manualshive.com logo in svg

D-Link xStack DES-3810, Reference Manual

The D-Link xStack DES-3810 is a high-performance network switch designed for large-scale businesses. Its comprehensive Reference Manual provides detailed instructions for optimal utilization. You can easily download this manual for free from our website, ensuring effortless setup and configuration for your network infrastructure.

Share
Download
background image

xStack

® 

DES-3810 Series Layer 3 Managed Ethernet Switch Web UI Reference Guide 

 

355 

Parameter 

Description 

IPv4 Address 

Here the user can enter an IPv4 address to add to the trusted host list. 

Net Mask 

Here the user can enter a IPv4 Net Mask address to add to the trusted host list. 

IPv6 Address 

Here the user can enter an IPv6 address to add to the trusted host list. 

Net Mask 

Here the user can enter a IPv6 Net Mask address to add to the trusted host list. 

Access Interface 

Here the user can select services that will be allowed to the trusted host. 

Click the 

Add

 button to add a new entry based on the information entered. 

Click the 

Delete All 

button to remove all the entries listed. 

Click the 

Edit

 button to re-configure the specified entry. 

Click the 

Delete

 button to remove the specified entry. 

 

Safeguard Engine Settings 

Periodically, malicious hosts on the network will attack the Switch by utilizing packet flooding (ARP Storm) or other 

methods. These attacks may increase the switch load beyond its capability. To alleviate this problem, the Safeguard 

Engine function was added to the Switch’s software. 
 
The Safeguard Engine can help the overall operability of the Switch by minimizing the workload of the Switch while the 

attack is ongoing, thus making it capable to forward essential packets over its network in a limited bandwidth. The 

Safeguard Engine has two operating modes that can be configured by the user, 

Strict

 and 

Fuzzy

. In 

Strict

 mode, when 

the Switch either (a) receives too many packets to process or (b) exerts too much memory, it will enter the Exhausted

 

mode. When in this mode, the Switch will drop all ARP and IP broadcast packets and packets from un-trusted IP 

addresses for a calculated time interval. Every five seconds, the Safeguard Engine will check to see if there are too 

many packets flooding the Switch. If the threshold has been crossed, the Switch will initially stop all ingress ARP and 

IP broadcast packets and packets from un-trusted IP addresses for five seconds. After another five-second checking 

interval arrives, the Switch will again check the ingress flow of packets. If the flooding has stopped, the Switch will 

again begin accepting all packets. Yet, if the checking shows that there continues to be too many packets flooding the 

Switch, it will stop accepting all ARP and IP broadcast packets and packets from un-trusted IP addresses for double 

the time of the previous stop period. This doubling of time for stopping these packets will continue until the maximum 

time has been reached, which is 320 seconds and every stop from this point until a return to normal ingress flow 

would be 320 seconds. For a better understanding, please examine the following example of the Safeguard Engine. 
 

 

Figure 9-86 Safeguard Engine window 

 
For every consecutive checking interval that reveals a packet flooding issue, the Switch will double the time it will 

discard ingress ARP and IP broadcast packets and packets from the illegal IP addresses. In the example above, the 

Switch doubled the time for dropping ARP and IP broadcast packets when consecutive flooding issues were detected 

Summary of Contents for xStack DES-3810

Page 1: ......

Page 2: ...ademarks used in this text D Link and the D LINK logo are trademarks of D Link Corporation Microsoft and Windows are registered trademarks of Microsoft Corporation Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products D Link Corporation disclaims any proprietary interest in trademarks and trade names other than ...

Page 3: ...gs 14 Port Error Disabled 15 Jumbo Frame Settings 15 Serial Port Settings 16 Warning Temperature Settings 16 System Log Configuration 17 System Log Settings 17 System Log Server Settings 17 System Log 18 System Log Trap Settings 19 System Severity Settings 20 Time Range Settings 20 Time Settings 21 User Account Settings 21 SRM EI Mode Only 22 SRM Settings 22 Chapter 3 Management 24 ARP 24 Static A...

Page 4: ... RMON Settings 52 Telnet Settings 52 Web Settings 53 Power Saving 53 Port LED State Settings 53 Power Saving Settings 54 Power Saving LED Settings 54 Power Saving Port Settings 55 Chapter 4 VPN EI Mode Only 56 MPLS 56 LDP 58 MPLS Settings 63 MPLS Static LSP Settings 64 MPLS Dynamic LSP Table 65 MPLS FTN Table 65 MPLS Interface Settings 66 MPLS Class Map Settings 66 MPLS FEC EXP Settings 67 VPWS 67...

Page 5: ... Settings 110 MAC Address Table 110 ARP FDB Table 111 L2 Multicast Control 111 IGMP Proxy 111 IGMP Snooping 113 MLD Proxy 122 MLD Snooping 124 Multicast VLAN 133 IP Multicast VLAN Replication 139 Multicast Filtering 142 IPv4 Multicast Filtering 142 IPv6 Multicast Filtering 144 Multicast Filtering Mode 146 ERPS Settings 147 Local Loopback Port Settings 150 LLDP 151 LLDP 151 LLDP MED 160 NLB FDB Set...

Page 6: ... Traffic Control Settings 230 DSCP 232 DSCP Trust Settings 232 DSCP Map Settings 232 HOL Blocking Prevention 234 Scheduling Settings 234 Scheduling Profile Settings 234 Scheduling Group Settings 235 Chapter 8 ACL 237 ACL Configuration Wizard 237 Access Profile List 238 CPU Access Profile List 256 ACL Finder 271 ACL Flow Meter 271 Egress Access Profile List 275 Adding an Ethernet ACL Profile 275 Ad...

Page 7: ... Japanese Web based Access Control JWAC 319 JWAC Global Settings 319 JWAC Port Settings 321 JWAC User Settings 322 JWAC Authentication State 323 JWAC Customize Page Language 324 JWAC Customize Page 324 Compound Authentication 325 Compound Authentication Settings 328 Compound Authentication Guest VLAN Settings 330 Port Security 330 Port Security Settings 330 Port Security VLAN Settings 332 Port Sec...

Page 8: ...P Server Settings 372 SMTP Settings 372 SNTP 374 SNTP Settings 375 Time Zone Settings 375 Flash File System Settings 377 Chapter 11 OAM 379 CFM 379 CFM Settings 381 CFM Port Settings 386 CFM MIPCCM Table 387 CFM Loopback Settings 387 CFM Linktrace Settings 388 CFM Packet Counter 389 CFM Fault Table 389 CFM MP Table 390 Ethernet OAM 390 Ethernet OAM Settings 391 Ethernet OAM Configuration Settings ...

Page 9: ...P 424 Upload Firmware 424 Upload Firmware To TFTP 424 Upload Firmware To FTP 425 Upload Firmware To RCP 425 Download Configuration 426 Download Configuration From TFTP 426 Download Configuration From FTP 427 Download Configuration From HTTP 427 Download Configuration From RCP 428 Upload Configuration 429 Upload Configuration To TFTP 429 Upload Configuration To FTP 429 Upload Configuration To HTTP ...

Page 10: ... Indicates commands and responses to prompts that must be typed exactly as printed in the manual Initial capital letter Indicates a window name Names of keys on the keyboard have initial capitals For example Click Enter Italics Indicates a window name or a field Also can indicate a variables or parameter that is replaced with an appropriate word or string For example type filename means that the a...

Page 11: ...z in most of North and South America and some Far Eastern countries such as South Korea and Taiwan o 100 V 50 Hz in eastern Japan and 100 V 60 Hz in western Japan o 230 V 50 Hz in most of Europe the Middle East and the Far East Also be sure that attached devices are electrically rated to operate with the power available in your location Use only approved power cable s If you have not been provided...

Page 12: ...nd side stabilizers on a single rack or front stabilizers for joined multiple racks before working on the rack Always load the rack from the bottom up and load the heaviest item in the rack first Make sure that the rack is level and stable before extending a component from the rack Use caution when pressing the component rail release latches and sliding a component into or out of a rack the slide ...

Page 13: ...sis The following steps can also be taken prevent damage from electrostatic discharge ESD 1 When unpacking a static sensitive component from its shipping carton do not remove the component from the antistatic packing material until ready to install the component in the system Just before unwrapping the antistatic packaging be sure to discharge static electricity from your body 2 When transporting ...

Page 14: ...cess the same internal switching software and configure it Thus all settings encountered in web based management are the same as those found in the console program Logging in to the Web Manager To begin managing the Switch simply run the browser installed on your computer and point it to the IP address you have defined for the device The URL in the address bar should read something like http 123 1...

Page 15: ...ain Web Manager Screen Area Number Function Area 1 Select the menu or window to display Open folders and click the hyperlinked menu buttons and subfolders contained within them to display menus Click the D Link logo to go to the D Link website Area 2 Presents a graphical near real time image of the front panel of the Switch This area displays the Switch s ports console and management port showing ...

Page 16: ... to configure features regarding the Layer 3 functionality of the Switch QoS In this section the user will be able to configure features regarding the Quality of Service functionality of the Switch ACL In this section the user will be able to configure features regarding the Access Control List functionality of the Switch Security In this section the user will be able to configure features regardi...

Page 17: ... Information window after viewing other windows click the DES 3810 28 link The Device Information window shows the Switch s MAC Address assigned by the factory and unchangeable the Boot PROM Version Firmware Version Hardware Version and many other important types of information This is helpful to keep track of PROM and firmware updates and to obtain the Switch s MAC address for entry into another ...

Page 18: ...efining the Switch To view the following window click System Configuration System Information Settings as shown below Figure 2 3 System Information Settings window The fields that can be configured are described below Parameter Description System Name Enter a system name for the Switch if so desired This name will identify it in the Switch network System Location Enter the location of the Switch i...

Page 19: ...ngs window The fields that can be configured are described below Parameter Description Trap State Specify whether to send the trap when the operating parameter exceeds the alarm or warning threshold Log State Specify whether to send the log when the operating parameter exceeds the alarm or warning threshold Power Unit Specify the unit of the DDM TX and RX power From Port To Port Select a range of ...

Page 20: ...ction associated with the alarm will be taken Low Alarm 128 127 996 This is the lowest threshold for the alarm When the operating parameter falls below this value action associated with the alarm will be taken High Warning 128 127 996 This is the highest threshold for the warning When the operating parameter rises above this value action associated with the warning will be taken Low Warning 128 12...

Page 21: ...falls below this value action associated with the alarm will be taken High Warning 0 6 55 This is the highest threshold for the warning When the operating parameter rises above this value action associated with the warning will be taken Low Warning 0 6 55 This is the lowest threshold for the warning When the operating parameter falls below this value action associated with the warning will be take...

Page 22: ...parameter falls below this value action associated with the alarm will be taken High Warning 0 131 This is the highest threshold for the warning When the operating parameter rises above this value action associated with the warning will be taken Low Warning 0 131 This is the lowest threshold for the warning When the operating parameter falls below this value action associated with the warning will...

Page 23: ...arameter falls below this value action associated with the alarm will be taken High Warning 0 6 5535 This is the highest threshold for the warning When the operating parameter rises above this value action associated with the warning will be taken Low Warning 0 6 5535 This is the lowest threshold for the warning When the operating parameter falls below this value action associated with the warning...

Page 24: ... below this value action associated with the alarm will be taken High Warning 0 6 5535 This is the highest threshold for the warning When the operating parameter rises above this value action associated with the warning will be taken Low Warning 0 6 5535 This is the lowest threshold for the warning When the operating parameter falls below this value action associated with the warning will be taken...

Page 25: ...t Switch Web UI Reference Guide 12 Figure 2 10 DDM Status Table window Port Settings This page used to configure the details of the switch ports To view the following window click System Configuration Port Configuration Port Settings as shown below ...

Page 26: ...0M Half 100M Full 1000M Full_Master 1000M Full_Slave and 1000M Full There is no automatic adjustment of port settings with any option other than Auto The Switch allows the user to configure three types of gigabit connections 1000M Full_Master 1000M Full_Slave and 1000M Full Gigabit connections only support full duplex connections and take on certain characteristics that are different from the othe...

Page 27: ...IX mode and can be connected to a port in MDI mode on another switch through a straight cable Address Learning Enable or disable MAC address learning for the selected ports When Enabled destination and source MAC addresses are automatically listed in the forwarding table When address learning is Disabled MAC addresses must be manually entered into the forwarding table This is sometimes done for re...

Page 28: ...wn below Figure 2 13 Port Error Disabled window The fields that can be displayed are described below Parameter Description Port Displays the port that has been error disabled Port State Describes the current running state of the port whether enabled or disabled Connection Status This field will read the uplink status of the individual ports whether enabled or disabled Reason Describes the reason w...

Page 29: ...interface This automatically logs the user out after an idle period of time as defined Choose from the following options 2 5 10 15 minutes or Never The default setting is 10 minutes Data Bits Displays the data bits used for the serial port connection Parity Bits Displays the parity bits used for the serial port connection Stop Bits Displays the stop bits used for the serial port connection Click t...

Page 30: ...click to Apply button to accept the changes made Save Mode Use the pull down menu to choose the method for saving the switch log to the flash memory The user has three options Time Interval Users who choose this method can configure a time interval by which the Switch will save the log files in the box adjacent to this configuration field The user may set a time between 1 and 65535 minutes On Dema...

Page 31: ...erver Facility Use the drop down menu to select Local 0 Local 1 Local 2 Local 3 Local 4 Local 5 Local 6 or Local 7 UDP Port Type the UDP port number used for sending Syslog messages The default is 514 Status Choose Enabled or Disabled to activate or deactivate Click the Apply button to accept the changes made Click the Delete All button to remove all servers configured Click the Edit button to re ...

Page 32: ...ribing the event that triggered the history log entry Click the Find button to display the log in the display section according to the selection made Click the Clear Log button to clear the entries from the log in the display section Click the Clear Attack Log button to clear the entries from the attack log in the display section Enter a page number and click the Go button to navigate to a specifi...

Page 33: ...rt type to an SNMP agent and the Switch s log for analysis Severity Level This drop down menu allows you to select the level of messages that will be sent The options are Emergency Alert Critical Error Warning Notice Informational and Debug Click the Apply button to accept the changes made Time Range Settings Time range is a time period that the respective function will take an effect on such as A...

Page 34: ...indow Click the Delete button to remove the specified entry Enter a page number and click the Go button to navigate to a specific page when multiple pages exist Time Settings Users can configure the time settings for the Switch To view the following window click System Configuration Time Settings as shown below Figure 2 23 Time Settings window The fields that can be configured are described below ...

Page 35: ...Here the user can re type in a new password for the switch Access Right Here the user can specify the access right for this user Click the Apply button to accept the changes made Click the Edit button to re configure the specified entry Click the Delete button to remove the specified entry NOTICE In case of lost passwords or password corruption please refer to the appendix chapter entitled Passwor...

Page 36: ...3 SRM Configured Mode Select the Routing option to specify that more hardware resources will be assigned to the L3 routing functions Select the VPWS option to specify that more hardware resources will be assigned to MPLS functions Click the Apply button to accept the changes made ...

Page 37: ... permanent entry is entered and is used to translate IP addresses to MAC addresses To view the following window click Management ARP Static ARP Settings as shown below Figure 3 1 Static ARP Settings window The fields that can be configured are described below Parameter Description ARP Aging Time 0 65535 The ARP entry age out time in minutes The default is 20 minutes IP Address The IP address of th...

Page 38: ...ement ARP Proxy ARP Settings as shown below Figure 3 2 Proxy ARP Settings window Click the Edit button to re configure the specific entry and select the proxy ARP state of the IP interface By default both the Proxy ARP State and Local Proxy ARP State are disabled ARP Table Users can display current ARP entries on the Switch To view the following window click Management ARP ARP Table as shown below...

Page 39: ...e the system knows that somebody out there uses an IP address that is conflict with the system In order to reclaim the correct host of this IP address the system can send out the gratuitous ARP request packets for this duplicate IP address Gratuitous ARP Learning Normally the system will only learn the ARP reply packet or a normal ARP request packet that asks for the MAC address that corresponds t...

Page 40: ...me is 0 Click the Apply button to accept the changes made for each individual section IPv6 Neighbor Settings The user can configure the Switch s IPv6 neighbor settings The Switch s current IPv6 neighbor settings will be displayed in the table at the bottom of this window To view the following window click Management IPv6 Neighbor Settings as shown below Figure 3 6 IPv6 Neighbor Settings window The...

Page 41: ...he following window click Management IP Interface System IP Address Settings as shown below Figure 3 7 System IP Address Settings window The fields that can be configured are described below Parameter Description Static Allows the entry of an IP address subnet mask and a default gateway for the Switch These fields should be of the form xxx xxx xxx xxx where each xxx is a number represented in deci...

Page 42: ...mines where packets with a destination address outside the current subnet should be sent This is usually the address of a router or a host acting as an IP gateway If your network is not part of an intranet or you do not want the Switch to be accessible outside your local network you can leave this field unchanged Click the Apply button to accept the changes made The following table will describe t...

Page 43: ...t it to IPv6 After clicking the Add button the following page will appear Figure 3 9 IPv4 Interface Settings window The fields that can be configured are described below Parameter Description IP Interface Name Here the user can enter the name of the IP interface being created IPv4 Address Here the user can enter the IPv4 address used Subnet Mask Here the user can enter the IPv4 subnet mask used VL...

Page 44: ...tate Here the user can select to enable or disable IPv4 State Interface Admin State Here the user can select to enable or disable the Interface Admin State Click the Back button to discard the changes made and return to the previous page Click the Apply button to accept the changes made After clicking the IPv6 Edit button the following page will appear Figure 3 11 IPv6 Interface Settings window Th...

Page 45: ...the addition to the addresses derived from the stateless address configuration Other Config Flag When set to enable it indicates that hosts receiving this RA must use a stateful address configuration protocol to obtain the address configuration information Min Router Advinterval The minimum time allowed between sending unsolicited multicast router advertisements from the interface in seconds This ...

Page 46: ... the table Click the Edit button to re configure the specific entry Click the Delete button to remove the specific entry Click the Add or Edit button to see the following window Figure 3 15 Loopback Interface Settings Add Edit window The fields that can be configured are described below Parameter Description Interface Name The name of the loopback interface The loopback interface has the same name...

Page 47: ...Password Encryption on the Switch To view the following window click Management Management Settings as shown below Figure 3 16 Management Settings window The fields that can be configured are described below Parameter Description CLI Paging State Command Line Interface paging stops each page at the end of the console This allows you to stop the scrolling of multiple pages of text beyond the limits...

Page 48: ...t instead of using stacking ports or modules There are some advantages in implementing the Single IP Management feature 1 SIM can simplify management of small workgroups or wiring closets while scaling the network to handle increased bandwidth demand 2 SIM can reduce the number of IP address needed in your network 3 SIM can eliminate any specialized cables for stacking connectivity and remove the ...

Page 49: ...ly configuring it to be a MS of a SIM group A switch configured as a CaS is not a member of a SIM group and will take on the following characteristics a It is not a CS or MS of another Single IP group b It is connected to the CS through the CS management VLAN The following rules also apply to the above roles Each device begins in a Candidate state CSs must change their role to CaS and then to MS t...

Page 50: ...wn in the adjacent picture 3 This version will support switch upload and downloads for firmware configuration files and log files as follows a Firmware The switch now supports MS firmware downloads from a TFTP server b Configuration Files This switch now supports downloading and uploading of configuration files both to for configuration restoration and from for configuration backup MS s using a TF...

Page 51: ...hanges made After enabling the Switch to be a Commander Switch CS the Single IP Management folder will then contain four added links to aid the user in configuring SIM through the web including Topology Firmware Upgrade Configuration Backup Restore and Upload Log Topology This window will be used to configure and manage the Switch within the SIM group and requires Java script to function properly ...

Page 52: ...open the View drop down menu in the toolbar and then click Topology which will open the following Topology Map This window will refresh itself periodically 20 seconds by default Figure 3 21 Topology View window This window will display how the devices within the Single IP Management Group connect to other groups and devices Possible icons on this window are as follows Icon Description Icon Descrip...

Page 53: ...mple Figure 3 22 Tool Tips window Setting the mouse cursor over a line between two devices will display the connection speed between the two devices as shown below Figure 3 23 Connection Speed window Right Click Right clicking on a device will allow the user to perform various functions depending on the role of the Switch in the SIM group and the icon associated with it Group Icon Figure 3 24 Grou...

Page 54: ... Address of the corresponding Switch Remote Port No Displays the number of the physical port on the MS or CaS that the CS is connected to The CS will have no entry in this field Local Port No Displays the number of the physical port on the CS that the MS or CaS is connected to The CS will have no entry in this field Port Speed Displays the connection speed between the CS and the MS or CaS Click th...

Page 55: ...lapse the group that will be represented by a single icon Expand To expand the SIM group in detail Add to group Add a candidate to a group Clicking this option will reveal the following dialog box for the user to enter a password for authentication from the Candidate Switch before being added to the SIM group Click OK to enter the password or Cancel to exit the dialog box Figure 3 29 Input Passwor...

Page 56: ...rsion To specify a certain Switch for firmware download click its corresponding check box under the Port heading To update the firmware enter the Server IP Address where the firmware resides and enter the Path Filename of the firmware Click Download to initiate the file transfer To view the following window click Management Single IP Management Firmware Upgrade as show below Figure 3 32 Firmware U...

Page 57: ...rmation controlled by the on board SNMP agent SNMP defines both the format of the MIB specifications and the protocol used to access this information over the network The Switch supports the SNMP versions 1 2c and 3 The three versions of SNMP vary in the level of security provided between the management station and the network device In SNMP v 1 and v 2 user authentication is accomplished using co...

Page 58: ...g the MIB Object Identifier may also retrieve the proprietary MIB MIB values can be either read only or read write The Switch incorporates a flexible SNMP management for the switching environment SNMP management can be customized to suit the needs of the networks and the preferences of the network administrator Use the SNMP V3 menus to select the SNMP version used for specific tasks The Switch sup...

Page 59: ...re Linkchange Traps Enable this option to use the SNMP Link Change Traps feature Coldstart Traps Enable this option to use the SNMP Cold Start Traps feature Warmstart Traps Enable this option to use the SNMP Warm Start Traps feature Click the Apply button to accept the changes made SNMP Link Change Traps Settings On this page the user can configure the SNMP link change trap settings To view the fo...

Page 60: ...ew SNMP view being created Subtree OID Type the Object Identifier OID Subtree for the view The OID identifies an object tree MIB tree that will be included or excluded from access by an SNMP manager View Type Select Included to include this object in the list of objects that an SNMP manager can access Select Excluded to exclude this object from the list of objects that an SNMP manager can access C...

Page 61: ...group of MIB objects that a remote SNMP manager is allowed to access on the Switch The view name must exist in the SNMP View Table Access Right Read Only Specifies that SNMP community members using the community string created can only read the contents of the MIBs on the Switch Read Write Specifies that SNMP community members using the community string created can read from and write to the conte...

Page 62: ...s that there will be no authorization and no encryption of packets sent between the Switch and a remote SNMP manager AuthNoPriv Specifies that authorization will be required but there will be no encryption of packets sent between the Switch and a remote SNMP manager AuthPriv Specifies that authorization will be required and that packets sent between the Switch and a remote SNMP manger will be encr...

Page 63: ...rotocol MD5 Specifies that the HMAC MD5 96 authentication level will be used This field is only operable when V3 is selected in the SNMP Version field and the Encryption field has been checked This field will require the user to enter a password SHA Specifies that the HMAC SHA authentication protocol will be used This field is only operable when V3 is selected in the SNMP Version field and the Enc...

Page 64: ... AuthNoPriv To specify that the SNMP version 3 will be used with an Auth NoPriv security level AuthPriv To specify that the SNMP version 3 will be used with an Auth Priv security level Community String SNMP V3 User Name Type in the community string or SNMP V3 user name as appropriate Click the Apply button to accept the changes made Click the Delete button to remove the specific entry SNMP v6Host ...

Page 65: ...pt the changes made Click the Delete button to remove the specific entry RMON Settings On this page the user can enable or disable remote monitoring RMON for the rising and falling alarm trap feature for the SNMP function on the Switch To view the following window click Management SNMP Settings RMON Settings as shown below Figure 3 45 RMON Settings window The fields that can be configured are desc...

Page 66: ...lt If you choose to disable this by clicking Disabled you will lose the ability to configure the system through the web interface as soon as these settings are applied Port 1 65535 The TCP port number used for web based management of the Switch The well known TCP port for the Web protocol is 80 Click the Apply button to accept the changes made Power Saving Power Saving is one part of D Link Green ...

Page 67: ...ower Saving Mode LED State is enabled the LED s state of ports will be turned off during the configured time range Power Saving Mode Port State When Power Saving Mode Port State is enabled the ports will be shut down during the configured time range Power Saving Mode Hibernation State When Power Saving Mode Hibernation State is enabled the Switch will go into a low power state and be idle during t...

Page 68: ...es configured Power Saving Port Settings This window is used to add or delete the power saving schedule on the ports To view this window click Management Power Saving Power Saving Port Settings as shown below Figure 3 51 Power Saving Port Settings window The fields that can be configured are described below Parameter Description From Port To Port Select a range of ports to be configured Action Use...

Page 69: ...2 media to transfer packets Figure 4 1 MPLS Network Structure In an MPLS network the most important node is called a Label Switching Router LSR An LSR that is located on the edge of the MPLS domain is known as a Label Edge Router LER An LSR that is located within the MPLS domain is known as a Core LSR When a packet is received by a LSR from another LSR the sending LSR is known as the upstream LSR ...

Page 70: ... distribution takes place in an upstream direction The main function of LDP is to classify FECs distribute labels and create and maintain LSPs Static LSP Users can configure the LSP manually by physically defining the outgoing labels of upstream LSRs and incoming labels of downstream LSRs Static LSPs are configured without the need for LDP or exchange control packets This configuration has very li...

Page 71: ...e until the maximum back off delay is reached If a session cannot be established and the trap or log state is enabled LDP will send a trap or a log to the SNMP server to notify the session establishment failure This value must be between 120 and 65535 seconds LDP Keep Alive Time Enter the LDP session keep alive time here LDP maintains a keep alive timer for each peer session If the keep alive time...

Page 72: ...gment that will be sent to the peer This computation makes use of the peer password as well as the TCP segment When the LSR receives a TCP segment with an MD5 digest it validates the segment by calculating the MD5 digest using its own record of the password and comparing the computed digest with the received digest If the comparison fails the segment is dropped without any response to the sender T...

Page 73: ... deny targeted hello messages If a targeted hello message is acceptable the interface will respond to received targeted hello messages Otherwise the received targeted hello message will be ignored Hold Time 5 65535 Enter the link hold time value here LDP sends link hello message periodically to discover directly connected neighbors LDP will then maintain a hold timer for each discovered neighbor I...

Page 74: ...utton and enter the targeted hello hold time used here This value must be between 15 and 65535 seconds Click the Add button to add a new entry Click the Delete All button to remove entries in the list Click the Edit button to re configure the specific entry Click the Delete button to remove the specified entry LDP Neighbor Table This window is used to display all adjacencies discovered by LDP To v...

Page 75: ...pply button to accept the changes made LDP Session Table This window is used to display all LDP sessions To view this window click VPN MPLS LDP LDP Session Table as shown below Figure 4 11 LDP Session Table window Click the View Detail link to navigate to a new window containing more detailed information about the entry Click the View Statistic link to navigate to a new window containing more deta...

Page 76: ... disable the MPLS function globally Also on this page the user can configure the Trust EXP MPLS Log and MPLS Trap s state To view this window click VPN MPLS MPLS Settings as shown below Figure 4 15 MPLS Settings window The fields that can be configured are described below Parameter Description MPLS State Enable or disable the MPLS function globally here Trust EXP Enable or disable the MPLS trust E...

Page 77: ...ue used here In Interface Enter the incoming interface name used here This name can be up to 12 characters long Nexthop Enter the next hop IP address used here Out Label Enter the outbound label value used here EXP Enter the EXP value used here By default the EXP is set according to the QoS of the incoming packet If the EXP is specified the EXP of the outbound label will be set according to specif...

Page 78: ...Click the View All button to display all the configure entries Click the View Detail link to navigate to a new window containing more detailed information about the entry After click the View Detail link the following page will be displayed Figure 4 19 MPLS LSP Detail window Click the Back button to return to the previous page MPLS FTN Table The Next Hop Label Forwarding Entry NHLFE is used to gui...

Page 79: ...cription IP Interface Name Enter the IP interface name used here This name can be up to 12 characters long State Enabled or disabled the MPLS IP interface By default the state is disabled on all interfaces Click the Apply button to accept the changes made MPLS Class Map Settings This window is used to configure the mapping between the EXP and CoS CoS 7 is reserved for the system The following tabl...

Page 80: ...e IP prefix FEC address used here EXP 0 7 Enter the EXP value in the outbound label for the FEC here This value must be between 0 and 7 Tick the Default check box to set the EXP value according to the incoming packet s QoS Click the Apply button to accept the changes made VPWS The Virtual Private Wire Service VPWS is a L2VPN solution that provides Layer 2 point to point virtual circuit connectivit...

Page 81: ... that provides Layer 2 point to point virtual circuit connectivity between customer sites over a provider network Packet Switched Network PSN The PSN is the network through which the tunnels supporting the VPN services are set up On this Switch the PSN is a MPLS network Customer Edge Device CE The CE resides on a customer network and has one or more interfaces directly connected to provider networ...

Page 82: ...t be between 1 and 4294967295 Peer Enter the peer IP address of the PW here The peer IP address must be its LSR ID MTU 0 65535 Enter the local CE PE link s MTU value that will be advertised to the remote peer here If the MTU is specified as 0 the LDP will not be advertised to the local MTU The MTU must be same at both local and remote otherwise the PW will not succeed If not specified the default ...

Page 83: ...et Switch Web UI Reference Guide 70 Click the Delete button to remove the specified entry After click the View Detail link the following page will be displayed Figure 4 26 VPWS VC Detail window Click the Back button to return to the previous page ...

Page 84: ...on The Switch allows you to further tailor how priority tagged data packets are handled on your network Using queues to manage priority tagged data allows you to specify its relative priority to suit the needs of your network There may be circumstances where it would be advantageous to group two or more differently tagged packets into the same queue Generally however it is recommended that the hig...

Page 85: ...n out of the packet header Ingress port A port on a switch where packets are flowing into the Switch and VLAN decisions must be made Egress port A port on a switch where packets are flowing out of the Switch either to another switch or to an end station and tagging decisions must be made IEEE 802 1Q tagged VLANs are implemented on the Switch 802 1Q VLANs require tagging which enables them to span ...

Page 86: ...alue of 0x8100 in the EtherType field When a packet s EtherType field is equal to 0x8100 the packet carries the IEEE 802 1Q 802 1p tag The tag is contained in the following two octets and consists of 3 bits of user priority 1 bit of Canonical Format Identifier CFI used for encapsulating Token Ring packets so they can be carried across Ethernet backbones and 12 bits of VLAN ID VID The 3 bits of use...

Page 87: ...network The Switch will compare the VID of a packet to be transmitted to the VID of the port that is to transmit the packet If the two VIDs are different the Switch will drop the packet Because of the existence of the PVID for untagged packets and the VID for tagged packets tag aware and tag unaware network devices can coexist on the same network A switch port can have only one PVID but can have a...

Page 88: ...an external router NOTE If no VLANs are configured on the Switch then all packets will be forwarded to any destination port Packets with unknown source addresses will be flooded to all ports Broadcast and multicast packets will also be flooded to all ports An example is presented below VLAN Name VID Switch Ports System default 1 5 6 7 Engineering 2 9 10 Sales 5 1 2 3 4 Port based VLANs Port based ...

Page 89: ...802 1Q VLAN Settings The VLAN List tab lists all previously configured VLANs by VLAN ID and VLAN Name To view the following window click L2 Features VLAN 802 1Q VLAN Settings as shown below Figure 5 4 802 1Q VLAN Settings window Click the Edit button to re configure the specific entry Click the Delete button to remove the specific entry Enter a page number and click the Go button to navigate to a ...

Page 90: ...t as tagged Click the All button to select all ports Untagged Specifies the port as 802 1Q untagged Clicking the radio button will designate the port as untagged Click the All button to select all ports Forbidden Click the radio button to specify the port as not being a member of the VLAN and that the port is forbidden from becoming a member of the VLAN dynamically Click the All button to select a...

Page 91: ...d Forbidden Specifies the port as not being a member of the VLAN and that the port is forbidden from becoming a member of the VLAN dynamically Use the drop down menu to designate the port as forbidden Click the Apply button to accept the changes made NOTE The Switch supports up to 4k static VLAN entries 802 1v Protocol Group Settings 802 1v Protocol Group Settings The user can create Protocol VLAN...

Page 92: ...values For Ethernet II this is a 16 bit 2 octet hex value For example IPv4 is 800 IPv6 is 86dd ARP is 806 etc For IEEE802 3 SNAP this is this is a 16 bit 2 octet hex value For IEEE802 3 LLC this is the 2 octet IEEE 802 2 Link Service Access Point LSAP pair The first octet is for Destination Service Access Point DSAP and the second octet is for Source Click the Add button to add a new entry based o...

Page 93: ...e criteria specified previously in this command before forwarding it on to the specified CoS queue Otherwise a packet will have its incoming 802 1p user priority re written to its original value before being forwarded by the Switch For more information on priority queues CoS queues and mapping for 802 1p see the QoS section of this manual Port List Select the specified ports you wish to configure ...

Page 94: ...ave Time 100 100000 Here the user can enter the Leave Time value in milliseconds Leave All Time 100 100000 Here the user can enter the Leave All Time value in milliseconds NNI BPDU Address Used to determine the BPDU protocol address for GVRP in service provide site It can use an 802 1d GVRP address 802 1ad service provider GVRP address or a user defined multicast address Click the Apply button to ...

Page 95: ...VLAN forwarding decisions If the port receives a packet and Ingress filtering is Enabled the port will compare the VID of the incoming packet to its PVID If the two are unequal the port will drop the packet If the two are equal the port will receive the packet GVRP The GARP VLAN Registration Protocol GVRP enables the port to dynamically become a member of a VLAN GVRP is Disabled by default Ingress...

Page 96: ...ages exist Private VLAN Settings A private VLAN is comprised of a primary VLAN up to one isolated VLAN and a number of community VLANs A private VLAN ID is presented by the VLAN ID of the primary VLAN The command used to associate or de associate a secondary VLAN with a primary VLAN A secondary VLAN cannot be associated with multiple primary VLANs The untagged member port of the primary VLAN is na...

Page 97: ... button to re configure the specified entry Click the Delete button to remove the specified entry Enter a page number and click the Go button to navigate to a specific page when multiple pages exist Click the Edit button to see the following window Figure 5 14 Private VLAN Settings Edit window The fields that can be configured are described below Parameter Description Secondary VLAN Type Use the d...

Page 98: ...of an entry the packet will be classified to the VLAN defined for this subnet On this page the user can configure the subnet VLAN parameters To view the following window click L2 Features VLAN Subnet VLAN Subnet VLAN Settings as shown below Figure 5 16 Subnet VLAN Settings window The fields that can be configured are described below Parameter Description VLAN Name The user can enter a VLAN Name he...

Page 99: ...ameter Description VID List Specifies a list of VLANs by VLAN ID VLAN Name Specifies the VLAN name Ports To enable to count statistics by specific port on specific VLAN Packet Type This option specifies the Packet Type Broadcast Specifies to count broadcast packets Multicast Specifies to count multicast packets Unicast Specifies to count unicast packets All The statistics will be counted for all p...

Page 100: ... are described below Parameter Description Voice VLAN State The state of the voice VLAN Voice VLAN Name The name of the voice VLAN Voice VID 1 4094 The VLAN ID of the voice VLAN Priority The priority of the voice VLAN the range is 0 7 The default priority is 5 Aging Time 1 65535 The aging time to set the range is 1 65535 minutes The default value is 720 minutes The aging time is used to remove a p...

Page 101: ...of the port Mode Here the user can configure the mode of the port Click the Apply button to accept the changes made Voice VLAN OUI Settings This page is used to configure the user defined voice traffic s OUI The OUI is used to identify the voice traffic There are a number of pre defined OUIs The user can further define the user defined OUIs if needed The user defined OUI cannot be the same as the ...

Page 102: ...ffic To view the following window click L2 Features VLAN Voice VLAN Voice VLAN Device as shown below Figure 5 21 Voice VLAN Device window VLAN Trunk Settings Enable VLAN on a port to allow frames belonging to unknown VLAN groups to pass through that port This is useful if you want to set up VLAN groups on end devices without having to configure the same VLAN groups on intermediary devices Refer to...

Page 103: ...n to accept the changes made for each individual section Click the Clear All button to clear all the selections made Click the Select All button to select all the available options in the section Browse VLAN Users can display the VLAN status for each of the Switch s ports viewed by VLAN To view the following window click L2 Features VLAN Browse VLAN as shown below Figure 5 23 Browse VLAN window Th...

Page 104: ...er to the VLAN configuration This basically lets large ISP s create L2 Virtual Private Networks and also create transparent LANs for their customers which will connect two or more customer LAN points without over complicating configurations on the client s side Not only will over complication be avoided but also now the administrator has over 4000 VLANs in which over 4000 VLANs can be placed there...

Page 105: ...pply with the implementation of the Double VLAN procedure 1 All ports must be configured for the SPVID and its corresponding TPID on the Service Provider s edge switch 2 All ports must be configured as Access Ports or Uplink ports Access ports can only be Ethernet ports while Uplink ports must be Gigabit ports 3 Provider Edge switches must allow frames of at least 1522 bytes or more due to the add...

Page 106: ...rofile will be dropped If disabled then the packet will be forwarded and will be assigned to the PVID of the received port Outer TPID Enter an Outer TPID in SP VLAN tag here Inner TPID Enter an Inner TPID in SP VLAN tag here Click the Apply button to accept the changes made for each individual section VLAN Translation Settings This page can be used to add translation relationship between C VLAN an...

Page 107: ...e changes made Click the Delete All button to remove all the entries listed Click the Edit button to re configure the specified entry Click the Delete button to remove the specified entry Enter a page number and click the Go button to navigate to a specific page when multiple pages exist Double Tagged VLAN Translation Settings On this page the user can configure the double tagged VLAN translation ...

Page 108: ...lation Port Mapping Settings This page can be used to configure the port s Q in Q S VLAN assignment rules These rules are contained in a Q in Q profile Up to one Q in Q profile can be added to a port This setting will not be effective when Q in Q mode is disabled To view the following window click L2 Features QinQ VLAN Translation Port Mapping Settings as shown below Figure 5 29 VLAN Translation P...

Page 109: ...ered Click the Add QinQ Profile button to add a new Q in Q profile Click the View All button to display all the existing entries Click the Delete All button to remove all the entries listed After clicking the Add QinQ Profile button the following page will appear Figure 5 31 VLAN Translation Profile List window The fields that can be configured are described below Parameter Description Profile ID ...

Page 110: ...the user can specify the packet s outer VID range 802 1p Here the user can specify the packet s 802 1p priority IP Protocol Here the user can specify the IP Protocol used Click the Apply button to accept the changes made Click the Back button to discard the changes made and return to the previous page Layer 2 Protocol Tunneling Settings With the Q in Q double VLAN function the subscriber s layer 2...

Page 111: ...ese VLANs will be processed quickly and completely throughout interconnected bridges utilizing any of the three spanning tree protocols STP RSTP or MSTP This protocol will also tag BDPU packets so receiving devices can distinguish spanning tree instances spanning tree regions and the VLANs associated with them An MSTI ID will classify these instances MSTP will connect multiple spanning trees with ...

Page 112: ...packets are sent even if a BPDU packet was not received Therefore each link between bridges is sensitive to the status of the link Ultimately this difference results in faster detection of failed links and thus faster topology adjustment A drawback of 802 1D 1998 is this absence of immediate feedback from adjacent bridges 802 1Q 2005 MSTP 802 1D 2004 RSTP 802 1D 1998 STP Forwarding Learning Disabl...

Page 113: ...witch Forwarding BPDU This field can be Enabled or Disabled When Enabled it allows the forwarding of STP BPDU packets from other network devices The default is Disabled Bridge Max Age 6 40 The Max Age may be set to ensure that old information does not endlessly circulate through redundant paths in the network preventing the effective propagation of the new information Set by the Root Bridge this v...

Page 114: ... set up on a port per port basis To view the following window click L2 Features Spanning Tree STP Port Settings as shown below Figure 5 34 STP Port Settings window It is advisable to define an STP Group to correspond to a VLAN group of ports The fields that can be configured are described below Parameter Description From Port To Port Select a range of ports to be configured External Cost 0 Auto Th...

Page 115: ...ameter designates the port as an edge port Edge ports cannot create loops however an edge port can lose edge port status if a topology change creates a potential for a loop An edge port normally should not receive BPDU packets If a BPDU packet is received it automatically loses edge port status Choosing the False parameter indicates that the port does not have edge port status Alternatively the Au...

Page 116: ...Is To view the following window click L2 Features Spanning Tree STP Instance Settings as shown below Figure 5 36 STP Instance Settings window The fields that can be configured are described below Parameter Description MSTI ID Enter the MSTI ID in this field An entry of 0 denotes the CIST default MSTI Priority Enter the priority in this field The available range of values is from 0 to 61440 Click t...

Page 117: ... of forwarding packets to specified ports when an interface is selected within an STP instance Selecting this parameter with a value in the range of 1 to 200000000 will set the quickest route when a loop occurs A lower Internal cost represents a quicker transmission Selecting 0 zero for this parameter will set the quickest route automatically and optimally for an interface Priority Enter a value b...

Page 118: ...ontrol traffic segmentation and 802 1p default priority configurations must be identical Port locking port mirroring and 802 1X must not be enabled on the trunk group Further the LACP aggregated links must all be of the same speed and should be configured as full duplex The Master Port of the group is to be configured by the user and all configuration options including the VLAN configuration that ...

Page 119: ...er Port Choose the Master Port for the trunk group using the pull down menu State Use the drop down menu to toggle between Enabled and Disabled This is used to turn a port trunking group on or off This is useful for diagnostics to quickly isolate a bandwidth intensive network device or to have an absolute backup aggregation group that is not under automatic control Port Choose the members of a tru...

Page 120: ... ports are capable of processing and sending LACP control frames This allows LACP compliant devices to negotiate the aggregated link so the group may be changed dynamically as needs require In order to utilize the ability to change an aggregated port group that is to add or subtract ports from the group at least one of the participating devices must designate LACP ports as active Both devices must...

Page 121: ...ept the changes made Click the Delete button to remove the specific entry Enter a page number and click the Go button to navigate to a specific page when multiple pages exist Multicast Static FDB Settings Users can set up static multicast forwarding on the Switch To view the following window click L2 Features FDB Static FDB Settings Multicast Static FDB Settings as shown below Figure 5 42 Multicas...

Page 122: ...sed to monitor MAC addresses learned and entered into the forwarding database This window allows you to globally set MAC notification on the Switch Users can set MAC notification for individual ports on the Switch To view the following window click L2 Features FDB MAC Notification Settings as shown below Figure 5 43 MAC Notification Settings window The fields that can be configured are described b...

Page 123: ... Address Aging Time can be set to any value between 10 and 1260 seconds The default setting is 300 seconds Click the Apply button to accept the changes made MAC Address Table This allows the Switch s MAC address forwarding table to be viewed When the Switch learns an association between a MAC address VLAN and a port number it makes an entry into its forwarding table These entries are then used to ...

Page 124: ...ss Here the user can enter the IP address the use for this configuration Click the Find by Port button to locate a specific entry based on the port number selected Click the Find by MAC button to locate a specific entry based on the MAC address entered Click the Find by IP Address button to locate a specific entry based on the IP address entered Click the View All Entries button to display all the...

Page 125: ...e host s initial report of membership in a group Default is 10 seconds If set to 0 it means to send only one report packet Port s Here the user can select the port that will be included in this configuration Click the Apply button to accept the changes made for each individual section Click the Select All button to select all the ports for configuration Click the Clear All button to unselect all t...

Page 126: ...to return to the previous page IGMP Snooping Internet Group Management Protocol IGMP snooping allows the Switch to recognize IGMP queries and reports sent between network stations or devices and an IGMP host When enabled for IGMP snooping the Switch can open or close a port to a specific device based on IGMP messages passing through the Switch IGMP Snooping Settings In order to use IGMP Snooping i...

Page 127: ...on the following page will appear Figure 5 52 IGMP Snooping Parameters Settings window The fields that can be configured are described below Parameter Description Query Interval 1 65535 Specify the amount of time in seconds between general query transmissions The default setting is 125 seconds Max Response Time 1 25 Specify the maximum time in seconds to wait for reports from members The default s...

Page 128: ...ated into one report only before sending to the router port Data Driven Learning State Specify to enable or disable the data driven learning state Data Drive Learning Aged Out Specify to enable or disable the data drive learning aged out option Version Specify the version of IGMP packet that will be sent by this port If an IGMP packet received by the interface has a version higher than the specifi...

Page 129: ...at can be configured are described below Parameter Description Port List Here the user can enter the port list used for this configuration VID List Here the user can enter the VID list used for this configuration Rate Limit 1 1000 Here the user can enter the IGMP snooping rate limit used By selecting the No Limit option the rate limit for the entered port s will be ignored Click the Apply button t...

Page 130: ... based on the information entered Click the View All button to display all the existing entries Click the Edit button to re configure the specific entry Enter a page number and click the Go button to navigate to a specific page when multiple pages exist After clicking the Edit button the following page will appear Figure 5 56 IGMP Snooping Static Group Settings window The fields that can be config...

Page 131: ...w The fields that can be configured are described below Parameter Description VID Enter a VLAN ID to be displayed Click the Find button to locate a specific entry based on the information entered Enter a page number and click the Go button to navigate to a specific page when multiple pages exist NOTE The abbreviations used in this window are Static Router Port S Dynamic Router Port D and Forbidden...

Page 132: ...ooping groups which are learned by the Data Driven feature IGMP Snooping Forwarding Table This page displays the switch s current IGMP snooping forwarding table It provides an easy way for user to check the list of ports that the multicast group comes from and specific sources that it will be forwarded to The packet comes from the source VLAN They will be forwarded to the forwarding VLAN The IGMP ...

Page 133: ... button to display all the existing entries Click the Packet Statistics link to view the IGMP Snooping Counter Table After clicking the Packet Statistics link the following page will appear Figure 5 61 Browse IGMP Snooping Counter window Click the Clear Counter button to clear all the information displayed in the fields Click the Refresh button to refresh the display table so that new information ...

Page 134: ...ntrol Packet Settings Some Denial of Service DoS attacks are preceded by broadcasting bulk network control protocols By default the switch s CPU will process these protocols and update local databases However if hackers send faked or bulk control packets switch CPU will overload and will not able to process the normal traffic The L3 control packet filtering will force the switch to drop those abno...

Page 135: ...e PIM in the CPU Filtering OSPF Select this option to include OSPF in the CPU Filtering RIP Select this option to include RIP in the CPU Filtering VRRP Select this option to include VRRP in the CPU Filtering All Select this option to include all the information in the CPU Filtering Click the Apply button to accept the changes made NOTE It s only recommended to enable these features when the CPU lo...

Page 136: ...0 25 The unsolicited report interval It is the time between repetitions of the host s initial report of membership in a group Default is 10 seconds If set to 0 it means to send only one report packet Static Router Port Select the static router ports that will be included in the configuration Dynamic Router Port Display a list of ports that are connected to multicast enabled routers Click the Apply...

Page 137: ...ick the Member Ports link to view the MLD proxy member port information After clicking the Member Ports option the following window will appear Figure 5 67 MLD Proxy Group window Click the Back button to return to the previous page MLD Snooping Multicast Listener Discovery MLD Snooping is an IPv6 function used similarly to IGMP snooping in IPv4 It is used to discover ports on a VLAN that are reque...

Page 138: ...ic multicast group address therefore stating that it is done with the multicast data from this address Once this message is received by the Switch it will no longer forward multicast traffic from a specific multicast group address to this listening port 4 Multicast Listener Report Version 2 Comparable to the Host Membership Report in IGMPv3 and labeled as 143 in the ICMP packet header this message...

Page 139: ...t can be configured are described below Parameter Description Query Interval 1 65535 Specifies the amount of time in seconds between general query transmissions The default setting is 125 seconds Max Response Time 1 25 The maximum time in seconds to wait for reports from listeners The default setting is 10 seconds Robustness Value 1 7 Provides fine tuning to allow for expected packet loss on a sub...

Page 140: ... can enable or disable the fast done feature State Used to enable or disable MLD snooping for the specified VLAN This field is Disabled by default Report Suppression Here the user can enable or disable the report suppression features This feature prevents duplicate reports from being sent to the multicast devices If you disable MLD report suppression all MLD reports are forwarded to the multicast ...

Page 141: ...his configuration is used to limit the maximum packet number within a port or a VLAN per second To view the following window click L2 Features L2 Multicast Control MLD Snooping MLD Snooping Rate Limit Settings as shown below Figure 5 71 MLD Snooping Rate Limit Settings window The fields that can be configured are described below Parameter Description Port List Enter the Port List here VID List Ent...

Page 142: ...ton to navigate to a specific page when multiple pages exist After clicking the Edit button the following page will appear Figure 5 73 MLD Snooping Static Group Settings window Click the Select All button to select all the ports for configuration Click the Clear All button to unselect all the ports for configuration Click the Back button to discard the changes made and return to the previous page ...

Page 143: ... used in this window are Static Router Port S Dynamic Router Port D and Forbidden Router Port F MLD Snooping Group Users can view MLD Snooping Groups present on the Switch MLD Snooping is an IPv6 function comparable to IGMP Snooping for IPv4 To view the following window click L2 Features L2 Multicast Control MLD Snooping MLD Snooping Group as shown below Figure 5 75 MLD Snooping Group window The f...

Page 144: ...specific sources that it will be forwarded to The packet comes from the source VLAN They will be forwarded to the forwarding VLAN The MLD snooping further restricts the forwarding ports To view the following window click L2 Features L2 Multicast Control MLD Snooping MLD Snooping Forwarding Table as shown below Figure 5 76 MLD Snooping Forwarding Table window The fields that can be configured are d...

Page 145: ...he existing entries Click the Packet Statistics link to view the MLD Snooping Counter Settings for the specific entry After clicking the Packet Statistics link the following page will appear Figure 5 78 Browse MLD Snooping Counter window Click the Clear Counter button to clear all the information displayed in the fields Click the Refresh button to refresh the display table so that new information ...

Page 146: ...ss of other normal VLANs that are incorporated on the Switch users may add any ports to the multicast VLAN where they wish multicast traffic to be sent Users are to set up a source port where the multicast traffic is entering the switch and then set the ports where the incoming multicast traffic is to be sent The source port cannot be a recipient port and if configured to do so will cause error me...

Page 147: ...the Add button to add a new entry based on the information entered Click the Find button to locate a specific entry based on the information entered Click the Delete All button to remove all the entries listed Click the View All button to display all the existing entries Click the Group List link to configure the Multicast Group Profile Address Settings for the specific entry Click the Delete butt...

Page 148: ...p priority value 0 to 7 to be associated with the data traffic to be forwarded on the multicast VLAN None If specified the packet s original priority is used The default setting is None Replace Priority Specify that the packet s priority will be changed by the switch based on the remap priority This flag will only take effect when the remap priority is set Click the Apply button to accept the chan...

Page 149: ...e of source ports as untagged members of the multicast VLAN The PVID of the untagged source port is automatically changed to the multicast VLAN Source ports must be either tagged or untagged for any single multicast VLAN i e both types cannot be members of the same multicast VLAN Tagged Source Ports Specify the source port or range of source ports as tagged members of the multicast VLAN Click the ...

Page 150: ...the Group List link to configure the Multicast Group Profile Multicast Address Settings for the specific entry Click the Delete button to remove the specific entry After clicking the Group List link the following page will appear Figure 5 86 Multicast Group Profile Multicast Address Settings window The fields that can be configured are described below Parameter Description Multicast Address List H...

Page 151: ...o be forwarded on the multicast VLAN If None is specified the packet s original priority will be used The default setting is None Replace Priority Specify that the packet s priority will be changed by the switch based on the remap priority This flag will only take effect when the remap priority is set Click the Apply button to accept the changes made for each individual section Click the Add butto...

Page 152: ...the ports Untagged Source Ports Specify the source port or range of source ports as untagged members of the multicast VLAN The PVID of the untagged source port is automatically changed to the multicast VLAN Source ports must be either tagged or untagged for any single multicast VLAN i e both types cannot be members of the same multicast VLAN Tagged Source Ports Specify the source port or range of ...

Page 153: ... Replication Settings This window is used to add and view the IP multicast VLAN replication table To view the following window click L2 Features L2 Multicast Control IP Multicast VLAN Replication IP Multicast VLAN Replication Settings as shown below Figure 5 91 IP Multicast VLAN Replication Settings window The fields that can be configured are described below Parameter Description Entry Name Here ...

Page 154: ...utton to accept the changes made Click the Back button to discard the changes made and return to the previous page Click the Delete button to remove the specific entry After clicking the Edit button under Destination the following page will appear Figure 5 93 IP Multicast VLAN Replication Destination Settings window The fields that can be configured are described below Parameter Description VID VL...

Page 155: ...4 IPv4 Multicast Profile Settings window The fields that can be configured are described below Parameter Description Profile ID 1 60 Enter a Profile ID between 1 and 60 Profile Name Enter a name for the IP Multicast Profile Click the Add button to add a new entry based on the information entered Click the Find button to locate a specific entry based on the information entered Click the Delete All ...

Page 156: ...re described below Parameter Description Ports VID List Please select the appropriate port s or VLAN IDs used for the configuration here Access Here the user can assign access permissions to the ports selected Options listed are Permit and Deny Profile ID Profile Name Here the user can select the profile ID or profile name used and then assign Permit or Deny access to them Click the Apply button t...

Page 157: ...es exist IPv6 Multicast Filtering Users can add a profile to which multicast address s reports are to be received on specified ports on the Switch This function will therefore limit the number of reports received and the number of multicast groups configured on the Switch The user may set an IPv6 Multicast address or range of IPv6 Multicast addresses to accept reports Permit or deny reports Deny c...

Page 158: ... the changes made and return to the previous page Click the Edit button to re configure the specific entry Click the Delete button to remove the specific entry IPv6 Limited Multicast Range Settings Users can configure the ports and VLANs on the Switch that will be involved in the Limited IPv6 Multicast Range To view the following window click L2 Features Multicast Filtering IPv6 Multicast Filterin...

Page 159: ...6 Max Multicast Group Settings window The fields that can be configured are described below Parameter Description Ports VID List Please select the appropriate port s or VLAN IDs used for the configuration here Max Group Deselect the Infinite check box to enter a Max Group value in here Infinite Here the user can enable or disable the use of the Infinite value Action Here the user can select the ap...

Page 160: ...re Ethernet operations administration and maintenance OAM functions and a simple automatic protection switching APS protocol for Ethernet ring networks ERPS provides sub 50ms protection for Ethernet traffic in a ring topology It ensures that there are no loops formed at the Ethernet layer One link within a ring will be blocked to avoid Loop RPL Ring Protection Link When the failure happens protect...

Page 161: ...which will be the R APS VLAN Click the Apply button to accept the changes made Click the Find button to find a specific entry based on the information entered Click the View All button to view all the entries configured Click the Detail Information link to view detailed information of the R APS entry Click the Sub Ring Information link to view the Sub Ring information of the R APS entry Click the ...

Page 162: ...t port value Admin RPL Port Tick the check box and use the drop down menu to specify the RPL port used Options to choose from are West Port East Port and None Operational RPL Port Display the operational RPL port value Admin RPL Owner Tick the check box and use the drop down menu to enable or disable the RPL owner node Operational RPL Owner Display the operational RPL owner value Protected VLAN s ...

Page 163: ... are described below Parameter Description Sub Ring R APS VLAN 1 4094 Enter the Sub Ring R APS VLAN ID used here State Tick the check box and use the drop down menu to add or delete the ERPS Sub Ring state TC Propagation State Tick the check box and use the drop down menu to enable or disable the TC Propagation state Click the Apply button to accept the changes made Click the Back button to return...

Page 164: ...ly button to accept the changes made LLDP The Link Layer Discovery Protocol LLDP allows stations attached to an IEEE 802 LAN to advertise to other stations attached to the same IEEE 802 LAN The major capabilities provided by this system is that it incorporates the station the management address or addresses of the entity or entities that provide management of those capabilities and the identificat...

Page 165: ...he multiplier used by an LLDP Switch When the Time to Live for an advertisement expires the advertised data is then deleted from the neighbor Switch s MIB LLDP ReInit Delay 1 10 The LLDP re initialization delay interval is the minimum time that an LLDP port will wait before reinitializing after receiving an LLDP disable command To change the LLDP re init delay enter a value in seconds 1 to 10 LLDP...

Page 166: ...nd allows it to send and receive LLDP frames on the ports This option contains TX RX TX And RX or Disabled TX the local LLDP agent can only transmit LLDP frames RX the local LLDP agent can only receive LLDP frames TX And RX the local LLDP agent can both transmit and receive LLDP frames Disabled the local LLDP agent can neither transmit nor receive LLDP frames The default value is TX And RX Subtype...

Page 167: ...fic entry based on the information entered LLDP Basic TLVs Settings TLV stands for Type length value which allows the specific sending information as a TLV element within LLDP packets This window is used to enable the settings for the Basic TLVs Settings An active LLDP port on the Switch always included mandatory data in its outbound advertisements There are four optional data types that can be co...

Page 168: ...he System Name option System Description Here the user can enable or disable the System Description option System Capabilities Here the user can enable or disable the System Capabilities option Click the Apply button to accept the changes made LLDP Dot1 TLVs Settings LLDP Dot1 TLVs are organizationally specific TLVs which are defined in IEEE 802 1 and used to configure an individual port or group ...

Page 169: ...ue in the space provided Dot1 TLV VLAN Here the user can enable or disable and configure the Dot1 TLV VLAN option After enabling this option to the user can select to use either VLAN Name VID List or All in the next drop down menu After selecting this the user can enter either the VLAN Name or VID List value in the space provided Dot1 TLV Protocol Identity Here the user can enable or disable and c...

Page 170: ...s the operational MAU type The default state is Disabled Link Aggregation The Link Aggregation option indicates that LLDP agents should transmit Link Aggregation TLV This indicates the current link aggregation status of IEEE 802 3 MACs More precisely the information should include whether the port is capable of doing link aggregation whether the port is aggregated in an aggregated link and what is...

Page 171: ...red LLDP Local Port Information The LLDP Local Port Information page displays the information on a per port basis currently available for populating outbound LLDP advertisements in the local port brief table shown below To view the following window click L2 Features LLDP LLDP LLDP Local Port Information as shown below Figure 5 115 LLDP Local Port Information window To view the normal LLDP Local Po...

Page 172: ...r clicking the Show Detail hyperlink under the Management Address Count the following page will appear Figure 5 117 LLDP Local Port Information window Click the Back button to return to the previous page LLDP Remote Port Information This page displays port information learned from the neighbors The switch receives packets from a remote station but is able to store the information as local To view ...

Page 173: ...below Figure 5 120 LLDP MED System Settings window The fields that can be configured are described below Parameter Description LLDP MED Log State Here the user can enable or disable the LLDP MED Log State Fast Start Repeat Count 1 10 The repeat count range is from 1 to 10 The default value is 4 Click the Apply button to accept the changes made for each individual section LLDP MED Port Settings On ...

Page 174: ...ties TLV If user wants to transmit LLDP MED PDU this TLV type should be enabled Otherwise this port cannot transmit LLDP MED PDU Network Policy This TLV type indicates that LLDP agent should transmit LLDP MED network policy TLV Inventory This TLV type indicates that LLDP agent should transmit LLDP MED inventory TLV All Select this option to include Capabilities Network Policy and Inventory in the ...

Page 175: ...ayed To view the following window click L2 Features LLDP LLDP MED LLDP MED Remote Port Information as shown below Figure 5 123 LLDP MED Remote Port Information window The fields that can be configured are described below Parameter Description Port Use the drop down menu to select a port Click the Find button to locate a specific entry based on the information entered To view the normal LLDP Remote...

Page 176: ...t The NLB multicast FDB entry will be mutually exclusive with the L2 multicast entry To view the following window click L2 Features NLD FDB Settings as shown below Figure 5 125 NLB FDB Settings window The fields that can be configured are described below Parameter Description VLAN Name Click the radio button and enter the VLAN name of the NLB multicast FDB entry to be created VID Click the radio b...

Page 177: ...se has been retrieved by the switch from that next hop the route becomes enabled However if the ARP entry already exists an ARP response will not be sent The Switch also supports a floating static route which means that the user may create an alternative static route to a different next hop This secondary next hop device route is considered as a backup static route for when the primary static rout...

Page 178: ...ed entry IPv4 Route Table The IPv4 routing table stores all the external routes information of the switch On this page the user can view all the external route information on the switch To view the following window click L3 Features IPv4 Route Table as shown below Figure 6 2 IPv4 Route Table window The fields that can be configured are described below Parameter Description Network Address Specifie...

Page 179: ...llowed are between 1 and 65535 Backup State Each IP address can only have one primary route while other routes should be assigned to the backup state When the primary route failed the switch will try the backup routes according to the order learnt by the routing table until route success This field represents the backup state for the IPv6 configured This field may be Primary or Backup Click the Ap...

Page 180: ...mal network and its related traffic To accomplish this the user must configure the Access Profile feature of the Switch to have the PC with IP address 10 1 1 1 as the Source IP address and the Internet address as the destination IP address learned through routing protocols along with other pertinent information Next the administrator must configure the Policy Route window to be enabled for this Ac...

Page 181: ...entify packets as following this Policy Route This access profile along with the access rule must first be constructed before this policy route can be created Access ID 1 1024 Enter the Access ID number of the Access Rule previously created which will be used to identify packets as following this Policy Route This access rule along with the access profile must first be constructed before this poli...

Page 182: ...rwarding Table as shown below Figure 6 9 IP Multicast Forwarding Table window The fields that can be configured are described below Parameter Description Group Address Enter the group address Network Address Enter the network address Click the Find button to locate a specific entry based on the information entered Click the View All button to display all the existing entries IP Multicast Interface...

Page 183: ...6 11 Route Preference Settings window The fields that can be configured are described below Parameter Description Static 1 999 Configure the preference of static route The default value is 60 Default 1 999 Configure the preference of default route The default value is 1 RIP 1 999 Configure the preference of RIP route The default value is 100 OSPF Intra 1 999 Configure the preference of OSPF intra ...

Page 184: ...ibed below Parameter Description Destination Protocol Specifies the destination protocol Options to choose from are RIP and OSPF Source Protocol Specifies the source protocol Options to choose from are RIP OSPF Static and Local Type Specifies the type of route to be redistributed Options to choose from are All Internal External Ext Type1 Ext Type2 Inter E1 Inter E2 Type 1 and Type 2 To redistribut...

Page 185: ...scription Interface Admin State Use the drop down menu to enable or disable the interface admin state Tunnel Mode Use the drop down menu to select the tunnel modes Available selections are None Manual 6to4 and ISATAP IPv6 Address Prefix Length Enter the IPv6 network address Source IP Address Enter the source IP address Destination IP Address Enter the destination IP address Click the Back button t...

Page 186: ... with the tunnel source or destination IPv4 address IPv6 Address Prefix Length Enter the IPv6 network address assigned to the GRE tunnel interface IPv6 processing will be enabled on the IPv6 tunnel interface when an IPv6 address is configured This IPv6 address is not connected with the tunnel source or destination IPv4 address Source IPv4 Address Click the radio button and enter the source IPv4 ad...

Page 187: ...tate advertisement is flooded to all routers in the area Each router that receives the link state advertisement will store the advertisement and then forward a copy to other routers 3 When the link state database of each router is updated the individual routers will calculate a Shortest Path Tree to all destinations with the individual router as the root The IP routing table will then be made up o...

Page 188: ...nt of Router A Router A can reach 192 213 11 0 through Router B with a cost of 10 5 15 Router A can reach 222 211 10 0 through Router C with a cost of 10 10 20 Router A can also reach 222 211 10 0 through Router B and Router D with a cost of 10 5 10 25 but the cost is higher than the route through Router C This higher cost route will not be included in the Router A s shortest path tree The resulti...

Page 189: ...te updates do not need to be flooded So the exchange of link state updates and the calculation of the shortest path tree are limited to the area that the router is connected to Routers that have connections to more than one area are called Border Routers BR The Border Routers have the responsibility of distributing necessary routing information and changes between areas Areas are specific to the r...

Page 190: ... same key This method is possibly vulnerable to passive attacks where a link analyzer is used to obtain the password Message Digest Authentication MD 5 MD 5 authentication is a cryptographic method A key and a key ID are configured on each router The router then uses an algorithm to generate a mathematical message digest that is derived from the OSPF packet the key and the key ID This message dige...

Page 191: ... a particular segment 4 Stub Area Flag Any two routers also must have the same stub area flag in their Hello packets in order to become neighbors Adjacencies Adjacent routers go beyond the simple Hello exchange and participate in the link state database exchange process OSPF elects one router as the Designated Router DR and a second router as the Backup Designated Router BDR on each multi access s...

Page 192: ... point interfaces such as serial links will always form adjacencies The concepts of DR and BDR are unnecessary OSPF Packet Formats All OSPF packet types begin with a standard 24 byte header and there are five packet types The header is described first and each packet type is described in a subsequent section All OSPF packets except for Hello packets forward link state advertisements Link State Upd...

Page 193: ...ication field Authentication Type The type of authentication to be used for the packet Authentication A 64 bit field used by the authentication scheme Hello Packet Hello packets are OSPF packet type 1 They are sent periodically on all interfaces including virtual links in order to establish and maintain neighbor relationships In addition Hello Packets are multicast on those physical networks havin...

Page 194: ... The identity of the DR for this network in the view of the advertising router The DR is identified here by its IP interface address on the network Backup Designated Router The identity of the Backup Designated Router BDR for this network The BDR is identified here by its IP interface address on the network This field is set to 0 0 0 0 if there is no BDR Neighbor The Router IDs of each router from...

Page 195: ...unique The DD sequence number then increments until the complete database description has been sent The rest of the packet consists of a list of the topological database s pieces Each link state advertisement in the database is described by its link state advertisement header Link State Request Packet Link State Request packets are OSPF packet type 3 After exchanging Database Description packets w...

Page 196: ... Link State Update Packet Link State Update packets are OSPF packet type 4 These packets implement the flooding of link state advertisements Each Link State Update packet carries a collection of link state advertisements one hop further from its origin Several link state advertisements may be included in a single packet Link State Update packets are multicast on those physical networks that suppor...

Page 197: ...ment packets are OSPF packet type 5 To make the folding of link state advertisements reliable flooded advertisements are explicitly acknowledged This acknowledgment is accomplished through the sending and receiving of Link State Acknowledgment packets Multiple link state advertisements can be acknowledged in a single Link State Acknowledgment packet Depending on the state of the sending interface ...

Page 198: ...f link state advertisements may also be originated The flooding algorithm is reliable ensuring that all routers have the same collection of link state advertisements The collection of advertisements is called the link state or topological database From the link state database each router constructs a shortest path tree with itself as root This yields a routing table There are four types of link st...

Page 199: ... s Link State Type Advertising Router The Router ID of the router that originated the Link State Advertisement For example in network links advertisements this field is set to the Router ID of the network s Designated Router Link State Sequence Number Detects old or duplicate link state advertisements Successive instances of a link state advertisement are given successive Link State Sequence numbe...

Page 200: ... set the router is an endpoint of an active virtual link that is using the described area as a Transit area V is for Virtual link endpoint E bit When set the router is an Autonomous System AS boundary router E is for External B bit When set the router is an area border router B is for Border Number of Links The number of router links described by this advertisement This must be the total collectio...

Page 201: ...nting the required metric for TOS 0 If no additional TOS metrics are given this field should be set to 0 TOS 0 Metric The cost of using this router link for TOS 0 For each link separate metrics may be specified for each Type of Service ToS The metric for ToS 0 must always be included and was discussed above Metrics for non zero TOS are described below Note that the cost for non zero ToS values tha...

Page 202: ...tisements These advertisements are originated by Area Border routers A separate summary link advertisement is made for each destination known to the router that belongs to the Autonomous System AS yet is outside the area Type 3 link state advertisements are used when the destination is an IP network In this case the advertisement s Link State ID field is an IP network number When the destination i...

Page 203: ...alue 0xff000000 ToS The Type of Service that the following cost is relevant to Metric The cost of this route Expressed in the same units as the interface costs in the router links advertisements Autonomous Systems External Link Advertisements Autonomous Systems AS link advertisements are Type 5 link state advertisements These advertisements are originated by AS boundary routers A separate advertis...

Page 204: ...tself Including the NSSA The NSSA or Not So Stubby Area is a feature that has been added to OSPF so external routes from ASs Autonomous Systems can be imported into the OSPF area As an extension of stub areas the NSSA feature uses a packet translation system used by BRs Border Routers to translate outside routes into the OSPF area Consider the following example Figure 6 32 NSSA Area example The NS...

Page 205: ...is a Type 1 external metric This means that is comparable directly to the link state metric Forwarding Address Data traffic for the advertised destination will be forwarded to this address If the Forwarding Address is set to 0 0 0 0 data traffic will be forwarded instead to the advertisement s originator Yet if the network between the NSSA ASBR and the adjacent AS is advertised in the area as an i...

Page 206: ...lation or an aggregation of other type 7 LSAs The forwarding addresses contained in translated type 5 LSAs must be set with the exception of an LSA address range match OSPFv2 OSPF Global Settings This window is used to configure the OSPF Global settings for this Switch To view the following window click L3 Features OSPF OSPFv2 OSPF Global Settings as shown below Figure 6 34 OSPF Global Settings wi...

Page 207: ...ernal routers Translate Use the pull down menu to enable or disable the translating of Type 7 LSAs into Type 5 LSAs so that they can be distributed outside of the NSSA The default is Disabled This field can only be configured if NSSA is chosen in the Type field Stub Summary Displays whether or not the selected Area will allow Summary Link State Advertisements Summary LSAs to be imported into the a...

Page 208: ...d are described below Parameter Description Interface Name Enter the name of the IP interface here Click the Find button to find the interface entered Click the View All button to view all the interfaces configured on this switch Click the Edit button to re configure the selected entry After clicking the Edit button the following page with be displayed Figure 6 38 OSPF Interface Settings Edit wind...

Page 209: ...kets from a neighbor router before the selected area declares that router down The Dead Interval must be evenly divisible by the Hello Interval Passive Assign the designated entry to be a passive interface A passive interface will not advertise to any other routers than those within its OSPF intranet Click the Apply button to accept the changes made Click on the Back button to return to the previo...

Page 210: ... Description Hello Interval 1 65535 Allows the specification of the interval between the transmissions of OSPF Hello packets in seconds The Hello Interval Dead Interval Authorization Type and Authorization Key should be the same for all routers on the same network Dead Interval 1 65535 Allows the specification of the length of time between the receipts of Hello packets from a neighbor router befor...

Page 211: ... remove the selected entry OSPF Host Route Settings This window is used to configure OSPF host route settings To view the following window click L3 Features OSPF OSPFv2 OSPF Host Route Settings as shown below Figure 6 42 OSPF Host Route Settings window The fields that can be configured are described below Parameter Description Host Address Specifies the host s IP address used Metric 1 65535 Enter ...

Page 212: ...Select the type of LSA that contains the default external route imported into OSPF Selecting Type 1 specifies that this default external route will be calculated using the metric by adding the interface cost to the metric entered in the metric field Selecting Type 2 specifies that this default external route will be calculated using the metric entered in the metric field without change This is the...

Page 213: ...fter clicking the View Detail link the following window will appear Figure 6 45 OSPF LSDB Table View Detail window Click the Back button to return to the previous window OSPF Neighbor Table This window is used to display OSPF neighbor information on a per interface basis To view the following window click L3 Features OSPF OSPFv2 OSPF Neighbor Table as shown below Figure 6 46 OSPF Neighbor Table wi...

Page 214: ... active and passive Active devices advertise their routes to others through RIP messages while passive devices listen to these messages Both active and passive routers update their routing tables based upon RIP messages that active routers exchange Only routers can run RIP in the active mode Every 30 seconds a router running RIP broadcasts a routing update containing a set of pairs of network addr...

Page 215: ...ropagate information about a route back to the interface on which it was received This reduces the probability of forming transient routing loops Hold down can be used to force a router to ignore new route updates for a period of time usually 60 seconds after a new route update has been received This allows all routers on the network to receive the message A router can poison reverse a route by ad...

Page 216: ...es RIP version 2 also adds an explicit next hop entry which speeds convergence and helps prevent the formation of routing loops RIP2 Message Format The message format used with RIP2 is an extension of the RIP1 format RIP version 2 also adds a 16 bit route tag that is retained and sent with router updates It can be used to identify the origin of the route Because the version number in RIP2 occupies...

Page 217: ... v2 Select Disable to disable this option State Specifies that the RIP state will be enabled or disabled If the state is disabled then RIP packets will not be either transmitted or received by the interface The network configured on this interface will not be in the RIP database Authentication Specifies to set the state of authentication When the authentication state is enabled enter the password ...

Page 218: ... Click the Apply button to accept the changes made RIPng Interface Settings This window is used to display and configure the RIPng interface settings To view the following window click L3 Features RIP RIPng RIPng Interface Settings as shown below Figure 6 51 RIPng Interface Settings window The fields that can be configured are described below Parameter Description Interface Name Enter the IPv6 int...

Page 219: ...k the Apply button to accept the changes made IP Multicast Routing Protocol IGMP IGMP Interface Settings The Internet Group Management Protocol IGMP can be configured on the Switch on a per IP interface basis Each IP interface configured on the Switch is displayed in the below IGMP Interface Settings window To view the following window click L3 Features IP Multicast Routing Protocol IGMP IGMP Inte...

Page 220: ...ault setting is 2 Last Member Query Interval 1 25 Enter a value between 1 and 25 to specify the maximum amount of time between group specific query messages including those sent in response to leave group messages The default is 1 second Click the Back button to return to the previous window Click the Apply button to accept the changes made IGMP Check Subscriber Source Network Settings This window...

Page 221: ...he dynamic IGMP groups on the Switch To view the following window click L3 Features IP Multicast Routing Protocol IGMP IGMP Group Table as shown below Figure 6 56 IGMP Group Table window The fields that can be configured are described below Parameter Description Interface Name Enter the IP interface name used for this configuration Multicast Group Enter the multicast group IP address Click the Fin...

Page 222: ...ormation is forwarded by a distance vector algorithm propagation is slow DVMRP is optimized for high delay high latency relatively low bandwidth networks and can be considered as a best effort multicasting protocol DVMRP resembles the Routing Information Protocol RIP but is extended for multicast delivery DVMRP builds a routing table to calculate shortest paths back to the source of a multicast me...

Page 223: ...VMRP to search for a specific entry This must be a previously defined IP interface Click the Apply button to accept the changes made Click the Find button to find the interface entered Click the View All button to view all the interfaces configured on this switch Click the Edit button to re configure the specific entry DVMRP Routing Table This window is used to display DVMRP routing table on the S...

Page 224: ...ic entry based on the information entered Click the View All button to view all the interfaces configured on this switch DVMRP Routing Next Hop Table This window is used to display DVMRP routing next hop table on the Switch To view the following window click L3 Features IP Multicast Routing Protocol DVMRP DVMRP Routing Next Hop Table as shown below Figure 6 62 DVMRP Routing Next Hop Table window T...

Page 225: ...rap Messages BSM All PIM SM Routers will get the RP information from the Boot Strap Mechanism and then store it in their database Discovering and Joining the Multicast Group Although Hello packets discover PIM SM routers these routers can only join or be pruned from a multicast group through the use of Join Prune Messages exchanged between the DR and RP Join Prune Messages are packets relayed betw...

Page 226: ... routers to remove branches from the multicast delivery tree that do not contain multicast group members PIM DM has no explicit join messages It relies upon periodic flooding of multicast messages to all interfaces and then either waiting for a timer to expire the Join Prune Interval or for the downstream routers to transmit explicit prune messages indicating that there are no multicast members on...

Page 227: ...the RP replies with a Register stop message it will wait for the time configured here to send out another register message to the RP The user may set a time between 3 and 255 with a default setting of 60 seconds Last Hop SPT Switchover The drop down menu is used by the last hop router to decide whether to receive multicast data from the shared tree or switch over to the shortest path tree When the...

Page 228: ...rity 0 4294967294 Enter the priority of this IP interface to become the Designated Router for the multiple access network The user may enter a DR priority between 0 and 4 294 967 294 with a default setting of 1 Mode Use the drop down menu to select the type of PIM protocol to use Sparse Mode SM Dense Mode DM or Sparse Dense Mode SM DM The default setting is DM State Use the drop down menu to enabl...

Page 229: ...etting is 60 seconds Interface name Enter the interface name Click the Apply button to accept the changes made Click the Find button to locate a specific entry based on the information entered Click the View All button to view all the interfaces configured on this switch Click the Edit button to configure the specific BSR priority After clicking the Edit button the following page with be displayed...

Page 230: ...here is a tie for the highest priority the router having the higher IP address will become the RP The user may set a priority between 0 and 255 with a default setting of 192 Candidate RP Wildcard Prefix Count 0 1 The user may set the Prefix Count value of the wildcard group address here by choosing a value between 0 and 1 with a default setting of 0 IP Address Enter the IP address of the device to...

Page 231: ...iew the following window click L3 Features IP Multicast Routing Protocol PIM PIM for IPv4 PIM Register Checksum Settings as shown below Figure 6 70 PIM Register Checksum Settings window The fields that can be configured are described below Parameter Description RP Address Enter the IP address of the RP for which the data part will be included when calculating checksum for registering packets to th...

Page 232: ...w Enter a page number and click the Go button to navigate to a specific page when multiple pages exist PIM RP Set Table This window is used to display a list of all the RP Set information To view the following window click L3 Features IP Multicast Routing Protocol PIM PIM for IPv4 PIM RP Set Table as shown below Figure 6 73 PIM RP Set Table window Enter a page number and click the Go button to nav...

Page 233: ...col that will assign a responsibility for a virtual router to one of the VRRP routers on the LAN When a virtual router fails the election protocol will select a virtual router with the highest priority to be the Master router on the LAN This retains the link and the connection is kept alive regardless of the point of failure To configure VRRP for virtual routers on the Switch an IP interface must ...

Page 234: ...ll increase the probability that this router will become the backup router VRRP routers that are assigned the same priority value will elect the highest physical IP address as the Master router Critical IP Address Specifies an IP address of the physical device that will provide the most direct route to the Internet or other critical network connections from this virtual router This must be a real ...

Page 235: ...ddress Options to choose from are Enabled and Disabled VRID Specifies the ID of the Virtual Router used All routers participating in this group must be assigned the same VRID value This value must be different from other VRRP groups set on the Switch State Specifies the state of the virtual router function of the interface Advertisement Interval Specifies the time interval used between sending adv...

Page 236: ...pecifies the authentication data used in the Simple and IP authentication algorithm This entry must be consistent with all routers participating in the same IP interface Simple Simple will require the user to enter an alphanumeric string of no more than eight characters to identify VRRP packets received by a router IP IP will require the user to enter an alphanumeric string of no more than sixteen...

Page 237: ...essage Digest which is in turn used to authenticate OSPF packets within the OSPF routing domain Click the Add button to add a new Key ID with its corresponding password Click the Find button to search for the Key ID entered Click the View All button to view all the entries Click the Edit button to re configure a specific entry listed Click the Delete button to remove a specific entry listed ...

Page 238: ...amine the header of a packet to see if it has the proper identifying tag Then the user may forward these tagged packets to designated classes of service on the Switch where they will be emptied based on priority For example let s say a user wishes to have a video conference between two remotely set computers The administrator can add priority tags to the video packets being sent out utilizing the ...

Page 239: ...inue processing the packets from this CoS until there are no more packets for this CoS The other CoS queues that have been given a nonzero value and depending upon the weight will follow a common weighted round robin scheme Remember that the Switch has eight configurable priority queues and eight Classes of Service for each port on the Switch NOTICE The Switch contains eight classes of service for...

Page 240: ... Priority Specifies the priority value that will be applied to the selected ports Options to choose from are between 0 and 7 Click the Apply button to accept the changes made 802 1p User Priority Settings The Switch allows the assignment of a class of service to each of the 802 1p priorities To view the following window click QoS 802 1p Settings 802 1p User Priority Settings as shown below Figure ...

Page 241: ...place a ceiling on the transmitting and receiving data rates for any selected port Bandwidth Control Settings The Effective RX TX Rate refers to the actual bandwidth of the switch port if it does not match the configured rate This usually means that the bandwidth has been assigned by a higher priority resource such as a RADIUS server To view the following window click QoS Bandwidth Control Bandwid...

Page 242: ... Settings To view the following window click QoS Bandwidth Control Queue Bandwidth Control Settings as shown below Figure 7 5 Queue Bandwidth Control Settings window The fields that can be configured are described below Parameter Description From Port To Port Here the user can select the port range to use for this configuration From CoS To CoS Here the user can select the queue range to use for th...

Page 243: ...d is only viable for Broadcast and Multicast storms because the chip only has counters for these two types of packets Once a storm has been detected that is once the packet threshold set below has been exceeded the Switch will shut down the port to all incoming traffic with the exception of STP BPDU packets for a time period specified using the Count Down parameter If a Time Interval parameter tim...

Page 244: ...ast and Broadcast packet counts sent from the Switch s chip to the Traffic Control function These packet counts are the determining factor in deciding when incoming packets exceed the Threshold value The Time Interval may be set between 5 and 30 seconds with a default setting of 5 seconds Threshold 0 255000 Specifies the maximum number of packets per second that will trigger the Traffic Control fu...

Page 245: ...hat can be configured are described below Parameter Description From Port To Port Here the user can select a range of port to configure State Enable disable to trust DSCP By default DSCP trust is disabled Click the Apply button to accept the changes made DSCP Map Settings The mapping of DSCP to queue will be used to determine the priority of the packet which will be then used to determine the sche...

Page 246: ...hat can be configured are described below Parameter Description DSCP Map Here the user can select one of two options DSCP Priority Specifies a list of DSCP values to be mapped to a specific priority DSCP DSCP Specifies a list of DSCP value to be mapped to a specific DSCP DSCP List Here the user can enter a DSCP List value Priority Here the user can select a Priority value DSCP 0 63 Enter a DSCP va...

Page 247: ...d are described below Parameter Description HOL Blocking Prevention Global Settings Here the user can enable of disable the HOL blocking prevention global settings Click the Apply button to accept the changes made Scheduling Settings Scheduling Profile Settings Changing the output scheduling used for the hardware queues in the Switch can customize the QoS As with any changes to the QoS implementat...

Page 248: ...erate in strict mode The highest class of service is the first to process traffic That is the highest class of service will finish before other queues empty Weight Specifies the weights for weighted round robin A value between 1 and n can be specified The queue will operate in WRR mode if port mode is WRR It will operate in strict mode if port mode is strict Determination of n is project dependent...

Page 249: ...can be configured are described below Parameter Description Profile ID Here the user can select the profile ID to configure Port List Here the user can enter the port range to configure Click the Add button to add a new entry based on the information entered Click the Delete button to remove the specific entry based on the information entered ...

Page 250: ...own below Figure 8 1 ACL Configuration Wizard window The fields that can be configured are described below Parameter Description Type Here the user can select one of three general ACL Rule types Normal Selecting this option will create a Normal ACL Rule CPU Selecting this option will create a CPU ACL Rule Egress Selecting this option will create an Egress ACL Rule Profile Name After selecting to c...

Page 251: ...is rule to UDP traffic used in this rule from the destination port only VLAN Mask Name Selecting this option will apply this rule to the VLAN name used in this rule Action Select Permit to specify that the packets that match the access profile are forwarded by the Switch according to any additional rule added see below Select Deny to specify that the packets that match the access profile are not f...

Page 252: ...how Details button to display the information of the specific profile ID entry Click the Add View Rules button to view or add ACL rules within the specified profile ID Click the Delete button to remove the specific entry Click the Show Total Entries button to view the total amount of consumed hardware entries Enter a page number and click the Go button to navigate to a specific page when multiple ...

Page 253: ...ess Destination MAC Mask Enter a MAC address mask for the destination MAC address 802 1Q VLAN Selecting this option instructs the Switch to examine the 802 1Q VLAN identifier of each packet header and use this as the full or partial criterion for forwarding 802 1p Selecting this option instructs the Switch to examine the 802 1p priority value of each packet header and use this as the or part of th...

Page 254: ...will appear Figure 8 5 Access Rule List window Ethernet ACL Click the Add Rule button to create a new ACL rule in this profile Click the Back button to return to the previous page Click the Show Details button to view more information about the specific rule created Click the Delete Rules button to remove the specific entry Enter a page number and click the Go button to navigate to a specific page...

Page 255: ... the rule being created VLAN Name Enter the VLAN name used here VLAN ID Enter the VLAN ID used here VLAN Mask Select and enter the VLAN mask value used here Source MAC Address Enter the source MAC address used here Source MAC Address Mask Select and enter the source MAC address mask used here Destination MAC Address Enter the destination MAC address used here Destination MAC Address Mask Select an...

Page 256: ...elected criteria with the value entered in the adjacent field When an ACL rule is added to change both the priority and DSCP of an IPv4 packet only one of them can be modified due to a chip limitation Currently the priority is changed when both the priority and DSCP are set to be modified This value must be between 0 and 63 Replace ToS Precedence Specifies that the IP precedence of the outgoing pa...

Page 257: ...AN identifier of each packet header and use this as the full or partial criterion for forwarding IPv4 DSCP Selecting this option instructs the Switch to examine the DiffServ Code part of each packet header and use this as the or part of the criterion for forwarding IPv4 Source IP Mask Enter an IP address mask for the source IP address IPv4 Destination IP Mask Enter an IP address mask for the desti...

Page 258: ...ynchronize fin finish Select UDP to use the UDP port number contained in an incoming packet as the forwarding criterion Selecting UDP requires that you specify a source port mask and or a destination port mask src port mask Specify a UDP port mask for the source port in hex form hex 0x0 0xffff dst port mask Specify a UDP port mask for the destination port in hex form hex 0x0 0xffff Select Protocol...

Page 259: ... clicking the Add Rule button the following page will appear Figure 8 11 Add Access Rule window IPv4 ACL The fields that can be configured are described below Parameter Description Access ID 1 1024 Enter the access ID for this rule here This ID must be between 1 and 1024 Auto Assign Select this option to instruct the Switch to automatically assign an Access ID for the rule being created VLAN Name ...

Page 260: ...on priority queues CoS queues and mapping for 802 1p see the QoS section of this manual Replace Priority Tick this check box to replace the Priority value in the adjacent field Replace DSCP 0 63 Select this option to instruct the Switch to replace the DSCP value in a packet that meets the selected criteria with the value entered in the adjacent field When an ACL rule is added to change both the pr...

Page 261: ...e window for IPv6 To use specific filtering masks in this ACL profile click on the packet filtering mask field to highlight it red This will add more filed to the mask After clicking the Add ACL Profile button the following page will appear Figure 8 13 Add ACL Profile window IPv6 ACL The fields that can be configured are described below Parameter Description Profile ID 1 1024 Here the user can ent...

Page 262: ...n IP address mask for the source IPv6 address by ticking the corresponding check box and entering the IP address mask IPv6 Destination Address The user may specify an IP address mask for the destination IPv6 address by ticking the corresponding check box and entering the IP address mask Click the Select button to select an ACL type Click the Create button to create a profile Click the Back button ...

Page 263: ...Enter the IPv6 flow label mask value used here TCP Select this option to specify that the rule will be applied to TCP traffic TCP Source Port Enter the TCP source port value used here TCP Source Port Mask Enter the TCP source port mask value used here TCP Destination Port Enter the TCP destination port value used here TCP Destination Port Mask Enter the TCP destination port mask value used here Ac...

Page 264: ...th the priority and DSCP of an IPv6 packet only one of them can be modified due to a chip limitation Currently the priority is changed when both the priority and DSCP are set to be modified Replace ToS Precedence 0 7 Specify that the IP precedence of the outgoing packet is changed with the new value If used without an action priority the packet is sent to the default TC Time Range Name Tick the ch...

Page 265: ...ine the packet content in each frame s header Packet Content Source MAC Specifies the source MAC mask Destination MAC Specifies the destination MAC mask Outer Tag Specifies the outer VLAN tag of the packet to mask This constitutes only the 12 bit VID fields Offset1 Offset2 Offset3 Offset4 Offset5 Offset6 Defines the UDF fields that the device filters Each UDF field consists of 1 byte of data which...

Page 266: ...e easily spoofed and utilized to attack a LAN i e an ARP spoofing attack For a more detailed explanation on how ARP protocol works and how to employ D Link s unique Packet Content ACL to prevent ARP spoofing attack please see Appendix E at the end of this manual After clicking the Add View Rules button the following page will appear Figure 8 20 Access Rule List window Packet Content ACL Click the ...

Page 267: ...used here Mask Enter the destination MAC address mask used here Outer Tag Enter the outer VLAN tag of the packet to mask This constitutes only the 12 bit VID fields Mask Enter the outer tag mask value used here Offset1 6 Enter the data to match for each UDF data field defined in the profile here Mask Enter the offset mask value used here Action Select Permit to specify that the packets that match ...

Page 268: ... chip limitation Currently the priority is changed when both the priority and DSCP are set to be modified Replace ToS Precedence 0 7 Specify that the IP precedence of the outgoing packet is changed with the new value If used without an action priority the packet is sent to the default TC Time Range Name Tick the check box and enter the name of the Time Range settings that has been previously confi...

Page 269: ...of a frame the Switch will examine such as the MAC source address or the IP destination address The second part is entering the criteria the Switch will use to determine what to do with the frame The entire process is described below Users may globally enable or disable the CPU Interface Filtering State mechanism by using the radio buttons to change the running state Choose Enabled to enable CPU p...

Page 270: ... instruct the Switch to examine the layer 2 part of each packet header Select IPv4 to instruct the Switch to examine the IP address in each frame s header Select IPv6 to instruct the Switch to examine the IP address in each frame s header Select Packet Content Mask to specify a mask to hide the content of the packet header Source MAC Mask Enter a MAC address mask for the source MAC address Destina...

Page 271: ...w Rules button the following page will appear Figure 8 26 CPU Access Rule List window Ethernet ACL Click the Add Rule button to create a new CPU ACL rule in this profile Click the Back button to return to the previous page Click the Show Details button to view more information about the specific rule created Click the Delete Rules button to remove the specific entry Enter a page number and click t...

Page 272: ...e VLAN mask value used here Source MAC Address Enter the source MAC address used here Source MAC Address Mask Select and enter the source MAC address mask used here Destination MAC Address Enter the destination MAC address used here Destination MAC Address Mask Select and enter the destination MAC address mask used here 802 1p Enter the 802 1p priority tag value used here This value must be betwee...

Page 273: ...orts used for this configuration here Click the Apply button to accept the changes made Click the Back button to discard the changes made and return to the previous page After clicking the Show Details button in the CPU Access Rule List the following page will appear Figure 8 28 CPU Access Rule Detail Information window Ethernet ACL Click the Show All Rules button to navigate back to the CPU Acces...

Page 274: ...ch to examine the VLAN part of each packet header and use this as the or part of the criterion for forwarding IPv4 DSCP Selecting this option instructs the Switch to examine the DiffServ Code part of each packet header and use this as the or part of the criterion for forwarding Source IP Mask Enter an IP address mask for the source IP address Destination IP Mask Enter an IP address mask for the de...

Page 275: ...a source port mask and or a destination port mask src port mask Specify a UDP port mask for the source port in hex form hex 0x0 0xffff dst port mask Specify a UDP port mask for the destination port in hex form hex 0x0 0xffff Select Protocol ID Enter a value defining the protocol ID in the packet header to mask Specify the protocol ID mask in hex form hex 0x0 0xff Protocol ID Mask Specify that the ...

Page 276: ...e described below Parameter Description Access ID 1 100 Type in a unique identifier number for this access This value can be set from 1 to 100 VLAN Name Enter the VLAN name used here VLAN ID Enter the VLAN ID used here VLAN Mask Select and enter the VLAN mask value used here Source IP Address Enter the source IP address used here Source IP Address Mask Select and enter the source IP address mask u...

Page 277: ...nge Settings window This will set specific times when this access rule will be implemented on the Switch Ports Enter the list of ports used for this configuration here Click the Apply button to accept the changes made Click the Back button to discard the changes made and return to the previous page After clicking the Show Details button in the CPU Access Rule List the following page will appear Fi...

Page 278: ...ss field is a part of the packet header that is similar to the Type of Service ToS or Precedence bits field in IPv4 IPv6 Flow Label Checking this field will instruct the Switch to examine the flow label field of the IPv6 header This flow label field is used by a source to label sequences of packets such as non default quality of service or real time service packets IPv6 TCP Source Port Mask Specif...

Page 279: ...w Rules button the following page will appear Figure 8 36 CPU Access Rule List window IPv6 ACL Click the Add Rule button to create a new CPU ACL rule in this profile Click the Back button to return to the previous page Click the Show Details button to view more information about the specific rule created Click the Delete Rules button to remove the specific entry Enter a page number and click the G...

Page 280: ...are not forwarded by the Switch and will be filtered Flow Label Configuring this field in hex form will instruct the Switch to examine the flow label field of the IPv6 header This flow label field is used by a source to label sequences of packets such as non default quality of service or real time service packets Time Range Name Tick the check box and enter the name of the Time Range settings that...

Page 281: ...n the following page will appear Figure 8 39 Add CPU ACL Profile window Packet Content ACL The fields that can be configured are described below Parameter Description Profile ID 1 6 Here the user can enter a unique identifier number for this profile set This value can be set from 1 to6 Select ACL Type Select profile based on Ethernet MAC Address IPv4 address IPv6 address or packet content mask Thi...

Page 282: ...pe Click the Create button to create a profile Click the Back button to discard the changes made and return to the previous page After clicking the Show Details button the following page will appear Figure 8 40 CPU Access Profile Detail Information window Packet Content ACL Click the Show All Profiles button to navigate back to the CPU ACL Profile List Page After clicking the Add View Rules button...

Page 283: ...form to mask the packet from byte 48 to byte 63 Offset 64 79 Enter a value in hex form to mask the packet from byte 64 to byte 79 Action Select Permit to specify that the packets that match the access profile are forwarded by the Switch according to any additional rule added see below Select Deny to specify that the packets that match the access profile are not forwarded by the Switch and will be ...

Page 284: ...rofile ID for the ACL rule finder to identify the rule Port Here the user can enter the port number for the ACL rule finder to identify the rule State Here the user can select the state If the state is set to Normal then it will allows the user to find normal ACL rules If the state is set to CPU then it allows the user to find CPU ACL rules If the state is set to Egress then it will allow the user...

Page 285: ... but not the EBS its marked yellow and if it exceeds the EBS its marked red CBS Committed Burst Size Measured in bytes the CBS is associated with the CIR and is used to identify packets that exceed the normal boundaries of packet size The CBS should be configured to accept the biggest IP packet that is expected in the IP flow EBS Excess Burst Size Measured in bytes the EBS is associated with the C...

Page 286: ...ay the information of the specific entry Click the Delete button to remove the specific entry After clicking the Add or the Modify button the following page will appear Figure 8 46 ACL Flow Meter Configuration window The fields that can be configured are described below Parameter Description Profile ID 1 1024 Here the user can enter the Profile ID for the flow meter Profile Name Here the user can ...

Page 287: ...ameter and entering the DSCP value to replace Counter Use this parameter to enable or disable the packet counter for the specified ACL entry in the green flow Un conform This changes the DSCP of an un conforming yellow or red packet Replace DSCP Packets that are in the yellow and red flow may have their DSCP field rewritten using this parameter and entering the DSCP value to replace Exceed This fi...

Page 288: ...ist window Adding an Ethernet ACL Profile The window shown below is the Add Egress ACL Profile window for Ethernet To use specific filtering masks in this egress ACL profile click the packet filtering mask field to highlight it red This will add more filed to the mask After clicking the Add Egress ACL button the following page will appear Figure 8 49 Add Egress ACL Profile window Ethernet ACL The ...

Page 289: ... header and use this as the or part of the criterion for forwarding Ethernet Type Selecting this option instructs the Switch to examine the Ethernet type value in each frame s header Click the Select button to select an ACL type Click the Back button to discard the changes made and return to the previous page Click the Create button to create a profile After clicking the Show Details button the fo...

Page 290: ...cess ID for the rule being created VLAN Name Enter the VLAN name used here VLAN ID Enter the VLAN ID used here VLAN Mask Select and enter the VLAN mask value used here Source MAC Address Enter the source MAC address used here Source MAC Address Mask Select and enter the source MAC address mask used here Destination MAC Address Enter the destination MAC address used here Destination MAC Address Mas...

Page 291: ...anged when both the priority and DSCP are set to be modified Time Range Name Tick the check box and enter the name of the Time Range settings that has been previously configured in the Time Range Settings window This will set specific times when this access rule will be implemented on the Switch Counter Here the user can select the counter By checking the counter the administrator can see how many...

Page 292: ...the Switch to examine the 802 1Q VLAN identifier of each packet header and use this as the full or partial criterion for forwarding IPv4 DSCP Selecting this option instructs the Switch to examine the DiffServ Code part of each packet header and use this as the or part of the criterion for forwarding IPv4 Source IP Mask Enter an IP address mask for the source IP address IPv4 Destination IP Mask Ent...

Page 293: ...in finish Select UDP to use the UDP port number contained in an incoming packet as the forwarding criterion Selecting UDP requires that you specify a source port mask and or a destination port mask src port mask Specify a UDP port mask for the source port in hex form hex 0x0 0xffff dst port mask Specify a UDP port mask for the destination port in hex form hex 0x0 0xffff Select Protocol ID Enter a ...

Page 294: ...cking the Add Rule button the following page will appear Figure 8 57 Add Egress Access Rule IPv4 ACL The fields that can be configured are described below Parameter Description Access ID 1 500 Type in a unique identifier number for this access This value can be set from 1 to 500 Auto Assign Tick the check box will instruct the Switch to automatically assign an Access ID for the rule being created ...

Page 295: ...arded by the Switch For more information on priority queues CoS queues and mapping for 802 1p see the QoS section of this manual Replace DSCP 0 63 Select this option to instruct the Switch to replace the DSCP value in a packet that meets the selected criteria with the value entered in the adjacent field When an ACL rule is added to change both the priority and DSCP of an IPv4 packet only one of th...

Page 296: ... To use specific filtering masks in this egress ACL profile click the packet filtering mask field to highlight it red This will add more filed to the mask After clicking the Add Egress ACL button the following page will appear Figure 8 59 Add Egress ACL Profile window IPv6 ACL The fields that can be configured are described below Parameter Description Profile ID 1 500 Enter a unique identifier num...

Page 297: ...6 address mask e g FFFF FFFF FFFF IPv6 Destination Mask The user may specify an IPv6 address mask for the destination IPv6 address by ticking the corresponding check box and entering the IPv6 address mask e g FFFF FFFF FFFF Click the Select button to select an ACL type Click the Back button to discard the changes made and return to the previous page Click the Create button to create a profile Afte...

Page 298: ...t Mask 0 FFFF Enter the IPv6 TCP source port mask here TCP Destination Port 0 65535 Enter the value of the IPv6 layer 4 TCP destination port TCP Destination Port Mask 0 FFFF Enter the IPv6 TCP destination port mask here Action Select Permit to specify that the packets that match the access profile are forwarded by the Switch according to any additional rule added see below Select Deny to specify t...

Page 299: ...eviously configured in the Time Range Settings window This will set specific times when this access rule will be implemented on the Switch Counter Here the user can select the counter By checking the counter the administrator can see how many times that the rule was hit Ports Specify a port number to apply to the access rule VLAN Name Specify the VLAN name to apply to the access rule VLAN ID Speci...

Page 300: ... information of the specific entry Click the Delete button to remove the specific entry After clicking the Add or Modify button the following page will appear Figure 8 65 Egress ACL Flow Meter Configuration window The fields that can be configured are described below Parameter Description Profile ID 1 500 Enter the Profile ID for the flow meter Profile Name Enter the Profile Name for the flow mete...

Page 301: ... Layer 3 Managed Ethernet Switch Web UI Reference Guide 288 After clicking the View button the following page will appear Figure 8 66 Egress ACL Flow meter Display window Click the Back button to return to the previous page ...

Page 302: ...pecified Local Area Network by using a Client and Server based access control model This is accomplished by using a RADIUS server to authenticate users trying to access a network by relaying Extensible Authentication Protocol over LAN EAPOL packets between the Client and the Server The following figure represents a basic EAPOL packet Figure 9 1 EAPOL Packet window Utilizing this method unauthorize...

Page 303: ... information from the Client through EAPOL packets which is the only information allowed to pass through the Authenticator before access is granted to the Client The second purpose of the Authenticator is to verify the information gathered from the Client with the Authentication Server and to then relay that information back to the Client Figure 9 4 Authenticator window Three steps must be impleme...

Page 304: ...em in a list Each MAC address must be authenticated by the Switch using a remote RADIUS server before being allowed access to the Network Understanding 802 1X Port based and Host based Network Access Control The original intent behind the development of 802 1X was to leverage the characteristics of point to point in LANs As any single LAN segment in such infrastructures has no more than two device...

Page 305: ...ibed below Parameter Description Authentication Mode Choose the 802 1X authenticator mode Disabled Port based or MAC based Authentication Protocol Choose the authenticator protocol Local or RADIUS EAP Forward EAPOL PDU This is a global setting to control the forwarding of EAPOL PDU When 802 1X functionality is disabled globally or for a port and if 802 1X forward PDU is enabled both globally and f...

Page 306: ...he client before it times out of the authentication sessions The default setting is 2 TxPeriod 1 65535 This sets the TxPeriod of time for the authenticator PAE state machine This value determines the period of an EAP Request Identity packet transmitted to the client The default setting is 30 seconds ReAuthPeriod 1 65535 A constant that defines a nonzero number of seconds between periodic re authen...

Page 307: ...gh the port the user selected in the first field Forward EAPOL PDU This is a global setting to control the forwarding of EAPOL PDU When 802 1X functionality is disabled globally or for a port and if 802 1X forward PDU is enabled both globally and for the port a received EAPOL packet on the port will be flooded in the same VLAN to those ports for which 802 1X forward PDU is enabled and 802 1X is di...

Page 308: ...y a remote RADIUS Server or local authentication on the Switch to be placed in a fully operational VLAN Figure 9 12 Guest VLAN window If authenticated and the authenticator possess the VLAN placement information that client will be accepted into the fully operational target VLAN and normal switch functions will be open to the client If the authenticator does not have target VLAN placement informat...

Page 309: ...ow Figure 9 14 Authenticator State window The fields that can be configured are described below Parameter Description Port Use the drop down menu to select a port to display Click the Find button to locate a specific entry based on the information entered Click the Refresh button to refresh the display table so that new entries will appear NOTE The user must first globally enable Authentication Mo...

Page 310: ...o display Click the Apply button to accept the changes made NOTE The user must first globally enable Authentication Mode in the Error Reference source not found window before initializing ports Information in this window cannot be viewed before enabling the authentication mode for either Port based or MAC based Authenticator Session Statistics This window is used to display the authenticator sessi...

Page 311: ...r Description Port Use the drop down menu to select a port to display Click the Apply button to accept the changes made NOTE The user must first globally enable Authentication Mode in the Error Reference source not found window before initializing ports Information in this window cannot be viewed before enabling the authentication mode for either Port based or MAC based Authenticator Diagnostics T...

Page 312: ...low Parameter Description Port Use the drop down menu to select a port to display Click the Apply button to accept the changes made NOTE The user must first globally enable Authentication Mode in the Error Reference source not found window before initializing ports Information in this window cannot be viewed before enabling the authentication mode for either Port based or MAC based Initialize Port...

Page 313: ...Click the Apply button to accept the changes made NOTE The user must first globally enable Authentication Mode in the Error Reference source not found window before initializing ports Information in this window cannot be viewed before enabling the authentication mode for either Port based or MAC based Reauthenticate Port s This window is used to re authenticate the device connected with the ports ...

Page 314: ...wing window click Security RADIUS Authentication RADIUS Server Settings as shown below Figure 9 25 Authentication RADIUS Server Settings window The fields that can be configured are described below Parameter Description Index Choose the desired RADIUS server to configure 1 2 or 3 and select the IPv4 Address or IPv6 Address IPv4 Address Set the RADIUS server IPv4 address IPv6 Address Set the RADIUS...

Page 315: ...bed below Parameter Description Network When enabled the Switch will send informational packets to a remote RADIUS server when 802 1X WAC and JWAC port access control events occur on the Switch Shell When enabled the Switch will send informational packets to a remote RADIUS server when a user either logs in logs out or times out on the Switch using the console Telnet or SSH System When enabled the...

Page 316: ...r of RADIUS Access Request packets retransmitted to this RADIUS authentication server AccessAccepts The number of RADIUS Access Accept packets valid or invalid received from this server AccessRejects The number of RADIUS Access Reject packets valid or invalid received from this server AccessChallenges The number of RADIUS Access Challenge packets valid or invalid received from this server AccessRe...

Page 317: ...ed to each RADIUS Accounting server that the client shares a secret with InvalidServerAddr The number of RADIUS Accounting Response packets received from unknown addresses Identifier The NAS Identifier of the RADIUS accounting client ServerAddr The conceptual table listing the RADIUS accounting servers with which the client shares a secret ServerPortNumber The UDP port the client is using to send ...

Page 318: ...ing these two address types together allows the transmission of data between the layers The primary purpose of IP MAC port binding is to restrict the access to a switch to a number of authorized users Authorized clients can access a switch s port by either checking the pair of IP MAC addresses with the pre configured database or if DHCP snooping has been enabled in which case the switch will autom...

Page 319: ...e or disable enable ND snooping on the Switch The default is Disabled Recover Learning Ports Enter the port numbers used to recover the learning port state Tick the All check box to apply to all ports Click the Apply button to accept the changes made for each individual section IMPB Port Settings Select a port or a range of ports with the From Port and To Port fields Enable or disable the port wit...

Page 320: ...s and IP broadcast packets by IP MAC port binding entries When the packet is found by the entry the MAC address will be set to dynamic state If the packet is not found by the entry the MAC address will be set to block Other packets will be bypassed Zero IP Use the pull down menu to enable or disable this feature Allow zero IP configures the state which allows ARP packets with 0 0 0 0 source IP to ...

Page 321: ...he Delete button to remove the specified entry Enter a page number and click the Go button to navigate to a specific page when multiple pages exist MAC Block List This table is used to view unauthorized devices that have been blocked by IP MAC binding restrictions To view the following window click Security IP MAC Port Binding IMPB MAC Block List as shown below Figure 9 32 MAC Block List window Th...

Page 322: ...ned entries Maximum IPv6 Entry 1 50 Enter the maximum entry value for IPv6 DHCP Snooping Tick the No Limit check box to have unlimited maximum number of the learned entries Click the Apply button to accept the changes made DHCP Snooping Entry This table is used to view dynamic entries on specific ports To view particular port settings enter the port number and click Find To view all entries click ...

Page 323: ...ntered in the fields Click the View All button to display all the existing entries ND Snooping ND Snooping Maximum Entry Settings Users can configure the maximum ND Snooping entry for ports on this page To view this window click Security IP MAC Port Binding IMPB ND Snooping ND Snooping Maximum Entry Settings as shown below Figure 9 35 ND Snooping Maximum Entry Settings window The fields that can b...

Page 324: ...ated before being granted access to a network Both local authentication and remote RADIUS server authentication methods are supported In MAC based access control MAC user information in a local database or a RADIUS server database is searched for authentication Following the authentication result users achieve different levels of authorization Notes about MAC based access control There are certain...

Page 325: ... The user may choose between the following methods Local Use this method to utilize the locally set MAC address database as the authenticator for MAC based access control This MAC address list can be configured in the MAC based access control Local Database Settings window RADIUS Use this method to utilize a remote RADIUS server as the authenticator for MAC based access control Remember the MAC li...

Page 326: ...ch Once a queried MAC address is matched in this window it will be placed in the VLAN associated with it here The Switch administrator may enter up to 128 MAC addresses to be authenticated using the local method configured here To view the following window click Security MAC based Access Control MAC MAC based Access Control Local Settings as shown below Figure 9 38 MAC based Access Control Local S...

Page 327: ...xisting hosts Click the Clear All hosts button to clear out all the existing hosts Web based Access Control WAC Web based Authentication Login is a feature designed to authenticate a user when the user is trying to access the Internet via the Switch The authentication process uses the HTTP protocol The Switch enters the authenticating stage when users attempt to browse Web pages e g http www dlink...

Page 328: ...ication work properly the user of the PC should add the virtual IP to the exception of the proxy configuration Whether or not a virtual IP is specified users can access the WAC pages through the Switch s system IP When a virtual IP is not specified the authenticating Web request will be redirected to the Switch s system IP The Switch s implementation of WAC features a user defined port number that...

Page 329: ...Settings seen below RADIUS Choose this parameter to use a remote RADIUS server as the authenticating method for users trying to access the network via the switch This RADIUS server must have already been pre assigned by the administrator using the Authentication RADIUS Server Settings window Security RADIUS Authentication RADIUS Server Settings Redirection Path Enter the URL of the website that au...

Page 330: ... the password the administrator has chosen for the selected user This field is case sensitive and must be a complete alphanumeric string This field is for administrators who have selected Local as their Web based authenticator Confirm Password Retype the password entered in the previous field Click the Apply button to accept the changes made Click the Delete All button to remove all the entries li...

Page 331: ...own menu to enable the configured ports as WAC ports Idle Time 1 1440 If there is no traffic during the Idle Time parameter the host will be moved back to the unauthenticated state Enter a value between 0 and 1440 minutes A value of 0 indicates the Idle state of the authenticated host on the port will never be checked The default value is infinite Block Time 0 300 This parameter is the period of t...

Page 332: ...d Click the View All Hosts button to display all the existing entries Click the Clear All Hosts button to remove all the entries listed Japanese Web based Access Control JWAC JWAC Global Settings Users can enable and configure Japanese Web based Access Control on the Switch JWAC and Web Authentication are mutually exclusive functions That is they cannot be enabled at the same time To use the JWAC ...

Page 333: ...enticating process Forcible Logout This parameter enables or disables JWAC Forcible Logout When Forcible Logout is Enabled a Ping packet from an authenticated host to the JWAC Switch with TTL 1 will be regarded as a logout request and the host will move back to the unauthenticated state Authentication Protocol This parameter specifies the RADIUS protocol used by JWAC to complete a RADIUS authentic...

Page 334: ...okay If the Switch detects no Quarantine Server it will redirect all unauthenticated HTTP access attempts to the JWAC Login Page forcibly if the Redirect is enabled and the Redirect Destination is configured to be a Quarantine Server URL This parameter specifies the JWAC Quarantine Server URL If the Redirect is enabled and the Redirect Destination is the Quarantine Server when an unauthenticated h...

Page 335: ...40 minutes Tick the Infinite check box to indicate the authenticated host will never age out on the port The default value is 1440 minutes 24 hours Block Time 0 300 This parameter is the period of time a host will be blocked if it fails to pass authentication Enter a value between 0 and 300 seconds The default value is 60 Idle Time 1 1440 If there is no traffic during the Idle Time parameter the h...

Page 336: ...094 Enter a VLAN ID number between 1 and 4094 Click the Add button to add a new entry based on the information entered Click the Delete All button to remove all the entries listed Click the Edit button to re configure the specific entry Click the Delete button to remove the specific entry NOTE The Username and Password values should be less than 16 characters JWAC Authentication State Users can di...

Page 337: ...the View All Hosts button to display all the existing entries Click the Clear All Hosts button to remove all the entries listed JWAC Customize Page Language Users can configure JWAC page and language settings for the Switch The current firmware supports either English or Japanese To view the following window click Security Japanese Web based Access Control JWAC JWAC Customize Page Language as show...

Page 338: ... supported by this Switch include 802 1X MAC based access control MAC Web based Access Control WAC Japan Web based Access Control JWAC and IP MAC Port Binding IMPB The Compound Authentication feature allows clients running different authentication methods to connect to the network using the same switch port The Compound Authentication feature can be implemented using one of the following modes Any...

Page 339: ...C Mode window 802 1X IMPB Mode This mode adds an extra layer of security by checking the IP MAC Binding Port Binding IMPB table after trying one of the supported authentication methods The IMPB Table is used to create a white list that checks if the IP streams being sent by authorized hosts have been granted or not In the above diagram the Switch port has been configured to allow clients to authen...

Page 340: ...rt has been configured to allow clients to authenticate using either WAC or JWAC If the client is in the IMPB table and tries to connect to the network using either of these supported authentication methods and the client is listed in the white list for legal IP MAC port checking access will be granted If a client fails one of the authentication methods access will be denied Figure 9 57 IMPB WAC J...

Page 341: ...ite list for legal IP MAC port checking access will be granted If a client fails one of the authentication methods access will be denied Figure 9 58 MAC IMPB Mode window The Compound Authentication folder contains two windows Compound Authentication Settings Compound Authentication Guest VLAN Settings Compound Authentication Settings Users can configure Authorization Network State Settings and com...

Page 342: ... as compound authentication ports Security Mode The compound authentication method options include None Any MAC 802 1X or WAC JWAC 802 1X IMPB IMPB JWAC IMPB WAC and MAC IMPB None means all compound authentication methods are disabled Any MAC 802 WAC or JWAC If any of the authentication methods pass then access will be granted In this mode MAC 802 1X and WAC JWAC can be enabled on a port at the sa...

Page 343: ...N must be an existing static VLAN VID 1 4094 Click the button and assign a VLAN ID for a Guest VLAN The VLAN must be an existing static VLAN before this VID can be configured Port List The list of ports to be configured Alternatively tick the All check box to set every port at once Action Use the drop down menu to choose the desired operation Create VLAN Add Ports or Delete Ports Click the Apply b...

Page 344: ... This pull down menu allows the option of how the MAC address table locking will be implemented on the Switch for the selected group of ports The options are Permanent The locked addresses will only age out after the Switch has been reset DeleteOnTimeout The locked addresses will age out after the aging timer expires DeleteOnReset The locked addresses will not age out until the Switch has been res...

Page 345: ...ade and return to the previous page Port Security VLAN Settings Users can configure the maximum number of port security entries that can be learned on a specific VLAN To view the following window click Security Port Security Port Security VLAN Settings as shown below Figure 9 63 Port Security VLAN Settings window The fields that can be configured are described below Parameter Description VLAN Name...

Page 346: ...ist here to be used for the port security entry search When All is selected all the ports configured will be displayed Click the Find button to locate a specific entry based on the information entered Click the Clear button to clear all the entries based on the information entered Click the Show All button to display all the existing entries Click the Clear All button to remove all the entries lis...

Page 347: ...tion function for the ports on the switch In generally there are two states in BPDU protection function One is normal state and another is under attack state The under attack state have three modes drop block and shutdown A BPDU protection enabled port will enter an under attack state when it receives one STP BPDU packet And it will take action based on the configuration Thus BPDU protection can o...

Page 348: ...recovered automatically From Port To Port Here the user can select a range of ports to use for this configuration State Here the user can enable or disable the protection mode for a specific port Mode Specified the BPDU protection mode The default mode is shutdown Drop Drop all received BPDU packets when the port enters under attack state Block Drop all packets include BPDU and normal packets when...

Page 349: ...pback Detection State Use the radio button to enable or disable loopback detection The default is Disabled Mode Use the drop down menu to toggle between Port Based and VLAN Based Trap State Set the desired trap status None Loop Detected Loop Cleared or Both Log State Specify the state of the log for loopback detection Interval 1 32767 Set a Loopdetect Interval between 1 and 32767 seconds The defau...

Page 350: ...lect the All Ports button to select all the ports for the configuration Click the Apply button to accept the changes made NetBIOS Filtering Settings NetBIOS is an application programming interface providing a set of functions that applications use to communicate across networks NetBEUI the NetBIOS Enhanced User Interface was created as a data link layer frame structure for NetBIOS A simple mechani...

Page 351: ...n one or more DHCP servers are present on the network and both provide DHCP services to different distinct groups of clients The first time the DHCP filter is enabled it will create both an access profile entry and an access rule per port entry it will also create other access rules These rules are used to block all DHCP server packets In addition to a permit DHCP entry it will also create one acc...

Page 352: ...e an illegal server log suppress duration of 1 minute 5 minutes or 30 minutes From Port To Port A Select a range of ports to be configured State Choose Enabled to enable the DHCP server screening or Disabled to disable it The default is Disabled Click the Apply button to accept the changes made for each individual section DHCP Offer Permit Entry Settings Users can add or delete permit entries on t...

Page 353: ... protocol with the ability to provide more types of authentication requests and more types of response codes than TACACS This protocol also uses UDP to transmit packets TACACS Terminal Access Controller Access Control System plus Provides detailed access control for authentication for network devices TACACS is facilitated through Authentication commands via one or more centralized servers The TACA...

Page 354: ...nd are not compatible The Switch and the server must be configured exactly the same using the same protocol For example if the Switch is set up for TACACS authentication so must be the host server Enable Admin Users who have logged on to the Switch on the normal user level and wish to be promoted to the administrator level can use this window After logging on to the Switch users will have only use...

Page 355: ...tting is 3 Click the Apply button to accept the changes made Application Authentication Settings Users can configure Switch configuration applications console Telnet SSH web for login at the user level and at the administration level Enable Admin utilizing a previously configured method list To view the following window click Security Access Authentication Control Application Authentication Settin...

Page 356: ...server group by protocol or by previously defined server group The Switch has four built in Authentication Server Groups that cannot be removed but can be modified Up to eight authentication server hosts may be added to any particular group To view the following window click Security Access Authentication Control Authentication Server Group Settings as shown below Figure 9 75 Authentication Server...

Page 357: ... three built in server groups can only have server hosts running the same TACACS daemon TACACS XTACACS TACACS protocols are separate entities and are not compatible with each other Authentication Server Settings User defined Authentication Server Hosts for the TACACS XTACACS TACACS RADIUS security protocols can be set on the Switch When a user attempts to access the Switch with Authentication Poli...

Page 358: ...nd Click the Apply button to accept the changes made Click the Edit button to re configure the specified entry Click the Delete button to remove the specified entry NOTE More than one authentication protocol can be run on the same physical server host but remember that TACACS XTACACS TACACS are separate entities and are not compatible with each other Login Method Lists Settings User defined or def...

Page 359: ...t the changes made Click the Edit button to re configure the specific entry Click the Delete button to remove a Login Method List defined by the user Enable Method Lists Settings Users can set up Method Lists to promote users with user level privileges to Administrator Admin level privileges using authentication methods on the Switch Once a user acquires normal user level privileges on the Switch ...

Page 360: ...tion needed to access the Switch radius Adding this parameter will require the user to be authenticated using the RADIUS protocol from a remote RADIUS server tacacs Adding this parameter will require the user to be authenticated using the TACACS protocol from a remote TACACS server xtacacs Adding this parameter will require the user to be authenticated using the XTACACS protocol from a remote XTAC...

Page 361: ...vel 2 Encryption The second part of the cipher suite that includes the encryption used for encrypting the messages sent between client and host The Switch supports two types of cryptology algorithms Stream Ciphers There are two types of stream ciphers on the Switch RC4 with 40 bit keys and RC4 with 128 bit keys These keys are used to encrypt messages and need to be consistent between client and ho...

Page 362: ...ontains information on the owner keys for authentication and digital signatures Both the server and the client must have consistent certificate files for optimal use of the SSL function The Switch only supports certificate files with der file extensions Currently the Switch comes with a certificate pre loaded though the user may need to download more depending on user circumstances To view the fol...

Page 363: ...to be configured using the command line interface NOTE Enabling the SSL command will disable the web based switch management To log on to the Switch again the header of the URL must begin with https Entering anything else into the address field of the web browser will result in an error and no authentication will be granted SSH SSH is an abbreviation of Secure Shell which is a program allowing sec...

Page 364: ... a user may try to log on to the SSH Server utilizing the SSH authentication After the maximum number of attempts has been exceeded the Switch will be disconnected and the user must reconnect to the Switch to attempt another login The number of maximum attempts may be set between 2 and 20 The default setting is 2 Rekey Timeout This field is used to set the time period that the Switch will change t...

Page 365: ... check box to enable or disable the Triple Data Encryption Standard encryption algorithm with Cipher Block Chaining The default is enabled AES128 CBC Use the check box to enable or disable the Advanced Encryption Standard AES128 encryption algorithm with Cipher Block Chaining The default is enabled AES192 CBC Use the check box to enable or disable the Advanced Encryption Standard AES192 encryption...

Page 366: ...or users attempting to access the Switch through SSH In the window above the User Account username has been previously set using the User Accounts window in the Configuration folder A User Account MUST be set in order to set the parameters for the SSH user To view the following window click Security SSH SSH User Authentication Lists as shown below Figure 9 84 SSH User Authentication Lists window T...

Page 367: ...a User Account must be previously configured Trusted Host Settings Up to ten trusted host secure IP addresses or ranges may be configured and used for remote Switch management It should be noted that if one or more trusted hosts are enabled the Switch will immediately accept remote instructions from only the specified IP address or addresses If you enable this feature be sure to first enter the IP...

Page 368: ...hen the Switch either a receives too many packets to process or b exerts too much memory it will enter the Exhausted mode When in this mode the Switch will drop all ARP and IP broadcast packets and packets from un trusted IP addresses for a calculated time interval Every five seconds the Safeguard Engine will check to see if there are too many packets flooding the Switch If the threshold has been ...

Page 369: ...scribed below Parameter Description Safeguard Engine State Use the radio button to globally enable or disable Safeguard Engine settings for the Switch Rising Threshold 20 100 Used to configure the acceptable level of CPU utilization before the Safeguard Engine mechanism is enabled Once the CPU utilization reaches this percentage level the Switch will move into Exhausted mode based on the parameter...

Page 370: ...ick Network Application DHCP DHCP Relay DHCP Relay Global Settings as shown below Figure 10 1 DHCP Relay Global Settings window The fields that can be configured are described below Parameter Description DHCP Relay State This field can be toggled between Enabled and Disabled using the pull down menu It is used to enable or disable the DHCP Relay service on the Switch The default is Disabled DHCP R...

Page 371: ... received from DHCP servers the relay agent will drop invalid messages Disabled When the field is toggled to Disabled the relay agent will not check the validity of the packet s option 82 field DHCP Relay Agent Information Option 82 Policy This field can be toggled between Replace Drop and Keep by using the pull down menu It is used to set the Switches policy for handling packets when the DHCP Rel...

Page 372: ... ID sub option format 1 Sub option type 2 Length 3 Remote ID type 4 Length 5 MAC address The Switch s system MAC address DHCP Relay Interface Settings Users can set up a server by IP address for relaying DHCP information to the DHCP Server The user may enter a previously configured IP interface on the Switch that will be connected directly to the DHCP client using this window Properly configured s...

Page 373: ...CP DHCP Relay DHCP Relay Option 60 Server Settings as shown below Figure 10 5 DHCP Relay Option 60 Server Settings window The fields that can be configured are described below Parameter Description Relay IP Address Here the user can enter the Relay IP Address Mode Here the user can choose the DHCP Relay Option 60 Server mode Click the Add button to add a new entry based on the information entered ...

Page 374: ...ing Partial Match The option 60 string in the packet only need partial match with the specified string IP Address String Here the user can select IP Address or String from the drop down menu IP Address Enter the DHCP Relay Option 60 IP address in the field next to the drop down menu String Enter the DHCP Relay Option 60 String value in the field next to the drop down menu Click the Add button to a...

Page 375: ...figuration Protocol allows the switch to delegate IP addresses subnet masks default gateways and other IP parameters to devices that request this information This occurs when a DHCP enabled device is booted on or attached to the locally attached network This device is known as the DHCP client and when enabled it will emit query messages on the network before any IP parameters are set When the DHCP...

Page 376: ...e is 100 Click the Apply button to accept the changes made for each individual section DHCP Server Exclude Address Settings The DHCP server assumes that all IP addresses in a DHCP pool subnet are available for assigning to DHCP clients You must use this page to specify the IP address that the DHCP server should not assign to clients This command can be used multiple times in order to define multip...

Page 377: ...ter clicking the Edit Class button the following page will appear Figure 10 11 DHCP Server Pool Class Settings Edit Class window The fields that can be configured are described below Parameter Description Class Name Select a DHCP s class name The DHCP s class name can be configured in DHCP Server Class Settings window Begin Address Enter the beginning IP address of the range End Address Enter the ...

Page 378: ...erver Specifies the IP address of a DNS server that is available to a DHCP client Up to three IP addresses can be specified in one command line NetBIOS Name Server IP address of WINS server Windows Internet Naming Service WINS is a name resolution service that Microsoft DHCP clients use to correlate host names to IP addresses within a general grouping of networks Up to three IP addresses can be sp...

Page 379: ... configured are described below Parameter Description Option Use the drop down menu to select DHCP class options Type Use the drop down menu to select the options type and enter the value of the type Click the Back button to discard the changes made and return to the previous page Click the Apply button to accept the changes made Click the Edit button to re configure the specific entry Click the D...

Page 380: ...the user can delete the DHCP server dynamic binding table To view the following window click Network Application DHCP DHCP Server DHCP Server Dynamic Binding as shown below Figure 10 16 DHCP Server Dynamic Binding window The fields that can be configured are described below Parameter Description Pool Name Here the user can enter the DHCP Server Pool name Click the Clear button to clear all the inf...

Page 381: ...ttings and the state of the Global VLAN need to be enabled To view the following window click Network Application DHCP DHCP Local Relay Settings as shown below Figure 10 18 DHCP Local Relay Settings window The fields that can be configured are described below Parameter Description DHCP Local Relay Global State Enable or disable the DHCP Local Relay Global State The default is Disabled VLAN Name Th...

Page 382: ...able To view this window click Network Application DHCP DHCPv6 Relay DHCPv6 Relay Settings as shown below Figure 10 20 DHCPv6 Relay Settings window The fields that can be configured are described below Parameter Description Interface Name Enter the name of the IPv6 interface Tick the All check box to select all IPv6 interfaces DHCPv6 Relay State Use the drop down menu to enable or disable the DHCP...

Page 383: ...ng the name servers one at a time or by asking the domain name system to do the complete name translation The client makes a query containing the name the type of answer required and a code specifying whether the domain name system should do the entire name translation or simply return the address of the next DNS server if the server receiving the query cannot resolve the name When a DNS server re...

Page 384: ...y static table state Click the Apply button to accept the changes made DNS Relay Static Settings Users can add or delete static entries into the switch s DNS resolution table To view the following window click Network Application DNS DNS Relay DNS Relay Static Settings as shown below Figure 10 23 DNS Relay Static Settings window The fields that can be configured are described below Parameter Descr...

Page 385: ...er in the CLI command and global RCP Server was not configured the Switch will ask user to input the Server IP address or remote user name while executing the RCP commands To view the following window click Network Application RCP Server Settings as shown below Figure 10 25 RCP Server Settings window The fields that can be configured are described below Parameter Description IP Address The IP addr...

Page 386: ...lay The event that occurred on the Switch prompting the e mail message to be sent When an event is processed by a user such as save or firmware upgrade the IP address MAC address and User Name of the user completing the task will be sent along with the system message of the event occurred When the same event occurs more than once the second mail message and every repeating mail message following w...

Page 387: ...y one self mail address can be configured for this Switch This string can be no more that 64 alphanumeric characters Add A Mail Receiver Enter an e mail address and click the Add button Up to eight e mail addresses can be added per Switch To delete these addresses from the Switch click the corresponding Delete button in the SMTP Mail Receiver Address table at the bottom of the window Subject The s...

Page 388: ...me Displays the Current Time Time Source Displays the time source for the system SNTP First Server The IP address of the primary server from which the SNTP information will be taken SNTP Second Server The IP address of the secondary server from which the SNTP information will be taken SNTP Poll Interval In Seconds 30 99999 The interval in seconds between requests for updated SNTP information Click...

Page 389: ...MM Use these pull down menus to specify your local time zone s offset from Greenwich Mean Time GMT Parameter Description DST Repeating Settings Using repeating mode will enable DST seasonal time adjustment Repeating mode requires that the DST beginning and ending date be specified using a formula For example specify to begin DST on Saturday during the second week of April and end DST on Sunday dur...

Page 390: ...This means that the maximum configuration file can only be 2Mb and even if the current configuration is only 40Kb it will still take up 2Mb of flash storage space The configuration file number and firmware numbers are also fixed A compatible issue will occur in the event that the configuration file or firmware size exceeds the originally designed size Flash File System in our system The Flash File...

Page 391: ...tion Click the Boot Up button to set a specific runtime image as the boot up image Click the Rename button to rename a specific file s name Click the Delete button to remove a specific file from the file system After clicking the Copy button the following page will appear Figure 10 31 Flash File System Settings window When copying a file to the file system of this switch the user must enter the So...

Page 392: ...orts internal to this boundary An Ethernet CFM maintenance domain referred to in this manual simply as an MD exists in a hierarchical relationship to other MDs Typically a large MAN or WAN can be partitioned into a hierarchy based on the size of domain that mirrors the structural relationship of customers service providers and operators The service providers have end to end service responsibility ...

Page 393: ... bridge port A MIP is a maintenance point that is internal to an MD not at the boundary A MIP receives CFM frames from other MIPs and from MEPs These frames are cataloged and forwarded using the bridge relay function and bridge port All CFM frames at a lower level than the MIP are blocked and dropped regardless of the origin All CFM frames at a higher level are forwarded regardless of the origin I...

Page 394: ...CE CFM Settings On this page the user can configure the CFM parameters To view the following window click OAM CFM CFM Settings as shown below Figure 11 2 CFM Settings window The fields that can be configured are described below Parameter Description CFM State Here the user can enable or disable the CFM feature All MPs Reply LTRs Here the user can enable or disable all MPs to reply LTRs CCM PDUs Fo...

Page 395: ...d manage address information Click the Apply button to accept the changes made for each individual section Click the Edit button to re configure the specific entry Click the Delete button to remove the specific entry NOTE The MD Name value should be less than 22 characters To add a maintenance association MA click on the Add MA button After clicking the Add MA button the following page will appear...

Page 396: ...ssis ID information Manage Transmit sender ID TLV with manage address information Chassis Manage Transmit sender ID TLV with chassis ID information and manage address information Defer Inherit the setting configured for the maintenance domain that this MA is associated with This is the default value CCM This is the CCM interval 10ms 10 milliseconds Not recommended For test purpose 100ms 100 millis...

Page 397: ...n This is the MEP direction Inward Inward facing up MEP Outward Outward facing down MEP Click the Add button to add a new entry based on the information entered Click the Back button to discard the changes made and return to the previous page Click the View Detail link to view more information regarding the specific entry Click the Delete button to remove the specific entry NOTE The MEP Name value...

Page 398: ... are sent Remote CCM Only the fault alarms whose priority is equal to or higher than Some Remote MEP Down are sent Errors CCM Only the fault alarms whose priority is equal to or higher than Error CCM Received are sent Xcon CCM Only the fault alarms whose priority is equal to or higher than Cross connect CCM Received are sent None No fault alarm is sent This is the default value Alarm Time 250 1000...

Page 399: ...turn to the previous page After click the Edit LCK button the following window will appear Figure 11 10 CFM Extension LCK Settings window The fields that can be configured are described below Parameter Description State Tick the check box and use the drop down menu to enable or disable the LCK function Period Tick the check box and use the drop down menu to select the transmitting interval of LCK ...

Page 400: ...e the user can enable or disable the state of specific port regarding the CFM configuration Click the Apply button to accept the changes made CFM MIPCCM Table On this page the user can view MIP CCM database entries To view the following window click OAM CFM CFM MIPCCM Table as shown below Figure 11 12 CFM MIPCCM Table window CFM Loopback Settings On this page the user can configure the CFM loopbac...

Page 401: ...BMs to be sent The default value is 4 LBM Payload Length The payload length of LBM to be sent The default is 0 LBM Payload Pattern An arbitrary amount of data to be included in a Data TLV along with an indication whether the Data TLV is to be included LBMs Priority The 802 1p priority to be set in the transmitted LBMs If not specified it uses the same priority as CCMs and LTMs sent by the MA Click...

Page 402: ...n the information entered Click the Delete All button to remove all the entries listed CFM Packet Counter On this page the user can view the CFM packet s RX and TX counters To view the following window click OAM CFM CFM Packet Counter as shown below Figure 11 15 CFM Packet Counter window The fields that can be configured are described below Parameter Description Port List Which ports counter to sh...

Page 403: ...level to view Direction Here the user can enter the direction to view Inward Inward facing up MP Outward Outward facing down MP VID 1 4094 Here the user can enter the VID to view Click the Find button to locate a specific entry based on the information entered Ethernet OAM Ethernet OAM Operations Administration and Maintenance is a data link layer protocol which provides network operators the abil...

Page 404: ...shown below Figure 11 18 Ethernet OAM Settings window The fields that can be configured are described below Parameter Description From Port To Port Specified a range of ports to be configured Mode Specify to operate in either active mode or passive mode The default mode is active State Specify to enable or disable the OAM function The default state is disabled Remote Loopback If start is specified...

Page 405: ...k monitoring error symbols Link monitoring function provides a mechanism to detect and indicate link faults under a variety of conditions OAM monitors the statistics on the number of frame errors as well as the number of coding symbol errors When the number of symbol errors is equal to or greater than the specified threshold in a period and the event notification state is enabled it generates an e...

Page 406: ...lowing window click OAM Ethernet OAM Ethernet OAM Event Log as shown below Figure 11 20 Ethernet OAM Event Log window The fields that can be configured are described below Parameter Description Port Here the user can select a specific port to view Port List Here the user can enter a range of ports to view Alternatively the user can select the All Ports option to view information of all the ports C...

Page 407: ...iew information of all the ports Click the Clear button to clear all the information entered in the fields DULD Settings The Switch features a D Link Unidirectional Link Detection DULD module The unidirectional link detection provides a mechanism that can be used to detect unidirectional link for Ethernet switches whose PHYs do not support unidirectional OAM operation This function is established ...

Page 408: ...l Shutdown If any unidirectional link is detected disable the port and log an event Normal Only log an event when a unidirectional link is detected Discovery Time 5 65535 Enter these ports neighbor discovery time If the discovery is timeout the unidirectional link detection will start Click the Apply button to accept the changes made Cable Diagnostics The cable diagnostics feature is designed prim...

Page 409: ...s Ports must be linked up and running at 1000M speed Cross talk errors detection is not supported on FE ports NOTE The available cable diagnosis length is from 10 meter to 120 meters NOTE The deviation of cable length detection is 10M for GE ports Fault messages Open This pair is left open Short Two lines of this pair is shorted CrossTalk Lines of this pair is short with lines in other pairs Unkno...

Page 410: ...ger percentage and calculated as a simple average by time interval To view the following window click Monitoring Utilization CPU Utilization as shown below Figure 12 1 CPU Utilization window To view the CPU utilization by port use the real time graphic of the Switch and or switch stack at the top of the web page by simply clicking on a port Click Apply to implement the configured settings The wind...

Page 411: ...button to accept the changes made DRAM Flash Utilization On this page the user can view information regarding the DRAM and Flash utilization To view the following window click Monitoring Utilization DRAM Flash Utilization as shown below Figure 12 2 DRAM Flash Utilization window Port Utilization Users can display the percentage of the total available bandwidth being used on the port To view the fol...

Page 412: ...e is one second Record Number Select number of times the Switch will be polled between 20 and 200 The default value is 200 Show Hide Check whether or not to display Port Utilization Click the Apply button to accept the changes made for each individual section Statistics Packet Statistics Packets The Web manager allows various packet statistics to be viewed as either a line graph or a table Six win...

Page 413: ...eb UI Reference Guide 400 Figure 12 4 Received RX window Click the View Table link to display the information in a table rather than a line graph Figure 12 5 RX Packets Analysis Table window The fields that can be configured or displayed are described below ...

Page 414: ...received by a multicast address Broadcast Counts the total number of good packets that were received by a broadcast address Show Hide Check whether to display Bytes and Packets Click the Apply button to accept the changes made for each individual section Click the Clear button to clear all statistics counters on this window Click the View Table link to display the information in a table rather tha...

Page 415: ...ress Multicast Counts the total number of good packets that were received by a multicast address Broadcast Counts the total number of good packets that were received by a broadcast address Show Hide Check whether or not to display Multicast Broadcast and Unicast Packets Click the Apply button to accept the changes made for each individual section Click the Clear button to clear all statistics coun...

Page 416: ...nce Guide 403 Figure 12 8 Transmitted TX window Click the View Table link to display the information in a table rather than a line graph Figure 12 9 TX Packets Analysis window table for Bytes and Packets The fields that can be configured or displayed are described below ...

Page 417: ...umber of good packets that were transmitted by a broadcast address Show Hide Check whether or not to display Bytes and Packets Click the Apply button to accept the changes made for each individual section Click the Clear button to clear all statistics counters on this window Click the View Table link to display the information in a table rather than a line graph Click the View Graphic link to disp...

Page 418: ...window Click the View Table link to display the information in a table rather than a line graph Figure 12 11 Received RX Table View Table window The fields that can be configured or displayed are described below Parameter Description Port Use the drop down menu to choose the port that will display statistics ...

Page 419: ...valid packets received that were longer than 1518 octets and less than the MAX_PKT_LEN Internally MAX_PKT_LEN is equal to 1536 Drop The number of packets that are dropped by this port since the last Switch reboot Symbol Counts the number of packets received that have errors received in the symbol on the physical labor Show Hide Check whether or not to display CRCError UnderSize OverSize Fragment J...

Page 420: ... UI Reference Guide 407 Figure 12 12 Transmitted TX window Click the View Table link to display the information in a table rather than a line graph Figure 12 13 Transmitted TX View Table window The fields that can be configured or displayed are described below ...

Page 421: ...work segment Show Hide Check whether or not to display LateColl ExColl and Collision errors Click the Apply button to accept the changes made for each individual section Click the Clear button to clear all statistics counters on this window Click the View Table link to display the information in a table rather than a line graph Click the View Graphic link to display the information in a line graph...

Page 422: ... The total number of packets including bad packets received that were between 128 and 255 octets in length inclusive excluding framing bits but including FCS octets 256 511 The total number of packets including bad packets received that were between 256 and 511 octets in length inclusive excluding framing bits but including FCS octets 512 1023 The total number of packets including bad packets rece...

Page 423: ...ere the user can enter the appropriate port s to view Click the Clear button to clear all the information entered in the fields Click the Find button to locate a specific entry based on the information entered Click the View All button to display all the existing entries Click the Clear All button to remove all the entries listed in the table Enter a page number and click the Go button to navigate...

Page 424: ...nd received Time Here the user can select the time slot of how much information should be displayed based on the given time elapsed Options to choose from are 15 Minute and 1 Day Slot 1 96 Here the user can enter the slot number Click the Find button to locate a specific entry based on the information entered Enter a page number and click the Go button to navigate to a specific page when multiple ...

Page 425: ...pecific entry based on the information entered Mirror The Switch allows you to copy frames transmitted and received on a port and redirect the copies to another port You can attach a monitoring device to the mirrored port such as a sniffer or an RMON probe to view details about the packets passing through the first port This is useful for network monitoring and troubleshooting purposes Port Mirror...

Page 426: ...ughput problems The port you are copying frames from should always support an equal or lower speed than the port to which you are sending the copies Please note a target port and a source port cannot be the same port RSPAN Settings This page controls the RSPAN function The purpose of the RSPAN function is to mirror packets to a remote switch A packet travels from the switch where the monitored pac...

Page 427: ...command or the flow based source specified by an ACL If no parameter is specified for source it deletes the configured source parameters Select RX TX or Both to specify in which direction the packets will be monitored Tick Add or Delete to add or delete source ports Redirect Port List Specify the output port list for the RSPAN VLAN packets If the redirect port is a Link Aggregation port the Link A...

Page 428: ...r disable the sFlow feature Click the Apply button to accept the changes made sFlow Analyzer Server Settings On this page the user can configure the sFlow analyzer server parameters We can support 4 different Analyzer Servers at the same time and each sampler or poller can select a collector to send the samples We can send different samples from different samplers or pollers to different collector...

Page 429: ...specific entry Click the Delete button to remove the specific entry sFlow Flow Sampler Settings On this page the user can configure the sFlow flow sampler parameters By configuring the sampling function for a port a sample packet received by this port will be encapsulated and forwarded to the analyzer server at the specified interval NOTE If the user wants to change the analyze server ID he needs ...

Page 430: ...re described below Parameter Description From Port To Port Specifies the list of ports to be configured Analyzer Server ID 1 4 The analyzer server ID specifies the ID of a server analyzer where the packet will be forwarded Interval 20 120 The maximum number of seconds between successive samples of the counters Tick the Disable check box to disable the polling interval Click the Apply button to acc...

Page 431: ...e to be Pinged Repeat Pinging for Enter the number of times desired to attempt to Ping either the IPv4 address or the IPv6 address configured in this window Users may enter a number of times between 1 and 255 Size For IPv6 only enter a value between 1 and 6000 The default is 100 Timeout For IPv4 select a timeout period between 1 and 99 seconds for this Ping message to reach its destination For IPv...

Page 432: ...igure 12 29 Trace Route window The fields that can be configured are described below Parameter Description IPv4 Address IPv6 Address IP address of the destination station TTL 1 60 The time to live value of the trace route request This is the maximum number of routers that a trace route packet can pass The trace route option will cross while seeking the network path between two devices The range fo...

Page 433: ... clicking the Start button the following page will appear Figure 12 30 Trace Route Result window Click the Stop button to halt the Trace Route Click the Resume button to resume the Trace Route Device Environment The device environment feature displays the Switch internal temperature status To view the following window click Monitoring Device Environment as shown below Figure 12 31 Device Environme...

Page 434: ...and click Apply To view the following window click Save Save Configuration Log as shown below Figure 13 1 Save Configuration window Save Log allows the user to backup the log file of the switch Select Log from the Type field and click Apply Figure 13 2 Save Log window Save All allows the user to permanently save changes made to the configuration This option will allow the changes to be kept after ...

Page 435: ... download firmware from a TFTP Server to the Switch and updates the switch Figure 13 5 Download Firmware From TFTP window The fields that can be configured are described below Parameter Description TFTP Server IP Here the user can enter the TFTP Server IP Address used The user can select IPv4 to input an IPv4 address or select IPv6 to input an IPv6 address in the space provided Source File Here th...

Page 436: ... Source File Destination File Here the user can enter the location and name of the Destination File Boot U Select this option to use this firmware as the boot up firmware Click Download to initiate the download Download Firmware From HTTP This page allows the user to download firmware from a computer to the Switch and updates the switch Figure 13 7 Download Firmware From HTTP window The fields tha...

Page 437: ...me Here the user can enter the appropriate Username used Source File Here the user can enter the location and name of the Source File Destination File Here the user can enter the location and name of the Destination File Click Download to initiate the download Upload Firmware The following window is used to upload firmware from the Switch To view the following window click Tools Upload Firmware as...

Page 438: ...e user to upload firmware from the Switch to a FTP Server Figure 13 10 Upload Firmware To FTP window The fields that can be configured are described below Parameter Description FTP Server IP Here the user can enter the FTP Server IP Address used User Name Here the user can enter the appropriate Username used Password Here the user can enter the appropriate Password used TCP Port Here the user can ...

Page 439: ...ource File Click Upload to initiate the upload Download Configuration The following window is used to download the configuration file for the Switch To view the following window click Tools Download Configuration as shown below Download Configuration From TFTP This page allows the user to download the configuration file from a TFTP Server to the Switch and updates the switch Figure 13 12 Download ...

Page 440: ...dow The fields that can be configured are described below Parameter Description FTP Server IP Here the user can enter the FTP Server IP Address used User Name Here the user can enter the appropriate Username used Password Here the user can enter the appropriate Password used TCP Port Here the user can enter the TCP Port number used Source File Here the user can enter the location and name of the S...

Page 441: ...ad Click Download to initiate the download Download Configuration From RCP This page allows the user to download the configuration file from a RCP Server to the Switch and updates the switch Figure 13 15 Download Configuration From RCP window The fields that can be configured are described below Parameter Description RCP Server IP Here the user can enter the RCP Server IP Address used User Name He...

Page 442: ... Description TFTP Server IP Here the user can enter the TFTP Server IP Address used The user can select IPv4 to input an IPv4 address or select IPv6 to input an IPv6 address in the space provided Destination File Here the user can enter the location and name of the Destination File Source File Here the user can enter the location and name of the Source File Filter Here the user can specify to incl...

Page 443: ... enter the TCP Port number used Destination File Here the user can enter the location and name of the Destination File Source File Here the user can enter the location and name of the Source File Filter Here the user can specify to include begin or exclude a filter like SNMP VLAN or STP Select the appropriate Filter action and enter the service name in the space provided Click Upload to initiate t...

Page 444: ...re described below Parameter Description RCP Server IP Here the user can enter the RCP Server IP Address used User Name Here the user can enter the appropriate Username used Destination File Here the user can enter the location and name of the Destination File Source File Here the user can enter the location and name of the Source File Click Upload to initiate the upload Upload Log File The follow...

Page 445: ...on and name of the Destination File Log Type Here the user can select the type of log to be transferred Selecting the Common Log option here will upload the common log entries Selecting the Attack Log option here will upload the log concerning attacks Click Upload to initiate the upload Upload Log To FTP This page allows the user to upload the log file from the Switch to a FTP Server Figure 13 21 ...

Page 446: ...attacks Click Upload to initiate the upload Upload Log To HTTP This page allows the user to upload the log file from the Switch to a computer Figure 13 22 Upload Log To HTTP window The fields that can be configured are described below Parameter Description Log Type Here the user can select the type of log to be transferred Selecting the Common Log option here will upload the common log entries Sel...

Page 447: ...ons enter the factory defaults into the current configuration but do not save this configuration Reset System will return the Switch s configuration to the state it was when it left the factory Reset gives the option of retaining the Switch s User Accounts and History Log while resetting all other configuration parameters to their factory defaults If the Switch is reset using this window and Save ...

Page 448: ...ve the current configuration to non volatile RAM before restarting the Switch Selecting the No radio button instructs the Switch not to save the current configuration before restarting the Switch All of the configuration information entered from the last time Save Changes was executed will be lost Click the Reboot button to restart the Switch Figure 13 26 System Reboot window ...

Page 449: ... LAN known as ARP spoofing This document is intended to introduce the ARP protocol ARP spoofing attacks and the countermeasures brought by D Link s switches to thwart ARP spoofing attacks Figure 1 ARP Request In the process of ARP PC A will first issue an ARP request to query PC B s MAC address The network structure is shown in Figure 1 Figure 2 ARP Payload The ARP request will be encapsulated int...

Page 450: ...ated port into its Forwarding Table Figure 4 Forwarding Table In addition when the switch receives the broadcasted ARP request it will flood the frame to all ports except the source port port 1 see Figure 5 Figure 5 Broadcast Request When PC B replies to the ARP request its MAC address will be written into Target H W Address in the ARP payload see Figure 6 The ARP reply will be then encapsulated i...

Page 451: ...l be changed to PC A s MAC address The Source Address will be changed to PC B s MAC address see Figure 7 Figure 7 Ethernet Frame Format The switch will also examine the Source Address of the Ethernet frame and find that the address is not in the Forwarding Table The switch will learn PC B s MAC and update its Forwarding Table Figure 8 Forwarding Table Figure 9 Connection Established ...

Page 452: ... attack is caused by Gratuitous ARP that occurs when a host sends an ARP request to resolve its own IP address Figure 10 shows a hacker within a LAN to initiate ARP spoofing attack In the Gratuitous ARP packet the Sender protocol address and Target protocol address are filled with the same source IP address itself The Sender H W Address and Target H W address are filled with the same source MAC ad...

Page 453: ...ic to the actual default gateway passive sniffing or modify the data before forwarding it man in the middle attack The hacker cheats the victim PC that it is a router and cheats the router that it is the victim As can be seen in Figure 12 all traffic will be then sniffed by the hacker but the users will not discover Prevent ARP Spoofing using Packet Content ACL D Link managed switches can effectiv...

Page 454: ...reful consideration is needed for planning and configuration of the valuable offset chunks In Table 1 you will notice that the Offset_Chunk0 starts from the 127th byte and ends at the 128th byte It also can be found that the offset chunk is scratched from 1 but not zero Offset Chunk Offset Chunk0 Offset Chunk1 Offset Chunk2 Offset Chunk3 Offset Chunk4 Offset Chunk5 Offset Chunk6 Offset Chunk7 Offs...

Page 455: ...offset2 l2 1 0xFF offset3 l2 16 0xFF offset4 l2 17 0xFF offset5 l2 18 0xFF offset6 l2 19 0xFF Create access profile 2 The first chunk starts from the offset 1 and offset 2 mask for the Ethernet Type Blue in Table 1 13th and 14th bytes The second chunk starts from the offset 3 and offset 4 mask for the Sender IP in the ARP packet Green in Table 1 29th and 30th bytes The third chunk starts from the ...

Page 456: ...eeds to attach a terminal or PC with terminal emulation to the console port of the switch 2 Power on the Switch After the UART init is loaded to 100 the Switch will allow 2 seconds for the user to press the hotkey Shift 6 to enter the Password Recovery Mode Once the Switch enters the Password Recovery Mode all ports on the Switch will be disabled Boot Procedure V1 00 013 Power On Self Test 100 MAC...

Page 457: ...Parameters description sensorID The sensor ID temperature The temperature Informational Event description Internal Power failed Log Message Internal Power failed Critical Event description Internal Power is recovered Log Message Internal Power is recovered Critical Event description Redundant Power failed Log Message Redundant Power failed Critical Event description Redundant Power is working Log ...

Page 458: ...ription portNum The port number thresholdType the DDM threshold type The value should be one of the following values temperature supply voltage bias current TX power RX power exceedType indicate exceed threshold or recover to normal event the value should be recovered from or exceeded thesholdSubType the DDM threshold sub type the value should be high or low Warning TFTP Client Event description F...

Page 459: ...ddress Warning Event description Log message successfully uploaded Log Message Log message successfully uploaded by session Username username IP ipaddr MAC macaddr Parameters description session The user s session Username Represent current login user Ipaddr Represent client IP address macaddr Represent client MAC address Informational Event description Log message upload was unsuccessful Log Mess...

Page 460: ...t description CFG upload fail Log Message Configuration upload by RCP fail Username username RCP ipaddr Parameters description username user name ipaddr RCP server address Warning Event description CFG applied successfully Log Message configuration apply successfully Username username IP ipaddr Parameters description username user name ipaddr server address Informational Event description CFG appl...

Page 461: ...Parameters description new_version New STP version Informational Event description Spanning Tree MST configuration ID name and revision level changed Log Message Spanning Tree MST configuration ID name and revision level changed name name revision level revision_level Parameters description name New name revision_level New revision level Informational Event description Spanning Tree MST configurat...

Page 462: ...ssis ID subtype Value list 1 chassisComponent 1 2 interfaceAlias 2 3 portComponent 3 4 macAddress 4 5 networkAddress 5 6 interfaceName 6 7 local 7 chassisID chassis ID portType port ID subtype Value list 1 interfaceAlias 1 2 portComponent 2 3 macAddress 3 4 networkAddress 4 5 interfaceName 5 6 agentCircuitId 6 7 local 7 portID port ID deviceClass LLDP MED device type Notice Event description Confl...

Page 463: ...VLAN identifier of the MEP mdlevel Represents MD level of the MEP portNum Represents logical port number of the MEP mepdirection Can be inward or outward mepid Represents MEPID of the MEP macaddr Represents MAC address of the MEP Warning Event description Can not receive remote MEP s CCM packet Log Message CFM remote down MD Level mdlevel VLAN vlanid Local Port portNum Direction mepdirection Param...

Page 464: ...MAC based Access Control stop learning state Parameters description portNum The port number Warning Event description The authorized user number on whole device reaches the max user limit Log Message MAC based Access Control enters stop learning state Parameters description None Warning Event description The authorized user number on whole device is below the max user limit in a time interval inte...

Page 465: ...nt description Login failed through a session due to AAA server timeout or improper configuration Log Message Login failed through Console Telnet Web Web SSL SSH from ipaddr ipv6address due to AAA server ipaddr ipv6address timeout or improper configuration Username username Parameters description ipaddr IP address ipv6address IPv6 address username user name Warning The string from ipaddr ipv6addre...

Page 466: ...tication Policy is disabled Log Message Authentication Policy is disabled Module AAA Port Security Event description Address full on a port Log Message Port security violation mac address macaddr on locking address full port portNum Parameters description macaddr The violation MAC address portNum The port number Warning IMPB Event description Dynamic IMPB entry conflicts with static ARP Log Messag...

Page 467: ...ipaddr IP address macaddr MAC address portNum The port number Warning Event description This log will be triggered when the authorized user number reaches the max user limit on whole device Log Message WAC enters stop learning state Warning Event description This log will be triggered when the authorized user number is below the max user limit on whole device in a time interval interval is project...

Page 468: ...orm occurrence Log Message Port portNum Multicast storm is occurring Parameters description portNum The port number Warning Event description Multicast Storm cleared Log Message Port portNum Multicast storm has cleared Parameters description portNum The port number Informational Event description Port shut down due to a packet storm Log Message Port portNum is currently shut down due to a packet s...

Page 469: ... neighbor state changed from Full to Down Log Message OSPF nbr nbr id on interface intf name changed state from Full to Down Parameters description intf name Name of OSPF interface nbr id Neighbor s router ID Notice Event description One OSPF neighbor state s dead timer expired Log Message OSPF nbr nbr id on interface intf name dead timer expired Parameters description intf name Name of OSPF inter...

Page 470: ...ge Received ADV msg virtual router ID mismatch VR vr id at interface intf name Parameters description vr id VRRP virtual router ID intf name Interface name on which virtual router is based Warning Event description Advertisement interval mismatch of one received VRRP advertisement message Log Message Received ADV msg adv interval mismatch VR vr id at interface intf name Parameters description vr i...

Page 471: ... table The box where the MAC is learned from is invalid Log Message Failed to add virtual IP vrrp ip addr MAC vrrp mac addr into L3 table Box id mac box is invalid Parameters description vrrp ip addr VRRP virtual IP address vrrp mac addr VRRP virtual MAC address mac box stacking box number of VRRP virtual MAC Error Event description Failed when adding a virtual MAC into switch chip s L3 table Log ...

Page 472: ...enticated by RADIUS server successfully This VID will be assigned to the port and this port will be the VLAN untagged port member Log Message RADIUS server ipaddr assigned VID vlanID to port portNum account username Parameters description ipaddr The IP address of the RADIUS server vlanID The VID of RADIUS assigned VLAN portNum The port number Username The user that is being authenticated Informati...

Page 473: ...ription vc_id the deleted pseudowire ID Informational LDP Event description the number of Session Initialization messages exceeds the value of the mplsLdpEntityInitSessionThreshold Log Message Session of peer lsrid initialization exceeded threshold threshold Parameters description lsrid LSR ID of peer threshold LDP session initialization threshold Informational Event description Path vector limit ...

Page 474: ...topologyChange trap is sent by a bridge when any of its configured ports transitions from the learning state to the forwarding state or from the forwarding state to the blocking state OAM dot3OamNonThresholdEvent 1 3 6 1 2 1 158 0 2 A dot3OamNonThresholdEvent notification is sent when a local or remote non threshold crossing event is detected A local event is detected by the local entity while a r...

Page 475: ...urrent swHighTemperatureRecover 1 3 6 1 4 1 171 12 11 2 2 4 0 2 When Temperature recover from High Binding objects 1 swTemperatureUnitIndex 2 swTemperSensorID 3 swTemperatureCurrent swLowTemperature 1 3 6 1 4 1 171 12 11 2 2 4 0 3 When Temperature Low Binding objects 1 swTemperatureUnitIndex 2 swTemperSensorID 3 swTemperatureCurrent swLowTemperatureRecover 1 3 6 1 4 1 171 12 11 2 2 4 0 4 When Temp...

Page 476: ...The trap is sent when a port loop restarts after the interval time Binding objects 1 swLoopDetectPortIndex swVlanLoopOccurred 1 3 6 1 4 1 171 12 41 10 0 3 The trap is sent when a port loop occurs under LBD VLAN based mode Binding objects 1 swLoopDetectPortIndex 2 swVlanLoopDetectVID swVlanLoopRestart 1 3 6 1 4 1 171 12 41 10 0 4 The trap is sent when a port loop restarts under LBD VLAN based mode ...

Page 477: ...plsLdpEntityInitSessionThreshold mplsLdpPathVectorLimitMismatch 1 3 6 1 2 1 10 166 4 0 2 This notification is sent when the mplsLdpEntityPathVectorLimit does NOT match the value of the mplsLdpPeerPathVectorLimit for a specific Entity mplsLdpSessionUp 1 3 6 1 2 1 10 166 4 0 3 If this notification is sent when the value of mplsLdpSessionState enters the operational 5 state mplsLdpSessionDown 1 3 6 1...

Reviews:

No comments

Related manuals for xStack DES-3810

D-Link DSL-500 Quick Start Manual preview
DSL-500
Brand: D-Link Pages: 11
D-Link DHP?P309AV Setup Manual preview
DHP?P309AV
Brand: D-Link Pages: 8
D-Link AirPlus DWL-810 Quick Installation Manual preview
AirPlus DWL-810
Brand: D-Link Pages: 8
D-Link DHP-601AV Quick Installation Manual preview
DHP-601AV
Brand: D-Link Pages: 84
LaCie 8BIG RACK THUNDERBOLT 2 Quick Start Manual preview
8BIG RACK THUNDERBOLT 2
Brand: LaCie Pages: 28
H3C S12500R-2L Installation Manual preview
S12500R-2L
Brand: H3C Pages: 77
Abocom HomePlug AV Ethernet Bridge PLE0200 Quick Install preview
HomePlug AV Ethernet Bridge PLE0200
Brand: Abocom Pages: 2
ZyXEL Communications Dimension ES-3124 User Manual preview
Dimension ES-3124
Brand: ZyXEL Communications Pages: 228
Valcom VIP-822A Quick Start Manual preview
VIP-822A
Brand: Valcom Pages: 4
EMS 2000 IDU Series User Manual preview
2000 IDU Series
Brand: EMS Pages: 52
IndigoVision Compact NVR-AS 4000 User Manual preview
Compact NVR-AS 4000
Brand: IndigoVision Pages: 38
Ubiquiti EdgeRouter PoE ERPoe-5 Quick Start Manual preview
EdgeRouter PoE ERPoe-5
Brand: Ubiquiti Pages: 13
Paradyne MIM-4000F Installation Instructions Manual preview
MIM-4000F
Brand: Paradyne Pages: 6
MSNswitch UIS-322b Quick Installation Manual preview
UIS-322b
Brand: MSNswitch Pages: 2
Vacron VDH-NK300 Hardware Manual preview
VDH-NK300
Brand: Vacron Pages: 16
Broadband Products D-Link DSL-2640U Quick Installation Manual preview
D-Link DSL-2640U
Brand: Broadband Products Pages: 12
Maestro Wireless Solution E220 Series Quick Start Manual preview
E220 Series
Brand: Maestro Wireless Solution Pages: 22
Riverbed SteelCentral NetExpress 470 Upgrade And Maintenance Manual preview
SteelCentral NetExpress 470
Brand: Riverbed Pages: 140

Brands by name

Popular brands

Load more brands