manualshive.com logo in svg

D-Link UNIFIED WIRED & WIRELESS ACCESS SYSTEM..., Configuration Manual

Introducing the D-Link Unified Wired & Wireless Access System - a cutting-edge network solution that seamlessly integrates wired and wireless connectivity. Ensure smooth and efficient operation with our comprehensive Deployment manual, available for free download from our website. Unlock the full potential of your network effortlessly.

Share
Download
background image

Overview

163

23

DHCP Filtering

This section describes the Dynamic Host Configuration Protocol (DHCP) Filtering feature.

Overview

DHCP filtering provides security by filtering untrusted DHCP messages. An untrusted 
message is a message that is received from outside the network or firewall, and that can cause 
traffic attacks within network.

You can use DHCP Filtering as a security measure against unauthorized DHCP servers. A 
known attack can occur when an unauthorized DHCP server responds to a client that is 
requesting an IP address. The unauthorized server can configure the gateway for the client to 
be equal to the IP address of the server. At that point, the client sends all of its IP traffic 
destined to other networks to the unauthorized machine, giving the attacker the possibility of 
filtering traffic for passwords or employing a ‘man-in-the-middle’ attack. 

DHCP filtering works by allowing the administrator to configure each port as a trusted or 
untrusted port. The port that has the authorized DHCP server should be configured as a trusted 
port. Any DHCP responses received on a trusted port will be forwarded. All other ports should 
be configured as untrusted. Any DHCP (or BootP) responses received on the ingress side will 
be discarded.

Limitations

Port Channels (LAGs) — If an interface becomes a member of a LAG, DHCP filtering is 
no longer operationally enabled on the interface. Instead, the interface follows the config-
uration of the LAG port. End user configuration for the interface remains unchanged. 
When an interface is no longer a member of a LAG, the current end user configuration for 
that interface automatically becomes effective.

Mirroring — If an interface becomes a probe port, DHCP filtering can no longer become 
operationally enabled on the interface. End user configuration for the interface remains 
unchanged. When an interface no longer acts as a probe port, the current end user configu-
ration for that interface automatically becomes effective.

Summary of Contents for UNIFIED WIRED & WIRELESS ACCESS SYSTEM...

Page 1: ...Configuration Guide Product Model DWS 3000 Series Unified Wired Wireless Access System Release 3 0 February 2011 Copyright 2011 All rights reserved ...

Page 2: ...2 2001 2011 D Link Corporation All Rights Reserved Configuration Guide ...

Page 3: ...vice 21 System Information and System Setup 21 2 Using the Web Interface 27 Configuring for Web Access 27 Starting the Web Interface 28 Web Page Layout 28 Configuring an SNMP V3 User Profile 29 Command Buttons 30 Switching the Date Time Zone 31 3 Virtual LANs 33 VLAN Configuration Example 34 Configuring a Guest VLAN 34 Configuring Dynamic VLAN Assignments 34 CLI Examples 35 Example 1 Create Two VL...

Page 4: ...Example 2 show mac address table igmpsnooping 50 Example 3 set igmp Global Config Mode 50 Example 4 set igmp Interface Config Mode 50 Web Examples 51 7 Port Mirroring 57 Overview 57 CLI Examples 57 Example 1 Set up a Port Mirroring Session 57 Example 2 Show the Port Mirroring Session 58 Example 3 Show the Status of All Ports 58 Example 4 Show the Status of the Source and Destination Ports 58 Web E...

Page 5: ... Configure VRRP 82 13 Proxy Address Resolution Protocol ARP 85 Overview 85 CLI Examples 85 Example 1 show ip interface 85 Example 2 ip proxy arp 86 Web Example 86 14 Routing Information Protocol RIP 87 Overview 87 RIP Configuration 87 RIP Interface Configuration 88 RIP Route Redistribution Configuration 88 15 Access Control Lists ACLs 91 Overview 91 Limitations 91 MAC ACLs 92 IP ACLs 92 ACL Config...

Page 6: ... Overview 119 Operation 119 CLI Examples 120 Example 1 show port security 120 Example 2 show port security on a specific interface 120 Example 3 Config port security 120 Web Examples 121 19 RADIUS 125 Client Name in Local MAC Authentication List 125 RADIUS Fail through and Failover Server Support 126 RADIUS Configuration Examples 127 Configuring RADIUS for Wired Clients 127 Configuring RADIUS Fail...

Page 7: ...e 2 Enable DHCP Filtering for an Interface 164 Example 3 Show DHCP Filtering Configuration 164 Web Examples 164 24 Traceroute 167 CLI Example 167 25 Configuration Scripting 169 Overview 169 Considerations 169 CLI Examples 169 Example 1 script 169 Example 2 script list and script delete 170 Example 3 script apply running config scr 170 Example 4 show running config 170 Example 5 copy nvram script 1...

Page 8: ...80 Example 6 configuring sntp server 181 Example 7 configure sntp client port 181 Web Interface Examples 181 29 Syslog 185 Overview 185 Interpreting Log Files 185 CLI Examples 186 Example 1 show logging 186 Example 2 show logging buffered 186 Example 3 show logging traplogs 187 Example 4 show logging hosts 187 Example 5 logging port configuration 188 Web Examples 189 30 Port Description 191 CLI Ex...

Page 9: ... Router VLAN Statistics Page 54 Figure 19 IGMP Snooping Multicast Router VLAN Configuration Page 55 Figure 20 Multiple Port Mirroring 59 Figure 21 Multiple Port Mirroring Add Source Ports 59 Figure 22 System Port Utilization Summary 60 Figure 23 LLDP Global Configuration 63 Figure 24 LLDP Interface Configuration 64 Figure 25 LLDP Interface Summary 65 Figure 26 LLDP Statistics 65 Figure 27 Denial o...

Page 10: ...CP Web Page Customization Authentication Page 115 Figure 63 CP Web Page Customization Welcome Page 115 Figure 64 CP Web Page Customization Logout Page 116 Figure 65 CP Web Page Customization Logout Success Page 116 Figure 66 Port Security Administration 121 Figure 67 Port Security Interface Configuration 121 Figure 68 Port Security Statically Configured MAC Addresses 122 Figure 69 Port Security Dy...

Page 11: ...cy Summary 157 Figure 103 DiffServ Policy Attribute Summary 157 Figure 104 DiffServ Service Configuration 158 Figure 105 DiffServ Service Summary 158 Figure 106 DiffServ VoIP Example Network Diagram 161 Figure 107 DHCP Filtering Configuration 165 Figure 108 DHCP Filtering Interface Configuration 165 Figure 109 DHCP Filter Binding Information 166 Figure 110 Telnet Session Configuration 175 Figure 1...

Page 12: ...12 2001 2011 D Link Corporation All Rights Reserved Configuration Guide ...

Page 13: ...l Port Data 22 Table 3 Quick Start up User Account Management 23 Table 4 Quick Start up IP Address 24 Table 5 Uploading from Networking Device to Out of Band PC XMODEM 25 Table 6 Downloading from Out of Band PC to Networking Device XMODEM 25 Table 7 Downloading from TFTP Server 26 Table 8 Setting to Factory Defaults 26 ...

Page 14: ...14 2001 2011 D Link Corporation All Rights Reserved Configuration Guide ...

Page 15: ... network management and Quality of Service functions such as Access Control Lists and Differentiated Services The functions you choose to activate will depend on the size and complexity of your network This document illustrates configuration for the following functions L2 Features Virtual LANs VLANs Storm Control Trunking Link Aggregation Port Channels Internet Group Management Protocol IGMP Snoop...

Page 16: ...Audience Use this guide if you are a n Experienced system administrator who is responsible for configuring and operating a net work using the D Link DWS 3000 switch Level 1 and or Level 2 Support provider To obtain the greatest benefit from this guide you should have an understanding of the Unified Switch You should also have basic knowledge of Ethernet and networking concepts CLI Documentation Th...

Page 17: ... IP address subnet mask and default gateway Configure for In band connectivity using one of the following methods BootP or DHCP EIA 232 port Using BootP or DHCP You can assign IP information initially over the network or over the Ethernet service port through BootP or DHCP Check with your system administrator to determine whether BootP or DHCP is enabled You need to configure the BootP or DHCP ser...

Page 18: ...nd of the serial cable to the EIA 232 port of the switch and the other end to the modem 2 Set up the terminal for VT100 terminal emulation A Set the terminal ON B Launch the VT100 application C Configure the COM port as follows I Set the data rate to 115 200 baud II Set the data format to 8 data bits 1 stop bit and no parity III Set the flow control to none IV Select the proper mode under Properti...

Page 19: ... or a desktop or a portable system with a serial port running VT100 terminal emulation software An RS 232 cable with a male DB 9 connector for the console port and the appropriate connector for the terminal Perform the following tasks to connect a terminal to the switch console port using out of band connectivity 1 Connect the RS 232 cable to the terminal running VT100 terminal emulation software ...

Page 20: ...onds Initial Configuration NOTE The initial simple configuration procedure is based on the following assump tions The switch was not configured before and is in the same state as when you received it The switch booted successfully The console connection was established and the console prompt appears on the screen of a VT100 terminal or terminal equivalent The initial switch configuration is perfor...

Page 21: ... mode does not use a password after typ ing admin press Enter two times The CLI User EXEC prompt is displayed Type enable to switch to the Privileged EXEC mode from User EXEC Type configure to switch to the Global Config mode from Privileged EXEC Type exit to return to the previous mode Enter to show a list of commands that are available in the current mode NOTE For more information about the conf...

Page 22: ...WS 3026 Serial Number 123456abcdef FRU Number Maintenance Level A Manufacturer 0xbc00 Burned In MAC Address 00 01 17 86 34 55 Software Version D 4 18 8 Additional Packages QOS Wireless Command Details show port all Privileged EXEC Mode Displays the ports Interface slot port See the CLI Command Reference for more informa tion about naming conventions Type Indicates if the port is a special type of ...

Page 23: ...ig Mode Allows the user to set passwords or change passwords needed to login A prompt appears after the command is entered requesting the user s old password In the absence of an old password leave the area blank The user must press Enter to execute the com mand The system then prompts the user for a new password then a prompt to confirm the new password If the new password and the confirmed passw...

Page 24: ... interface Default is 255 0 0 0 Default Gateway The default Gateway for this interface Default value is 0 0 0 0 Burned in MAC Address The Burned in MAC Address used for in band connectivity Locally Administered MAC Address Can be configured to allow a locally administered MAC address MAC Address Type Specifies which MAC address should be used for in band connectivity Network Configurations Protoco...

Page 25: ...nd confirms the upload is progressing The types are config configuration file errorlog error log log message log traplog trap log The url must be specified as xmodem filepath filename If you are using HyperTerminal you must specify where the file is to be received by the PC Table 6 Downloading from Out of Band PC to Networking Device XMODEM Command Details copy url nvram startup config Privileged ...

Page 26: ...guration file nvram startup config The URL must be specified as tftp ipaddress filepath filename The nvram startup config option down loads the configuration file using tftp and system image option downloads the code file Table 8 Setting to Factory Defaults Command Details clear config Privileged EXEC Mode Enter yes when the prompt pops up to clear all the configu rations made to the networking de...

Page 27: ...ersion 1 2 or later JavaTM Runtime Plug in 1 50 06 or later There are equivalent functions in the Web interface and the terminal interface both applications usually employ the same menus to accomplish a task For example when you log in there is a Main Menu with the same functions available etc There are several differences between the Web and terminal interfaces For example on the Web interface th...

Page 28: ... the navigation tree Web Page Layout A Web interface panel for the switch Web page consists of three areas Figure 2 A banner graphic of the switch appears across the top of the panel The second area a hierarchical tree view appears to the left of the panel The tree consists of a combination of folders subfolders and configuration and status HTML pages You can think of the folders and subfolders as...

Page 29: ...rofile is a part of user configuration Any user can connect to the switch using the SNMPv3 protocol but for authentication and encryption additional steps are needed Use the following steps to configure an SNMP V3 new user profile Figure 3 Configuring an SNMP V3 User Profile 1 From the LAN navigation menu select LAN Administration User Accounts see Figure 3 ...

Page 30: ...tep 9 8 To enable encryption use the Encryption Protocol pull down menu to select DES for the encryption scheme Then enter an encryption code of eight or more alphanumeric characters in the Encryption Key field 9 Click Submit Command Buttons The following command buttons are used throughout the Web interface panels for the switch Save Pressing the Save button implements and saves the changes you j...

Page 31: ... Interface 31 2 Using the Web Interface Switching the Date Time Zone To configure the system date and time from the Administration navigation menu select System Description see Figure 4 Figure 4 System Description Page ...

Page 32: ...32 2001 2011 D Link Corporation All Rights Reserved Configuration Guide ...

Page 33: ... the packet may either reject it or insert a tag using its default VLAN ID A given port may handle traffic for more than one VLAN but it can only support one default VLAN ID Two features let you define packet filters that the switch uses as the matching criteria to determine if a particular packet belongs to a particular VLAN The IP subnet Based VLAN feature lets you map IP addresses to VLANs by s...

Page 34: ...twork access If a client station fails to authenticate using 802 1X or RADIUS or if the client does not support 802 1X then after the authentication times out the station is put on the guest VLAN configured for that switch port For more information about how to configure a Guest VLAN for wired clients see Guest VLAN on page 107 Configuring Dynamic VLAN Assignments The software supports VLAN assign...

Page 35: ...4 Config interface 0 2 DWS 3024 Interface 0 2 vlan participation include 2 DWS 3024 Interface 0 2 vlan acceptframe vlanonly DWS 3024 Interface 0 2 exit DWS 3024 Config exit DWS 3024 config DWS 3024 Config vlan port tagging all 2 DWS 3024 Config exit Example 3 Assign Ports to VLAN3 This example shows how to assign the ports that will belong to VLAN 3 and to specify that untagged frames will be acce...

Page 36: ...Interface 0 2 exit DWS 3024 Config exit Example 5 Assign IP Addresses to VLAN 2 DWS 3024 vlan database DWS 3024 Vlan vlan association subnet 192 168 10 10 255 255 255 0 2 DWS 3024 Vlan exit DWS 3024 show vlan association subnet IP Address IP Mask VLAN ID 192 168 10 10 255 255 255 0 2 DWS 3024 Web Interface You can perform the same configuration in the CLI Examples section by using the Web interfac...

Page 37: ... if they have the same VLAN membership Protected ports can forward traffic to unprotected ports Unprotected ports can forward traffic to both protected and unprotected ports You can also configure groups of protected ports Each group s configuration consists of a name and a mask of ports A port can belong to only one set of protected ports An unprotected port can be added to a group as a protected...

Page 38: ... an IP phone is safeguarded from deterioration when data traffic on the port is high The inherent isolation provided by VLANs ensures that inter VLAN traffic is under management control and that network attached clients cannot initiate a direct attack on voice components A QoS protocol based on the IEEE 802 1P class of service CoS protocol uses classification and scheduling to send network traffic...

Page 39: ...D The voice VLAN packets are uniquely identified by a number you assign All voice traffic carries this VLAN ID to distinguish it from other data traffic which is assigned the port s default VLAN ID However voice traffic is not prioritized differ ently than other traffic dot1p This parameter is set by the VoIP device for all voice traffic to distinguish voice data from other traffic All other traff...

Page 40: ...40 2001 2011 D Link Corporation All Rights Reserved Configuration Guide ...

Page 41: ...idual interfaces and you ll set the threshold storm control level beyond which the broadcast multicast or unicast traffic will be dropped Configuring a storm control level also enables that form of storm control Disabling a storm control level using the no version of the command sets the storm control level back to default value and disables that form of storm control Using the no version of the s...

Page 42: ...ple 2 Set Multicast Storm Control for All Interfaces DWS 3024 config DWS 3024 Config storm control multicast all cr Press Enter to execute the command level Configure storm control thresholds DWS 3024 Config storm control multicast all level 8 DWS 3024 Config exit DWS 3024 Example 3 Set Unicast Storm Control for All Interfaces DWS 3024 config DWS 3024 Config storm control unicast all level 5 DWS 3...

Page 43: ...Interface 43 4 Storm Control Web Interface The Storm Control configuration options are available on the Port Configuration Web page under the Administration folder Figure 9 Port Configuration Storm Control ...

Page 44: ...44 2001 2011 D Link Corporation All Rights Reserved Configuration Guide ...

Page 45: ... exchanges of LACPDUs Static configuration is used when connecting the switch to an external switch that does not support the exchange of LACPDUs The feature offers the following benefits Increased reliability and availability if one of the physical links in the port channel goes down traffic is dynamically and transparently reassigned to one of the other physical links Increased bandwidth the agg...

Page 46: ...4 Config port channel lag_10 DWS 3024 Config port channel lag_20 DWS 3024 Config exit Use the show port channel all command to show the logical interface ids you will use to identify the port channels in subsequent commands Assume that lag_10 is assigned id 3 1 and lag_20 is assigned id 3 2 Subnet 3 Port 0 8 LAG_20 Layer 2 Switch Port 0 9 LAG_20 Server Port 0 2 LAG_10 Port 0 3 LAG_10 Layer 3 Switc...

Page 47: ...nterface 0 2 exit DWS 3024 Config interface 0 3 DWS 3024 Interface 0 3 addport 3 1 DWS 3024 Interface 0 3 exit DWS 3024 Config exit DWS 3024 config DWS 3024 Config interface 0 8 DWS 3024 Interface 0 8 addport 3 2 DWS 3024 Interface 0 8 exit DWS 3024 Config interface 0 9 DWS 3024 Interface 0 9 addport 3 2 DWS 3024 Interface 0 9 exit DWS 3024 Config exit Example 3 Enable both port channels By defaul...

Page 48: ...e Configuration LAGs Port channels To perform the same configuration using the Web interface use the LAN L2 Features Trunking Configuration page Figure 11 Trunking Configuration To create the port channels specify port participation and enable Link Aggregation LAG support on the switch ...

Page 49: ...w IGMP Uses Version 3 of IGMP Includes snooping Snooping can be enabled per VLAN CLI Examples The following are examples of the commands used in the IGMP Snooping feature Example 1 show igmpsnooping DWS 3024 show igmpsnooping cr Press Enter to execute the command slot port Enter interface in slot port format mrouter Display IGMP Snooping Multicast Router information 1 3965 Display IGMP Snooping va...

Page 50: ...DWS 3026 Config set igmp cr Press enter to execute the command groupmembership interval Configure IGMP Group Membership Interval secs interfacemode Enable Disable IGMP Snooping maxresponse Configure IGMP Max Response time secs mcrtrexpiretime Sets the Multicast Router Present Expiration time on the system DWS 3026 Config set igmp Example 4 set igmp Interface Config Mode DWS 3026 Config interface 0...

Page 51: ...les 51 6 IGMP Snooping Web Examples The following web pages are used in the IGMP Snooping feature Click Help for more information on the web interface Figure 12 IGMP Snooping Global Configuration and Status Page ...

Page 52: ...52 2001 2011 D Link Corporation All Rights Reserved Configuration Guide Figure 13 IGMP Snooping Interface Configuration Page Figure 14 IGMP Snooping VLAN Configuration ...

Page 53: ...Web Examples 53 6 IGMP Snooping Figure 15 IGMP Snooping VLAN Status Page Figure 16 IGMP Snooping Multicast Router Statistics Page ...

Page 54: ...54 2001 2011 D Link Corporation All Rights Reserved Configuration Guide Figure 17 IGMP Snooping Multicast Router Configuration Page Figure 18 IGMP Snooping Multicast Router VLAN Statistics Page ...

Page 55: ...Web Examples 55 6 IGMP Snooping Figure 19 IGMP Snooping Multicast Router VLAN Configuration Page ...

Page 56: ...56 2001 2011 D Link Corporation All Rights Reserved Configuration Guide ...

Page 57: ...eceived on the source port transmitted on a port or both received and transmitted can be mirrored to the destination port CLI Examples The following are examples of the commands used in the Port Mirroring feature Example 1 Set up a Port Mirroring Session The following command sequence enables port mirroring and specifies a source and destination ports DWS 3024 config DWS 3024 Config monitor sessio...

Page 58: ...own Enable Enable 0 5 Enable Auto Down Enable Enable 0 6 Enable Auto Down Enable Enable 0 7 Mirror Enable Auto Down Enable Enable 0 8 Probe Enable Auto Down Enable Enable 0 9 Enable Auto Down Enable Enable 0 10 Enable Auto Down Enable Enable Example 4 Show the Status of the Source and Destination Ports Use this command for a specific port The output shows whether the port is the mirror or the prob...

Page 59: ...Web Examples 59 7 Port Mirroring Web Examples The following web pages are used with the Port Mirroring feature Figure 20 Multiple Port Mirroring Figure 21 Multiple Port Mirroring Add Source Ports ...

Page 60: ...60 2001 2011 D Link Corporation All Rights Reserved Configuration Guide Figure 22 System Port Utilization Summary ...

Page 61: ...llowing sequence to specify switch wide notification interval and timers for all LLDP interfaces DWS 3024 config DWS 3024 Config lldp notification interval Configure minimum interval to send remote data change notifications timers Configure the LLDP global timer values DWS 3024 Config lldp notification interval interval seconds Range 5 3600 seconds DWS 3024 Config lldp notification interval 1000 D...

Page 62: ...smit tlv Include Exclude LLDP optional TLV s DWS 3024 Interface 0 10 lldp receive DWS 3024 Interface 0 10 lldp transmit DWS 3024 Interface 0 10 lldp transmit mgmt DWS 3024 Interface 0 10 exit DWS 3024 Config exit DWS 3024 Example 3 Show Global LLDP Parameters DWS 3024 show lldp LLDP Global Configuration Transmit Interval 30 seconds Transmit Hold Multiplier 8 Reinit Delay 5 seconds Notification Int...

Page 63: ... parameters Figure 23 LLDP Global Configuration The LLDP Global Configuration page contains the following fields Transmit Interval 1 32768 Specifies the interval at which frames are transmitted The default is 30 seconds Hold Multiplier 2 10 Specifies multiplier on the transmit interval to assign to TTL Default is 4 Re Initialization Delay 1 10 Specifies delay before a re initialization Default is ...

Page 64: ...ers Transmit Mode Enables or disables the transmit function The default is disabled Receive Mode Enables or disables the receive function The default is disabled Transmit Management Information Enables or disables transmission of management address instance Default is disabled Notification Mode Enables or disables remote change notifications The default is dis abled Included TLVs Selects TLV infor...

Page 65: ... Configure LLDP 65 8 Link Layer Discovery Protocol Figure 25 LLDP Interface Summary Figure 26 LLDP Statistics You can also use the pages in the LAN Monitoring LLDP Status folder to view information about local and remote devices ...

Page 66: ...66 2001 2011 D Link Corporation All Rights Reserved Configuration Guide ...

Page 67: ...the host or network unstable Compliant with Nessus Nessus is a widely used vulnerability assessment tool The Unified Switch provides a number of features that help a network administrator pro tect networks against DoS attacks CLI Examples Enter from Global Config mode DWS 3024 configure DWS 3024 Config dos control sipdip DWS 3024 Config dos control firstfrag DWS 3024 Config dos control tcpfrag DWS...

Page 68: ...e Min TCP Hdr Size 20 TCP Fragment Mode Enable TCP Flag Mode Disable L4 Port Mode Enable ICMP Mode Enable Max ICMP Pkt Size 512 Web Interface You can configure the Denial of Service feature from the Denial of Service Protection Configuration page Figure 27 Denial of Service Protection Configuration ...

Page 69: ...he Layer 3 address in its address table to determine the outbound port Updates the Layer 3 header Recreates the Layer 2 header The router s IP address is often statically configured in the end station although the Unified Switch supports DHCP that allow the address to be assigned dynamically You may assign static entries in the routing tables used by the router Port Routing Configuration The Unifi...

Page 70: ... port routing support shown in the diagram Figure 28 Port Routing Example Network Diagram Example 1 Enabling Routing for the Switch Use the following command to enable routing for the switch Execution of the command enables IP forwarding by default config ip routing exit Example 2 Enabling Routing for Ports on the Switch Use the following commands to enable routing for ports on the switch The defa...

Page 71: ...d the maximum transmission unit MTU size is 1500 bytes config interface 0 2 routing ip address 192 150 2 2 255 255 255 0 exit exit config interface 0 3 routing ip address 192 130 3 1 255 255 255 0 exit exit config interface 0 5 routing ip address 192 64 4 1 255 255 255 0 exit exit ...

Page 72: ... the Graphical User Interface To enable routing for the switch as shown in Example 1 Enabling Routing for the Switch use the LAN L3 Features IP Configuration page Figure 29 IP Configuration To configure routing on each interface as shown in Example 2 Enabling Routing for Ports on the Switch use the LAN L3 Features IP Interface Configuration page Figure 30 IP Interface Configuration ...

Page 73: ...r a subset VLAN Routing can be used to allow more than one physical port to reside on the same subnet It could also be used when a VLAN spans multiple physical networks or when additional segmentation or security is required This section shows how to configure the Unified Switch to support VLAN routing A port can be either a VLAN port or a router port but not both However a VLAN port may be part o...

Page 74: ...abled vlan database vlan 10 vlan 20 exit config interface 0 1 vlan participation include 10 exit interface 0 2 vlan participation include 10 exit interface 0 3 vlan participation include 20 exit exit config vlan port tagging all 10 vlan port tagging all 20 exit VLAN 10 VLAN 20 Physical Port 0 2 VLAN Router Port 4 1 192 150 3 1 Layer 3 Switch Physical Port 0 3 VLAN Router Port 4 2 192 150 4 1 Layer...

Page 75: ...g for the VLANs vlan database vlan routing 10 vlan routing 20 exit show ip vlan This returns the logical interface IDs that will be used in subsequent routing commands Assume that VLAN 10 is assigned ID 4 1 and VLAN 20 is assigned ID 4 2 Enable routing for the switch config ip routing exit The next sequence shows an example of configuring the IP addresses and subnet masks for the VLAN router ports...

Page 76: ...y using the Web Interface Use the LAN L2 Features VLAN VLAN Configuration page to create the VLANs specify port participation and configure whether frames will be transmitted tagged or untagged Figure 32 VLAN Configuration Use the LAN L2 Features VLAN Port Configuration page to specify the handling of untagged frames on receipt Figure 33 VLAN Port Configuration ...

Page 77: ...VLAN Routing Use the LAN L3 Features VLAN Routing Configuration page to enable VLAN routing and configure the ports Figure 34 VLAN Routing Configuration To enable routing for the switch use the LAN L3 Features IP Configuration page Figure 35 Enabling Routing ...

Page 78: ...rporation All Rights Reserved Configuration Guide Use the LAN L3 Features IP Interface Configuration page to enable routing for the ports and configure their IP addresses and subnet masks Figure 36 IP Interface Configuration ...

Page 79: ...abling a backup router to take over from a master router without affecting the end stations using the route The end stations will use a virtual IP address that will be recognized by the backup router if the master router fails Participating routers use an election protocol to determine which router is the master router at any given time A given port may appear as more than one virtual router to th...

Page 80: ...et masks for the port that will participate in the protocol config interface 0 2 routing ip address 192 150 2 1 255 255 255 0 exit Enable VRRP for the switch config ip vrrp exit Assign virtual router IDs to the port that will participate in the protocol config interface 0 2 ip vrrp 20 Port 0 2 192 150 2 1 Virtual Router ID 20 Virtual Addr 192 150 2 1 Port 0 4 192 150 4 1 Virtual Router ID 20 Virtu...

Page 81: ...g ip routing exit Configure the IP addresses and subnet masks for the port that will participate in the protocol config interface 0 4 routing ip address 192 150 4 1 255 255 255 0 exit Enable VRRP for the switch config ip vrrp 20 exit Assign virtual router IDs to the port that will participate in the protocol config interface 0 4 ip vrrp 20 Specify the IP address that the virtual router function wi...

Page 82: ...erform the same configuration using the Graphical User Interface To enable routing for the switch use the LAN L3 Features IP Configuration page Figure 38 IP Configuration To enable routing for the ports and configure their IP addresses and subnet masks use the LAN L3 Features IP Interface Configuration page Figure 39 IP Interface Configuration ...

Page 83: ...undancy Protocol To enable VRRP for the switch use the LAN L3 Features VRRP VRRP Configuration page Figure 40 VRRP Configuration To configure virtual router settings use the LAN L3 Features VRRP Virtual Router Configuration page Figure 41 Virtual Router Configuration ...

Page 84: ...84 2001 2011 D Link Corporation All Rights Reserved Configuration Guide ...

Page 85: ...only if the target IP address is an address configured on the interface where the ARP request arrived CLI Examples The following are examples of the commands used in the proxy ARP feature Example 1 show ip interface DWS 3024 show ip interface slot port Enter an interface in slot port format brief Display summary information about IP configuration settings for all ports loopback Display the configu...

Page 86: ...p proxy arp DWS 3024 Interface 0 24 ip proxy arp cr Press Enter to execute the command DWS 3024 Interface 0 24 ip proxy arp Web Example The following web pages are used in the proxy ARP feature Figure 42 Proxy ARP Configuration ...

Page 87: ...opology change On receipt of a RIP update depending on whether the specified route exists or does not exist in the route table the router may modify delete or add the route to its route table The DWS 3000 switch supports RIP versions 1 and 2 RIPv2 supports carrying subnet information in RIP packets thereby enabling classless inter domain routing RIPv2 routers are interoperable with RIPv1 routers o...

Page 88: ...on in the navigation tree Figure 44 RIP Interface Configuration RIP Route Redistribution Configuration Use the RIP Route Redistribution Configuration page to configure which routes are redistributed to other routers using RIP The allowable values for each fields are displayed next to the field If any invalid values are entered an alert message is displayed with the list of all the valid values To ...

Page 89: ...RIP Route Redistribution Configuration 89 14 Routing Information Protocol RIP Figure 45 RIP Route Redistribution Configuration ...

Page 90: ...90 2001 2011 D Link Corporation All Rights Reserved Configuration Guide ...

Page 91: ...ro hit count during that interval You cannot configure the logging interval You can set up ACLs to control traffic at Layer 2 Layer 3 or Layer 4 MAC ACLs operate on Layer 2 IP ACLs operate on Layers 3 and 4 Limitations The following limitations apply to ACLs Maximum of 100 ACLs Maximum rules per ACL is 10 The system supports ACLs set up for inbound traffic only The system does not support MAC ACLs...

Page 92: ...e CoS 802 1p Ethertype L2 ACLs can apply to one or more interfaces Multiple access lists can be applied to a single interface sequence number determines the order of execution You can assign packets to queues using the assign queue option IP ACLs IP ACLs classify for Layers 3 and 4 Each ACL is a set of up to ten rules applied to inbound traffic Each rule specifies whether the contents of a given f...

Page 93: ...ws you how to set up an IP ACL with two rules one applicable to TCP traffic and one to UDP traffic The content of the two rules is the same TCP and UDP packets will only be accepted by the Unified Switch if the source and destination stations have IP addresses that fall within the defined sets Figure 46 IP ACL Example Network Diagram Port 0 2 ACL 179 192 168 77 1 192 168 77 2 192 168 77 9 192 168 ...

Page 94: ...ss list 179 permit udp 192 168 77 0 0 0 0 255 192 168 77 3 0 0 0 255 exit Example 3 Apply the rule to Inbound Traffic on Port 0 2 Only traffic matching the criteria will be accepted interface 0 2 ip access group 179 in exit MAC ACL CLI Examples The following are examples of the commands used for the MAC ACLs feature Example 4 Set up a MAC Access List DWS 3024 Config mac access list extended Config...

Page 95: ... 44 55 00 00 00 00 FF FF ethertypekey Enter one of the following keywords to specify an Ethertype appletalk arp ibmsna ipv4 ipv6 ipx mplsmcast mplsucast netbios novell pppoe rarp 0x0600 0xffff Enter a four digit hexadecimal number in the range of 0x0600 to 0xffff to specify a custom Ethertype value vlan Configure a match condition based on a VLAN ID cos Configure a match condition based on a COS v...

Page 96: ...s Control List DWS 3024 Interface 0 5 mac access group mac1 in Enter the direction in DWS 3024 Interface 0 5 mac access group mac1 in cr Press Enter to execute the command 1 4294967295 Enter the sequence number greater than 0 to rank direction A lower sequence number has higher precedence DWS 3024 Interface 0 5 mac access group mac1 in 6 cr Press Enter to execute the command DWS 3024 Interface 0 5...

Page 97: ...v4 ipv6 ipx mplsmcast mplsucast netbios novell pppoe rarp 0x0600 0xffff Enter a four digit hexadecimal number in the range of 0x0600 to 0xffff to specify a custom Ethertype value vlan Configure a match condition based on a VLAN ID cos Configure a match condition based on a COS value log Configure logging for this access list rule assign queue Configure the Queue Id assignment attribute cr Press En...

Page 98: ... in this section to configure and view MAC access control list and IP access control lists MAC ACL Web Pages The following figures show the pages available to view and configure MAC ACL settings Figure 47 MAC ACL Configuration Page Create New MAC ACL Figure 48 MAC ACL Rule Configuration Create New Rule ...

Page 99: ...Web Examples 99 15 Access Control Lists ACLs Figure 49 MAC ACL Rule Configuration Page Add Destination MAC and MAC Mask Figure 50 MAC ACL Rule Configuration Page View the Current Settings ...

Page 100: ...100 2001 2011 D Link Corporation All Rights Reserved Configuration Guide Figure 51 ACL Interface Configuration Figure 52 MAC ACL Summary ...

Page 101: ...Control Lists ACLs Figure 53 MAC ACL Rule Summary IP ACL Web Pages The following figures show the pages available to view and configure standard and extended IP ACL settings Figure 54 IP ACL Configuration Page Create a New IP ACL ...

Page 102: ... D Link Corporation All Rights Reserved Configuration Guide Figure 55 IP ACL Configuration Page Create a Rule and Assign an ID Figure 56 IP ACL Rule Configuration Page Rule with Protocol and Source IP Configuration ...

Page 103: ...Web Examples 103 15 Access Control Lists ACLs Figure 57 Attach IP ACL to an Interface ...

Page 104: ...104 2001 2011 D Link Corporation All Rights Reserved Configuration Guide Figure 58 IP ACL Summary Figure 59 IP ACL Rule Summary ...

Page 105: ...uthentication server Server that performs the authentication function necessary to check the credentials of the supplicant on behalf of the Authenticator Completion of an authentication exchange requires all three roles The Unified Switch supports the authenticator role only in which the PAE is responsible for communicating with the supplicant The authenticator PAE is also responsible for submitti...

Page 106: ...ssociated with the 802 1x default login 802 1x port based access control is enabled for the system and interface 0 1 is configured to be in force authorized mode because this is where the RADIUS server and protected network resources are located Figure 60 DWS 3000 with 802 1x Network Access Control If a user or supplicant attempts to communicate via the switch on any interface except interface 0 1...

Page 107: ... the 802 1X enabled switch port The switch verifies the credentials of the client by communicating with an authentication server If the credentials are verified the authentication server informs the switch to unblock the switch port and allows the client unrestricted access to the network i e the client is a member of an internal VLAN Guest VLAN Supplicant mode is a global configuration for all th...

Page 108: ...Guide Configuring the Guest VLAN by Using the Web Interface To enable the Guest VLAN features by using the Web interface use the LAN Security 802 1x 802 1X Setting page To configure the Guest VLAN settings on a port use the LAN Security 802 1x 802 1X Port Setting page ...

Page 109: ... for clients based on the RADIUS server authentication To enable the switch to accept VLAN assignment by the RADIUS server use the authorization network radius command in Global Config mode To enable the VLAN Assignment Mode by using the Web interface use the LAN Security 802 1x 802 1X Setting page and select Enable from the VLAN Assignment Mode menu ...

Page 110: ...110 2001 2011 D Link Corporation All Rights Reserved Configuration Guide ...

Page 111: ... that interface must enter a username and password that is verified by a local user database Web Example Use the following steps to configure a captive portal for wired clients that connect to the network by using interfaces 0 1 0 10 1 Enable the captive portal A Navigate to the LAN Security Captive Portal Global Configuration page B Select the Enable Captive Portal option C Click Submit 2 Configu...

Page 112: ...xt on the page the logos that display and the color scheme 3 Configure a captive portal user A Navigate to the LAN Security Captive Portal Local User page B Click Add C Enter the user name user1 and the password 12345678 D Click Add 4 Associate the appropriate interfaces to the configured captive portal A Navigate to the LAN Security Captive Portal Interface Association page B Select Default from ...

Page 113: ... 0 7 interface 0 8 interface 0 9 interface 0 10 exit user 1 password user 1 name user1 user 1 group 1 exit Customizing the Captive Portal Web Page When a wireless client connects to the access point the user sees a Web page The CP Web Page Customization page allows you to customize the appearance of that page with specific text and images You can create up to five location specific Web pages for e...

Page 114: ... CP Welcome Page Contains settings that affect the page users see when they successfully connect to the network Logout Page Contains settings that affect the client logout window users see after they successfully authenticate This window contains the logout button Logout Success Page Contains settings that affect the page users see after they success fully deauthenticate The fields available on th...

Page 115: ...Customizing the Captive Portal Web Page 115 17 Captive Portal Figure 62 CP Web Page Customization Authentication Page Figure 63 CP Web Page Customization Welcome Page ...

Page 116: ... request the authenticated user connected either through wireless connection or through wired connection is removed from the connection status tables In addition the wireless clients are disassociated as well If the client logout request feature is not enabled or the user does not specifically request logout their connection status will remain authenticated until such time Captive Portal deauthent...

Page 117: ...These RADIUS parameters are described as follows Radius Attribute WISPr Bandwidth Max Up Number 14122 7 Description Maximum client transmit rate b s Limits the bandwidth at which the client can send data into the network If the attribute is 0 or not present then use the value configured for the captive portal Range Integer Usage Optional Radius Attribute WISPr Bandwidth Max Down Number 14122 8 Des...

Page 118: ...er 171 126 Description Maximum number of octets the user is allowed to transfer sum of octets transmitted and received After this limit has been reached the user will be disconnected If the attribute is 0 or not present then use the value configured for the captive portal Range Integer Usage Optional The WS acts as a NAS in this case These parameters could also be configured for a user in the Loca...

Page 119: ...allowable source MAC address are forwarded Static Locking User manually specifies a list of static MAC addresses for a port Dynamically locked addresses can be converted to statically locked addresses Operation Port Security Helps secure network by preventing unknown devices from forwarding packets When link goes down all dynamically locked addresses are freed If a specific MAC address is to be se...

Page 120: ...urity information for a specific interface dynamic Display dynamically learned MAC addresses static Display statically locked MAC addresses violation Display the source MAC address of the last packet that was discarded on a locked port Example 2 show port security on a specific interface DWS 3024 show port security 0 10 Admin Dynamic Static Violation Intf Mode Limit Limit Trap Mode 0 10 Disabled 6...

Page 121: ...Web Examples 121 18 Port Security Web Examples The following Web pages are used in the Port Security feature Figure 66 Port Security Administration Figure 67 Port Security Interface Configuration ...

Page 122: ...rved Configuration Guide Figure 68 Port Security Statically Configured MAC Addresses To view Port Security status information navigate to LAN Monitoring Port Security from the navigation panel Figure 69 Port Security Dynamically Learned MAC Addresses ...

Page 123: ...Web Examples 123 18 Port Security Figure 70 Port Security Violation Status ...

Page 124: ...124 2001 2011 D Link Corporation All Rights Reserved Configuration Guide ...

Page 125: ... functioning RADIUS supported network a device referred to as the Network Access Server NAS first detects the contact For wired clients the NAS is the DWS 3000 switch for wireless clients the AP serves as the NAS The NAS or user login interface then prompts the user for a name and password The NAS encrypts the supplied information and a RADIUS client transports the request to a pre configured RADI...

Page 126: ...ry server deny the authentication request The secondary server also acts as a failover server in the sense that authentication requests are sent to the secondary server if the primary server is not available for some reason For a managed AP solution the secondary server is defined along with its secret in the AP configuration profile on the DWS 3000 switch Like the primary RADIUS server the second...

Page 127: ...in the event that the RADIUS server cannot be contacted This authentication list is then associated with the default login Figure 71 RADIUS Servers in a DWS 3000 Network When a user attempts to log in the switch prompts for a username and password The switch then attempts to communicate with the primary RADIUS server at 10 10 10 10 Upon successful connection with the server the login credentials a...

Page 128: ... 11 11 11 radius server key auth 11 11 11 11 secret2 secret2 radius server primary 10 10 10 10 authentication login radiusList radius local users defaultlogin radiusList exit Using the Web Interface The following Web screens show how to perform the configuration described in the example Figure 72 Add a RADIUS Server ...

Page 129: ...RADIUS Configuration Examples 129 19 RADIUS Figure 73 Configuring the RADIUS Server ...

Page 130: ...130 2001 2011 D Link Corporation All Rights Reserved Configuration Guide Figure 74 Create an Authentication List Figure 75 Configure the Authentication List ...

Page 131: ...s example assumes that a primary RADIUS server has already been configured in the AP profile Note that the same commands can be used in Network Profile mode to configure these parameters on particular wireless network Using CLI Commands config ap profile radius server bakcupone 11 11 11 11 radius server backuponesecret secret2 secret2 radius failthrough Using the Web Interface The following Web sc...

Page 132: ...132 2001 2011 D Link Corporation All Rights Reserved Configuration Guide Enabling Failthrough Mode at the Global Level Enabling Failthrough Mode for a Particular Network ...

Page 133: ...heir network IP address You can also assign each a priority to determine the order in which the TACACS client will contact them TACACS contacts the server when a connection attempt fails or times out for a higher priority server You can configure each server host with a specific connection type port timeout and shared key or you can use global configuration for the key and timeout Like RADIUS the ...

Page 134: ...ls over an encrypted channel The server then grants or denies access which the switch honors and either allows or does not allow the user to gain access to the switch If neither of the two servers can be contacted the switch searches its local user database for the user Configuring TACACS by Using CLI Commands The following CLI commands perform the configuration described in the example config tac...

Page 135: ...ample 135 20 TACACS Configuring TACACS by Using the Web Interface The following Web screens show how to perform the configuration described in the example Figure 78 Add a TACACS Server Figure 79 Configuring the TACACS Server ...

Page 136: ...136 2001 2011 D Link Corporation All Rights Reserved Configuration Guide Figure 80 Create an Authentication List TACACS Figure 81 Configure the Authentication List TACACS ...

Page 137: ...TACACS Configuration Example 137 20 TACACS Figure 82 Set the User Login TACACS ...

Page 138: ...138 2001 2011 D Link Corporation All Rights Reserved Configuration Guide ...

Page 139: ...ng table Ingress Port Configuration Each ingress port on the switch has a default priority value set by configuring VLAN Port Priority in the Switching sub menu that determines the egress queue its traffic gets forwarded to Packets that arrive without a priority designation or packets from ports you have identified as untrusted get forwarded according to this default Trusted and Untrusted Ports Co...

Page 140: ...ues always sent last Weighted scheduling requires a specification of priority for each queue relative to the other queues based on their minimum bandwidth values Queue management tail drop Queue Management Type The D Link DWS 3000 switch supports the tail drop method of queue management This means that any packet forwarded to a full queue is dropped regardless of its importance CLI Examples Figure...

Page 141: ...the diagram the packet transmission order as seen on the network leading out of Port 0 8 is B A D C Thus packet B with its higher user precedence than the others is able to work its way through the device with minimal delay and is transmitted ahead of the other packets at the egress port UserPri 3 packet A UserPri 7 packet B untagged packet C UserPri 6 packet D time Port 0 10 mode trust dot1p 0 2 ...

Page 142: ...dot1p mapping 6 3 vlan priority 2 exit interface 0 8 cos queue min bandwidth 0 0 5 5 10 20 40 0 cos queue strict 6 exit exit You can also set traffic shaping parameters for the interface If you wish to shape the egress interface for a sustained maximum data rate of 80 Mbps assuming a 100Mbps link speed you would add a simple configuration line expressing the shaping rate as a percentage of link sp...

Page 143: ...b Examples 143 21 Class of Service Queuing Web Examples The following web pages are used for the Class of Service feature Figure 85 802 1p Priority Mapping Page Figure 86 CoS Trust Mode Configuration Page ...

Page 144: ...144 2001 2011 D Link Corporation All Rights Reserved Configuration Guide Figure 87 IP DSCP Mapping Configuration Page Figure 88 CoS Interface Configuration Page ...

Page 145: ...Web Examples 145 21 Class of Service Queuing Figure 89 CoS Interface Queue Configuration Page Figure 90 CoS Interface Queue Status Page ...

Page 146: ...146 2001 2011 D Link Corporation All Rights Reserved Configuration Guide ...

Page 147: ...ased on the contents of the Layer 3 and Layer 4 headers and is recorded in the Differentiated Services Code Point DSCP added to a packet s IP header Interior node A switch in the core of the network is responsible for forwarding packets rather than for classifying them It decodes the DSCP in an incoming packet and provides buffering and forwarding services using the appropriate queue management al...

Page 148: ...mple This example shows how a network administrator can provide equal access to the Internet or other external network to different departments within a company Each of four departments has its own Class B subnet that is allocated 25 of the available bandwidth on the port accessing the Internet Figure 91 DiffServ Internet Access Example Network Diagram DiffServ Inbound Configuration 1 Ensure DiffS...

Page 149: ...ress queue This is how the DiffServ inbound policy connects to the CoS queue settings established below policy map internet_access in class finance_dept assign queue 1 exit class marketing_dept assign queue 2 exit class test_dept assign queue 3 exit class development_dept assign queue 4 exit exit 4 Attach the defined policy to interfaces 0 1 through 0 4 in the inbound direction interface 0 1 servi...

Page 150: ...oming color value to be used as the conforming color The following commands show how to add a color aware policing attribute to the finance_dept class 1 Add a new class to serve as the auxiliary traffic class The match condition for the class must be either IP Precedence or IP DSCP In this example the match condition is IP Prece dence with a value of 2 class map match all color_class match ip prec...

Page 151: ...ce Value 2 Class Name marketing_dept Assign Queue 2 Class Name test_dept Assign Queue 3 Class Name development_dept Assign Queue 4 Using the Web Interface to Configure Diffserv Access the DiffServ configuration pages from the LAN QoS Differentiated Services folder The following DiffServ pages are available DiffServ Configuration Class Configuration Policy Configuration Policy Class Definition Serv...

Page 152: ...152 2001 2011 D Link Corporation All Rights Reserved Configuration Guide Figure 92 DiffServ Configuration Figure 93 DiffServ Class Configuration ...

Page 153: ...Using the Web Interface to Configure Diffserv 153 22 Differentiated Services Figure 94 DiffServ Class Configuration Add Match Criteria Figure 95 Source IP Address ...

Page 154: ...154 2001 2011 D Link Corporation All Rights Reserved Configuration Guide Figure 96 DiffServ Class Configuration Figure 97 DiffServ Class Summary ...

Page 155: ...Using the Web Interface to Configure Diffserv 155 22 Differentiated Services Figure 98 DiffServ Policy Configuration Figure 99 DiffServ Policy Configuration ...

Page 156: ...156 2001 2011 D Link Corporation All Rights Reserved Configuration Guide Figure 100 DiffServ Policy Class Definition Figure 101 Assign Queue ...

Page 157: ...Using the Web Interface to Configure Diffserv 157 22 Differentiated Services Figure 102 DiffServ Policy Summary Figure 103 DiffServ Policy Attribute Summary ...

Page 158: ...158 2001 2011 D Link Corporation All Rights Reserved Configuration Guide Figure 104 DiffServ Service Configuration Figure 105 DiffServ Service Summary ...

Page 159: ... refreshes and the Class Match Selector field appears The match condition for the class must be either IP Precedence or IP DSCP In this example the match condition is IP Precedence with a value of 2 2 From the Class Match Selector field select IP Precedence and click Add Match Criteria 3 From the Precedence Value menu on the IP Precedence page select 2 and then click Submit 4 Navigate to the Polic...

Page 160: ...er the screen refreshes enter values for the Committed Rate and Committed Burst Size fields D Click Configure Selected Attribute The DiffServ Policy Attribute Summary page appears so you can view information about all of the policies and their attributes configured on the system ...

Page 161: ...te is vital This example shows one way to provide the necessary quality of service how to set up a class for UDP traffic have that traffic marked on the inbound side and then expedite the traffic on the outbound side The configuration script is for Router 1 in the accompanying diagram a similar script should be applied to Router 2 Figure 106 DiffServ VoIP Example Network Diagram 1 2 3 4 5 6 7 8 9 ...

Page 162: ...iterion to detect a DiffServ code point DSCP of EF expedited forwarding This handles incoming traffic that was previously marked as expedited elsewhere in the network class map match all class_ef match ip dscp ef exit Create a DiffServ policy for inbound traffic named pol_voip then add the previously created classes class_ef and class_voip as instances within this policy This policy handles incomi...

Page 163: ...rks by allowing the administrator to configure each port as a trusted or untrusted port The port that has the authorized DHCP server should be configured as a trusted port Any DHCP responses received on a trusted port will be forwarded All other ports should be configured as untrusted Any DHCP or BootP responses received on the ingress side will be discarded Limitations Port Channels LAGs If an in...

Page 164: ...ig interface 0 11 ip dhcp filtering trust exit exit Example 3 Show DHCP Filtering Configuration show ip dhcp filtering Switch DHCP Filtering is Enabled Interface Trusted 0 1 No 0 2 No 0 3 No 0 4 No 0 5 No 0 6 No 0 7 No 0 8 No 0 9 No 0 10 No 0 11 Yes 0 12 No 0 13 No 0 14 No 0 15 No Web Examples From the Web interface you can perform the following DHCP Filtering tasks Enable or disable administratio...

Page 165: ...h Figure 107 DHCP Filtering Configuration Use the DHCP Filtering Interface Configuration page to configure DHCP Filtering on specific interfaces Figure 108 DHCP Filtering Interface Configuration To view the DHCP Filtering settings on each interface use the DHCP Filter Binding Information page under LAN Monitoring DHCP Filter Summary ...

Page 166: ...166 2001 2011 D Link Corporation All Rights Reserved Configuration Guide Figure 109 DHCP Filter Binding Information ...

Page 167: ...all L3 devices Can be used to detect issues on the network Tracks up to 20 hops Default UDP port uses 33343 unless modified in the traceroute command NOTE You can execute Traceroute with CLI commands only there is no Web interface for this feature CLI Example The following shows an example of using the traceroute command to determine how many hops there are to the destination The command output sh...

Page 168: ... 2 10 254 253 1 30 ms 49 ms 21 ms 3 63 237 23 33 29 ms 10 ms 10 ms 4 63 144 4 1 39 ms 63 ms 67 ms 5 63 144 1 141 70 ms 50 ms 50 ms 6 205 171 21 89 39 ms 70 ms 50 ms 7 205 171 8 154 70 ms 50 ms 70 ms 8 205 171 8 222 70 ms 50 ms 80 ms 9 205 171 251 34 60 ms 90 ms 50 ms 10 209 244 219 181 60 ms 70 ms 70 ms 11 209 244 11 9 60 ms 60 ms 50 ms 12 4 68 121 146 50 ms 70 ms 60 ms 13 4 79 228 2 60 ms 60 ms 6...

Page 169: ... Apply Upload Download Provides script format of one CLI command per line Considerations Total number of scripts stored on the system is limited by NVRAM FLASH size Application of scripts is partial if script fails For example if the script executes five of ten commands and the script fails the script stops at five Scripts cannot be modified or deleted while being applied Validation of scripts che...

Page 170: ...asic scr Are you sure you want to delete the configuration script s y n y 1 configuration script s deleted Example 3 script apply running config scr DWS 3024 script apply running config scr Are you sure you want to apply the configuration script y n y The systems has unsaved changes Would you like to save them now y n y Configuration Saved Example 4 show running config Use this command to capture ...

Page 171: ...you sure you want to start y n y File transfer operation completed successfully Example 6 script validate running config scr DWS 3024 script validate running config scr serviceport protocol none network protocol dhcp no network javamode vlan database exit configure exit logging buffered logging host 192 168 77 151 Configuration script running config scr validated DWS 3024 script apply running conf...

Page 172: ...024 script validate default scr network parms 172 30 4 2 255 255 255 0 0 0 0 0 vlan database exit configure lineconfig exit spanning tree configuration name 00 18 00 00 00 10 interface 0 1 exit interface 0 2 exit interface 0 3 exit continues through interface 0 26 exit exit Configuration script default scr validation succeeded ...

Page 173: ... When a telnet connection is initiated each side of the connection is assumed to originate and terminate at a Network Virtual Terminal NVT Server and user hosts do not maintain information about the characteristics of each other s terminals and terminal handling conventions Must use a valid IP address CLI Examples The following are examples of the commands used in the Outbound Telnet feature ...

Page 174: ...show telnet DWS 3024 show telnet Outbound Telnet Login Timeout minutes 5 Maximum Number of Outbound Telnet Sessions 5 Allow New Outbound Telnet Sessions Yes Example 3 transport output telnet DWS 3024 Config lineconfig cr Press Enter to execute the command DWS 3024 Config lineconfig DWS 3024 Line transport input Displays the protocols to use to connect to a specific line of the router output Displa...

Page 175: ...on limit 5 DWS 3024 Line session timeout 1 160 Enter time in minutes DWS 3024 Line session timeout 15 Web Example You can set up the Outbound Telnet session through the Web interface You can Enable or disable administration mode Set how many sessions you want Set the session time outs Figure 110 Telnet Session Configuration ...

Page 176: ...176 2001 2011 D Link Corporation All Rights Reserved Configuration Guide ...

Page 177: ...can be uploaded or downloaded File size cannot be larger than 2K The Pre Login Banner feature is only for the CLI interface CLI Example To create a Pre Login Banner follow these steps 1 On your PC using Notepad or another text editor create a banner txt file that contains the banner to be displayed DWS 3000 switch Login Banner Unauthorized access is punishable by law 2 Transfer the file from the P...

Page 178: ...TFTP Server IP 192 168 77 52 TFTP Path TFTP Filename banner txt Data Type Cli Banner Are you sure you want to start y n y CLI Banner file transfer operation completed successfully DWS 3024 exit DWS 3024 logout DWS 3000 switch Login Banner Unauthorized access is punishable by law User Note The command no clibanner removes the banner from the switch ...

Page 179: ...nt implemented over UDP which listens on port 123 CLI Examples The following are examples of the commands used in the SNTP feature Example 1 show sntp DWS 3024 show sntp cr Press Enter to execute the command client Display SNTP Client Information server Display SNTP Server Information Example 2 show sntp client DWS 3024 show sntp client Client Supported Modes unicast broadcast SNTP Version 4 Port ...

Page 180: ... 18 11 59 33 2005 Last Update Status Other Total Unicast Requests 1111 Failed Unicast Requests 361 Example 4 configure sntp DWS 3024 Config sntp broadcast Configure SNTP client broadcast parameters client Configure the SNTP client parameters server Configure SNTP server parameters unicast Configure SNTP client unicast parameters Example 5 configure sntp client mode DWS 3024 Config sntp client mode...

Page 181: ... client port 1 cr Press Enter to execute the command 6 10 Enter value in the range 6 to 10 Poll interval is 2 value in seconds Web Interface Examples The following are examples of Web Interface pages used in the SNTP feature To configure SNTP settings use the LAN Admin SNTP SNTP Settings Configuration page Figure 111 SNTP Settings Configuration Page Figure 112 SNTP Server Configuration Page To con...

Page 182: ...ion Guide Figure 113 SNTP Server Configuration Page To configure SNTP server settings use the LAN Admin SNTP Time Zone Configuration page Figure 114 Time Zone Configuration Page To configure SNTP server settings use the LAN Admin SNTP Summer Time Configuration page ...

Page 183: ...Web Interface Examples 183 28 Simple Network Time Protocol SNTP Figure 115 Summer Time Configuration Page ...

Page 184: ...184 2001 2011 D Link Corporation All Rights Reserved Configuration Guide ...

Page 185: ... to local files on the switch or a remote server running a syslog daemon Method of collecting message logs from many systems Interpreting Log Files 130 JAN 01 00 00 06 0 0 0 0 1 UNKN 0x800023 bootos c 386 4 Event 0xaaaaaaaa A Priority B Timestamp C Stack ID D Component Name E Thread ID F File Name G Line Number H Sequence Number I Message A B C D E F G H I ...

Page 186: ...and DWS 3024 show logging buffered Buffered In Memory Logging enabled Buffered Logging Wrapping Behavior On Buffered Log Count 66 6 Nov 29 13 31 38 0 0 0 0 1 UNKN 292290880 sysapi c 1280 3 sysapiCfgFile sSeparate CRC check failed 0x0 read and 0xce0a37e0 calculated 6 Nov 29 13 31 38 0 0 0 0 1 UNKN 292290880 sysapi c 1131 4 could not sep arate SYSAPI_CONFIG_FILENAME 2 Nov 29 13 31 42 0 0 0 0 1 UNKN ...

Page 187: ... 4 2 days 23 16 32 Link Down Unit 0 Slot 1 Port 2 5 2 days 23 16 03 Link Down Unit 0 Slot 1 Port 1 6 2 days 19 49 28 Multiple Users Unit 0 Slot 3 Port 1 7 2 days 18 20 56 Multiple Users Unit 0 Slot 3 Port 1 8 2 days 17 10 41 Multiple Users Unit 0 Slot 3 Port 1 9 2 days 00 55 42 Multiple Users Unit 0 Slot 3 Port 1 10 2 days 00 55 38 Failed User Login Unit 1 User ID admin 11 2 days 00 20 12 Multiple...

Page 188: ...reconfigure Logging Host Reconfiguration remove Logging Host Removal DWS 3024 Config logging host 192 168 21 253 cr Press Enter to execute the command port Enter Port ID from 0 to 65535 DWS 3024 Config logging host 192 168 21 253 4 cr Press Enter to execute the command severitylevel Enter Logging Severity Level emergency 0 alert 1 critical 2 error 3 warning 4 notice 5 info 6 debug 7 DWS 3024 Confi...

Page 189: ...Web Examples 189 29 Syslog Web Examples The following web pages are used with the Syslog feature Figure 116 Log Syslog Configuration Page Figure 117 Buffered Log Configuration Page ...

Page 190: ...190 2001 2011 D Link Corporation All Rights Reserved Configuration Guide Figure 118 Log Hosts Configuration Page Add Host Figure 119 Log Hosts Configuration Page ...

Page 191: ...LI Example Use the commands shown below for the Port Description feature Example 1 Enter a Description for a Port This example specifies the name Test for port 0 10 config interface 0 10 description Test exit exit Example 2 Show the Port Description show port description 0 10 Interface 0 10 ifIndex 10 Description Test MAC Address 00 00 00 01 00 02 Bit Offset Val 10 ...

Page 192: ...poration All Rights Reserved Configuration Guide Configuring Port Description with the Web Interface Use the following Web screen to enter Port Description information Figure 120 Port Configuration Screen Set Port Description ...

Reviews:

No comments

Related manuals for UNIFIED WIRED & WIRELESS ACCESS SYSTEM...

NetComm NF12 Configuration Manual preview
NF12
Brand: NetComm Pages: 3
Ubiquiti BulletM2-HP Quick Start Manual preview
BulletM2-HP
Brand: Ubiquiti Pages: 12
Ubiquiti air Router HP Quick Start Manual preview
air Router HP
Brand: Ubiquiti Pages: 16
Ebyte E01-ML01DP5 User Manual preview
E01-ML01DP5
Brand: Ebyte Pages: 10
CES RF-NET Installation And Commissioning Manual preview
RF-NET
Brand: CES Pages: 30
B-Link BL-M8822CU1 User Manual preview
BL-M8822CU1
Brand: B-Link Pages: 14
Ruckus Wireless T610s Quick Setup Manual preview
T610s
Brand: Ruckus Wireless Pages: 4
Sercomm RP052M User Manual preview
RP052M
Brand: Sercomm Pages: 14
Reliance Wi-Fi SER8189 User Manual preview
Wi-Fi SER8189
Brand: Reliance Pages: 33
Obihai OBi100 Quick Start Manual preview
OBi100
Brand: Obihai Pages: 4
Linksys AC2400 User Manual preview
AC2400
Brand: Linksys Pages: 544
D-Link Vonage Quick Start Manual preview
Vonage
Brand: D-Link Pages: 12
D-Link Q.NET-WLAN655 Manual preview
Q.NET-WLAN655
Brand: D-Link Pages: 9
D-Link Wireless VPN Router DI-824VUP Quick Installation Manual preview
Wireless VPN Router DI-824VUP
Brand: D-Link Pages: 18
D-Link Vonage VWR User Manual preview
Vonage VWR
Brand: D-Link Pages: 50
D-Link RangeBooster N DIR-628 User Manual preview
RangeBooster N DIR-628
Brand: D-Link Pages: 104
SAF tehnika Integra-W Series User Manual preview
Integra-W Series
Brand: SAF tehnika Pages: 82
Aruba Networks AP-204 Installation Manual preview
AP-204
Brand: Aruba Networks Pages: 2

Brands by name

Popular brands

Load more brands