...

Page 65: ...unctioning Off Indicates that the power supply unit is not functioning Faulty Indicates that the power supply unit is functioning but an error has occurred For example a power overload or a short circuit Nominal Power Indicates the actual amount of power the device can supply The field value is displayed in Watts Consumed Power Indicates the amount of the power used by the device The field value i...

Page 66: ...ters are defined and the device is updated To modify PoE Property settings 1 Click System Power over Ethernet Properties The PoE Properties Page opens 2 Click The PoE Properties Settings Page opens Figure 30 PoE Properties Settings Page 3 Define the fields 4 Click The PoE Property Setting is modified and the device is updated ...

Page 67: ...e Power Over Ethernet Interface Page opens Figure 31 Power Over Ethernet Interface Page The Power Over Ethernet Interface Page contains the following fields Unit No Displays the stacking member for which the details are displayed Interface Indicates the specific interface for which PoE parameters are defined and assigned to the pow ered interface connected to the selected port Admin Status Indicat...

Page 68: ...w port 1 is prioritized to receive power and port 3 may be denied power The possible field values are Low Defines the PoE priority level as low This is the default level High Defines the PoE priority level as high Critical Defines the PoE priority level as Critical This is the highest PoE priority level Power Consumption Indicates the amount of power assigned to the powered device connected to the...

Page 69: ...ngs 1 Click System Power over Ethernet Interface tab The Power Over Ethernet Interface Page opens 2 Click to select the interface The PoE Interface Settings Page opens Figure 32 PoE Interface Settings Page 3 Define the fields 4 Click The system PoE interface is defined and the device is updated ...

Page 70: ...ware is downloaded separately for each stack members However all units in the stack must be run ning the same software version Switch stacking and configuration is maintained by the Stacking Master The Stacking Master detects and recon figures the ports with minimal operational impact in the event of Unit Failure Inter unit Stacking Link Failure Unit Insertion Removing a Stacking Unit Understandin...

Page 71: ...the ring topology fails the stack automatically reverts to the chain topology Stacking Failover Topology If a failure occurs in the stacking topology the stack reverts to Stacking Failover Topology In the Stacking Failover topology devices operate in a chain formation The Stacking Master determines where the packets are sent Each unit is connected to two neighboring devices except for the top and ...

Page 72: ...e one with the longer up time is elected Stacking Master If the two Master enabled stacking members are the same age Unit 1 is elected Stacking Master Two stack ing member are considered the same age if they were inserted within the same ten minute interval For example Stack member 2 is inserted in the first minute of a ten minute cycle and Stack member 1 is inserted in fifth minute of the same cy...

Page 73: ...pecific device Device configuration changes that are not saved before the device is reset are not saved If the Stacking Master is reboot the entire stack is reboot To open the Stack Page 1 Click System General The Stack Page opens Figure 34 Stack Page The Stack Page contains the following fields Top Unit Indicates the top most stacking member s number Possible values are Master and 1 6 Bottom Unit...

Page 74: ...The possible field values are Checked Enables switching the stack control to the Standby Stack Master Unchecked Maintains the current stacking control Switching between the stack master and the backup unit 1 Open the Stack Page 2 Check the Switch Stack Control from Unit 1 to Unit 2 check box 3 Click A confirmation message displays ...

Page 75: ...ing Device Security This section provides access to security pages that contain fields for setting security parameters for ports device management methods users and server security This section contains the following topics Configuring Management Security Configuring Network Security ...

Page 76: ...s section includes the following topics Configuring Authentication Methods Configuring Passwords Configuring Authentication Methods This section provides information for configuring device authentication methods This section includes the topics Defining Access Profiles Defining Profile Rules Defining Authentication Profiles Mapping Authentication Methods Defining RADIUS Settings ...

Page 77: ... access the switch module only via an HTTPS session while User Group 2 can access the switch module via both HTTPS and Telnet sessions The Access Profile Page contains the currently configured access profiles and their activity status Assigning an access profile to an interface denies access via other interfaces If an access profile is assigned to any interface the device can be accessed by all in...

Page 78: ... The Add Access Profile Page opens Figure 36 Add Access Profile Page In addition to the fields in the Access Profile Page the Add Access Profile Page contains the following fields Access Profile Name Defines the access profile name The access profile name can contain up to 32 characters Rule Priority Defines the rule priority When the packet is matched to a rule user groups are either granted perm...

Page 79: ...ice using HTTPS meeting access profile criteria are permitted or denied access to the device SNMP Assigns SNMP access to the rule If selected users accessing the device using SNMP meeting access profile criteria are permitted or denied access to the device Interface Defines the interface on which the access profile is defined The possible field values are Port Specifies the port on which the acces...

Page 80: ...agement Security Authentication Profile Rules The Profile Rules Page opens Figure 37 Profile Rules Page The Profile Rules Page contains the following fields Access Profile Name Displays the access profile to which the rule is attached Priority Defines the rule priority When the packet is matched to a rule user groups are either granted per mission or denied device management access The rule number...

Page 81: ...ria are permitted or denied access to the device Secure HTTP HTTPS Assigns HTTPS access to the rule If selected users accessing the device using HTTPS meeting access profile criteria are permitted or denied access to the device SNMP Assigns SNMP access to the rule If selected users accessing the device using SNMP meeting access profile criteria are permitted or denied access to the device Source I...

Page 82: ...les Page opens 2 Click The Add Profile Rule Page opens Figure 38 Add Profile Rule Page In addition to the fields in the Profile Rules Page the Add Profile Rule Page contains the following additional field Network Mask Defines the network mask of the source IP address 3 Define the fields 4 Click The profile rule is added to the access profile and the device is updated ...

Page 83: ...Profile Page opens 2 Click The Profile Rules Setting Page opens Figure 39 Profile Rules Settings In addition to the fields in the Profile Rules Page the Profile Rules Settings contains the following additional field Network Mask Defines the network mask of the new source IP address 3 Modify the fields 4 Click The profile rule is modified and the device is updated ...

Page 84: ...US server is not available then the user is authenticated locally To define Authentication profiles 1 Click System Management Security Authentication Authentication Profiles The Authentication Profile Page opens Figure 40 Authentication Profile Page The Authentication Profile Page contains the following fields Profile Name Displays the user defined profile name Methods Defines the user authenticat...

Page 85: ...files To add an Authentication Profile 1 Click System Management Security Authentication Authentication Profiles The Authentication Profile Page opens 2 Click The Add Authentication Profile Page opens Figure 41 Add Authentication Profile Page In addition to the fields in the Authentication Profile Page the Authentication Profile Settings contains the following additional field Profile Method Indic...

Page 86: ...Security Authentication Authentication Profiles The Authentication Profile Page opens 2 Select a Profile 3 Click The Authentication Profile Page opens Figure 42 Authentication Profile Settings 4 Select an authentication method from the Optional Methods list 5 Click The authentication method is selected and the device is updated ...

Page 87: ...apping Page opens Figure 43 Authentication Mapping Page The Authentication Mapping Page contains the following fields Console Indicates that Authentication profiles are used to authenticate console users Telnet Indicates that Authentication profiles are used to authenticate Telnet users Secure Telnet SSH Indicates that Authentication profiles are used to authenticate Secure Shell SSH users SSH pro...

Page 88: ...eld values are None Indicates that no authentication method is used for access RADIUS Indicates that Authentication occurs at the RADIUS server TACACS Indicates that authentication occurs at the TACACS server Local Indicates that authentication occurs locally 2 Define the fields 3 Click The authentication mapping is saved and the device is updated ...

Page 89: ...igure RADIUS servers 1 Click System Management Security Authentication RADIUS The RADIUS Page opens Figure 44 RADIUS Page The RADIUS Page contains the following fields Accounting The authentication method used for RADIUS session accounting Possible field values are 802 1x 802 1x authentication is used to initiate accounting Login Login authentication is used to initiate accounting Both Both 802 1x...

Page 90: ...accounting port The accounting port is the port used for RADIUS account ing information Number of Retries Defines the number of transmitted requests sent to the RADIUS server before a failure occurs The possible field values are 1 10 Three is the default value Timeout for Reply Defines the amount of time in seconds the device waits for an answer from the RADIUS server before retrying the query or ...

Page 91: ...e 90 To add a RADIUS Server 1 Click System Management Security Authentication RADIUS The RADIUS Page opens 2 Click The Add RADIUS Server Page opens Figure 45 Add RADIUS Server Page 3 Define the fields 4 Click The RADIUS server is added and the device is updated ...

Page 92: ...y RADIUS Server settings 1 Click System Management Security Authentication RADIUS The RADIUS Page opens 2 Click The RADIUS Server Settings Page opens Figure 46 RADIUS Server Settings Page 3 Define the fields 4 Click The RADIUS server settings are saved and the device is updated ...

Page 93: ...crypted protocol exchanges between the client and TACACS server The TACACS default parameters are user assigned defaults The default settings are applied to newly defined TACACS servers If default values are not defined the system defaults are applied to the new TACACS new server To define TACACS authentication settings 1 Click System Management Security Authentication TACACS The TACACS Page opens...

Page 94: ...n the device and the TACACS times out The field range is 1 1000 seconds Single Connection Maintains a single open connection between the device and the TACACS server The possible field values are Checked Enables a single connection Unchecked Disables a single connection Status Indicates the connection status between the device and the TACACS server The possible field values are Connected Indicates...

Page 95: ...ide Page 94 To add a TACACS Host 1 Click System Management Security Authentication TACACS The TACACS Page opens 2 Click The TACACS Page opens Figure 48 Add TACACS Host Page 3 Define the fields 4 Click The TACACS server is defined and the device is updated ...

Page 96: ...ver settings 1 Click System Management Security Authentication TACACS The TACACS Page opens 2 Select TACACS server entry 3 Click The TACACS Host Settings Page opens Figure 49 TACACS Host Settings Page 4 Modify the fields 5 Click The TACACS host settings are saved and the device is updated ...

Page 97: ...s using the Local User Page To define local users 1 Click System Management Security Passwords Local Users The Local User Page opens Figure 50 Local User Page The Local User Page contains the following fields User Name Displays the user name Access Level Displays the user access level The possible field values are Viewer Assigns the user read only access Admin Assigns the user administrative acces...

Page 98: ...al User Page In addition to the fields in the Local User Page the Add Local User Page contains the following fields User Name Defines the user name Access Level Define the user access level The lowest user access level is 1 and the highest is 15 Users with access level 15 are Privileged Users Password Defines the local user password Local user passwords can contain up to 159 characters Confirm Pas...

Page 99: ...ocal User settings 1 Click System Management Security Passwords Local Users The Local User Page opens 2 Click The Local User Settings Page opens Figure 52 Local User Settings Page 3 Define the fields 4 Click The local user passwords settings are saved and the device is updated ...

Page 100: ...rd Page opens Figure 53 Line Password Page The Line Password Page contains the following fields Console Line Password Defines the line password for accessing the device via a Console session Pass words can contain a maximum of 159 characters Telnet Line Password Defines the line password for accessing the device via a Telnet session Pass words can contain a maximum of 159 characters Secure Telnet ...

Page 101: ... 3250 and DXS 3250E EWS User Guide Page 100 3 Redefine the Confirm Password field for each of the passwords defined in the previous steps to verify the passwords 4 Click The line passwords are saved and the device is updated ...

Page 102: ...rd Page The Enable Password Page contains the following fields Level Defines the access level associated with the enable password Possible field values are 1 15 The lowest user access level is 15 and the highest is 1 Users with access level 1 are Admin Users and users with access level 15 are Viewers Password Defines the Enable password Confirm Password Confirms the new enable password The passwor...

Page 103: ...nooping creates and maintains a DHCP Snooping Table which contains information received from untrusted packets Interfaces are untrusted if the packet is received from an interface outside the network or from an interface beyond the network firewall Trusted interfaces receive pack ets only from within the network or the network firewall The DHCP Snooping Table contains the untrusted interfaces MAC ...

Page 104: ...the device This is the default value Pass Through Option 82 Indicates if DHCP Option 82 with data insertion is enabled on the device The possible field values are Enable If DHCP Option 82 with data insertion is enabled the DHCP relay agent or DHCP Snooping switch can insert information into the DHCP DISCOVER message The Relay agent information option specifies the port number from which the client...

Page 105: ...tted IP addresses in the DHCP Snooping Database Disable Disables storing allotted IP addresses in the DHCP Snooping Database This is the default value Database Update Interval Indicates how often the DHCP Snooping Database is updated The possible field range is 600 86400 seconds The field default is 1200 seconds 2 Define the fields 3 Click DHCP Snooping is enabled and the device is updated ...

Page 106: ...DHCP Snooping is enabled on the device To enable DHCP Snooping on VLANs 1 Click System Management Security DHCP Snooping VLAN Settings The DHCP Snooping VLAN Settings Page opens Figure 56 DHCP Snooping VLAN Settings Page The DHCP Snooping VLAN Settings Page contains the following fields VLAN ID The VLAN on which DHCP snooping can be enabled Enabled VLANs Contains a list of VLANs on which DHCP snoo...

Page 107: ...usted Interface Page The Trusted Interface Page contains the following fields Unit No Indicates the stacking member for which the Trusted Interface port settings are displayed LAGs Indicates the LAG for which DHCP Snooping Trust mode is enabled Port Indicates the port on which DHCP Snooping Trust mode is enabled This field is not displayed if LAGs are selected LAG Indicates the LAG on which DHCP S...

Page 108: ...07 2 Define the Unit No Or LAGs field 3 Click The DHCP Snooping Trusted Interface Settings Page opens Figure 58 DHCP Snooping Trusted Interface Settings Page 4 Select an Interface 5 Define the fields 6 Click The device is updated with the Trust Status of the interface ...

Page 109: ... Database select the following categories MAC Address Indicates the MAC addresses recorded in the DHCP Snooping Database IP Address Indicates the IP addresses recorded in the DHCP Snooping Database VLAN Indicates the VLANs recorded in the DHCP Snooping Database Interface Contains a list of interfaces recorded in the DHCP Snooping Database The possible field values are Port Queries the DHCP Snoopin...

Page 110: ...whose lease times are expired are ignored by the switch Remove Removes the entry from the Binding Database The possible field values are Checked Removes the selected entry Unchecked Maintains the entries To bind a DHCP Snooping database 1 Click System Management Security DHCP Snooping Binding Database The Bind DHCP Snooping Page opens 2 Click The Bind DHCP Snooping Page opens Figure 60 Bind DHCP S...

Page 111: ... hosts To enable DHCP with Option 82 on the device 1 Click System Management Security DHCP Option 82 The DHCP Option 82 Page opens Figure 61 DHCP Option 82 Page The DHCP Option 82 Page screen contains the following field DHCP Option 82 Insertion Enables DHCP Option 82 Insertion on the device The possible field values are Enable Enables DHCP Option 82 Insertion on the device Disable Disables DHCP O...

Page 112: ...rusted packets are forward without ARP Inspection Untrusted Indicates that the packet arrived from an interface that does not have a recognized IP and MAC addresses The packet is checked for Source MAC Compares the packet s source MAC address against the sender s MAC address in the ARP request This check is performed on both ARP requests and responses Destination MAC Compares the packet s destinat...

Page 113: ...tion on the device Disable Disables ARP Inspection on the device This is the default value ARP Inspection Validate Indicates that ARP Inspection Validation is enabled on the device The possible field values are Enable Enables ARP Inspection Validation on the device Disable Disables ARP Inspection Validation on the device This is the default value Log Buffer Interval Defines the minimal interval be...

Page 114: ...ayed LAGs Indicates the LAG on which that ARP Inspection Trust mode is enabled If LAGs is selected the Unit No options are not displayed Port Indicates the port on which ARP Inspection Trust mode is enabled This field is not displayed if LAGs is selected LAG Indicates the LAG on which ARP Inspection Trust mode is enabled This field is not displayed if Unit No is selected Trust Indicates if the sel...

Page 115: ...r Guide Page 114 2 Click The ARP Inspection Trusted Interface Settings Page window opens Figure 64 ARP Inspection Trusted Interface Settings Page 3 Modify the fields 4 Click The trust mode is set for ARP Inspection interfaces and the device is updated ...

Page 116: ...st to be displayed or deleted select the following categories ARP Inspection List Name Specifies the ARP Inspection List to interfaces or permits network managers to define a new ARP Inspection List Select List Contains a list user defined ARP Binding Lists New Defines a new ARP Binding List ARP Binding List names can contain up to 32 characters Remove List Removes ARP Inspection lists from interf...

Page 117: ...ecked against ARP requests Remove Removes the entry from the ARP Inspection list The possible field values are Checked Removes the selected entry Unchecked Maintains the entries 2 Click The Add ARP List Binding Page opens Figure 66 Add ARP List Binding Page 3 Define the fields 4 Click ARP Inspection Binding is defined and the device is updated ...

Page 118: ...to the Enabled VLANs list Enabled VLANs Contains a VLAN list for which ARP Bindings is enabled List Name Displays a list of the ARP Bindings List which can be attached to VLANs The ARP Binding Lists are defined in the ARP Inspection List Page VLAN Displays VLANs included in the ARP Inspection List Remove Removes the entry from the ARP Inspection list The possible field values are Checked Removes t...

Page 119: ...ttings Page the Add ARP Inspection VLAN Settings Page contains the following additional fields Bind List Name Contains a list of ARP Bindings that can be attached to a VLAN To VLAN Contains a list of VLANs 7 Select a VLAN in The Bind List Name field 8 Select a VLAN in the To VLAN field 9 Click The ARP Inspection Binding is defined for the VLAN and the device is updated ...

Page 120: ...ets with an IP address stored in the DHCP Database are for warded IP addresses stored in the DHCP Snooping Database are either statically configured by the network administrator or are retrieved using DHCP IP source guard can be enabled only on DHCP snooping untrusted interfaces This section contains the following topics Enabling IP Source Guard IP Source Guard Interface Settings Page Defining the...

Page 121: ... Figure 69 IP Source Guard Properties Page The IP Source Guard Properties Page contains the following field IP Source Guard Status Indicates if IP Source Guard is enabled on the device The possible field values are Enable Indicates that IP Source Guard is enabled on the device Disable Indicates that IP Source Guard is disabled on the device 2 Define the field 3 Click IP Source Guard is enabled and...

Page 122: ...face Settings Table select the following categories Unit No Indicates the stacking member for which the IP Source Guard parameters are displayed LAGs Indicates the LAG for which the IP Source Guard parameters are displayed This field is only visible if LAGs is selected IP Source Guard Interface Table In addition to the fields above the following fields appear in the IP Source Guard Interface Table...

Page 123: ...S 3250E EWS User Guide Page 122 2 Click or The Trusted Interfaces Settings Page opens Figure 71 Trusted Interfaces Settings Page 3 Modify the fields 4 Click The Interface IP Source Guard parameters are modified and the device is updated ...

Page 124: ...ase Page opens Figure 72 IP Source Binding Database Page The IP Source Binding Database Page contains the following fields TCAM Resources The IP Source Guard Database uses Ternary Content Addressable Memory TCAM resources for managing the database Insert Inactive The device can try to activate inactive addresses at various time intervals Retry Frequency Try to activate inactive addresses at a spec...

Page 125: ...erface Displays the interface number Status Displays the current interface status The possible field values are Active Indicates the interface is currently active Inactive Indicates the interface is currently inactive IP Address IP address of the interface VLAN Indicates if the address is associated with a VLAN MAC Address MAC address of the interface Type Displays the IP address type The possible...

Page 126: ... Configuring Network Security Network security manages both access control lists and locked ports This section contains the following topics Network Security Overview Defining Network Authentication Properties Defining Port Authentication Configuring Traffic Control ...

Page 127: ...e hosts to be attached to a single port Advanced port based authentication requires only one host to be authorized for all hosts to have system access If the port is unautho rized all attached hosts are denied access to the network Advanced port based authentication also enables user based authentication Specific VLANs in the device are always available even if specific ports attached to the VLAN ...

Page 128: ...e Disables port based authentication on the device Authentication Method Specifies the authentication method used for port authentication The possible field values are RADIUS None Provides port authentication first using the RADIUS server If the port is not authenticated then no authentication method is used and the session is permitted RADIUS Provides port authentication using the RADIUS server N...

Page 129: ...DXS 3227 DXS 3227P DXS 3250 and DXS 3250E EWS User Guide Page 128 6 Define the fields 7 Click The network authentication properties are set and the device is updated ...

Page 130: ... Entry Number Copies port authentication information from the selected port to Entry Number s Copies port authentication information to the selected port Port Authentication Table In addition to the fields above the following fields appear in the Port Authentication Table Port Displays a list of interfaces on which port based authentication is enabled User Name Displays the supplicant user name Ad...

Page 131: ...e Disable Disables port reauthentication Reauthentication Period Displays the time span in seconds in which the selected port is reauthenti cated The field default is 3600 seconds Reauthenticate Now Indicates if immediate port reauthentication is enabled The possible field values are Checked Enables immediate port reauthentication Unchecked Disables immediate port reauthentication This is the defa...

Page 132: ... 1 Click Advanced Setup Security Suite Authentication Port Authentication The Port Authentication Page opens 2 Click The Port Authentication Settings Page opens Figure 75 Port Authentication Settings Page f 3 Modify the fields 4 Click The port authentication settings are defined and the device is updated ...

Page 133: ...Based Authentication To define the network authentication global properties 1 Click Advanced Setup Security Suite Authentication Multiple Host The Multiple Host Page opens Figure 76 Multiple Host Page The Multiple Host Page contains the following fields To display Multiple host settings select a stacking unit Unit No Indicates the stacking member for which the multiple host details are displayed M...

Page 134: ...e possible field values are True Indicates that traps are enabled False Indicates that traps are disabled Trap Frequency Defines the time period by which traps are sent to the host The Trap Frequency 1 1000000 field can be defined only if multiple hosts are disabled The default is 10 seconds Status Indicates the host status If there is an asterisk the port is either not linked or is down The pos s...

Page 135: ...Host settings 1 Click Advanced Setup Security Suite Authentication Multiple Host The Multiple Host Page opens 2 Click The Multiple Host Settings Page opens Figure 77 Multiple Host Settings Page 3 Modify the fields 4 Click The multiple host settings are modified and the device is updated ...

Page 136: ... Indicates the stacking member for which the authenticated host details are displayed Authenticated Host Table User Name Lists the supplicants that were authenticated and are permitted on each port Port Displays the port number Session Time Displays the amount of time in seconds the supplicant was logged on the port Authentication Method Displays the method by which the last session was authentica...

Page 137: ...and DXS 3250E EWS User Guide Page 136 Configuring Traffic Control This section contains information for managing both port security and storm control and includes the following topics Managing Port Security Enabling Storm Control ...

Page 138: ...ed to that port either it was learned on a different port or it is unknown to the system the protec tion mechanism is invoked and can provide various options Unauthorized packets arriving at a locked port are either Forwarded Discarded with no trap Discarded with a trap Shuts down the port Locked port security also enables storing a list of MAC addresses in the configuration file The MAC address l...

Page 139: ...addresses associated with the port The port learns up to the maximum addresses allowed on the port Both relearning and aging MAC addresses are enabled Max Entries Specifies the number of MAC address that can be learned on the port The Max Entries field is enabled only if Locked is selected in the Set Port field In addition the Limited Dynamic Lock mode is selected The default is 1 Action Indicates...

Page 140: ...1 Click Advanced Setup Security Suite Traffic Control Port Security The Port Security Page opens 2 Click The Port Security Settings Page opens Figure 80 Port Security Settings Page 3 Define the fields 4 Click The port security settings are defined for the specific interface and the device is updated ...

Page 141: ...ed for all Gigabit ports by defining the packet type and the rate the packets are transmitted The system measures the incoming Broadcast and Multicast frame rates separately on each port and discards the frames when the rate exceeds a user defined rate The Storm Control Page provides fields for configuring broadcast storm control To enable storm control 1 Click Advanced Setup Security Suite Traffi...

Page 142: ...ulticast and Broadcast traffic This is the default value Multicast Broadcast Counts Broadcast and Multicast traffic together Broadcast Only Counts only Broadcast traffic Broadcast Rate Threshold Indicates the maximum rate kilobits per second at which unknown packets are forwarded The range is 70 1 000 000 The default value is zero All values are rounded to the nearest 64 Kbps If the field value is...

Page 143: ...oS enables network managers to Deny packets that contain reserved IP addresses Prevent TCP connections from a specific interface Discard echo requests from a specific interface Discard IP fragmented packets from a specific interface Defining DoS Prevention To enable Denial of Service on the system 1 Click Advanced Setup Security Suite DOS Attacks Global Settings The DOS Attacks Global Set tings Pa...

Page 144: ...e default value Disable Disables Stacheldraht Distribution on the device Invasor Trojan Indicates if Invasor Trojan is enabled on the device Invasor Trojan protection discards TCP packets with destination TCP port equal to 2140 and source TCP port equal to 1024 The possible field values are Enable Enables Invasor Trojan on the device This is the default value Disable Disables Infuser Trojan on the...

Page 145: ...Addresses in this block refer to source hosts on this network 127 0 0 0 8 Used as the Internet host loopback address 192 0 2 0 24 Used as the TEST NET in documentation and example codes 224 0 0 0 4 As a Source IP Address Used in IPv4 Multicast address assignments and This formerly known as Class D Address Space 240 0 0 0 4 Except 255 255 255 255 32 as a Destination Address Reserved address range a...

Page 146: ...m the Service Protection list The possible field values are Checked Removes the selected IP address and mask Unchecked Maintains IP addresses and IP masks 2 Check the Include Reserved Martian IP Addresses field 3 Click The Add Martian Addresses Page opens Figure 85 Add Martian Addresses Page I In addition to the fields in the Martian Addresses Page the Add Martian Addresses Page contains the follo...

Page 147: ...ollowing fields Interface Defines the port LAG on which SYN protection is enabled IP Address Defines the IP address on which SYN protection is enabled Mask Defines the Destination IP address network mask The default is 255 255 255 255 TCP Port Indicates the destination TCP port types for which SYN protection is enabled The possible field values are Known Ports Contains a list of known TCP destinat...

Page 148: ...nabled All Enables SYN Filtering on all destination TCP ports Remove Removes SYN filtering on ports The possible field values are Checked Removes SYN filtering from the selected port Unchecked Maintains the current SYN filtering settings This is the default value 2 Click The Add SYN Filter Page opens Figure 87 Add SYN Filter Page 3 Define the fields 4 Click SYN Filtering is defined and the device ...

Page 149: ... packets To define SYN Rate Protection 1 Click Advanced Setup Security Suite DOS Attacks SYN Protection The SYN Rate Protection Page opens Figure 88 SYN Rate Protection Page The SYN Rate Protection Page contains the following fields Interface Displays the Destination interface on which SYN protection is enabled IP Address Defines the destination IP address on which SYN protection is enabled Mask D...

Page 150: ...l fields Interface Indicates the interface on which SYN Rate Protection is enabled The possible field values are Ports Displays the specific port on which SYN Rate Protection is enable LAGs Displays the specific LAG on which SYN Rate Protection is enable Prefix Length Defines the number of bits that comprise the source IP address prefix or the network mask of the source IP address 3 Define the fie...

Page 151: ...kets cause an extra processing load Some firewalls block all fragments as the header information is sent to a higher layer protocol for filtering To define IP fragmentation 1 Click Advanced Setup Security Suite DOS Attacks IP Fragmented The IP Fragmented Filtering Page opens Figure 90 IP Fragmented Filtering Page The IP Fragmented Filtering Page contains the following fields Interface Indicates th...

Page 152: ...age In addition to the fields in the IP Fragmented Filtering Page the Add IP Fragmented Filter Page contains the fol lowing additional field Prefix Defines the number of bits that comprise the destination IP address prefix or the network mask of the source IP address 3 Define the fields 4 Click An IP Fragmented Filter is defined and the device is updated ...

Page 153: ...ICMP Filtering Page opens Figure 92 ICMP Filtering Page The ICMP Filtering Page contains the following fields Interface Indicates the interface from which ICMP packets are discarded IP Address Indicates the interface IP address from which ICMP packets are discarded Mask Defines the IP address network mask The default is 255 255 255 255 Remove Removes ICMP Filtering from the interface The possible ...

Page 154: ...ge In addition to the fields in the ICMP Filtering Page the Add ICMP Filtering Page contains the following additional field IP Address Provides a user defined address which is added to the IP ICMP filter list Mask Defines the network mask of the new source IP address Prefix Defines the number of bits that comprise the source IP address prefix of the source IP address 3 Define the fields 4 Click Th...

Page 155: ...to an interface all the ACE rules that have been defined are applied to the selected inter face Whenever an ACL is assigned on a port LAG or VLAN flows from that ingress interface that do not match the ACL are matched to the default rule which is Drop unmatched packets To bind ACLs to interfaces 1 Click Advanced Setup Security Suite Access Control ACL Binding The ACL Binding Page opens Figure 94 A...

Page 156: ...interface Remove Unbinds the selected ACL from the interface The possible field values are Checked Unbinds the ACL and interface Unchecked Maintains the ACL and interface binding To modify ACL Binding 1 Click Advanced Setup Security Suite Access Control ACL Binding The ACL Binding Page opens 2 Click The ACL Binding Settings opens Figure 95 ACL Binding Settings 3 Define the fields 4 Click The ACL b...

Page 157: ...mber 20 can receive TCP packets however if a UDP packet is received the packet is dropped ACLs are composed of access control entries ACEs that are made of the filters that determine traffic classifications The total number of ACEs that can be defined in all ACLs together is 1024 To define IP based ACLs 1 Click Advanced Setup Security Suite Access Control IP Based ACL The IP Based ACL Page opens F...

Page 158: ...le network RDP Remote Desktop Protocol RDP Allows a clients to communicate with the Terminal Server over the network IDRP Matches the packet to the Inter Domain Routing Protocol IDRP RVSP Matches the packet to the ReSerVation Protocol RSVP AH Authentication Header AH Provides source host authentication and data integrity EIGRP Enhanced Interior Gateway Routing Protocol EIGRP Provides fast converge...

Page 159: ...ildcard mask Source Port The TCP UDP source port Destination Port The TCP UDP destination port DSCP Matches the packet DSCP value to the ACL Either the DSCP value or the IP Precedence value is used to match packets to ACLs The possible field range is 0 63 IP Prec Indicates matching ip precedence with the packet ip precedence value IP Precendence enables marking frames that exceed CIR threshold In ...

Page 160: ... IP based ACL 1 Click Advanced Setup Security Suite Access Control IP Based ACL The IP Based ACL Page opens 2 Click The Add IP Based ACL Page opens Figure 97 Add IP Based ACL Page 3 Define the fields 4 Click The ACL is saved and the Add IP Based ACL Page closes ...

Page 161: ...n IP based ACE 1 Click Advanced Setup Security Suite Access Control IP Based ACL The IP Based ACL Page opens 2 Click The Add IP Based ACE Page opens Figure 98 Add IP Based ACE Page 3 Define the fields 4 Click The ACE is saved and attached to the ACL and the device is updated ...

Page 162: ...ield values are Checked Removes the selected MAC based ACL Unchecked Maintains the MAC based ACLs MAC Based ACL Table In addition to the fields above the following fields appear in the IP Based ACL Table Priority Indicates the ACE priority which determines which ACE is matched to a packet on a first match basis The possible field values are 1 2147483647 Source Address Matches the source MAC addres...

Page 163: ...the ACL criteria and disables the port to which the packet was addressed Remove Removes MAC Based ACLs The possible field values are Checked Removes the selected MAC Based ACL This is the default value Unchecked Maintains the MAC Based ACL This is the default value To add a MAC based ACL 1 Click Advanced Setup Security Suite Access Control MAC Based ACL The MAC Based ACL Page opens 2 Click The Add...

Page 164: ...d ACE 1 Click Advanced Setup Security Suite Access Control MAC Based ACL The MAC Based ACL Page opens 2 Click The Add MAC Based ACE Page opens Figure 101 Add MAC Based ACE Page 3 Define the fields 4 Click The ACE is saved and attached to the ACL and the device is updated ...

Page 165: ...ded Lag fields Select Reactivate Suspended Port or Reactivate Suspended Lag fields to return a suspended port or LAG to active status To define port parameters 1 Click Basic Setup Interface Interface Configuration The Interface Configuration Page opens Figure 102 Interface Configuration Page The Interface Configuration Ports Table contains the following fields To display Interface configuration Po...

Page 166: ... negotiation setting the port advertises The possible field values are Max Capability Indicates that all port speeds and duplex mode settings are accepted 10 Half Indicates that the port advertises for a 10 Mbps speed port and half duplex mode setting 10 Full Indicates that the port advertises for a 10 Mbps speed port and full duplex mode setting 100 Half Indicates that the port advertises for a 1...

Page 167: ...tion Settings Page contains the following additional fields Reactivate Suspended Port or Reactivate Suspended LAG Reactivates a suspended port or LAG Current Port Status Indicates whether the port is currently operating or non operational Current Port Speed Displays the synchronized port speed bps Current Duplex Mode Displays the synchronized port duplex mode Current Auto Negotiation Displays the ...

Page 168: ...ields To display Interface Properties select a unit number Unit No Indicates the stacking member for which the port information is displayed Interface Properties Table In addition to the fields above the following fields appear in the Interface Properties Table Interface Displays the port number Port Type Displays the port connection type The possible field values are Copper Indicates the port has...

Page 169: ...odify port properties 1 Click Basic Setup Interface Interface Properties The Interface Properties Page opens 2 Click The Port Properties Page opens Figure 105 Port Properties Page 3 Define the fields 4 Click The interface properties are modified and the device is updated ...

Page 170: ...figured on the port The port is not assigned to a different LAG Auto negotiation mode is not configured on the port The port is in full duplex mode All ports in the LAG have the same ingress filtering and tagged modes All ports in the LAG have the same back pressure and flow control modes All ports in the LAG have the same priority All ports in the LAG have the same transceiver type The device sup...

Page 171: ...rs Page opens Figure 106 LACP Parameters Page The LACP Parameters Page contains the following fields To display LACP Parameters define t the following fields LACP System Priority Specifies system priority value The field range is 1 65535 The field default is 1 Unit No Displays the stacking member for which the LAG parameters are defined LACP Parameters Table In addition to the fields above the fol...

Page 172: ... parameters 1 Click Advanced Setup Interface LACP Parameters The LACP Parameters Page opens 2 Click The LACP Parameters Settings Page opens Figure 107 LACP Parameters Settings Page 3 Edit the fields 4 Click The LACP settings are saved and the device is updated ...

Page 173: ... 1 Click Advanced Setup Interface LAG Membership The LAG Membership Page opens Figure 108 LAG Membership Page The LAG Membership Page contains the following fields LAG Port Displays the ports which can be assigned to the LAG Name Indicates the LAG name Link State Displays the link operational status Member Displays the ports which are currently configured to the LAG Remove Removes the LAG The poss...

Page 174: ...erships 1 Click Advanced Setup Interface LAG Membership The LAG Membership Page opens 2 Click The LAG Membership Settings Page opens Figure 109 LAG Membership Settings Page 3 Define the fields 4 Click The LAG membership settings are saved and the device is updated ...

Page 175: ...e VLAN a Layer 3 router working at a protocol level is required to allow traffic flow between VLANs Layer 3 routers identify segments and coordinate with VLANs VLANs are Broadcast and Multicast domains Broadcast and Multicast traffic is transmitted only in the VLAN in which the traffic is generated VLAN tagging provides a method of transferring VLAN information between VLAN groups VLAN tagging att...

Page 176: ...AN Properties select the following fields Select VLAN ID Contains a drop down list of the currently configured VLAN IDs Show All Displays all currently configured VLANs VLANS Properties Table In addition to the fields above the following fields appear in the VLANs Properties Table ID Displays the VLAN entry in the VLAN Properties Table Name Displays the user defined VLAN name Type Displays the VLA...

Page 177: ...e the Guest VLAN Disabled Disables unauthorized users from using the Guest VLAN Remove Removes VLAN The possible field values are Checked Removes the selected VLAN Unchecked Maintains the VLANs To add a VLAN 1 Click Basic Setup VLAN Membership Properties The VLAN Properties Page opens 2 Click The Add VLAN page opens Figure 111 Add VLAN Page 3 Define the fields 4 Click The VLAN ID is defined and th...

Page 178: ...hip Membership The VLAN Membership Page opens Figure 112 VLAN Membership Page The VLAN Membership Page contains the following fields To display VLAN Membership settings select the following fields VLAN ID Displays the user defined VLAN ID VLAN Name Displays the name of the VLAN VLAN Type Indicates the VLAN type The possible field values are Dynamic Indicates the VLAN was dynamically created throug...

Page 179: ...Gray Excludes the port from the VLAN However the interface can be added to the VLAN through GARP Forbidden Purple Denies the port VLAN membership even if GARP indicates the port is to be added LAG Indicates the LAG membership The possible VLAN Membership settings are Untagged Brown Indicates the LAG is an untagged VLAN member Packets forwarded by the interface are untagged Tagged Red Indicates the...

Page 180: ... Interface Settings for ports and for Global System LAGS Interface Displays the port number included in the VLAN Interface VLAN Mode Displays the port mode The possible values are Customer Indicates the port belongs to a customer VLAN in which all ports are double tagged General Indicates the port belongs to VLANs and each VLAN is user defined as tagged or untagged full IEEE802 1q mode Access Indi...

Page 181: ...e device Ingress filtering discards packets that are defined to VLANs of which the specific port is not a member Disable Disables ingress filtering on the device Reserved VLAN Indicates the VLAN selected by the user to be the reserved VLAN if not in use by the sys tem To modify VLAN settings 1 Click Basic Setup VLAN Membership Interface Settings The VLAN Interface Settings Page opens 2 Select a po...

Page 182: ... following The leave time must be greater than or equal to three times the join time The leave all time must be greater than the leave time Set the same GARP timer values on all Layer 2 connected devices If the GARP timers are set differently on the Layer 2 connected devices the GARP application does not operate successfully To define GARP on the device 1 Click Basic Setup VLAN GARP GARP Parameter...

Page 183: ...ent received and cancelled by the Join message received Leave time must be greater than or equal to three times the join time The default value is 60 centiseconds Leave All Timer Indicates the amount of time lapse in centiseconds that all device waits before leaving the GARP state The leave all time must be greater than the leave time The default value is 1000 centisec onds To modify GARP paramete...

Page 184: ...t and LAG parameters The field definitions are the same The GVRP Parameters Page contains the following fields Unit No LAGs Displays the stacking member for which the GVRP parameters are displayed or select LAGs to configure LAGs GVRP Global Status Indicates if GVRP is enabled on the device The possible field values are Enable Enables GVRP on the selected device Disable Disables GVRP on the select...

Page 185: ...istration Indicates if VLAN registration through GVRP is enabled on the device The possible field values are Enable Enables GVRP registration on the device Disable Disables GVRP registration on the device To modify GVRP parameter settings 1 Click Basic Setup VLAN GARP GVRP Parameters The GVRP Parameters Page opens 2 Click The GVRP Parameters Settings Page opens Figure 118 GVRP Parameters Settings ...

Page 186: ...protocol If the protocol classification is unsuccessful the user is classified by PVID This section contains the following topics Defining Protocol Based VLANs Defining VLAN Protocol Port Defining Protocol Based VLANs The Protocol Group Page contains information regarding protocol names and the VLAN Ethernet type Interfaces can be classified as a specific protocol based interface The classificatio...

Page 187: ...om a VLAN or protocol group The possible field values are Checked Removes the selected interface from the protocol group Unchecked Maintains the interface within the protocol group To add a Protocol Group 1 Click Advanced Setup VLAN Protocol Group The Protocol Group Page opens 2 Click The Add Protocol Group opens Figure 120 Add Protocol Group 3 Define the fields 4 Click The Protocol based VLAN gro...

Page 188: ...col Group settings 1 Click Advanced Setup VLAN Protocol Group The Protocol Group Page opens 2 Click Protocol Group Settings Page opens Figure 121 Protocol Group Settings Page 3 Modify the fields 4 Click The Protocol based VLAN group is modified and the device is updated ...

Page 189: ...t Page contains the following fields Interface Indicates the interfaces to which the protocol group is added The possible field values are Protocol Group ID Defines the Protocol group ID to which the interface is added Protocol group IDs are denied in the Protocol Group Table VLAN ID Indicates the VLAN ID Remove Removes the port assignment from a VLAN or protocol group The possible field values ar...

Page 190: ...rotocol port setting 1 Click Advanced Setup VLAN Protocol Port The VLAN Protocol Port Page opens 2 Click The Add Protocol Port Page opens Figure 123 Add Protocol Port Page 3 Define the fields 4 Click The Protocol based VLAN port is defined and the device is updated ...

Page 191: ...wo operational modes for IP Phones IP phones are configured with VLAN mode as enabled ensuring that tagged packets are used for all commu nications If the IP phone s VLAN mode is disabled the phone uses untagged packets The phone uses untagged pack ets while retrieving the initial IP address through DHCP The phone eventually uses the Voice VLAN and starts sending tagged packets This section contai...

Page 192: ... the highest priority Remark CoS Reassigns the CoS tag value to packets received on the voice VLAN The possible field val ues are 0 7 where zero is the lowest priority and seven is the highest priority Voice VLAN Aging Time Indicates the amount of time after the last IP phone s OUI is aged out for a spe cific port The port will age out after the bridge and voice aging time The default time is one ...

Page 193: ...owing fields appear in the Voice VLAN Port Settings Table Interface Indicates the specific ports and LAGs to which the Voice VLAN settings are applied Voice VLAN Port LAG Mode Defines the Voice VLAN mode The possible field values are No Changes Maintains the current Voice VLAN port LAG settings This is the default value Disabled Disables the selected port LAG on the Voice VLAN Enabled Enables the ...

Page 194: ...rt security on the Voice VLAN This is the default value Membership Indicates if the Voice VLAN member is a static or dynamic member The possible field values are Dynamic Indicates the VLAN membership was dynamically created through GARP Static Indicates the VLAN membership is user defined To modify Voice VLAN Port settings 1 Click Advanced Setup VLAN Voice VLAN Port Settings The Port Settings Page...

Page 195: ...nced Setup VLAN Voice VLAN OUI The OUI Page opens Figure 127 OUI Page The OUI Page contains the following fields Telephony OUI s Lists the OUIs currently enabled on the Voice VLAN The following OUIs are enabled by default 00 10 49 Assigned to ShorTel IP Phones 00 03 6B Assigned to Cisco IP Phones 00 19 5B Assigned to D Link IP Phones 00 13 36 Assigned to D Link IP Phones Description Provides an OU...

Page 196: ...ddress Defines the destination IP address Prefix Length Defines the IP route prefix for the destination IP The prefix length must be preceded by a forward slash Next Hop Indicates the next hop s IP address or IP alias on the route Route Type Defines the route type The possible field values are Reject Rejects the route and stops routing to the destination network via all gateways Remote Indicates t...

Page 197: ...e opens Figure 129 Add IP Static Route Page 3 Define the fields 4 Click The Port LLDP settings are defined and the device is updated To modify an IP Static route 1 Click Basic Setup Routing IP Static Route The IP Static Route Page opens 2 Click The Edit IP Static Route Page opens Figure 130 Edit IP Static Route Page 3 Define the fields 4 Click The IP Static Routing is defined and the device is upd...

Page 198: ...ormation for defining device IP addresses and includes the following topics Configuring IP Interfaces Configuring Domain Name Servers Configuring IP Interfaces This section contains information for defining IP interfaces and includes the following topics Defining IP Addresses Defining Default Gateways Configuring ARP Configuring DHCP Defining UDP Relay ...

Page 199: ...ce Page The IP Interface Page contains the following fields IP Address Displays the currently configured IP address Mask Displays the currently configured IP address mask Interface Displays the port LAG or VLAN on which the IP address is configured Type Indicates if the IP address has been configured statically or added dynamically The possible field values are DHCP Indicates that the IP address i...

Page 200: ...c Setup IP Configuration IP Addressing IP Interface The IP Interface Page opens 2 Click The Add IP Interface Page opens Figure 132 Add IP Interface Page 3 Define the Source IP Address Network Mask or Prefix Length and Interface fields 4 Click The IP configuration fields are saved and the device is updated ...

Page 201: ...P interface settings 1 Click Basic Setup IP Configuration IP Addressing IP Interface The IP Interface Page opens 2 Click The IP Interface Settings Page opens Figure 133 IP Interface Settings Page 3 Modify the fields 4 Click The IP Interface is modified and the device is updated ...

Page 202: ...t Gateway Page opens Figure 134 Default Gateway Page The Default Gateway Page contains the following fields User Defined Default Gateway Defines the default gateway IP address Active Default Gateway Displays the currently configured Default Gateway Remove User Defined Removes the default gateway The possible field values are Checked Removes the selected default gateway Unchecked Maintains the defa...

Page 203: ...tup IP Configuration IP Addressing ARP The ARP Page opens Figure 135 ARP Page The ARP Page contains the following fields Define the following fields ARP Entry Age Out Specifies the amount of time in seconds that passes between ARP Table entry requests Following the ARP Entry Age period the entry is deleted from the table The range is 1 40000000 The default value is 60000 seconds Clear ARP Table En...

Page 204: ...ciated with the MAC address MAC Address Displays the station MAC address which is associated in the ARP table with the IP address Status Displays the ARP table entry status Possible field values are Dynamic Indicates the ARP entry is learned dynamically Static Indicates the ARP entry is a static entry Remove Removes a specific ARP entry The possible field values are Checked Removes the selected AR...

Page 205: ...ge 204 To modify ARP entries 1 Click Basic Setup IP Configuration IP Addressing ARP The ARP Page opens 2 Click The Edit ARP Settings Page opens Figure 137 Edit ARP Settings Page 3 Modify the fields 4 Click The ARP settings are modified and the device is updated ...

Page 206: ...Proxy Page opens Figure 138 ARP Proxy Page The ARP Proxy Page contains the following field ARP Proxy Enables the device to respond to ARP requests for located nodes If disabled the device responds with its own MAC address The possible field values are Enabled Enables the ARP Proxy on the device Disabled Disables ARP Proxy on the device This is the default value 2 Define the field 3 Click The ARP p...

Page 207: ...work devices can have a different IP address every time the device connects to the network To define a DHCP Interface 1 Click Basic Setup IP Configuration IP Addressing DHCP The DHCP Page opens Figure 139 DHCP Page The DHCP Page contains the following fields Interface Displays the interface which is connected to the DHCP server Port VLAN or LAG Host Name Displays the system name Remove Removes DHC...

Page 208: ...dd a new DHCP IP interface 1 Click Basic Setup IP Configuration IP Addressing DHCP The DHCP Page opens 2 Click The Add DHCP IP Interface Page opens Figure 140 Add DHCP IP Interface Page 3 Define the fields 4 Click The DHCP interface is added and the device is updated ...

Page 209: ...CP Relay Interfaces The DHCP Relay Interfaces Page contains the following fields Enable DHCP Relay Enables DHCP Relay on the device The possible field values are Checked Enables DHCP Relay on the device Unchecked Disables DHCP Relay on the device DHCP Relay Interface Table In addition to the field above the following fields appear in the DHCP Relay Interface Table Interface Displays the interface ...

Page 210: ...terface 1 Click Basic Setup IP Configuration IP Addressing DHCP Relay Interfaces The DHCP Relay Inter faces opens 2 Click The Add DHCP Relay Interface Page opens Figure 142 Add DHCP Relay Interface Page 3 Define the fields 4 Click The DHCP Relay interface is added and the device is updated ...

Page 211: ...lay Interfaces The DHCP Relay Interfaces Page contains the following fields Enable DHCP Relay Enables DHCP Relay on the device The possible field values are Checked Enables DHCP Relay on the device Unchecked Disables DHCP Relay on the device DHCP Relay Interface Table In addition to the field above the following fields appear in the DHCP Relay Interface Table Interface Displays the interface selec...

Page 212: ...rface 1 Click Basic Setup IP Configuration IP Addressing DHCP Relay Interfaces The DHCP Relay Inter faces opens 2 Click The Add DHCP Relay Interface Page opens Figure 144 Add DHCP Relay Interface Page 3 Define the Interface field 4 Click The DHCP interface is added and the device is updated ...

Page 213: ...45 DHCP Relay Server Page The DHCP Relay Server Page contains the following fields DHCP Relay Enables DHCP Relay on the device The possible field values are Enable Enables DHCP Relay on the device Disable Disables DHCP Relay on the device DHCP Relay Server Table In addition to the field above the following fields appear in the DHCP Relay Server Table DHCP Server Displays the DHCP server s IP addre...

Page 214: ... a new DHCP Server 1 Click Basic Setup IP Configuration IP Addressing DHCP Relay Server The DHCP Relay Server Page opens 2 Click The Add DHCP Server Page opens Figure 146 Add DHCP Server Page 3 Define the field 4 Click The DHCP server is added and the device is updated ...

Page 215: ...guration IP Addressing UDP Relay The UDP Relay Page opens Figure 147 UDP Relay Page The UDP Relay Page contains the following fields Source IP Interface Indicates the input IP interface that relays UDP packets If this field is 255 255 255 255 UDP packets from all interfaces are relayed The following address ranges are invalid 0 0 0 0 to 0 255 255 255 127 0 0 0 to 127 255 255 255 UDP Destination Po...

Page 216: ... settings are saved and the device is updated UDP Port Number Acronym Application 7 Echo Echo 11 SysStat Active User 15 NetStat Netstat 17 Quote Quote of the day 19 CHARGEN Character Generator 20 FTP data FTP Data 21 FTP FTP 37 Time Time 42 NAMESERVER Host Name Server 43 NICNAME Who is 53 DOMAIN Domain Name Server 69 TFTP Trivial File Transfer 111 SUNRPC Sun Microsystems Rpc 123 NTP Network Time 1...

Page 217: ...odify UDP Relay Settings 1 Click Basic Setup IP Configuration IP Addressing UDP Relay The UDP Relay Page opens 2 Click The UDP Relay Settings Page opens Figure 148 UDP Relay Settings Page 3 Modify the fields 4 Click The UDP Settings are modified and the device is updated ...

Page 218: ...17 To add UDP Relay 1 Click Basic Setup IP Configuration IP Addressing UDP Relay The UDP Relay Page opens 2 Click The Add DHCP Server Page opens Figure 149 Add UDP Relay Page 3 Define the fields 4 Click The UDP Relay settings are saved and the device is updated ...

Page 219: ...rs The DNS Server Page contains fields for enabling and activating specific DNS servers To enable a DNS server 1 Click Basic Setup IP Configuration Domain Name System DNS Server The DNS Server Page opens Figure 150 DNS Server Page The DNS Server Page contains the following fields Enable DNS Enables translating the DNS names into IP addresses The possible field values are Checked Translates the dom...

Page 220: ...e possible field values are Checked Removes the selected server Unchecked Maintains the current server list 2 Define the fields 3 Click The DNS server settings are defined and the device is updated To add a new DNS Server 1 Click Basic Setup IP Configuration Domain Name System DNS Server The DNS Server Page opens 2 Click The Add DNS Server Page opens Figure 151 Add DNS Server Page DNS Server Curre...

Page 221: ...ns Figure 152 DNS Host Mapping Page The DNS Host Mapping Page contains the following fields Host Names Displays a user defined default domain name The Host Name field can contain up to 158 characters IP Address Displays the DNS host IP address Remove Removes default domain names The possible field values are Checked Removes the selected DNS host mapping Unchecked Maintains the current DNS host map...

Page 222: ...a new host 1 Click Basic Setup IP Configuration Domain Name System Host Mapping The DNS Host Mapping Page opens 2 Click The Add DNS Host Page opens Figure 153 Add DNS Host Page 3 Define the Host Name and IP Address fields 4 Click The DNS host is added and the device is updated ...

Page 223: ...ss becomes associated with a port by learning the port from the frame s source address but if a frame that is addressed to a destination MAC address is not associated with a port that frame is flooded to all relevant VLAN ports To prevent the bridging table from overflowing a dynamic MAC address from which no traffic arrives for a set period is erased This section contains information for defining...

Page 224: ...resses The Forwarding Database Static Addresses Page opens Figure 154 Forwarding Database Static Addresses Page The Forwarding Database Static Addresses Page contains the following fields VLAN ID Displays the VLAN ID number to which the entry refers MAC Address Displays the MAC address to which the entry refers Interface Displays the interface to which the entry refers To prevent static MAC addres...

Page 225: ...ry The possible field values are Checked Removes the selected entry Unchecked Maintains the current static forwarding database 2 Define the fields 3 Click The Static addresses are removed and the device is updated To add a new static forwarding database entry 1 Click Advanced Setup Forwarding Database Static Addresses The Forwarding Database Static Addresses Page opens 2 Click The Add entry to the...

Page 226: ...ess table contains information about the aging time before a dynamic MAC address is erased and includes parameters for querying and viewing the Dynamic MAC Address table The Dynamic MAC Address table contains address parameters by which packets are directly forwarded to the ports The Dynamic Address Table can be sorted by interface VLAN and MAC Address To configure the Dynamic MAC Address table 1 ...

Page 227: ...ress for which the table is queried VLAN ID Specifies the VLAN ID for which the table is queried Address Table Sort Key Specifies the means by which the Dynamic MAC Address Table is sorted The address table can be sorted by address VLAN or interface A table is displayed below with the query 2 Define the fields 3 Click The Dynamic Address Aging field is defined and the device is updated To query th...

Page 228: ... and eliminating loops For more infor mation on configuring Classic STP see Defining Classic Spanning Tree Rapid STP Detects and uses network topologies that provide faster convergence of the spanning tree without creating forwarding loops For more information on configuring Rapid STP see Defining Rapid Span ning Tree Multiple STP Provides various load balancing scenarios For example if port A is ...

Page 229: ...s STP on the device Disable Disables STP on the device STP Operation Mode Specifies the STP mode that is enabled on the device The possible field values are Classic STP Enables Classic STP on the device This is the default value Rapid STP Enables Rapid STP on the device Multiple STP Enables Multiple STP on the device BPDU Handling Determines how BPDU packets are managed when STP is disabled on the...

Page 230: ... Time The Maximum Age Time is the amount of time in seconds a bridge waits before sending configuration messages The default Maximum Age Time is 20 seconds Forward Delay 4 30 Specifies the device Forward Delay Time The Forward Delay Time is the amount of time in seconds a bridge remains in a listening and learning state before forwarding packets The default is 15 seconds Bridge ID Identifies the B...

Page 231: ...e The STP Interface Page contains the following fields To display STP Interface settings select a Unit number Unit No Indicates the stacking member for which the Spanning Tree interface information is displayed STP Interface Table In addition to the field above the following fields appear in the STP Interface Table Port The interface for which the information is displayed STP Indicates if STP is e...

Page 232: ...TP is enabled Port Role Displays the port role assigned by the STP algorithm to provide to STP paths The possible field values are Root Provides the lowest cost path to forward packets to the root switch Designated Indicates the port or LAG through which the designated switch is attached to the LAN Alternate Provides an alternate path to the root switch from the root interface Backup Provides a ba...

Page 233: ...P Interface settings 1 Click Advanced Setup Spanning Tree STP Interface Settings The STP Interface Page opens 2 Click The STP Interface Settings Page opens Figure 159 STP Interface Settings Page 3 Define the fields 4 Click STP is enabled on the interface and the device is updated ...

Page 234: ...ion as the ports but repre sent the LAG RSTP information To define RSTP on the device 1 Click Advanced Setup Spanning Tree RSTP RSTP The RSTP Page opens Figure 160 RSTP Page The RSTP Page contains the following fields To display RSTP Interface settings select a Unit number Unit No Indicates the stacking member for which the STP interface parameters are displayed RSTP Table In addition to the field...

Page 235: ...ced in the forwarding state Point to Point Admin Status Indicates whether a point to point link is established or if the device is per mitted to establish a point to point link The possible field values are Enable Enables a point to point link or is configured to automatically establish a point to point link To establish communications over a point to point link the originating PPP first sends Lin...

Page 236: ...e Page 235 To modify RSTP settings 1 Click Advanced Setup Spanning Tree RSTP RSTP The RSTP Page opens 2 Click The RSTP Settings Page opens Figure 161 RSTP Settings Page 3 Define the fields 4 Click RSTP is defined on the interface and the device is updated ...

Page 237: ...gure 162 MSTP Properties Page The MSTP Properties Page contains the following fields Region Name User defined STP region name Revision An unsigned 16 bit number that identifies the revision of the current MSTP configuration The revision number is required as part of the MSTP configuration The possible field range is 0 65535 Max Hops Specifies the total number of hops that occur in a specific regio...

Page 238: ...tup Spanning Tree MSTP Instance Settings The MSTP Instance Settings Page opens Figure 163 MSTP Instance Settings Page The MSTP Instance Settings Page contains the following fields Instance ID Specifies the VLAN group to which the interface is assigned Included VLAN Maps the selected VLANs to the selected instance Each VLAN belongs to one instance Bridge Priority 0 61440 in steps of 4096 Specifies ...

Page 239: ...ce Configuration 1 Click Advanced Setup Spanning Tree MSTP Instance Settings The MSTP Instance Settings Page opens 2 Click The MSTP Instance Configuration Table opens Figure 164 MSTP Instance Configuration Table 3 Define the field 4 Click The MSTP Instances are assigned and the device is updated ...

Page 240: ... are Port Specifies the port for which the MSTP settings are displayed LAG Specifies the LAG for which the MSTP settings are displayed Port State Indicates whether the port is enabled for the specific instance The possible field values are Enabled Enables the port for the specific instance Disabled Disables the port for the specific instance Type Indicates whether the port is a Boundary or Master ...

Page 241: ... on the device This is the default value Rapid STP Rapid STP is enabled on the device Multiple STP Multiple STP is enabled on the device Interface Priority 0 240 in steps of 16 Defines the interface priority for the specified instance The field range is 0 240 The default value is 128 Path Cost 1 200 000 000 Indicates the port contribution to the Spanning Tree instance The range should always be 1 ...

Page 242: ...the MSTP Interfaces 1 Click Advanced Setup Spanning Tree MSTP Interface Settings The MSTP Interface Settings Page opens 2 Click The MSTP Interface Table opens Figure 166 MSTP Interface Table 3 Modify the fields 4 Click The MSTP interface table is modified and the device is updated ...

Page 243: ... Configuring Multicast Forwarding This section contains information for configuring Multicast forwarding and Multicast TV and includes the following topics Defining IGMP Snooping Defining Multicast Bridging Groups Defining Multicast Forward All Settings Configuring Multicast TV ...

Page 244: ...ng database To configure IGMP Snooping 1 Click Advanced Setup Multicast Support IGMP Snooping The IGMP Snooping Page opens Figure 167 IGMP Snooping Page The IGMP Snooping Page contains the following fields Define the following fields Enable IGMP Snooping Indicates if IGMP Snooping is enabled on the device IGMP Snooping can be enabled only if Bridge Multicast Filtering is enabled The possible field...

Page 245: ...terface which serves as the querier on the VLAN Auto Learn Indicates if Auto Learn is enabled on the device If Auto Learn is enabled the devices auto matically learns where other Multicast groups are located Enables or disables Auto Learn on the Ethernet device The possible field values are Enable Enables auto learn Disable Disables auto learn Host Timeout Indicates the amount of time host waits t...

Page 246: ... IGMP Snooping settings 1 Click Advanced Setup Multicast Support IGMP Snooping The IGMP Snooping Page opens 2 Click The IGMP Snooping Settings Page opens Figure 168 IGMP Snooping Settings Page 3 Modify the fields 4 Click The IGMP settings are defined and the device is updated ...

Page 247: ...on Enables Bridge Multicast Filtering Indicate if bridge Multicast filtering is enabled on the device The pos sible field values are Checked Enables Multicast filtering on the device Unchecked Disables Multicast filtering on the device If Multicast filtering is disabled Multicast frames are flooded to all ports in the relevant VLAN Disabled is the default value VLAN ID Identifies a VLAN and contai...

Page 248: ...GMP port and LAG members management settings D Dynamically joins ports LAG to the Multicast group in the Current Row S Attaches the port to the Multicast group as static member in the Static Row The port LAG has joined the Multicast group statically in the Current Row F Forbidden ports are not included the Multicast group even if IGMP snooping designated the port to join a Multicast group N None T...

Page 249: ...he appropriate port or VLAN Unless LAGs are defined only a Multicast Forward All table displays To define Multi cast forward all settings Figure 171 Multicast Forward All Settings Page The Multicast Forward All Settings Page contains the following fields VLAN ID DIsplays the VLAN for which Multicast parameters are displayed Ports LAG Ports that can be added to a Multicast service 5 Select a VLAN i...

Page 250: ...figuring Multicast TV Multicast TV allows subscribers to join the same Multicast stream even if the subscribers are not members of the same VLAN eliminating television traffic duplication Ports which receive Multicast Transmissions or Receiver Ports can be defined in any VLAN and not just in the Multicast VLAN Receiver ports can only receive Multicast transmissions they cannot initiate a Multicast...

Page 251: ...rts are requesting to join or leave the Multicast group The IGMP Snooping Mapping Page allows network administrators to define IGMP Snooping for Multicast TV groups To define IGMP Snooping for Multicast TV 1 Click Advanced Setup Multicast Support Multicast TV IGMP Snooping Mapping The IGMP Snooping Mapping Page opens Figure 172 IGMP Snooping Mapping Page The IGMP Snooping Mapping Page contains the...

Page 252: ...lick Advanced Setup Multicast Support TV Multicast IGMP Snooping Mapping The IGMP Snooping Mapping Page opens 2 Click The Add IGMP Snooping Mapping Page opens Figure 173 Add IGMP Snooping Mapping Page 3 Define the fields 4 Click IGMP Snooping is defined for Multicast TV groups and the device is updated ...

Page 253: ... TV Membership Page opens Figure 174 Multicast TV Membership Page The Multicast TV Membership Page contains the following fields Multicast TV VLAN ID Indicates the Multicast VLAN ID for which the table will be updated to display the receiver and transceiver ports Multicast Transceiver Transmissions Table Receiver Ports Indicates the port on which Multicast TV transmissions are received Transceiver...

Page 254: ...for SNMPv3 including Authentication Provides data integrity and data origin authentication Privacy Protects against the disclosure of message content Cipher Block Chaining CBC is used for encryption Either authentication is enabled on a SNMP message or both authentication and privacy are enabled on a SNMP message However privacy cannot be enabled without authentication Timeliness Protects against ...

Page 255: ...nticating and encrypting packets sent to a user on the remote host To define the SNMP security parameters 1 Click System SNMP Security Global Parameters The SNMP Security Global Parameters Page opens Figure 175 SNMP Security Global Parameters Page The SNMP Security Global Parameters Page contains the following fields Local Engine ID 10 64 Hex Charas Displays the local device Engine ID The field va...

Page 256: ... based on the device MAC address and is defined per standard as First 4 octets first bit 1 the rest is IANA Enterprise number Fifth octet Set to 3 to indicate the MAC address that follows Last 6 octets MAC address of the device 2 Define the fields 3 Click The SNMP global security parameters are set and the device is updated ...

Page 257: ...ws 1 Click System SNMP Security Views The SNMP Security Views Page opens Figure 176 SNMP Security Views Page The SNMP Security Views Page contains the following fields View Name Displays the user defined views The view name can contain a maximum of 30 alphanumeric characters Object ID Subtree Displays the device feature OID included in or excluded from the selected SNMP view View Type Indicates wh...

Page 258: ... add an SNMP View 1 Click System SNMP Security Views The SNMP Security Views Page opens 2 Click The Add SNMP View Page opens Figure 177 Add SNMP View Page 3 Define the field 4 Define the view using and 5 Click The view is defined and the device is updated ...

Page 259: ... Profile Page The SNMP Group Profile Page contains the following fields Group Name Displays the user defined group to which access control rules are applied The field range is up to 30 characters Security Model Defines the SNMP version attached to the group The possible field values are SNMPv1 SNMPv1 is defined for the group SNMPv2c SNMPv2c is defined for the group SNMPv3 SNMPv3 is defined for the...

Page 260: ...SNMP view Write Management access is read write and changes can be made to the assigned SNMP view Notify Sends traps for the assigned SNMP view Remove Removes SNMP groups The possible field values are Checked Removes the selected SNMP group Unchecked Maintains the SNMP groups To add an SNMP Group Profile 1 Click System SNMP Security Group Profile The SNMP Group Profile Page opens 2 Click The Add S...

Page 261: ...NMP Group Settings 1 Click System SNMP Security Group Profile The SNMP Group Profile Page opens 2 Click The SNMP Group Profile Settings Page opens Figure 180 SNMP Group Profile Settings Page 3 Modify the fields 4 Click The SNMP group profile is modified and the device is updated ...

Page 262: ...e following fields User Name Contains a list of user defined user names The field range is up to 30 alphanumeric charac ters Group Name Contains a list of user defined SNMP groups SNMP groups are defined in the SNMP Group Profile Page Engine ID Displays either the local or remote SNMP entity to which the user is connected Changing or removing the local SNMP Engine ID deletes the SNMPv3 user databa...

Page 263: ...k The Add SNMP Group Membership Page opens Figure 182 Add SNMP Group Membership Page In addition to the fields in the SNMP Group Membership Page the Add SNMP Group Membership Page contains the following fields Authentication Method Defines the SNMP Authentication Method Password Defines the password for the group member Authentication Key Defines the HMAC MD5 96 or HMAC SHA 96 authentication level...

Page 264: ...ice is updated To modify SNMP Group Membership Settings 1 Click System SNMP Security Group Membership The SNMP Group Membership Page opens 2 Click The SNMP Group Membership Settings Page opens Figure 183 SNMP Group Membership Settings Page 3 Modify the fields 4 Click The SNMP group membership is modified and the device is updated ...

Page 265: ...ties 1 Click System SNMP Security Communities The SNMP Communities Page opens Figure 184 SNMP Communities Page The SNMP Communities Page is divided into the following tables Basic Table Advanced Table SNMP Communities Basic Table The SNMP Communities Basic Table contains the following fields Management Station Displays the management station IP address for which the basic SNMP community is defined...

Page 266: ...ked Removes the selected SNMP community Unchecked Maintains the SNMP communities SNMP Communities Advanced Tables The SNMP Communities Advanced Table contains the following fields Management Station Displays the management station IP address for which the advanced SNMP com munity is defined Community String Defines the password used to authenticate the management station to the device Group Name D...

Page 267: ...the device is updated To modify SNMP Group Membership Settings 1 Click System SNMP Security Communities The SNMP Communities Page opens 2 Click The SNMP Community Settings Page opens Figure 186 SNMP Community Settings Page 3 Modify the fields 4 Click The SNMP community is modified and the device is updated ...

Page 268: ...l Parameters The SNMP Notification Properties Page contains parameters for defining SNMP notification parameters To define SNMP notification global parameters 1 Click System SNMP Notification Properties The SNMP Notification Properties Page opens Figure 187 SNMP Notification Properties Page The SNMP Notification Properties Page contains the following fields Enable SNMP Notifications Specifies whet...

Page 269: ...tication failure notification is enabled on the device The possible field values are Enable Enables the device to send authentication failure notifications Disable Disables the device from sending authentication failure notifications 2 Define the fields 3 Click The SNMP notification properties are defined and the device is updated ...

Page 270: ...Notification Filter Page The SNMP Notification Filter Page contains the following fields Filter Name Contains a list of user defined notification filters Object Identifier Subtree Displays the OID for which notifications are sent or blocked If a filter is attached to an OID traps or informs are generated and sent to the notification receivers OIDs are selected from either the Select from field or ...

Page 271: ... and DXS 3250E EWS User Guide Page 270 2 Click The Add SNMP Notification Filter Page opens Figure 189 Add SNMP Notification Filter Page 3 Define the fields 4 Click The SNMP notification filter is defined and the device is updated ...

Page 272: ... filters provide the following services Identifying Management Trap Targets Trap Filtering Selecting Trap Generation Parameters Providing Access Control Checks To define SNMP notification filters 1 Click System SNMP Notification Notification Receiver The SNMP Notification Receiver Page opens Figure 190 SNMP Notification Receiver Page The SNMP Notification Receiver Page is divided into the followin...

Page 273: ...currently selected recipient The possible field values are Checked Removes the selected recipient from the list of recipients Unchecked Maintains the list of recipients SNMPv3 Notification Recipient The SNMPv3 Notification Recipient table contains the following fields Recipient IP Displays the IP address to which the traps are sent Notification Type Displays the type of notification sent The possi...

Page 274: ...1 Click System SNMP Notification Notification Receiver The SNMP Notification Receiver Page opens 2 Click The Add SNMP Notification Receiver Page opens Figure 191 Add SNMP Notification Receiver Page 3 Define the fields 4 Click The SNMP Notification recipients are defined and the device is updated ...

Page 275: ...1 Click System SNMP Notification Notification Receiver The SNMP Notification Receiver Page opens 2 Click The SNMP Notification Receiver Settings Page opens Figure 192 SNMP Notification Receiver Settings Page 3 Modify the fields 4 Click The SNMP notification recipients are defined and the device is updated ...

Page 276: ...rvice Page 275 Section 18 Configuring Quality of Service Configuring Quality of Service This section contains information for configuring QoS and includes the following topics Quality of Service Overview Defining General QoS Settings Configuring QoS Mapping ...

Page 277: ... default VPT value which is set on a per port basis The assigned VPT is used to map the packet to the egress queue CoS Services After packets are assigned to a specific egress queue CoS services can be assigned to the queue Egress queues are configured with a scheduling scheme by one of the following methods Strict Priority Ensures that time sensitive applications are always forwarded Strict Prior...

Page 278: ...globally and on specific interfaces After QoS has been con figured the original device QoS default settings can be reassigned to the interface in the CoS Page To enable QoS 1 Click Basic Setup Quality of Service Global Parameters CoS The CoS Page opens Figure 193 CoS Page The CoS Page contains the following CoS Mode Enables CoS Mode on the interface The possible CoS Mode values are Disable Disable...

Page 279: ...h a VLAN tag is not defined The possible field values are 0 7 The default CoS is 0 Restore Defaults Restores the selected interface to the default configuration 2 Select the CoS Mode field 3 Define the Default CoS for Incoming Traffic field 4 Click CoS is enabled on the device To restore factory default QoS Interface Settings 1 Click Basic Setup Quality of Service Global Parameters CoS The CoS Pag...

Page 280: ...rameters Bandwidth The Bandwidth Settings Page opens Figure 194 Bandwidth Settings Page The Bandwidth Settings Page contains the following fields Unit no Indicates the stacking members for which the bandwidth settings are displayed Port Indicates the port that is being displayed Ingress Rate Limit Indicates the Ingress traffic limit for the port Status Indicates the traffic limit status Rate limit...

Page 281: ...cted port Unchecked Maintains the settings To modify Bandwidth settings 1 Click Basic Setup Quality of Service Global Parameters Bandwidth The Bandwidth Settings Page opens 2 Select an interface 3 Click The Bandwidth Settings Edit Page opens Figure 195 Bandwidth Settings Edit Page 4 Define the fields 5 Click The bandwidth settings are saved to interface and the device is updated ...

Page 282: ... limiting per VLAN 1 Click Basic Setup Quality of Service Global Parameters Rate Limit VLAN The Rate Limiting per VLAN Page opens Figure 196 Rate Limiting per VLAN Page The Rate Limiting per VLAN Page contains the following fields VLAN ID Displays the VLAN ID on which the VLAN Rate Limiting is applied Committed Information Rate CIR Defines the traffic rate CIR in kbits per second bps traffic is fo...

Page 283: ... Basic Setup Quality of Service Global Parameters Rate Limit VLAN The Rate Limiting per VLAN Page opens 2 Select an interface 3 Click The Rate Limiting per VLAN Page opens Figure 197 Rate Limit VLAN Settings Page 4 Define the fields 5 Click The bandwidth settings are saved to interface and the device is updated ...

Page 284: ... a Rate Limit VLAN 1 Click Basic Setup Quality of Service Global Parameters Rate Limit VLAN The Rate Limiting per VLAN Page opens 2 Click The Add Rate Limit VLAN opens Figure 198 Add Rate Limit VLAN 3 Define the fields 4 Click The Class Map is defined and the device is updated ...

Page 285: ...percentage is set Strict Priority Specifies whether traffic scheduling is based strictly on the queue priority SDWRR Assigns SDWRR weights to queues This field is enabled only for queues in SDWRR queue mode If a queue is set to 0 weight the queue is not operational and is effectively closed Each queue has a weight range queues 1 3 have the range 0 255 and queue 4 has the range 1 255 SDWRR Weight A...

Page 286: ...ality of Service Queue Mapping CoS to Queue The CoS to Queue Page opens Figure 200 CoS to Queue Page The CoS to Queue Page contains the following fields Class of Service Specifies the CoS priority tag values where zero is the lowest and 7 is the highest Queue Defines the traffic forwarding queue to which the CoS priority is mapped Eight traffic priority queues are supported Restore Defaults Restor...

Page 287: ...asic Setup Quality of Service Queue Mapping DSCP to Queue The DSCP to Queue Page opens Figure 201 DSCP to Queue Page The DSCP to Queue Page contains the following fields DSCP In Displays the incoming packet s DSCP value Queue Specifies the traffic forwarding queue to which the DSCP priority is mapped Eight traffic priority queues are supported 2 Define the queue number in the Queue field next to t...

Page 288: ...rust The Trust Setup Page opens Figure 202 Trust Setup Page The Trust Setup Page contains the following Trust Mode Defines which packet fields to use for classifying packets entering the device When no rules are defined the traffic containing the predefined packet CoS field is mapped according to the relevant trust modes table Traffic not containing a predefined packet field is mapped to best effo...

Page 289: ...up Quality of Service Basic Mode DSCP Rewrite The DSCP Rewrite Page opens Figure 203 DSCP Rewrite Page The DSCP Rewrite Page contains the following DSCP In Displays the incoming packet s DSCP value DSCP Out Specifies the traffic forwarding queue to which the DSCP priority is mapped Eight traffic priority queues are supported 2 Define the DSCP Out Queue field 3 Click The DSCP values is reassigned a...

Page 290: ...onfiguring advanced QoS features and includes the following topics Defining Policy Properties Defining Policy Profiles Defining Policy Properties This section contains information for configuring advanced policy properties and includes the following topics Mapping DSCP Values Defining Tail Dropping Creating Class Maps Defining Aggregating Policers ...

Page 291: ...Properties DSCP Mapping The Advanced DSCP Mapping Page opens Figure 204 Advanced DSCP Mapping Page The Advanced DSCP Mapping Page contains the following fields DSCP In Displays the incoming packet s DSCP value DSCP Out Specifies the traffic forwarding queue to which the DSCP priority is mapped Eight traffic priority queues are supported 2 Define the DSCP out value in the DSCP Out field next to the...

Page 292: ...igabit Ethernet Displays the Gigabit Ethernet port for which the tail drop settings are defined Ten Gigabit Ethernet Displays the Ten Gigabit Ethernet port for which the tail drop settings are defined Queue No Indicates the traffic queue for which the tail drop settings are defined Threshold 0 100 Defines the bandwidth amount after which packets are dropped For example if queue 2 is presently usin...

Page 293: ...e frames with a lower DP To map DSCP values to DP values 1 Click Advanced Setup Quality of Service Policy Properties DSCP to DP The DSCP to DP Page opens Figure 206 DSCP to DP Page The DSCP to DP Page contains the following fields DSCP In Indicates the DSCP value for which the Drop Precedence is defined DP Defines the Drop Precedence for the field 2 Select the DP value 3 Click The DP value is defi...

Page 294: ...perties Class Map The Class Map Page opens Figure 207 Class Map Page The Class Map Page contains the following fields Class Map Name Displays the user defined name of the class map Preferred ACL Indicates if packets are first matched to an IP based ACL or a MAC based ACL ACL 1 Contains a list of the user defined ACLs Match Indicates the criteria used to match class maps with an ACL address Possibl...

Page 295: ...294 To add a Class Map 1 Click Advanced Setup Quality of Service Policy Properties Class Map The Class Map Page opens 2 Click The Add Class Map Page opens Figure 208 Add Class Map Page 3 Define the fields 4 Click The Class Map is defined and the device is updated ...

Page 296: ...contains information for defining the bandwidth limits and define actions to take on packets that do not meet the requirements To configure Aggregated policers 1 Click Advanced Setup Quality of Service Policy Properties Aggregate Policer The Aggregate Policer Page opens Figure 209 Aggregate Policer Page The Aggregate Policer Page contains the following fields Aggregate Policer Name Specifies the a...

Page 297: ...er Unchecked Maintains the Aggregate Policer To add an Aggregate Policer 1 Click Advanced Setup Quality of Service Policy Properties Aggregate Policer The Aggregate Policer Page opens 2 Click The Add QoS Aggregate Policer Page opens Figure 210 Add QoS Aggregate Policer Page 3 Define the fields 4 Click The QoS Aggregated Policer is defined and the device is updated ...

Page 298: ... the name of the policy map to be created added to or modified must first be specified Class policies can be configured in a policy map only if the classes have defined match criteria An aggregate policer can be applied to multiple classes in the same policy map but an aggregate policer cannot be used across different policy maps Define an aggregate policer if the policer is shared with multiple c...

Page 299: ...the class Possible values are Aggregate Configures the class to use a configured aggregate policer selected from the drop down menu An aggregate policer is defined if the policer is shared with multiple classes Traffic from two different ports can be configured for policing purposes An aggregate policer can be applied to multiple classes in the same policy map but cannot be used across different p...

Page 300: ...Committed Burst Size CBS CBS in bytes per second This field is only relevant when the Police value is Single Exceed Action Action assigned to incoming packets exceeding the CIR This field is only relevant when the Police value is Single Possible values are Drop Drops packets exceeding the defined CIR value Remark DSCP Remarks packets DSCP values exceeding the defined CIR value 3 Define the fields ...

Page 301: ...ce Policy Profiles Policy Binding The Policy Binding Page opens Figure 213 Policy Binding Page The Policy Binding Page contains the following fields Interface Selects an interface Policy Name Contains a list of user defined policies that can be attached to the interface Remove Removes policies Checked Removes the selected policies Unchecked Maintains the policies 2 Define the fields 3 Click The po...

Page 302: ... Policy binding Interface 1 Click Advanced Setup Quality of Service Policy Profiles Policy Binding The Policy Binding Page opens 2 Click The Add Rate Limit VLAN opens Figure 214 Add QoS Policy Binding 3 Define the fields 4 Click QoS policy binding is defined and the device is updated ...

Page 303: ...ice discovery information includes Device Identification Device Capabilities Device Configuration The advertising device transmits multiple advertisement message sets in a single LAN packet The multiple adver tisement sets are sent in the packet Type Length Value TLV field LLDP devices must support chassis and port ID advertisement as well as system name system ID system description and system cap...

Page 304: ... Indicates that LLDP is enabled on the device Unchecked Indicates that LLDP is disabled on the device This is the default value Updates Interval 5 32768 Indicates that rate at which LLDP advertisement updates are sent The pos sible field range is 5 32768 seconds The default value is 20 seconds Hold Multiplier 2 10 Indicates the amount of time that LLDP packets are held before the packets are disca...

Page 305: ...ing begins The possible field range is 1 10 seconds The field default is 2 seconds Transmit Delay 1 8192 Indicates the amount of time that passes between successive LLDP frame transmissions due to changes in the LLDP local systems MIB The possible field value is 1 8192 seconds The field default is 2 seconds 2 Define the fields 3 Click LLDP is defined and the device is updated ...

Page 306: ...ich the LLDP Port Settings are displayed LLDP Port Settings Table Port c Contains a list of ports on which LLDP is enabled State Indicates if a port receives and transmits LLDP packets as well as manages both receive and trans mit modes and disables the port for LLDP packets The possible field values are Tx Only Enables transmitting LLDP packets only Rx Only Enables receiving LLDP packets only Tx ...

Page 307: ...Vs that can be advertised by the port The possible field val ues are Port Description Advertises the port description System Name Advertises the system name System Description Advertises the system description System Capabilities Advertises the system capabilities 802 3 MAC PHY Advertises the system 802 3 MAC PHY configuration Use Defaults Indicates that information included in the TLVs is as per ...

Page 308: ...es if LLDP information is advertised from the management IP address The possible field values is Stop Advertising Stop Advertising stops sending LLDP advertisements from the management IP address 3 Define the fields 4 Click The Port LLDP settings are defined and the device is updated ...

Page 309: ...ncluding what devices are located on the network and where the devices are located For example what IP phone is connected to what port what software is run ning on what switch and what port is connected to what PC Automatically deploys policies over networks for QoS Policies Voice VLANs Provides Emergency Call Service E 911 via IP Phone location information Provides troubleshooting information LLD...

Page 310: ...for a Voice application Voice Signaling Indicates that the network policy is defined for a Voice Signaling application Guest Voice Indicates that the network policy is defined for a Guest Voice application Guest Voice Signaling Indicates that the network policy is defined for a Guest Voice Signaling application Softphone Voice Indicates that the network policy is defined for a Softphone Voice appl...

Page 311: ...ines the priority assigned to the network application DSCP Value Defines the DSCP value assigned to the network policy The possible field value is 1 64 Remove Removes the LLDP MED Network Policy The possible field values are Checked Removes the LLDP MED Network Policy Unchecked Maintains the LLDP MED Network policy To add a LLDP MED policy 1 Click System LLDP LLDP MED Network Policy The LLDP MED N...

Page 312: ... the LLDP MED port settings are displayed LLDP MED Port Settings Table Port Displays the port on which LLDP MED is enabled or disabled LLDP MED Status Indicates if LLDP MED is enabled on the selected port The possible field values are Enable LLDP MED is enabled on the port Disable LLDP MED is disabled on the port Network Policy Displays the network policy advertised for the port Location Displays ...

Page 313: ...Vs Contains a list of available TLVs that can be advertised by the port The pos sible field values are Network Policy Advertises the network policy attached to the port Location Advertises the port s location PoE PSE Advertises the port PoE information Network Policies Available Network Policies Contains a list of network policies that can be assigned to a port Location Coordinate 16 Bytes in Hex ...

Page 314: ...etailed port LLDP MED information 5 Click The Advertise Information Details Page opens Figure 222 Advertise Information Details Page The Advertise Information Details Page contains the following fields Port The port for which detailed information is played Auto Negotiation Status The auto negotiation status of the port The possible field values are Enabled Auto negotiation is enabled on the port D...

Page 315: ...Network Policy for each of the following application types Voice Voice Signaling Guest Voice Guest Voice Signaling Softphone Voice Video Conferencing Streaming Video Video Signaling Flags Displays the VLAN tagging status for the application type The possible field values are Tagged The packets are tagged Untagged The packets are not tagged VLAN ID Displays the VLAN number for the application type ...

Page 316: ... LLDP Neighbors Information Page opens Figure 223 LLDP Neighbors Information Page The LLDP Neighbors Information Page contains the following fields To display LLDP Neighbors Information select a Unit number Unit No Indicates the stacking member for which the LLDP Neighbors Information is displayed LLDP Neighbors Information Table Port Displays the port number Device ID Displays the neighboring dev...

Page 317: ...oint T Telephone D DOCSIS cable device H Host r Repeater O Other Remove Removes LLDP Neighbor Information The possible field values are Checked Removes LLDP Neighbor Information from the interface Unchecked Maintains LLDP Neighbor Information on the device To view the details of the LLDP MED information advertised by a neighbor device 1 Click The LLDP Neighbors Information Details opens ...

Page 318: ...ion Page 317 Figure 224 LLDP Neighbors Information Details For information on the fields in the LLDP Neighbors Information Details refer to the Advertise Information Details Page To clear the Neighbors Table 1 Click 2 Click The Neighbors Table is cleared ...

Page 319: ...file contents can be copied to either the running configuration the Startup Configuration files or to a different backup files The device currently supports five backup files The Backup file names are user defined Running Configuration File Contains all configuration file commands as well as all commands entered during the current session After the device is powered down or rebooted all commands s...

Page 320: ... The File Download Page opens Figure 225 File Download Page The File Download Page is divided into the following sections Download Type Firmware Download Configuration Download Each type of file can be downloaded via TFTP or HTTP Download Type The Download Type section contains the following fields Firmware Download Specifies that the software image file is downloaded If Firmware Download is selec...

Page 321: ... Browse Specifies the URL to the file to download Click Browse to browse for the file This field appears only if via HTTP is selected Configuration Download The Configuration Download section contains the following fields Configuration Download Indicates that the download is for configuration files If Configuration Download is selected the Firmware Download fields are grayed out TFTP Server IP Add...

Page 322: ...e Upload Page is divided into the following sections Upload Type Firmware Upload Configuration Upload Each type of file can be uploaded via TFTP whereas only Configuration files can be uploaded via HTTP Upload Type The Upload Type section contains the following fields Firmware Upload Specifies that the software image file is uploaded If Firmware Upload is selected the Configuration Upload fields a...

Page 323: ...ware Image Uploads the Image file Boot Code Uploads the Boot file Configuration Upload The Configuration Upload section contains the following fields TFTP Server IP Address Specifies the TFTP Server IP Address to which the Configuration file is uploaded Destination File Name Specifies the file name to which the Configuration file is uploaded Transfer File name Specifies the Configuration file name...

Page 324: ...tive Image Page opens Figure 227 Active Image Page The Active Image Page contains the following fields Unit No The unit number for which the Image file is selected Active Image The Image file which is currently active on the unit After Reset The Image file which will be active on the unit after the device is reset The possible field val ues are Image 1 Activates Image file 1 after the device is re...

Page 325: ...de Destination Indicates the destination Possible values are Backup 1 4 All Copy Configuration Copies the Running Configuration file to the Startup Configuration file Source Indicates the configuration file is selected Possible values are Running Configuration Starting Configuration Destination Indicates the destination to which the configuration file is copied Possible field values are Startup Co...

Page 326: ...y stored in the file management system Size Indicates the file size Modified Indicates the date the file was last modified Permission Indicates the permission type assigned to the file The possible field values are Read Only Indicates a read only file Read Write Indicates a read write file Remove Deletes the file The possible field values are Checked Removes the file Unchecked Maintains the file R...

Page 327: ...DXS 3227 DXS 3227P DXS 3250 and DXS 3250E EWS User Guide Page 326 ...

Page 328: ... on their urgency or relevancy Each message severity determines the set of event logging devices that are sent per each event message The following table lists the log severity levels This section includes the following topics Enabling System Logs Viewing the Device Memory Logs Viewing the FLASH Logs Defining Servers Log Parameters Table 12 System Log Severity Levels Severity Level Message Emergen...

Page 329: ...The possible field values are Checked Enables device logs Unchecked Disables device logs Severity The following are the available log severity levels Emergency The highest warning level If the device is down or not functioning properly an emergency log message is saved to the specified logging location Alert The second highest warning level An alert log is saved if there is a serious device malfun...

Page 330: ... a severity level is selected all severity level choices above the selection are selected automatically Console Defines the minimum severity level from which logs are sent to the console RAM Logs Defines the minimum severity level from which logs are sent to the RAM Log kept in RAM Cache Log File Defines the minimum severity level from which logs are sent to the log file kept in FLASH mem ory 4 De...

Page 331: ...emory The Device Memory Log Page opens Figure 231 Device Memory Log Page The Device Memory Log Page contains the following fields Log Index Displays the log number Log Time Displays the time at which the log was generated Severity Displays the log severity Description Displays the log message text Clearing Device Memory Logs Message logs can be cleared from the Device Memory Log Page To clear mess...

Page 332: ...ilable after reboot To view the message logs Figure 232 Syslog Flash Page The Syslog Flash Page contains the following fields Log Index Displays the log number Log Time Displays the time at which the log was generated Severity Displays the log severity Description Displays the log message text Clearing FLASH Logs Message logs can be cleared from the Syslog Flash Page To clear message logs 1 Click ...

Page 333: ... server logs are sent The possible range is 1 65535 The default value is 514 Facility Defines an application from which system logs are sent to the remote server Only one facility can be assigned to a single server If a second facility level is assigned the first facility is overridden All applica tions defined for a device utilize the same facility on a server The field default is Local 7 The pos...

Page 334: ...rver from the Servers Log Parameters Page Once removed logs are no longer sent to the removed server Unchecked Maintains the remote servers To add a remote Log server 1 Click System Syslog Servers The Syslog Server Settings Page opens 2 Click The Add Syslog Server Page opens Figure 234 Add Syslog Server Page 3 Define the fields 4 Click The Syslog Server is defined and the device is updated ...

Page 335: ...y forwarding copies of incoming and outgoing packets from one port to a monitoring port Port mirroring can be used as a diagnostic tool as well as a debugging feature Port mirroring also enables switch performance monitoring Network administrators can configure port mirroring by selecting a specific port from which to copy all packets and other ports to which the packets copied To enable port mirr...

Page 336: ...is is the default value Status Indicates if the port is currently monitored The possible field values are Active Indicates the port is currently monitored notReady Indicates the port is not currently monitored Remove Removes the port mirroring session The possible field values are Checked Removes the selected port mirroring sessions Unchecked Maintains the port mirroring session To add a Port Mirr...

Page 337: ... port mirroring settings 1 Click System Diagnostics Port Mirroring The Port Mirroring Page opens 2 Click The Port Mirroring Settings Page opens Figure 237 Port Mirroring Settings Page 3 Modify the field 4 Click The port mirroring settings are modified and the device is updated ...

Page 338: ...an be tested Cables are tested when the ports are in the down state with the exception of the Approximated Cable Length test To test cables Figure 238 Copper Cable Tests Page The Copper Cable Tests Page contains the following fields To display Copper Cable Test Information select a Unit number Unit No Indicates the stacking member for which the copper cable Information is displayed Copper Cable In...

Page 339: ...that the cable passed the test Cable Fault Distance Indicates the distance from the port where the cable error occurred Last Update Indicates the last time the port was tested Cable Length Indicates the approximate cable length This test can only be performed when the port is up and operating at 1 Gbps 5 Click The test results are displayed ...

Page 340: ...r supply status The device has two power supplies AC PS and DC RPS Power supply 1 is displayed as PS1 in the interface while the redundant power supply is displayed as RPS The possible field values are Checked The power supply is operating normally Unchecked The power supply is not operating normally Not Present The power supply is currently not present Fan Status The fan status The non PoE device...

Page 341: ...No Indicates the stacking member for which the optical transceiver Information is displayed Optical Transceiver Information Table Port Displays the port IP address on which the cable is tested Temperature Displays the temperature C at which the cable is operating Voltage Displays the voltage at which the cable is operating Current Displays the current at which the cable is operating Output Power I...

Page 342: ...CPU Utilization Page opens Figure 241 CPU Utilization Page The CPU Utilization Page contains the following fields CPU Utilization Displays CPU resource utilization information The possible field values are Enabled Enables viewing CPU utilization information This is the default value Disabled Disables viewing the CPU utilization information Refresh Rate Amount of time between utilization updates Th...

Page 343: ...ules per ACL Comments QoS Advanced Mode rules No limit 1 or 2 TCAM entries per each rule Feature is activated by default Access Control Rules No limit 1 or 2 TCAM entries per each rule Feature is activated by default PVE Feature is activated by default Allocation done only during initialization IP Subnet VLAN 255 2 or 4 Rules are duplicated for both IP and MAC based VLANs Protocol Based VLAN No li...

Page 344: ...esources The TCAM Resources Page opens Figure 242 TCAM Resources Page The TCAM Resources Page contains the following fields Unit ID Indicates the stacking member for which TCAM resource usage is displayed TCAM Utilization Displays the available TCAM resource percentage which are used For example if more ACLs and policy maps are defined the system uses more TCAM resources ...

Page 345: ...m the third Sunday in October until the third Saturday in March During the period of Daylight Saving Time Brazilian clocks go forward one hour in most of the Brazilian southeast Chile In Easter Island from March 9 until October 12 In the rest of the country from the first Sunday in March or after 9th March China China does not use Daylight Saving Time Canada From the second Sunday of March at 02 0...

Page 346: ...d of March until the last weekend of October Paraguay From April 6 until September 7 Poland From the last weekend of March until the last weekend of October Portugal From the last weekend of March until the last weekend of October Romania From the last weekend of March until the last weekend of October Russia From the last weekend of March until the last weekend of October Serbia From the last wee...

Page 347: ...ample 04 May 50 May 4 2050 Local Time The system time The field format is HH MM SS For example 21 15 03 Time Zone Offset The difference between Greenwich Mean Time GMT and local time For example the Time Zone Offset for Paris is GMT 1 while the Time Zone Offset for New York is GMT 5 Daylight Savings Enables automatic Daylight Savings Time DST on the device based on the device s location There are ...

Page 348: ...ple if DST ends on March 23 2008 at midnight the two fields should be 23 Mar 08 and 00 00 The possible field values are Date The date on which DST ends The possible field range is 1 31 Month The month of the year in which DST ends The possible field range is Jan Dec Year The year in which the configured DST ends Time The time at which DST ends The field format is HH MM For example 05 30 Recurring ...

Page 349: ...termined by the following time levels T1 The time at which the original request was sent by the client T2 The time at which the original request was received by the server T3 The time at which the server sent the client a reply T4 The time at which the client received the server s reply Polling for Unicast Time Information Polling for Unicast information is used for polling a server for which the ...

Page 350: ...P Properties Page opens Figure 244 SNTP Properties Page The SNTP Properties Page contains the following fields Poll Interval Defines the interval in seconds at which the SNTP server is polled for Unicast information The Poll Interval default is 1024 seconds Enable Receive Broadcast Servers Updates Defines whether or not the device monitors the SNTP serv ers for Broadcast server time information on...

Page 351: ...P server for Unicast server time information If the Enable Receive Broadcast Servers Updates Enable Receive Anycast Servers Updates and Enable Receive Unicast Servers Updates fields are all enabled the system time is set according to the Unicast server time information The possible values are Checked Enables the device to receive Unicast server updates Unchecked Disables the device from receiving ...

Page 352: ... The possible field values are Checked Authenticates SNTP sessions between the device and SNTP server Unchecked Disables authenticating SNTP sessions between the device and SNTP server Encryption Key ID Indicates if the encryption key identification is used to authenticate the SNTP server and device The field value is up to 4294967295 Authentication Key Indicates the key used for authentication Tr...

Page 353: ...entication select Enable SNTP Authentication 1 Click System SNTP Authentication The SNTP Authentication Page opens 2 Click The Add SNTP Authentication page opens Figure 246 Add SNTP Authentication 3 Define the fields 4 Click The SNTP Authentication Key is added and the device is updated ...

Page 354: ...ation used to communicate between the SNTP server and device The field range is 1 4294967295 Preference Indicates which SNTP server provides the SNTP system time The possible field values are Primary Indicates the primary server provides SNTP information Secondary Indicates the backup server provides SNTP information Status Indicates SNTP server operating status The possible field values are Up In...

Page 355: ...or a device request to reach the SNTP server Remove Removes SNTP servers from the SNTP server list The possible field values are Checked Removes the SNTP server Unchecked Maintains the SNTP server To add an SNTP Server 1 Click System SNTP Servers The SNTP Servers Page opens 2 Click The Add SNTP Server Page opens Figure 248 Add SNTP Server Page 3 Define the fields 4 Click The SNTP Server is added a...

Page 356: ...e SNTP Interface Settings Page contains the following fields Interface Indicates the interface on which SNTP can be enabled The possible field values are Port Indicates the specific port number on which SNTP is enabled LAG Indicates the specific LAG number on which SNTP is enabled VLAN Indicates the specific VLAN number on which SNTP is enabled Receive Servers Updates Enables the server to receive...

Page 357: ...56 To add an SNTP Interface 1 Click System SNTP Interface Settings The SNTP Interface Settings Page opens 2 Click The Add SNTP Interface Page opens Figure 250 Add SNTP Interface Page 3 Define the fields 4 Click The SNTP interface is added and the device is updated ...

Page 358: ...aces GVRP EAP and Etherlike statistics This section contains the following topics Viewing Interface Statistics Managing RMON Statistics Viewing QoS Statistics Viewing Interface Statistics This section contains the following topics Viewing Device Interface Statistics Viewing Etherlike Statistics Viewing GVRP Statistics Viewing RMON Statistics ...

Page 359: ...ible field values are Unit No Defines the specific unit no for which interface statistics are displayed Port Defines the specific port for which interface statistics are displayed LAG Defines the specific LAG for which interface statistics are displayed Refresh Rate Defines the amount of time that passes before the interface statistics are refreshed The possible field values are 15 Sec Indicates t...

Page 360: ...mber of error packets received from the selected interface Transmit Statistics Total Bytes Octets Displays the number of octets transmitted from the selected interface Unicast Packets Displays the number of Unicast packets transmitted from the selected interface Multicast Packets Displays the number of Multicast packets transmitted from the selected interface Broadcast Packets Displays the number ...

Page 361: ...the port utilization statis tics 1 Click Basic Setup Interface Statistics Port Utilization The Port Utilization Page opens Figure 252 Port Utilization Page The Port Utilization Page contains the following fields Port Indicates the port for which the utilization statistics are displayed Refresh Rate Amount of time that passes before the statistics are refreshed The default value is 15 sec onds ...

Page 362: ...like statistics are displayed Refresh Rate Defines the amount of time that passes before the interface statistics are refreshed The possible field values are No Refresh Indicates that the Etherlike statistics are not refreshed 15 Sec Indicates that the Etherlike statistics are refreshed every 15 seconds 30 Sec Indicates that the Etherlike statistics are refreshed every 30 seconds 60 Sec Indicates ...

Page 363: ... selected interface Received Pause Frames Displays the number of received paused frames on the selected interface Transmitted Paused Frames Displays the number of paused frames transmitted from the selected interface 2 Select an interface in the Interface field The Etherlike statistics are displayed Resetting Etherlike Statistics Counters 1 Open the Etherlike Statistics Page 2 Click The Etherlike ...

Page 364: ...ics are displayed LAG Indicates LAG statistics are displayed Refresh Rate Indicates the amount of time that passes before the GVRP statistics are refreshed The pos sible field values are No Refresh Indicates that the GVRP statistics are not refreshed 15 Sec Indicates that the GVRP statistics are refreshed every 15 seconds 30 Sec Indicates that the GVRP statistics are refreshed every 30 seconds 60 ...

Page 365: ...ed Setup Interface Statistics EAP The EAP Statistics Page opens Figure 255 EAP Statistics Page The EAP Statistics Page contains the following fields Interface Specifies the interface type for which the statistics are displayed Unit No Indicates unit statistics are displayed Port Indicates port statistics are displayed LAG Indicates LAG statistics are displayed Refresh Rate Indicates the amount of ...

Page 366: ...ort Request Frames Transmit Indicates the number of EAP Request frames transmitted via the port Invalid Frames Receive Indicates the number of unrecognized EAPOL frames that have been received by on this port Length Error Frames Receive Indicates the number of EAPOL frames with an invalid Packet Body Length received on this port Last Frame Version Indicates the protocol version number attached to ...

Page 367: ...3227P DXS 3250 and DXS 3250E EWS User Guide Page 366 Managing RMON Statistics This section contains the following topics Viewing RMON Statistics Configuring RMON History Configuring RMON Events Defining RMON Alarms ...

Page 368: ...ON statistics are displayed Refresh Rate Defines the amount of time that passes before the interface statistics are refreshed The possible field values are 15 Sec Indicates that the RMON statistics are refreshed every 15 seconds 30 Sec Indicates that the RMON statistics are refreshed every 30 seconds 60 Sec Indicates that the RMON statistics are refreshed every 60 seconds Drop Events Displays the ...

Page 369: ...ce was last refreshed Fragments Displays the number of fragments packets with less than 64 octets excluding framing bits but including FCS octets received on the interface since the device was last refreshed Jabbers Displays the total number of received packets that were longer than 1518 octets This number excludes frame bits but includes FCS octets that had either a bad Frame Check Sequence FCS w...

Page 370: ...pens Figure 257 RMON History Control Page The RMON History Control Page contains the following fields History Entry No Displays the entry number for the History Control Table page Source Interface Displays the interface from which the history samples were taken The possible field values are Port Specifies the port from which the RMON information was taken LAG Specifies the port from which the RMON...

Page 371: ...ries The possible field values are Checked Removes the selected History Control entry Unchecked Maintains the current History Control entries To add an RMON History Control setting 1 Click Advanced Setup RMON History History Control The RMON History Control Page opens 2 Click The RMON History Control Settings Page opens Figure 258 RMON History Control Settings Page 3 Define the fields 4 Click The ...

Page 372: ...mple number from which the statistics were taken Drop Events Displays the number of dropped events that have occurred on the interface since the device was last refreshed Received Bytes Octets Displays the number of octets received on the interface since the device was last refreshed This number includes bad packets and FCS octets but excludes framing bits Received Packets Displays the number of p...

Page 373: ...ng framing bits but including FCS octets received on the interface since the device was last refreshed Jabbers Displays the total number of received packets that were longer than 1518 octets This number excludes frame bits but includes FCS octets that had either a bad Frame Check Sequence FCS with an integral number of octets FCS Error or a bad FCS with a non integral octet Alignment Error number ...

Page 374: ... Events Control Page opens Figure 260 RMON Events Control Page The RMON Events Control Page contains the following fields Event Entry Displays the event Community Displays the community to which the event belongs Description Displays the user defined event description Type Describes the event type Possible values are Log Indicates that the event is a log entry Trap Indicates that the event is a tr...

Page 375: ... Owner Displays the device or user that defined the event Remove Removes a RMON event The possible field values are Checked Removes a selected RMON event Unchecked Maintains RMON events 2 Define the fields 3 Click The RMON events is defined and the device is updated ...

Page 376: ...t logs 1 Click Advanced Setup RMON Events Events Logs The RMON Events Logs Page opens Figure 261 RMON Events Logs Page The RMON Events Logs Page contains the following fields Event Displays the RMON Events Log entry number Log No Displays the log number Log Time Displays the time when the log entry was entered Description Displays the log entry description ...

Page 377: ...re displayed The possible field values are Port Displays the RMON statistics for the selected port LAG Displays the RMON statistics for the selected LAG Counter Value Displays the selected MIB variable value Sample Type Defines the sampling method for the selected variable and comparing the value against the thresholds The possible field values are Delta Subtracts the last sampled value from the c...

Page 378: ...riggers the falling threshold alarm The falling threshold is graphically presented on top of the graph bars Each monitored variable is designated a color Falling Event Displays the mechanism in which the alarms are reported Startup Alarm Displays the trigger that activates the alarm generation Rising is defined by crossing the threshold from a low value threshold to a higher value threshold Interv...

Page 379: ...of profile packets that are received on an interface To view Aggregate Policer Statistics 1 Click Advanced Setup Quality of Service Policy Profile Policy The Aggregate Policer Page opens Figure 264 Aggregate Policer Page The Aggregate Policer Page contains the following fields Aggregate Policer Name Indicates the port or LAG on which the packets were received In profile Bytes Displays the total nu...

Page 380: ...e cleared Viewing Policer Statistics The Policer Statistics Page indicates the amount of in profile and out of profile packets that are received on an interface To view policer statistics 1 Click Advanced Setup Quality of Service QoS Statistics Policer Statistics The Policer Statistics Page opens Figure 265 Policer Statistics Page The Policer Statistics Page contains the following fields Interface...

Page 381: ... Policer Statistic Table entries Resetting Policer Statistics Counters 1 Open the Policer Statistics Page 2 Click The policer statistics counters are cleared Viewing Queue Statistics The Queue Statistics Page displays statistics for the QoS queues To view queue statistics 1 Click Advanced Setup Quality of Service QoS Statistics The Queue Statistics Page opens Figure 266 Queue Statistics Page The Q...

Page 382: ... frames that exceed policer CIR threshold Total packets Indicates the total amount of packets which were transmitted through the queue TD packets Indicates the total packet percentage of packets marked DP Resetting Queue Statistics Counters 1 Open the Queue Statistics Page 2 Click The queue statistics counters are cleared ...

Page 383: ... DXS 3250E Stackable 48 Port 10 100 1000BASE T Switch with 4 SFP ports and an optional dual XFP module DXS 3227 Stackable 24 Port 10 100 1000BASE T Switch with 1 XFP fixed port and 2 optional 10G Module slots DXS 3227P Stackable 24 Port 10 100 1000BASE T PoE Switch with 1 XFP fixed port and 2 optional 10G Module slots CPU DDRAM 256MB Max CPU Flash 32MBb Max PoE Per port power 15 4W PoE Total avail...

Page 384: ...Of Service The IEEE 802 1p signaling technique is an OSI Layer 2 standard for marking and prioritizing network traffic at the data link MAC sub layer 802 1p traffic is classified and sent to the destination No bandwidth reservations or limits are established or enforced 802 1p is a spin off of the 802 1Q VLANs standard 802 1p establishes eight levels of priority similar to the IP Precedence IP Hea...

Page 385: ...tion within a Layer 2 broadcast domain by mapping an IP address to a MAC address However because ARP allows a gratuitous reply from a host even if an ARP request was not received an ARP spoofing attack and the poisoning of ARP caches can occur After the attack all traffic from the device under attack flows through the attacker s computer and then to the router switch or host Fast Link STP can take...

Page 386: ... Jumbo frames Support for 10K jumbo frames LACP LACP uses peer exchanges across links to determine on an ongoing basis the aggregation capability of various links and continuously provides the maximum level of aggregation capability achievable between a given pair of systems LACP automatically determines configures binds and monitors the port binding within the system LLDP and LLDP MED Support for...

Page 387: ... or more MSTP bridges by which frames can be transmitted The standard lets administrators assign VLAN traffic to unique paths Multicast TV VLAN Support for distributing video multicast streams to users across VLAN boundaries Password Management Password management provides increased network security and improved password control Passwords for SSH Telnet HTTP HTTPS and SNMP access are assigned secu...

Page 388: ...ADIUS Accounting RADIUS Accounting enables to record device management sessions Telnet serial and WEB but not SNMP and or 802 1x authentication sessions Rapid Spanning Tree Spanning Tree can take 30 60 seconds for each host to decide whether its ports are actively forwarding traffic Rapid Spanning Tree RSTP detects uses of network topologies to enable faster convergence without creating forwarding...

Page 389: ...SSH Secure Shell SSH is a protocol that provides a secure remote connection to a device SSH version 2 is currently supported The SSH server feature enables an SSH client to establish a secure encrypted connection with a device This connection provides functionality that is similar to an inbound telnet connection SSH uses RSA and DSA Public Key cryptography for device connections and authentication...

Page 390: ...nts Packets sharing common attributes can be grouped in the same VLAN VLAN aware MAC based Switching The device always performs VLAN aware bridging Classic bridging IEEE802 1D is not performed where frames are forwarded based only on their destination MAC address However a similar functionality may be configured for untagged frames Frames addressed to a destination MAC address that is not associat...

Page 391: ...lem must be determined This includes how the problem is detected and what are the possible causes of the problem With the problem known the effect of the problem is recorded with all known results from the problem Once the problem is quantified the solution is applied Solutions are found either in this chapter or through customer support If no solution is found in this chapter contact Cus tomer Su...

Page 392: ...rrect serial cable Software settings Replace the serial cable Replace serial cable for a pin to pin straight flat cable Reconfigure the emulation software connection set tings Response from the ter minal emulations soft ware is not readable Faulty serial cable Software settings Replace the serial cable Reconfigure the emulation software connection set tings Self test exceeds 15 seconds The device ...

Page 393: ...ncorrect twisting of pairs Fiber optical cable con nection is reversed Bad cable Wrong cable type Check pinout and replace if necessary Change if necessary Check Rx and Tx on fiber optic cable Replace with a tested cable Verify that all 10 Mbps connections use a Cat 5 cable Check the port LED or zoom screen in the NMS application and change setting if necessary Problems Possible Cause Solution ...

Page 394: ...ng message is displayed Console reload Are you sure you want to reboot the system y n n 2 Enter Y The device reboots After the POST when the text Autoboot in 2 seconds press RETURN or Esc to abort and enter prom is displayed press Enter The Startup Menu is displayed 1 Download software 2 Erase flash file 3 Erase flash sectors 4 Password Recovery Procedure 5 Enter Diagnostic Mode 6 Back 3 Enter 4 w...

Page 395: ...tion pertaining to the product and in that case the product is being sold As Is without any warranty whatsoever including without limitation the Warranty as described herein notwithstanding anything stated herein to the contrary Submitting A Claim The customer shall return the product to the original purchase point based on its return policy In case the return policy period has expired and the pro...

Page 396: ...ms Inc Other trademarks or registered trademarks are the property of their respective owners Copyright Statement No part of this publication or documentation accompanying this product may be reproduced in any form or by any means or used to make any derivative such as translation transformation or adaptation without permission from D Link Corporation D Link Systems Inc as stipulated by the United ...

Page 397: ...Technical Support Contacting D Link Technical Support Page 395 ...

Page 398: ...DXS 3227 DXS 3227P DXS 3250 and DXS 3250E EWS User Guide Page 396 ...

Page 399: ...Technical Support Contacting D Link Technical Support Page 397 ...

Page 400: ...DXS 3227 DXS 3227P DXS 3250 and DXS 3250E EWS User Guide Page 398 ...

Page 401: ...Technical Support Contacting D Link Technical Support Page 399 ...

Page 402: ...DXS 3227 DXS 3227P DXS 3250 and DXS 3250E EWS User Guide Page 400 ...

Page 403: ...Technical Support Contacting D Link Technical Support Page 401 ...

Page 404: ...DXS 3227 DXS 3227P DXS 3250 and DXS 3250E EWS User Guide Page 402 ...

Page 405: ...Technical Support Contacting D Link Technical Support Page 403 ...

Page 406: ...DXS 3227 DXS 3227P DXS 3250 and DXS 3250E EWS User Guide Page 404 ...

Page 407: ...Technical Support Contacting D Link Technical Support Page 405 ...

Page 408: ...DXS 3227 DXS 3227P DXS 3250 and DXS 3250E EWS User Guide Page 406 ...

Page 409: ...Technical Support Contacting D Link Technical Support Page 407 ...

Page 410: ...DXS 3227 DXS 3227P DXS 3250 and DXS 3250E EWS User Guide Page 408 ...

Page 411: ...Technical Support Contacting D Link Technical Support Page 409 ...

Page 412: ...DXS 3227 DXS 3227P DXS 3250 and DXS 3250E EWS User Guide Page 410 ...

Page 413: ...Technical Support Contacting D Link Technical Support Page 411 ...

Page 414: ...DXS 3227 DXS 3227P DXS 3250 and DXS 3250E EWS User Guide Page 412 ...

Page 415: ...Technical Support Contacting D Link Technical Support Page 413 ...

Page 416: ...DXS 3227 DXS 3227P DXS 3250 and DXS 3250E EWS User Guide Page 414 ...

Page 417: ...Technical Support Contacting D Link Technical Support Page 415 ...

Page 418: ...DXS 3227 DXS 3227P DXS 3250 and DXS 3250E EWS User Guide Page 416 ...

Page 419: ...Technical Support Contacting D Link Technical Support Page 417 ...

Page 420: ...DXS 3227 DXS 3227P DXS 3250 and DXS 3250E EWS User Guide Page 418 ...

Page 421: ...Technical Support Contacting D Link Technical Support Page 419 ...

Page 422: ...DXS 3227 DXS 3227P DXS 3250 and DXS 3250E EWS User Guide Page 420 ...

Page 423: ... 421 Product Registration D Link products can be registered online at http support dlink com register Product registration is entirely voluntary and failure to complete or return this form will not diminish your warranty rights ...

Page 424: ...ustralia 1 Giffnock Avenue North Ryde NSW 2113 Australia TEL 61 2 8899 1800 FAX 61 2 8899 1868 URL www dlink com au India D Link House Kurla Bandra Complex Road Off CST Road Santacruz East Mumbai 400098 India TEL 91 022 26526696 56902210 FAX 91 022 26528914 URL www dlink co in Middle East Dubai P O Box 500376 Office No 103 Building 3 Dubai Internet City Dubai United Arab Emirates Tel 971 4 3916480...

Reviews:

No comments

Brands by name

Popular brands

Load more brands