D-Link DES-3028 Скачать руководство пользователя | Manualshive

Страница: 212 / 333

background image

DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch

802.1X

802.1X Port-Based and Host-Based Access Control

The IEEE 802.1X standard is a security measure for authorizing and authenticating users to gain access to various wired or
wireless devices on a specified Local Area Network by using a Client and Server based access control model. This is
accomplished by using a RADIUS server to authenticate users trying to access a network by relaying Extensible Authentication
Protocol over LAN (EAPOL) packets between the Client and the Server.

The following figure represents a basic EAPOL packet:

NOTE:

If the client is authenticated with 802.1X authentication it allows the user to force down the

authenticated client via SNMP on R2 with the Radius command item in auth.mib(OID:
1.3.6.1.4.1.171.12.3.7) by port based or Host-based.

NOTE:

If the session timeout attribute on the radius server is set, the client will be off-line

when the client authenticated over the timeout value has been configured on the radius
server.

Figure 10- 14. The EAPOL Packet

Utilizing this method, unauthorized devices are restricted from connecting to a LAN through a port to which the user is connected.
EAPOL packets are the only traffic that can be transmitted through the specific port until authorization is granted. The 802.1X
Access Control method consists of three roles, each of which are vital to creating and maintaining a stable and working Access
Control security method.

Figure 10- 15. The three roles of 802.1X

The following section will explain the three roles of Client, Authenticator and Authentication Server in greater detail.

198

«
...
210
211
212
213
214
...
»

Содержание DES-3028

Страница 1: ...User Manual Product Model DES 3028 DES 3028P DES 3028G DES 3052 DES 3052P Managed 10 100Mbps Fast Ethernet Switch Release 2 Copyright 2009 All rights reserved...

Страница 2: ...ion of D Link Computer Corporation is strictly forbidden Trademarks used in this text D Link and the D LINK logo are trademarks of D Link Computer Corporation Microsoft and Windows are registered trad...

Страница 3: ...6 Side Panel Description 6 Gigabit Combo Ports 7 Installing the SFP ports 8 Installation 9 Package Contents 9 Before You Connect to the Network 9 Installing the Switch without the Rack 10 Installing t...

Страница 4: ...Settings 35 DHCP BOOTP Relay Interface Settings 38 DHCP Local Relay Settings 38 User Accounts 40 Cable Diagnostics 42 Port Mirroring 44 System Log Settings 45 Log Settings 47 SNTP Settings 48 Time Set...

Страница 5: ...SMTP Service 82 SMTP Server Settings 83 SMTP Service 83 L2 Features 85 VLANs 85 Static VLAN Entry 90 GVRP Settings 92 VLAN Trunk Settings 94 QinQ 96 Trunking 98 Link Aggregation 99 LACP Port Settings...

Страница 6: ...0 LLDP Local Port Table 140 LLDP Remote Port Table 142 CoS 143 Port Bandwidth 146 802 1p Default Priority 147 802 1p User Priority 149 CoS Scheduling Mechanism 149 CoS Output Scheduling 150 Priority S...

Страница 7: ...itializing Ports for Host Based 802 1X 211 Reauthenticate Port s for Port Based 802 1X 212 Reauthenticate Port s for Host based 802 1X 213 RADIUS Server 213 Trusted Host 214 Access Authentication Cont...

Страница 8: ...Settings 253 ARP FDB 253 Gratuitous ARP Settings 255 Session Table 256 Port Access Control 256 RADIUS Authentication 256 RADIUS Accounting 258 Reset 259 Reboot System 260 Save Changes 260 Logout 261...

Страница 9: ...ing and SMTP Service Section 7 Layer 2 Features A discussion of Layer 2 features of the Switch including VLAN QinQ Trunking IGMP Snooping MLD Snooping Spanning Tree Loopback Detection and LLDP Section...

Страница 10: ...ed to represent filenames program names and commands For example use the copy command Boldface Typewriter Font Indicates commands and responses to prompts that must be typed exactly as printed in the...

Страница 11: ...the product only with approved equipment Allow the product to cool before removing covers or touching internal components Operate the product only from the type of external power source indicated on...

Страница 12: ...in a rack Thus component refers to any system as well as to various peripherals or supporting hardware Before working on the rack make sure that the stabilizers are secured to the rack extended to the...

Страница 13: ...delicate components inside your system To prevent static damage discharge static electricity from your body before you touch any of the electronic components such as the microprocessor You can do so...

Страница 14: ...of the web manager may be taken from any one of these switches but the configuration will be identical except for varying port counts For the remainder of this document we will use the DES 3028G as t...

Страница 15: ...e speed maximum 14 881 packets sec on each 10Mbps Ethernet port maximum 148 810 packet sec on 100Mbps Fast Ethernet port and 1 488 100 for each Gigabit port Full and half duplex for both 10Mbps and 10...

Страница 16: ...l duplex Auto MDI X MDI II cross over supported except for speed 1000M force mode SFP Transceivers Supported DEM 310GT 1000BASE LX DEM 311GT 1000BASE SX DEM 314GT 1000BASE LH DEM 315GT 1000BASE ZX DEM...

Страница 17: ...ed below Figure 1 1 LED Indicators on DES 3028 Switch Figure 1 2 LED Indicators on DES 3028P Switch Figure 1 3 LED Indicators on DES 3028G Switch Figure 1 4 LED Indicators on DES 3052 DES 3052P Switch...

Страница 18: ...o 802 3af PD is found Solid Green When there is a secure 1000Mbps connection or link at any of the ports Blinking Green When there is reception or transmission i e Activity Act of data occurring at a...

Страница 19: ...he right Two 1000BASE T ports located to the right One female DCE RS 232 DB 9 console port LEDs for Power Console PoE Link Act Speed for each port Figure 1 6 Front Panel of the DES 3052P DES 3052 DES...

Страница 20: ...anel view of the DES 3028G DES 3028 Console AC LINE 100 240 VAC 50 60 Hz 0 5A MAX Figure 1 11 Rear panel view of the DES 3052 Side Panel Description The left and right hand panel of the DES 3028G DES...

Страница 21: ...tion and air circulation system components might overheat which could lead to system failure Figure 1 14 Side panels of the DES 3052P Gigabit Combo Ports In addition to the 24 or 48 10 100 Mbps ports...

Страница 22: ...ious other networking devices for a gigabit link that may span great distances These SFP ports support full duplex transmissions have auto negotiation and can be used with the DEM 310GT 1000BASE LX DE...

Страница 23: ...g up the Switch Install the Switch on a sturdy level surface that can support at least 4 24kg 9 35lbs of weight Do not place heavy objects on the Switch The power outlet should be within 1 82 meters 6...

Страница 24: ...vice Allow enough ventilation space between the Switch and any other objects in the vicinity Figure 2 1 Prepare Switch for installation on a desktop or shelf Installing the Switch in a Rack The Switch...

Страница 25: ...AC power cord into the power connector of the Switch and the other end into the local power source outlet After the Switch is powered on the LED indicators will momentarily blink This blinking of the...

Страница 26: ...itch to End Node End nodes include PCs outfitted with a 10 100 or 1000 Mbps RJ 45 Ethernet Fast Ethernet Network Interface Card NIC and most routers An end node can be connected to the Switch via a tw...

Страница 27: ...ub or switch can be connected to the Switch via a twisted pair Category 5 UTP STP cable A 1000BASE T switch can be connected to the Switch via a twisted pair Category 5e UTP STP cable A switch support...

Страница 28: ...ion 3 0 The SNMP agent decodes the incoming SNMP messages and responds to requests with MIB objects stored in the database The SNMP agent updates the MIB objects to generate statistics and counters Co...

Страница 29: ...the emulator program 14 Make sure the terminal or PC you are using to make this connection is configured to match these settings If you are having problems making this connection on a PC make sure th...

Страница 30: ...e PassWord DES 3028G 4 Figure 4 2 Command Prompt 16 NOTE The first user automatically gets Administrator level privileges It is recommended to create at least one Admin level user account for the Swit...

Страница 31: ...s locally on the device A defined set of variables managed objects is maintained by the SNMP agent and used to manage the device These objects are defined in a Management Information Base MIB which pr...

Страница 32: ...work manager Typical traps include trap messages for Authentication Failure Topology Change and Broadcast Multicast Storm MIBs The Switch in the Management Information Base MIB stores management and c...

Страница 33: ...uration menu The IP address for the Switch must be set before it can be managed with the Web based manager The Switch IP address can be automatically set using BOOTP or DHCP protocols in which case th...

Страница 34: ...cess DES 3028G 4 Figure 4 5 Assigning the Switch an IP Address In the above example the Switch was assigned an IP address of 10 90 90 91 with a subnet mask of 255 0 0 0 the CIDR form was used to set t...

Страница 35: ...wser acts as a universal access tool and can communicate directly with the Switch using the HTTP protocol The Web based management module and the Console program and Telnet are different ways to acces...

Страница 36: ...witch management features available in the web based manager are explained below Web based User Interface The user interface provides access to various Switch configuration and management windows allo...

Страница 37: ...ar real time image of the front panel of the Switch This area displays the Switch s ports and expansion modules showing port activity duplex mode or flow control depending on the specified mode Variou...

Страница 38: ...Loopback Detection and LLDP CoS Contains windows concerning Port Bandwidth 802 1P Default Priority 802 1P User Priority CoS Scheduling Mechanism CoS Output Scheduling Priority Settings TOS Priority S...

Страница 39: ...n IP Address Port Configuration DHCP BOOTP Relay User Accounts Cable Diagnostics Port Mirroring System Log Settings Log Settings SNTP Settings MAC Notification Settings TFTP Services Multiple Image Se...

Страница 40: ...he Boot PROM Firmware Version Hardware Version and Serial Number This information is helpful to keep track of PROM and firmware updates and to obtain the Switch s MAC address for entry into another ne...

Страница 41: ...ic to a multicast enabled router if enabled Otherwise the Switch will forward all multicast traffic to any IP router The default is Disabled MLD Snooping This field specifies the status of MLD Snoopin...

Страница 42: ...LAN on the Switch Password Encryption Use this pull down menu to Enable or Disable Password Encryption on the Switch Password encryption allows the user to encrypt a password for additional security S...

Страница 43: ...ch xxx is a number represented in decimal form between 0 and 255 This address should be a unique address on the network assigned for use by the network administrator Subnet Mask A Bitmask that determi...

Страница 44: ...the Switch must be known The IP address may be set using the Command Line Interface CLI over the console serial port as follows Starting at the command line prompt enter the commands config ipif Syste...

Страница 45: ...ndividual physical ports including port speed and flow control Port Settings Click Administration Port Configuration Port Settings to display the following window To configure switch ports 1 Choose th...

Страница 46: ...ll_M will allow the port to advertise capabilities related to duplex speed and physical layer type The master setting will also determine the master and slave relationship between the two connected ph...

Страница 47: ...Type applies only to the Combo ports If configuring the Combo ports this defines the type of tranport medium being configured SFP ports should be nominated Fiber and the Combo 1000BASE T ports should...

Страница 48: ...isabled State Describes the current running state of the port whether Enabled or Disabled Connection This field will show if a port has been disabled due to an error detected in the port Reason Descri...

Страница 49: ...State This field can be toggled between Enabled and Disabled using the pull down menu It is used to enable or disable the DHCP Agent Information Option 82 on the Switch The default is Disabled Enabled...

Страница 50: ...eld already exists in the packet received from the DHCP client Drop The packet will be dropped if the option 82 field already exists in the packet received from the DHCP client Keep The option 82 fiel...

Страница 51: ...ule Port 1 byte 1 byte 1 byte 1 byte 2 bytes 1 byte 1 byte 1 Sub option type 2 Length 3 Circuit ID type 4 Length 5 VLAN the incoming VLAN ID of DHCP client packet 6 Module For a standalone switch the...

Страница 52: ...responding To enable and configure DHCP BOOTP Relay Interface Settings on the Switch click Administration DHCP BOOTP Relay DHCP BOOTP Relay Interface Settings Figure 6 9 DHCP BOOTP Relay Interface Set...

Страница 53: ...DES 3028 DES 3028P DES 3028G DES 3052 DES 3052P Layer 2 Fast Ethernet Managed Switch Figure 6 10 DHCP Local Relay Settings window 39...

Страница 54: ...user privileges To view existing User Accounts open the Administration folder and click on the User Accounts link This will open the User Account Management window as shown below Figure 6 11 User Acc...

Страница 55: ...le window Modify or delete an existing user account in the User Account Modify Table To delete the user account click on the Delete button To change the password type in the New Password and retype it...

Страница 56: ...ports to be tested Type FE ports have two pairs of cable will be diagnosed GE ports have four pairs of cable that will be diagnosed Link Status Link Up When a port is in link up status the test will...

Страница 57: ...occur Open Short or Crosstalk Open means that the cable in the error pair does not have a connection at the specified position Short means that the cable in the error pair has a short problem at the...

Страница 58: ...igure a mirror port 1 Select the Source Port from where you want to copy frames and the Target Port which receives the copies from the source port 2 Select the Source Direction Ingress Egress or Both...

Страница 59: ...The following parameters can be set Parameter Description Index Syslog server settings index 1 4 Host IP The IP address of the Syslog server Severity This drop down menu allows you to select the leve...

Страница 60: ...ck daemon local use 0 local0 local use 1 local1 local use 2 local2 local use 3 local3 local use 4 local4 local use 5 local5 local use 6 local6 local use 7 local7 UDP Port 514 or 6000 65535 Type the UD...

Страница 61: ...ink to open the following window Figure 6 19 Log Settings window The following parameters can be set Parameter Description Log Mode Use this drop down menu to choose the method that will trigger a log...

Страница 62: ...ble the SNTP settings Enabling and configuring SNTP support will override any manually configured system time settings SNTP Primary Server This is the IP address of the primary server the SNTP informa...

Страница 63: ...P Open the Administration folder then the SNTP Settings folder and click on the Time Zone and DST link revealing the following window Figure 6 21 Time Zone and DST Settings window The following parame...

Страница 64: ...me HH MM Enter the time of day that DST will start on To Which Week Enter the week of the month the DST will end To Which Day Enter the day of the week that DST will end To Which Month Enter the month...

Страница 65: ...ification globally on the Switch Interval sec The time in seconds between notifications History Size The maximum number of entries listed in the history log used for notification Up to 500 entries can...

Страница 66: ...the path and filename for the Configuration file on the TFTP server Click Start to record the IP address of the TFTP server and to initiate the file transfer Upload Configuration Enter the IP address...

Страница 67: ...lick Administration Multiple Image Services Firmware Information This window is used to view boot up firmware images To view this window click Administration Multiple Image Services Firmware Informati...

Страница 68: ...e Switch by minimizing the workload of the Switch while the attack is ongoing thus making it capable to forward essential packets over its network in a limited bandwidth When the Switch either a recei...

Страница 69: ...s third stop 20 seconds Once the flooding is no longer detected the wait period for dropping ARP and IP broadcast packets will return to 5 seconds and the process will resume NOTE While in Exhausted m...

Страница 70: ...reshold Used to configure the acceptable level of CPU utilization as a percentage where the Switch leaves the Exhausted state and returns to normal mode Trap Log Use the pull down menu to enable or di...

Страница 71: ...onfigured with a shared set of privileges The SNMP version may also be set for a listed group of SNMP managers Thus you may create a group of SNMP managers that are allowed to view read only informati...

Страница 72: ...r disable the Traps State and or the Authenticate Traps State use the corresponding pull down menu to change and click Apply SNMP User Table This window displays all of the SNMP User s currently confi...

Страница 73: ...parameters can set Parameter Description User Name Enter an alphanumeric string of up to 32 characters This is used to identify the SNMP user Group Name This name is used to specify the SNMP group cr...

Страница 74: ...w entry click the Add button and a separate window will appear Figure 6 35 SNMP View Table Configuration window The SNMP Group created with this table maps SNMP users identified in the SNMP User Table...

Страница 75: ...e window click Administration SNMP Manager SNMP Group Table Figure 6 36 SNMP Group Table window To delete an existing SNMP Group Table entry click the corresponding under the Delete heading To display...

Страница 76: ...SNMPv3 NoAuthNoPriv Specifies that there will be no authorization and no encryption of packets sent between the Switch and a remote SNMP manager AuthNoPriv Specifies that authorization will be require...

Страница 77: ...te Specifies that SNMP community members using the community string created can read from and write to the contents of the MIBs on the Switch To implement the new settings click Apply To delete an ent...

Страница 78: ...th NoPriv security level V3 Auth Priv To specify that the SNMP version 3 will be used with an Auth Priv security level Community String SNMP V3 User Name Type in the community string or SNMP V3 user n...

Страница 79: ...ables the port if there is a short Other ports will remain active PSE provides power according to the following classification Class Max power used by PSE 0 15 4W 1 4 0W 2 7 0W 3 15 4W PDs receive pow...

Страница 80: ...e used from the Switch s power source to PoE ports The user may configure a Power Limit between 37 and 185W for the DES 3028P and 37 and 370W for the DES 3052P The default setting is 185W DES 3028P an...

Страница 81: ...ports from the pull down menus to be enabled or disabled for PoE State Use the pull down menu to enable or disable ports for PoE Priority Use the pull down menu to select the priority of the PoE ports...

Страница 82: ...IM group is a group of switches that are managed as a single entity SIM switches may take on three different roles 1 Commander Switch CS This is a switch that has been manually configured as the contr...

Страница 83: ...nder Switch the rediscovery process cannot occur 2 The topology map now includes new features for connections that are a member of a port trunking group It will display the speed and number of Etherne...

Страница 84: ...s parameter will make the Switch a Commander Switch CS The user may join other switches to this Switch over Ethernet to be part of its SIM group Choosing this option will also enable the Switch to be...

Страница 85: ...ter Description Device Name This field will display the Device Name of the switches in the SIM group configured by the user If no Device Name is configured by the name it will be given the name defaul...

Страница 86: ...ll refresh itself periodically 20 seconds by default Figure 6 49 Topology view This window will display how the devices within the Single IP Management Group are connected to other groups and devices...

Страница 87: ...tting the mouse cursor over a specific device in the topology window tool tip will display the same information about a specific device as the Tree view does See the window below for an example Figure...

Страница 88: ...ameter Description Device Name This field will display the Device Name of the switches in the SIM group configured by the user If no Device Name is configured by the name it will be given the name def...

Страница 89: ...5 Right Clicking a Member icon The following options may appear for the user to configure Collapse To collapse the group that will be represented by a single icon Expand To expand the SIM group in det...

Страница 90: ...u Bar of the Topology View The five menus on the menu bar are as follows File Print Setup Will view the image to be printed Print Topology Will print the topology map Preference Will set display prope...

Страница 91: ...ollowing window click Administration Single IP Settings Firmware Upgrade Figure 6 61 Firmware Upgrade window Configuration Backup Restore This screen is used to upgrade configuration files from the Co...

Страница 92: ...he PC and then enter a path on your PC where you wish to save this file Select the member switches which will upload log files by clicking their corresponding check boxes Click Upload to initiate the...

Страница 93: ...hich the MAC address entered above resides Click Apply to implement the changes made To delete an entry in the Static Unicast Forwarding Table click the corresponding X under the Delete heading Multic...

Страница 94: ...is must be a multicast MAC address Port Settings Allows the selection of ports that will be members of the static multicast group The options are None When None is chosen the port will not be a member...

Страница 95: ...to which the filter settings will be applied Mode This drop down menu allows you to select the action the Switch will take when it receives a multicast packet that is to be forwarded to one of the po...

Страница 96: ...is function The Switch will send out e mail to recipients when one or more of the following events occur When a cold start occurs on the Switch When a port enters a link down status When a port enters...

Страница 97: ...will connect with on the SMTP server The common port number for SMTP is 25 yet a value between 1 and 65535 can be chosen Self Mail Address Enter the e mail address from which mail messages will be se...

Страница 98: ...ure 6 69 SMTP Service window The following parameters can be set Parameter Description Subject Enter the subject of the test e mail Content Enter the content of the test e mail Once your message is re...

Страница 99: ...s cannot cross VLANs without a network device performing a routing function between the VLANs The Switch supports IEEE 802 1Q VLANs The port untagging function can be used to remove the 802 1Q tag fro...

Страница 100: ...evant to the classification of received frames belonging to a VLAN Forwarding rules between ports decides whether to filter or forward the packet Egress rules determines if the packet must be sent tag...

Страница 101: ...out of those ports If the packet doesn t have an 802 1Q VLAN tag the port will alter the packet Thus all packets received by and forwarded by an untagging port will have 802 1Q VLAN information Rememb...

Страница 102: ...esses will be flooded to all ports Broadcast and multicast packets will also be flooded to all ports An example is presented below VLAN Name VID Switch Ports System default 1 5 6 7 8 21 22 23 24 Engin...

Страница 103: ...servers and shared printers Therefore this group of ports is to be included for all VLANs VLAN V2 is then configured to include ports 1 8 shared VLAN ports and the set of ports to be separated from t...

Страница 104: ...new 802 1Q VLAN click the Add button in the 802 1Q Static VLANs window A new window will appear as shown below to configure the port settings and to assign a unique name and number to the new VLAN Se...

Страница 105: ...individual port to be specified as a non VLAN member Egress Select this to specify the port as a static member of the VLAN Egress member ports are ports that will be transmitting traffic for the VLAN...

Страница 106: ...er ports are ports that will be transmitting traffic for the VLAN These ports can be either tagged or untagged Forbidden Select this to specify the port as not being a member of the VLAN and that the...

Страница 107: ...se two fields allow you to specify the range of ports that will be included in the Port based VLAN that you are creating using this window GVRP The Group VLAN Registration Protocol GVRP enables the po...

Страница 108: ...VLAN tagged frames will be accepted and Admit_All which mean both tagged and untagged frames will be accepted Admit_All is enabled by default Click Apply to implement changes made NOTE A VLAN group c...

Страница 109: ...DES 3028 DES 3028P DES 3028G DES 3052 DES 3052P Layer 2 Fast Ethernet Managed Switch Figure 7 9 VLAN Trunk Port Settings window 95...

Страница 110: ...ork may have VLAN ranges that overlap which might cause traffic to become mixed up So assigning a unique range of VLAN IDs to each customer might cause restrictions on some of their configurations req...

Страница 111: ...he specified user and a specified network will occur NNI To select a network to network interface specifies that communication between two specified networks will occur Outer TPID The Outer TPID is us...

Страница 112: ...witch allows the creation of up to six link aggregation groups each group consisting of 2 to 8 links ports All of the ports in the group must be members of the same VLAN and their STP status static mu...

Страница 113: ...group click the hyperlinked group number corresponding to the entry you wish to alter To delete a port trunk group click the corresponding under the Delete heading in the Link Aggregation Group Entri...

Страница 114: ...Fast Ethernet Managed Switch Figure 7 14 LACP Port Settings window To configure LACP port trunk settings select a port range using the From and To drop down menus select either Passive or Active Mode...

Страница 115: ...es sent from the device to the IGMP host or vice versa The Switch monitors IGMP messages and discontinues forwarding multicast packets when there are no longer hosts requesting that they continue Use...

Страница 116: ...o response to the membership query is received before the Leave Timer expires the multicast forwarding entry for that host is deleted The default setting is 2 Note The leave timer does not need to be...

Страница 117: ...determine which devices are members of a particular multicast group the devices will respond to the query and inform the querier of its membership status RIPv2 multicast Routing Information Protocol...

Страница 118: ...hed VLAN Name This is the name of the VLAN where the multicast router is attached Port Settings Select the individual ports and settings you wish to apply None No restrictions on the port dynamically...

Страница 119: ...ailed list If there is no answer from the authentication server after a specific period of time the switch will resend the access request to the server If the switch doesn t receive any response after...

Страница 120: ...3028P DES 3028G DES 3052 DES 3052P Layer 2 Fast Ethernet Managed Switch Figure 7 19 IGMP Access Control window Select the range of ports you wish to Enable or Disable and click Apply to implement chan...

Страница 121: ...t Ethernet Managed Switch Dynamic IP Multicast Learning To configure the Dynamic IP Multicast Learning Max Entry Settings on the Switch click L2 Features IGMP Snooping Dynamic IP Multicast Learning Fi...

Страница 122: ...e same port in a specific ISM VLAN 3 The Multicast VLAN is exclusive with normal 802 1q VLANs which means that VLAN IDs VIDs and VLAN Names of 802 1q VLANs and ISM VLANs cannot be the same Once a VID...

Страница 123: ...ected Multicast VLAN Member Port Enter a port or list of ports to be added to the Multicast VLAN Member ports shall be the untagged members of the multicast VLAN Tagged Member Port Enter a port or lis...

Страница 124: ...on will therefore limit the number of reports received and the number of multicast groups configured on the Switch The user may set an IP Multicast address or range of IP Multicast addresses to accept...

Страница 125: ...nge and click Apply Limited Multicast Range Settings The Limited Multicast Range Settings enables the user to configure the ports on the switch that will be involved in the Limited IP Multicast Range...

Страница 126: ...Switch Figure 7 28 Limited Multicast Range Settings The following parameters can be set Parameter Description From To Select a range of ports to be granted access or denied access from receiving multi...

Страница 127: ...Multicast Group Settings enables the user to configure the ports on the switch that will be apart of the maximum filter group up to a maximum of 256 To configure these settings click L2 Features IGMP...

Страница 128: ...specific multicast address that is also ready These two types of messages are distinguished by a multicast destination address located in the IPv6 header and a multicast address in the Multicast List...

Страница 129: ...255 Provides fine tuning to allow for expected packet loss on a subnet The user may choose a value between 1 and 255 with a default setting of 2 If a subnet is expected to be lossy the user may wish...

Страница 130: ...er Present Interval The amount of time that must pass before a multicast router decides that there are no other querier devices present Calculated as robustness variable query interval 0 5 query respo...

Страница 131: ...bidden from becoming a member of the VLAN dynamically Click Apply to implement the new settings Spanning Tree This Switch supports three versions of the Spanning Tree Protocol 802 1d STP 802 1w Rapid...

Страница 132: ...l the Rapid Spanning Tree Protocol RSTP as defined by the IEEE 802 1w specification and a version compatible with the IEEE 802 1d STP RSTP can operate with legacy equipment implementing IEEE 802 1d ho...

Страница 133: ...malfunction with the emergence of STP BPDU packets that occasionally loopback to the Switch such as BPDU packets looped back from an unmanaged switch connected to the DES 3028P To maintain the consist...

Страница 134: ...ion occurring on the user s side connected to the edge port but it cannot detect the LoopBack condition on the elected root port of STP on another switch STP Bridge Global Settings To view the STP Bri...

Страница 135: ...between 6 and 40 seconds The default value is 20 Bridge Hello Time 1 2 Sec The Hello Time can be set from 1 to 2 seconds This is the interval between two transmissions of BPDU packets sent by the Root...

Страница 136: ...t coming back it signifies a loop on the network STP will automatically be blocked and an alert will be sent to the administrator The LBD STP port will restart change to discarding state when the Loop...

Страница 137: ...Redundant links will be blocked just as redundant links are blocked on the switch level The STP on the switch level blocks redundant links between switches and similar network devices The port level S...

Страница 138: ...tatus Auto allows the port to have p2p status whenever possible and operate as if the p2p status were true If the port cannot maintain this status for example if the port is forced to half duplex oper...

Страница 139: ...owing information Parameter Description Configuration Name A previously configured name set on the Switch to uniquely identify the MSTI Multiple Spanning Tree Instance If a configuration name is not s...

Страница 140: ...gure 7 40 Instance ID Settings window CIST modify The user may configure the following parameters to configure the CIST on the Switch Parameter Description MSTI ID The MSTI ID of the CIST is 0 and can...

Страница 141: ...that the user wishes to add to this MSTI ID Supported VIDs on the Switch range from ID number 1 to 4094 This parameter can only be utilized if the Type chosen is Add or Remove Click Apply to implement...

Страница 142: ...current MSTP Port Information and can be used to update the port configuration for an MSTI ID If a loop occurs the MSTP function will use the port priority to select an interface to put into the forw...

Страница 143: ...nce The default setting is 0 auto There are two options 0 auto Selecting this parameter for the internalCost will set quickest route automatically and optimally for an interface The default value is d...

Страница 144: ...automatically block the port and send an alert to the administrator The Loopback Detection port will restart change to discarding state when the Loopback Detection Recover Time times out The Loopback...

Страница 145: ...P standard specifies the necessary protocol and management elements to 1 Facilitate multi vendor inter operability and the use of standard management tools to discover and make available physical topo...

Страница 146: ...parameter indicates the interval at which LLDP frames are transmitted on behalf of this LLDP agent The default value is 30 seconds Message TX Hold Multiplier 2 10 This parameter is a multiplier that d...

Страница 147: ...Switch Basic LLDP Port Settings The following window is used to set up LLDP on individual port s on the Switch To view this window click L2 Features LLDP Basic LLDP Port Settings Figure 7 48 Basic LL...

Страница 148: ...information information timeout and information insert remove Admin Status Use the drop down menu to choose TX_Only RX_Only TX_and_RX or Disabled Port Description Use the drop down menu to toggle Por...

Страница 149: ...DES 3028 DES 3028P DES 3028G DES 3052 DES 3052P Layer 2 Fast Ethernet Managed Switch Figure 7 49 802 1 Extension LLDP Port Settings Table window 135...

Страница 150: ...e the drop down menu to toggle among VLAN ID VLAN Name and All Use the drop down menu to toggle between Enabled and Disabled Protocol Identity Use the drop down menu to toggle among EAPOL LACP GVRP ST...

Страница 151: ...e 7 50 802 3 Extension LLDP Port Settings Table window The following parameters can be set or displayed Parameter Description From To Select a port or group of ports using the pull down menus MAC PHY...

Страница 152: ...Size Use the drop down menu to toggle Maximum Frame Size between Enabled and Disabled Click Apply to implement changes made LLDP Management Address Settings The following window is used to set up LLD...

Страница 153: ...splays the IPV4 Address type Address Enter the LLDP management address in this field Port State Use the drop down menu to toggle the Port State between Enabled and Disabled Click Apply to implement ch...

Страница 154: ...w this window click L2 Features LLDP LLDP Management Address Table Figure 7 53 LLDP Management Address Table window Use the drop down menu to select the type of Management Address enter an IP address...

Страница 155: ...ES 3028G DES 3052 DES 3052P Layer 2 Fast Ethernet Managed Switch Figure 7 54 LLDP Local Port Brief Table window Click the View button to display additional information about entries on the LLDP Local...

Страница 156: ...mote Port Table The following window is used to display the LLDP Remote Port Brief Table To view this window click L2 Features LLDP LLDP Remote Port Table Figure 7 55 LLDP Remote Port Brief Table wind...

Страница 157: ...smissions warrant special consideration The Switch allows you to further tailor how priority tagged data packets are handled on your network Using queues to manage priority tagged data allows you to s...

Страница 158: ...ded This results in the end user receiving all packets sent as quickly as possible thus prioritizing the queue and allowing for an uninterrupted stream of packets which optimizes the use of bandwidth...

Страница 159: ...B6 C6 A7 B7 A8 A1 B1 C1 D1 E1 F1 G1 H1 For weighted round robin queuing if each CoS queue has the same weight value then each CoS queue has an equal opportunity to send packets just like round robin q...

Страница 160: ...itch Port Bandwidth The bandwidth control settings are used to place a ceiling on the transmitting and receiving data rates for any selected port To view this window click CoS Port Bandwidth Figure 8...

Страница 161: ...s No Limit This drop down menu allows you to specify that the selected port will have no bandwidth limit Enabled disables the limit Rate This field allows you to enter the data rate in Kbit s that wil...

Страница 162: ...ssign a default 802 1p priority to any given port on the Switch The priority tags are numbered from 0 the lowest priority to 7 the highest priority To implement a new default priority choose a port ra...

Страница 163: ...8 4 802 1p User Priority window Once you have assigned a priority to the port groups on the Switch you can then assign this Class to each of the four levels of 802 1p priorities Click Apply to set you...

Страница 164: ...t Scheduling CoS can be customized by changing the output scheduling used for the hardware classes of service in the Switch As with any changes to CoS implementation careful consideration should be gi...

Страница 165: ...ured here For example if a port has been assigned a MAC priority the packet that has the CoS priority assigned to a MAC address will be sent to the CoS queue configured for that MAC address Once the c...

Страница 166: ...DES 3028 DES 3028P DES 3028G DES 3052 DES 3052P Layer 2 Fast Ethernet Managed Switch Figure 8 7 Priority Settings window 152...

Страница 167: ...this option will assign ports to map CoS priorities to MAC addresses TOS Choosing this option will assign ports to map CoS priorities to ToS priorities DSCP Choosing this option will assign ports to...

Страница 168: ...y of the available queues When a packet is received containing this DSCP tag it will be mapped to the CoS queue configured here These settings will only take effect if at least one of the priority set...

Страница 169: ...a the given ingress port The frames will be assigned to either the highest queue or the lowest queue Please note the following limitation exists port based CoS only supports mapping to Queue 3 Port ma...

Страница 170: ...igure the appropriate queue to be mapped to this destination MAC address using the following window 3 Once the previous parameters are set users should go to the Priority Settings window located in th...

Страница 171: ...Press the Apply button to make the time range current Access Profile Table Access profiles allow you to establish criteria to determine whether or not the Switch will forward packets based on the info...

Страница 172: ...umber for this profile set The number is used to set the relative priority for the profile Priority is set relative to other profiles where the lowest profile ID has the highest priority If a conflict...

Страница 173: ...ong configured access rules the profile ID establishes relative priority of the rules The value can be set from 1 to 256 however there is a limit to the total number of profiles that can be created Ty...

Страница 174: ...y also identify which flag bits to deny Flag bits are parts of a packet that determine what to do with the packet The user may deny packets by denying certain flag bits within the packets by checking...

Страница 175: ...ket header Select IP to instruct the Switch to examine the IP address in each frame s header Select Packet Content Mask to specify a mask to hide the content of the packet header Offset This field wil...

Страница 176: ...t ACL to prevent ARP spoofing attack please see Appendix E at the end of this manual To establish the rule for a previously created Access Profile To edit or add a rule to a previously created profile...

Страница 177: ...d previously by the user When replace priority is selected the Switch will rewrite the 802 1p default priority of a packet to the value entered into the priority field This value will meet the criteri...

Страница 178: ...If no entry exists only the Add button will be displayed however when an entry already exists a corresponding Modify button will also be displayed This will open the following window Figure 9 9 Access...

Страница 179: ...g created Type Selected profile based on Ethernet MAC Address IP address or Packet Content Mask Ethernet instructs the Switch to examine the layer 2 part of each packet header IP instructs the Switch...

Страница 180: ...et Type Specifies that the access profile will apply only to packets with this hexadecimal 802 1Q Ethernet type value hex 0x0 0xffff in the packet header The Ethernet type value may be set in the form...

Страница 181: ...r the Access ID and click Find To display all rules in the table click the View All Entries button To add a new Access Rule click the Add button above the Access Rule Table window to view the Access R...

Страница 182: ...are forwarded to the CoS queue specified previously by the user When replace priority is selected the Switch will rewrite the 802 1p default priority of a packet to the value entered into the priorit...

Страница 183: ...hat to do with the frame The entire process is described below CPU Interface Filtering State In the following window the user may globally enable or disable the CPU Interface Filtering mechanism by us...

Страница 184: ...r Select IP to instruct the Switch to examine the IP address in each frame s header Select Packet Content Mask to specify a mask to hide the content of the packet header VLAN Selecting this option ins...

Страница 185: ...lect IP to instruct the Switch to examine the IP address in each frame s header Select Packet Content Mask to specify a mask to hide the content of the packet header VLAN Selecting this option instruc...

Страница 186: ...ine what to do with the packet The user may filter packets by filtering certain flag bits within the packets by checking the boxes corresponding to the flag bits of the TCP field The user may choose b...

Страница 187: ...the window according to the requirements for the type of profile Select Ethernet to instruct the Switch to examine the layer 2 part of each packet header Select IP to instruct the Switch to examine th...

Страница 188: ...ly created CPU access profile by clicking the corresponding Modify button of the entry to configure Ethernet IP or Packet Content Mask Figure 9 21 CPU Interface Filtering Rule Table window Click the A...

Страница 189: ...based on Ethernet MAC Address IP address or Packet Content Ethernet instructs the Switch to examine the layer 2 part of each packet header IP instructs the Switch to examine the IP address in each fr...

Страница 190: ...ss rule will be implemented on the Switch To view the settings of a previously configured rule click in the Access Rule Table to view the following window Figure 9 23 CPU Interface Filtering Entry Dis...

Страница 191: ...examine the layer 2 part of each packet header IP instructs the Switch to examine the IP address in each frame s header Packet Content Mask instructs the Switch to examine the packet header VLAN Name...

Страница 192: ...le Table to view the following window window IP The following window is the CPU Interface Filtering Rule Table for Packet Content Figure 9 26 CPU Interface Filtering Entry Display To remove a previous...

Страница 193: ...specify that packets that do not match the access profile are not forwarded by the Switch and will be filtered Access ID Type in a unique identifier number for this access This value can be set from...

Страница 194: ...n hex form to mask the packet from byte 64 to byte 79 Port The CPU Access Rule may be configured on a per port basis by entering the port number of the Switch Time Range Click the check box and enter...

Страница 195: ...and control the situation The packet storm is monitored to determine if too many packets are flooding the network based on the threshold level provided by the user Once a packet storm has been detecte...

Страница 196: ...indow in the Administration folder and selecting the disabled port and returning it to an Enabled status alternatively the user can wait for the auto recovery function which will occur after 5 minutes...

Страница 197: ...value stated and drop packets until the issue is resolved Shut Down Utilizes the Switch s software Traffic Control mechanism to determine the Packet Storm occurring Once detected the port will deny al...

Страница 198: ...e seen as Discarding in Spanning Tree windows and implementations though these ports will still be forwarding BPDUs to the Switch s CPU NOTE Ports that are in rest mode will be seen as link down in al...

Страница 199: ...Port Security window The following parameters can be set Parameter Description From To A consecutive group of ports may be configured starting with the selected port Admin State This pull down menu a...

Страница 200: ...he Delete heading of the corresponding MAC address to be deleted Only entries marked Secured_Permanent can be deleted Click the Next button to view the next page of entries listed in this table This w...

Страница 201: ...obal Settings This window is used to enable or disable the Trap Log State and DHCP Snoop state on the switch The Trap Log field will enable and disable the sending of trap log messages for IP MAC bind...

Страница 202: ...er Description From Port To Port Select a port or range of ports to set for IP MAC Binding State Use the pull down menu to enable or disable these ports for IP MAC Binding Strict This mode provides a...

Страница 203: ...P Packet By default the DHCP packet with broadcast DA will be flooded When set to disable the broadcast DHCP packet received by the specified port will not be forwarded Max Entry Specifies the maximum...

Страница 204: ...ntries Figure 10 7 DHCP Snooping Entries window MAC Block List This table is used to view unauthorized devices that have been blocked by IP MAC binding restrictions To find an unauthorized device that...

Страница 205: ...Switch to create a three layered encryption code for secure communication between the server and the host The user may implement any one or combination of the ciphersuites available yet different ciph...

Страница 206: ...a der extension Ex c cert der Key File Name Enter the path and the filename of the key file to download This file must have a der extension Ex c pkey der To set up the SSL function on the Switch conf...

Страница 207: ...Diffie Hellman key exchange CBC Block Cipher 3DES_EDE encryption and SHA Hash Algorithm Use the pull down menu to enable or disable this ciphersuite This field is Enabled by default RSA EXPORT with RC...

Страница 208: ...ount on the Switch including specifying a password This password is used to logon to the Switch once a secure communication path has been established using the SSH protocol 2 Configure the User Accoun...

Страница 209: ...ed the Switch will be disconnected and the user must reconnect to the Switch to attempt another login The number of maximum attempts may be set between 2 and 20 The default setting is 2 Session Rekeyi...

Страница 210: ...S192 encryption algorithm with Cipher Block Chaining The default is Enabled AES256 CBC Use the pull down to enable or disable the Advanced Encryption Standard AES 256 encryption algorithm with Cipher...

Страница 211: ...parameter should be chosen to use a remote SSH server for authentication purposes Choosing this parameter requires the user to input the following information to identify the SSH user Host Name Enter...

Страница 212: ...e authenticated client via SNMP on R2 with the Radius command item in auth mib OID 1 3 6 1 4 1 171 12 3 7 by port based or Host based NOTE If the session timeout attribute on the radius server is set...

Страница 213: ...es services Figure 10 16 The Authentication Server Authenticator The Authenticator the Switch is an intermediary between the Authentication Server and the Client The Authenticator servers two purposes...

Страница 214: ...is granted access and therefore successfully unlocks the port Once unlocked normal traffic is allowed to pass through the port The following figure displays a more detailed explanation of how the auth...

Страница 215: ...802 1X Client 802 1X Client 802 1X Client 802 1X Client 802 1X Client Network access controlled port Network access uncontrolled port Figure 10 20 Example of Typical Port Based Configuration Once the...

Страница 216: ...number of distinct logical Ports each logical Port being independently controlled from the point of view of EAPOL exchanges and authorization state The Switch learns each attached devices individual...

Страница 217: ...attribute but authenticates successfully the device will not assign a priority to this port If the priority attribute configured on the RADIUS is a value out of range 7 it will not be set to the devi...

Страница 218: ...st based cannot undergo this procedure 2 Ports supporting Guest VLANs cannot be GVRP enabled and vice versa 3 A port cannot be a member of a Guest VLAN and a static VLAN simultaneously 4 Once a client...

Страница 219: ...enticator Settings To configure the 802 1X Authenticator Settings click Security 802 1X 802 1X Authenticator Settings Figure 10 23 802 1X Authenticator Settings window To configure the settings by por...

Страница 220: ...ent If forceUnauthorized is selected the port will remain in the unauthorized state ignoring all attempts by the client to authenticate The Switch cannot provide authentication services to the client...

Страница 221: ...thentication server The default setting is 30 seconds MaxReq The maximum number of times that the Switch will retransmit an EAP Request to the client before it times out of the authentication sessions...

Страница 222: ...al users on the Switch To view this window click Security 802 1X 802 1X User Figure 10 25 Local Users Configuration window Enter a User Name Password and confirmation of that password Properly configu...

Страница 223: ...on the Switch To view this window click Security 802 1X 802 1X Capability Settings Figure 10 26 802 1X Capability Settings window Configure 802 1X Guest VLAN In order to configure a Guest 802 1X VLAN...

Страница 224: ...s listed in the Port List below as part of the Guest VLAN Be sure that these ports are configured for this VLAN or users will be prompted with an error message Port List Set the port list of ports to...

Страница 225: ...indicating a port on the Switch Initializing Ports for Host Based 802 1X To initialize ports for the Host side of 802 1X the user must first enable 802 1X by MAC address in the DES 30xx Web Managemen...

Страница 226: ...le window This window displays the following information Parameter Description Port The port number of the reauthenticated port Auth State The Authenticator State will display one of the following Ini...

Страница 227: ...orts first choose the range of ports in the From and To field Then the user must specify the MAC address to be reauthenticated by entering it into the MAC Address field and checking the corresponding...

Страница 228: ...ared key is the same as that of the RADIUS server Status This allows users to set the RADIUS Server as Valid Enabled or Invalid Disabled Trusted Host To view the Trusted Host settings on the switch cl...

Страница 229: ...rname and password and the user is granted normal user privileges on the Switch The server will not accept the username and password and the user is denied access to the Switch The server doesn t resp...

Страница 230: ...0 and 255 seconds The default setting is 30 seconds User Attempts 1 255 This command will configure the maximum number of times the Switch will accept authentication attempts Users failing to be auth...

Страница 231: ...use the default Method List or other Method List configured by the user See the Enable Method Lists window in this section for more information Click Apply to implement changes made Authentication Ser...

Страница 232: ...sts to the list Authentication Server Hosts must be configured for their specific protocol on a remote centralized server before this function can work properly NOTE The four built in server groups ca...

Страница 233: ...ost click the IP address hyperlink revealing the following window Figure 10 41 Authentication Server Host Setting Edit window Configure the following parameters to add an Authentication Server Host Pa...

Страница 234: ...or higher security Timeout 1 255 Enter the time in seconds the Switch will wait for the server host to reply to an authentication request The default value is 5 seconds Retransmit 1 255 Enter the valu...

Страница 235: ...user When the local method is used the privilege level will be dependant on the local account privilege configured on the Switch Successful login using any of these techniques will give the user a Us...

Страница 236: ...cess the Switch Enable Method Lists The Enable Method List Settings window is used to set up Method Lists to promote users with user level privileges to Administrator Admin level privileges using auth...

Страница 237: ...d To modify an Enable Method List click on its hyperlinked Method List Name To configure a Method List click the Add button Both actions will result in the same window to configure Figure 10 46 Enable...

Страница 238: ...will require the user to be authenticated using the RADIUS protocol from a remote RADIUS server tacacs Adding this parameter will require the user to be authenticated using the TACACS protocol from a...

Страница 239: ...the New Local Enabled field will result in a fail message Enable Admin Figure 10 49 Enable Admin window The Enable Admin window is for users who have logged on to the Switch on the normal user level...

Страница 240: ...h This method of segmenting the flow of traffic is similar to using VLANs to limit traffic but is more restrictive It provides a method of directing traffic that does not increase the overhead of the...

Страница 241: ...inst a network This attack is designed to stop a network from functioning by flooding it with useless traffic Symptoms of a malicious attack include the inability to access any web site or a particula...

Страница 242: ...ith the source host port the same as the destination host port the system then attempts to reply to itself which causes the system to lock up Smurf Attack A Smurf attack works by sending PING requests...

Страница 243: ...default services then uses the L4 port between 1 and 1023 All Check this box to select all attack types Action Set Action to Drop or Mirror the selected types of attacks State Set the State to Enabled...

Страница 244: ...ES 3052P Layer 2 Fast Ethernet Managed Switch Figure 10 56 DoS Smurf Attack Prevention window Summary window Figure 10 57 DoS TCP Null Scan Prevention window Summary window Figure 10 58 DoS TCP Xmasca...

Страница 245: ...3028P DES 3028G DES 3052 DES 3052P Layer 2 Fast Ethernet Managed Switch Figure 10 59 DoS TCP SYNFIN Prevention window Summary window Figure 10 60 DoS TCP SYN SrcPort less 1024 Prevention window Summar...

Страница 246: ...oup Browse Router Port VLAN Status MLD Snooping Group Browse MLD Snooping Router Port Static ARP Settings ARP FDB Gratuitous ARP Settings Session Table Port Access Control CPU Utilization The CPU Util...

Страница 247: ...60s where s stands for seconds The default value is one second Record Number Select number of times the Switch will be polled between 20 and 200 The default value is 200 Show Hide Check whether to dis...

Страница 248: ...ield can be set Parameter Description Time Interval Select the desired setting between 1s and 60s where s stands for seconds The default value is one second Record Number Select number of times the Sw...

Страница 249: ...statistics for use the Port pull down menu The user may also use the real time graphic of the Switch at the top of the web page by simply clicking on a port To view this window click Monitoring Packe...

Страница 250: ...ort Packets Counts the number of packets received on the port Unicast Counts the total number of good packets that were received by a unicast address Multicast Counts the total number of good packets...

Страница 251: ...atistics for use the Port pull down menu The user may also use the real time graphic of the Switch at the top of the web page by simply clicking on a port To view this window click Monitoring Packets...

Страница 252: ...ult value is 200 Unicast Counts the total number of good packets that were received by a unicast address Multicast Counts the total number of good packets that were received by a multicast address Bro...

Страница 253: ...these statistics for use the Port pull down menu The user may also use the real time graphic of the Switch at the top of the web page by simply clicking on a port To view this window click Monitoring...

Страница 254: ...om the port Packets Counts the number of packets successfully sent on the port Unicast Counts the total number of good packets that were transmitted by a unicast address Multicast Counts the total num...

Страница 255: ...g graph displays error packets received by the Switch To select a port to view these statistics for select the port by using the Port pull down menu The user may also use the real time graphic of the...

Страница 256: ...rrence OverSize Counts packets received that were longer than 1518 octets or if a VLAN frame is 1522 octets and less than the MAX_PKT_LEN Internally MAX_PKT_LEN is equal to 1522 Fragment The number of...

Страница 257: ...tistics for select the port by using the Port pull down menu The user may also use the real time graphic of the Switch at the top of the web page by simply clicking on a port To view this window click...

Страница 258: ...octet boundary LateColl Counts the number of times that a collision is detected later than 512 bit times into the transmission of a packet ExColl Excessive Collisions The number of packets for which t...

Страница 259: ...le Two windows are offered To select a port to view these statistics for select the port by using the Port pull down menu The user may also use the real time graphic of the Switch at the top of the we...

Страница 260: ...ere between 128 and 255 octets in length inclusive excluding framing bits but including FCS octets 256 511 The total number of packets including bad packets received that were between 256 and 511 octe...

Страница 261: ...address forwarding table to be viewed When the Switch learns an association between a MAC address and a port number it makes an entry into its forwarding table These entries are then used to forward...

Страница 262: ...port VLAN or MAC address VID The VLAN ID of the VLAN of which the MAC address above corresponds MAC Address The MAC address entered into the address table Port The port to which the MAC address corre...

Страница 263: ...ap receiving stations and to the PC connected to the console manager Click Next to go to the next page of the Switch History Log Clicking Clear will allow the user to clear the Switch History Log The...

Страница 264: ...ring it in the top left hand corner and clicking Search The user may also delete Data Driven learning entries by entering the VLAN Name and clicking Delete or Delete All Data Driven learning Entries T...

Страница 265: ...the Switch s ports to be viewed by VLAN This window displays the ports on the Switch that are currently Egress E or Tag T ports This window displays the ports on the Switch that are currently Egress E...

Страница 266: ...E To configure MLD snooping for the Switch go to the L2 Features folder and select MLD Snooping MLD Snooping Settings Browse MLD Snooping Router Port This window displays which of the Switch s ports a...

Страница 267: ...ow To modify an entry select it on the ARP Settings table and click Modify Figure 11 24 Static ARP Settings Edit window ARP FDB This window conveniently allows the user to add entries to the IP MAC Po...

Страница 268: ...tch Figure 11 25 ARP FDB window To search for information regarding a specific entry enter the appropriate information and click Find The ARP FDB entries will be displayed in the ARP FDB Table to add...

Страница 269: ...ption Send on IPIF status up This is used to enable disable the sending of gratuitous ARP request packets while an IPIF interface comes up This is used to automatically announce the interface s IP add...

Страница 270: ...There are six windows to monitor NOTE The Authenticator State Authenticator Statistics Authenticator Session Statistics and Authenticator Diagnostics windows in this section cannot be viewed on the Sw...

Страница 271: ...redths of a second between the most recent Access Reply Access Challenge and the Access Request that matched it from this RADIUS authentication server AccessRetrans The number of RADIUS Access Request...

Страница 272: ...etry to the same server is counted as a retransmit as well as a timeout A send to a different server is counted as an Accounting Request as well as a timeout Requests The number of RADIUS Accounting R...

Страница 273: ...on has several options when resetting the Switch Some of the current configuration parameters can be retained while resetting all other configuration parameters to their factory defaults NOTE Only the...

Страница 274: ...ick the Restart button to restart the Switch Save Changes The Switch has two levels of memory normal RAM and non volatile or NV RAM Configuration changes are made effective clicking the Apply button W...

Страница 275: ...DES 3028 DES 3028P DES 3028G DES 3052 DES 3052P Layer 2 Fast Ethernet Managed Switch Logout Click the Logout button on the Logout window to immediately exit the Switch Figure 11 34 Logout window 261...

Страница 276: ...0BASE FX DEM 211 Multi Mode 100BASE FX WDM Transceivers Supported DEM 330T TX 1550 RX 1310nm up to 10km Single Mode DEM 330R TX 1310 RX 1550nm up to 10km Single Mode DEM 331T TX 1550 RX 1310nm up to 4...

Страница 277: ...cm fan and one 17cm fan Operating Temperature 0 40 C Storage Temperature 40 70 C Humidity 5 95 non condensing Dimensions DES 3028 DES 3028G 441 W x 207 D x 44 H mm DES 3028P 3052 3052P 441 W x 309 D x...

Страница 278: ...ts remain active 4 Active circuit protection automatically disables the port if there is a short while other ports remain active 5 PD should be able to receive the power following the classification b...

Страница 279: ...inking Port has detected a error condition LED Per 10 100 Mbps Port PoE only for DES 3028P DES 3052P Green Light off Powered Device may receive power from an AC power source or no 802 3af PD is found...

Страница 280: ...ons Feature Detailed Description Console Port DCE RS 232 DB 9 for out of band configuration of the software features 24 x 10 100BaseT ports 48 x 10 100BaseT ports Power over LAN support Compliant to f...

Страница 281: ...DEM 331R TX 1310 RX 1550nm up to 40km Single Mode Compliant to following standards 1 IEEE 802 3z compliance 2 IEEE 802 3u compliance 1000BASE T ports in the front panel 1000BASE T ports compliant to...

Страница 282: ...n and log saved to flash Username username IP ipaddr MAC macaddr Informational Configuration and log saved to flash by console Configuration and log saved to flash by console Username username Informa...

Страница 283: ...essfully uploaded by console Log message successfully uploaded by console Username username Informational Log message upload was unsuccessful Log message upload was unsuccessful Username username IP i...

Страница 284: ...rning Logout through Telnet Logout through Telnet Username username IP ipaddr Informational Telnet session timed out Telnet session timed out Username username IP ipaddr Informational SNMP SNMP reques...

Страница 285: ...od Username username Warning Successful login through Web authenticated by AAA local method Successful login through Web from userIP authenticated by AAA local method Username username Informational L...

Страница 286: ...h Telnet authenticated by AAA none method Successful login through Telnet from userIP authenticated by AAA none method Username username Informational Successful login through SSH authenticated by AAA...

Страница 287: ...thenticated by AAA server Login failed through Telnet from userIP authenticated by AAA server serverIP Username username Warning Login failed through Telnet due to AAA server timeout or improper confi...

Страница 288: ...t authenticated by AAA local_enable method Successful Enable Admin through Telnet from userIP authenticated by AAA local_enable method Username username Informational Enable Admin failed through Telne...

Страница 289: ...erIP Username username Warning Enable Admin failed through Console due to AAA server timeout or improper configuration Enable Admin failed through Console due to AAA server timeout or improper configu...

Страница 290: ...Admin through SSH from userIP authenticated by AAA server serverIP Username username Informational Enable Admin failed through SSH authenticated by AAA server Enable Admin failed through SSH from use...

Страница 291: ...detected with this device Conflict IP was detected with this device IP ipaddr MAC macaddr Port portNum Interface interface Informational 802 1X Radius server assigned VID to port Radius server r serve...

Страница 292: ...caddr Informational Loopback Detection Port Loop occurred Configuration Testing Protocol detects a loop in port portNum Informational Standard Trap List Trap Name OID Variable Bind Format MIB Name ris...

Страница 293: ...dingViolationMac V2 IP MAC BIND MIB agentGratuitousARPTrap 1 3 6 1 4 1 171 12 1 7 2 0 5 agentGratuitousARPIpAddr agentGratuitousARPMacAddr agentGratuitousARPPortNumber agentGratuitousARPInterfaceNa me...

Страница 294: ...DES 3028 DES 3028P DES 3028G DES 3052 DES 3052P Layer 2 Fast Ethernet Managed Switch 1 3 6 1 4 1 171 11 63 11 2 20 0 1 280...

Страница 295: ...Standard Media Type Maximum Distance Mini GBIC 1000BASE LX Single mode fiber module 1000BASE SX Multi mode fiber module 1000BASE LHX Single mode fiber module 1000BASE ZX Single mode fiber module 10km...

Страница 296: ...is a direct connection to the console port of the device It is necessary for the user needs to attach a terminal or PC with terminal emulation to the console port of the switch 2 Power on the switch...

Страница 297: ...itch Command Parameters accounts reset password username The reset password command resets the password of the specified user If a username is not specified the password of all users will be reset sho...

Страница 298: ...volved Bridges form a single logical network centralizing network administration broadcast A message sent to all destination devices on the network broadcast storm Multiple simultaneous broadcasts tha...

Страница 299: ...protocol which allows IP to run over a serial line connection SNMP Simple Network Management Protocol A protocol originally designed to be used in managing TCP IP internets SNMP is presently implement...

Страница 300: ...s IP address will be written into the Sender Protocol Address in ARP payload As PC B s MAC address is unknown the Target H W Address will be 00 00 00 00 00 00 while PC B s IP address will be written i...

Страница 301: ...frame to all ports except the source port port 1 see Figure 2 Figure 2 When the switch floods the frame of the ARP request to the network all PCs will receive and examine the frame but only PC B will...

Страница 302: ...query Destination Address in the Ethernet frame it will change to PC A s MAC address The Source Address will be changed to PC B s MAC address see Table 4 Destination address 00 20 5C 01 11 11 Source...

Страница 303: ...be mistakenly re directed to the node specified by the attacker IP spoofing attacks are caused by Gratuitous ARPs that occur when a host sends an ARP request to resolve its own IP address Figure 4 sho...

Страница 304: ...pecified MAC address to the IP address of the network s default gateway The malicious attacker only needs to broadcast ONE Gratuitous ARP to the network claiming it is the gateway so that the whole ne...

Страница 305: ...o 80 bytes in total at one time It utilizes offsets to match individual fields in the Ethernet Frame An offset contains 16 bytes and the switch supports 5 offsets with each offset being divided into a...

Страница 306: ......

Страница 307: ......

Страница 308: ...stic environment this product may cause radio interference in which case the user may be required to take adequate measures Warnung Dies ist ein Produkt der Klasse A Im Wohnbereich kann dieses Produkt...

Страница 309: ...y WARNING When working with laser optic modules always take the following precautions to avoid exposure to hazardous radiation Never look at the transmit LED laser through a magnifying device while it...

Страница 310: ...the original licensee and is subject to the terms and conditions of the license granted by D Link for the Software The Warranty Period shall extend for an additional ninety 90 days after any replaceme...

Страница 311: ...K FOR WARRANTY SERVICE RESULTING FROM THE USE OF THE PRODUCT RELATING TO WARRANTY SERVICE OR ARISING OUT OF ANY BREACH OF THIS LIMITED WARRANTY EVEN IF D LINK HAS BEEN ADVISED OF THE POSSIBILITY OF SU...

Страница 312: ...returned to D Link The license granted respecting any Software for which a refund is given automatically terminates Non Applicability of Warranty The Limited Warranty provided hereunder for Hardware a...

Страница 313: ...or limitation of incidental or consequential damages or limitations on how long an implied warranty lasts so the foregoing limitations and exclusions may not apply This Limited Warranty provides speci...

Страница 314: ...egistration Register your D Link product online at http support dlink com register Product registration is entirely voluntary and failure to complete or return this form will not diminish your warrant...

Страница 315: ...all material respects to the defective Hardware The Warranty Period shall extend for an additional ninety 90 days after any repaired or replaced Hardware is delivered If a material defect is incapable...

Страница 316: ...ted provide written proof of purchase of the product such as a copy of the dated purchase invoice for the product before the warranty service is provided After an RMA number is issued the defective pr...

Страница 317: ...EGAL OR EQUITABLE THEORY FOR ANY LOSS OF USE OF THE PRODUCT INCONVENIENCE OR DAMAGES OF ANY CHARACTER WHETHER DIRECT SPECIAL INCIDENTAL OR CONSEQUENTIAL INCLUDING BUT NOT LIMITED TO DAMAGES FOR LOSS O...

Страница 318: ...uipment has been tested and found to comply with the limits for a Class A digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful...

Страница 319: ...warranty period on this product U S and Canadian customers can contact D Link technical support through our website or by phone Tech Support for customers within the United States D Link Technical Su...

Страница 320: ...uk ftp ftp dlink co uk Technische Unterst tzung Deutschland Web http www dlink de E Mail support dlink de Telefon 49 0 1805 2787 0 14 pro Minute Zeiten Mo Fr 09 00 17 30 Uhr sterreich Web http www dl...

Страница 321: ...al venerd dalle ore 9 00 alle ore 19 00 con orario continuato 0 067 min De Lunes a Viernes de 9 00 a 14 00 y de 15 00 a 18 00 http www dlink es Asistencia T cnica Asistencia T cnica Telef nica de D L...

Страница 322: ...e 14 99 HUG min Mobile 49 99 HUF min email support dlink hu URL http www dlink hu Web http www dlink cz suppport E mail support dlink cz Telefon 225 281 553 Telefonick podpora je v provozu PO P od 09...

Страница 323: ...ink Teknisk Support via telefon 0900 100 77 00 Vardagar 08 00 20 00 D Link Teknisk Support via Internet http www dlink se Assist ncia T cnica Assist ncia T cnica da D Link na Internet http www dlink p...

Страница 324: ...a podpora Zahvaljujemo se vam ker ste izbrali D Link proizvod Za vse nadaljnje informacije podporo ter navodila za uporabo prosimo obi ite D Link ovo spletno stran www dlink eu www dlink biz sl Suport...

Страница 325: ...ys http www dlink co in support productsupport aspx Indonesia Malaysia Singapore and Thailand Tel 62 21 5731610 Indonesia Tel 1800 882 880 Malaysia Tel 65 66229355 Singapore Tel 66 2 719 8978 9 Thaila...

Страница 326: ...92 21 4548158 or 92 21 4548310 Monday to Friday 10 00am to 6 00pm http support dlink me com E mail zkashif dlink me com South Africa and Sub Sahara Region Tel 27 12 665 2165 08600 DLINK for South Afri...

Страница 327: ...D Link D Link D Link D Link 7 495 744 00 99 http www dlink ru e mail support dlink ru...

Страница 328: ...06 00am a 19 00pm Costa Rica 0800 0521478 Lunes a Viernes 05 00am a 18 00pm Ecuador 1800 035465 Lunes a Viernes 06 00am a 19 00pm El Salvador 800 6335 Lunes a Viernes 05 00am a 18 00pm Guatemala 1800...

Страница 329: ...l A D Link fornece suporte t cnico gratuito para clientes no Brasil durante o per odo de vig ncia da garantia deste produto Suporte T cnico para clientes no Brasil Telefone S o Paulo 11 2185 9301 Segu...

Страница 330: ...D Link D Link D Link 0800 002 615 9 00 9 00 http www dlink com tw dssqa_service dlink com tw D Link http www dlink com tw...

Страница 331: ...kumentasi pengguna dapat diperoleh pada situs web D Link Dukungan Teknis untuk pelanggan Dukungan Teknis D Link melalui telepon Tel 62 21 5731610 Dukungan Teknis D Link melalui Internet Email support...

Страница 332: ...Technical Support Web Web URL http www dlink jp com...

Страница 333: ...D Link 36 B 26F 02 05 100013 8008296688 028 66052968 028 85176948 36 B 26F 02 05 100013 010 58257789 010 58257790 http www dlink com cn 09 00 18 00...

Отзывы:

Нет отзывов

Похожие инструкции для DES-3028

Бренд: Barksdale Страницы: 5

Бренд: Lantronix Страницы: 40

Бренд: Lantronix Страницы: 2

SISTP1040-551-LRT

Бренд: Lantronix Страницы: 2

Бренд: Lantronix Страницы: 2

SISPM1040-3 L Series

Бренд: Lantronix Страницы: 2

SISPM1040 L3 Series

Бренд: Lantronix Страницы: 36

SecureLinx Spider

Бренд: Lantronix Страницы: 18

Бренд: Lantronix Страницы: 8

Бренд: Lantronix Страницы: 6

SISPM1040-582-LRT

Бренд: Lantronix Страницы: 272

Xpress-Pro SW 52000

Бренд: Lantronix Страницы: 8

RackSwitch G8264T

Бренд: IBM Страницы: 20

Бренд: Hamlet Страницы: 4

Бренд: I-Tech Страницы: 29

Бренд: Uniclass Страницы: 2

SmartStack STS16-20R

Бренд: Cabletron Systems Страницы: 258

MultiView CE-H26311-S1

Бренд: SIIG Страницы: 24

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды