D-Link DES-3528 - xStack Switch - Stackable Скачать руководство пользователя страница 211 | Manualshive

Страница: 211 / 367

background image

xStack® DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch Web UI Reference Guide

Chapter 8

Security

802.1X

RADIUS

IP-MAC-Port Binding (IMPB)

MAC-based Access Control (MAC)

Web-based Access Control (WAC)

Japanese Web-based Access Control (JWAC)

Compound Authentication

Port Security

ARP Spoofing Prevention Settings

BPDU Attack Protection

Loopback Detection Settings

Traffic Segmentation Settings

NetBIOS Filtering Settings

DHCP Server Screening

Access Authentication Control

SSL Settings

SSH

Trusted Host Settings

Safeguard Engine Settings

802.1X

802.1X (Port-Based and Host-Based Access Control)

The IEEE 802.1X standard is a security measure for
authorizing and authenticating users to gain access to
various wired or wireless devices on a specified Local
Area Network by using a Client and Server based access
control model. This is accomplished by using a RADIUS
server to authenticate users trying to access a network by
relaying Extensible Authentication Protocol over LAN
(EAPOL) packets between the Client and the Server. The
following figure represents a basic EAPOL packet:

Figure 8-1 The EAPOL Packet

Utilizing this method, unauthorized devices are restricted
from connecting to a LAN through a port to which the user
is connected. EAPOL packets are the only traffic that can
be transmitted through the specific port until authorization
is granted. The 802.1X Access Control method has three
roles, each of which are vital to creating and up keeping a
stable and working Access Control security method.

Figure 8-2 The three roles of 802.1X

202

«
...
209
210
211
212
213
...
»

Содержание DES-3528 - xStack Switch - Stackable

Страница 1: ...Web UI Reference Guide ProductModel xStack DES 3528 DES 3552 Series Layer2ManagedStackable Fast Ethernet Switch Release 2 6 September 2010...

Страница 2: ...ssion of D Link Corporation is strictly forbidden Trademarks used in this text D Link and the D LINK logo are trademarks of D Link Corporation Microsoft and Windows are registered trademarks of Micros...

Страница 3: ...Firmware Information Settings 8 Port Configuration 9 Port Settings 9 Port Description Settings 10 Port Error Disabled 11 Jumbo Frame Settings 12 PoE 12 PoE System Settings 13 PoE Port Settings 14 Seri...

Страница 4: ...Settings 48 SNMP Community Table Settings 49 SNMP Group Table Settings 50 SNMP Engine ID Settings 51 SNMP User Table Settings 52 SNMP Host Table Settings 53 SNMPv6 Host Table Settings 53 RMON Settings...

Страница 5: ...S Settings 127 LLDP 130 LLDP Global Settings 130 LLDP Port Settings 131 LLDP Management Address List 133 LLDP Basic TLVs Settings 133 LLDP Dot1 TLVs Settings 134 LLDP Dot3 TLVs Settings 136 LLDP Stati...

Страница 6: ...PU Ethernet ACL Profile 185 Adding a CPU IPv4 ACL Profile 188 Adding a CPU IPv6 ACL Profile 192 Adding a CPU Packet Content ACL Profile 195 ACL Finder 198 ACL Flow Meter 199 Chapter 8 Security 202 802...

Страница 7: ...s 244 Compound Authentication Guest VLAN Settings 246 Port Security 247 Port Security Settings 247 Port Security VLAN Settings 248 Port Security Entries 249 ARP Spoofing Prevention Settings 249 BPDU A...

Страница 8: ...ngs 299 CFM Linktrace Settings 300 CFM Packet Counter 300 CFM Fault Table 301 CFM MP Table 302 Ethernet OAM 302 Ethernet OAM Settings 302 Ethernet OAM Configuration Settings 303 Ethernet OAM Event Log...

Страница 9: ...35 Download Configuration File 335 Upload Configuration File 336 Upload Log File 337 Reset 338 Reboot System 338 Appendix A Mitigating ARP Spoofing Attacks Using Packet Content ACL 339 How Address Res...

Страница 10: ...xample Open the File menu and choose Cancel Used for emphasis May also indicate system messages or prompts appearing on screen For example You have mail Bold font is also used to represent filenames p...

Страница 11: ...ly with the Switch using the HTTP protocol The Web based management module and the Console program and Telnet are different ways to access the same internal switching software and configure it Thus al...

Страница 12: ...itor the system status Areas of the User Interface The figure below shows the user interface Three distinct areas divide the user interface as described in the table Figure 1 2 Main Web Manager page 3...

Страница 13: ...onality of the Switch L3 Features In this section the user will be able to configure features regarding the Layer 3 functionality of the Switch QoS In this section the user will be able to configure f...

Страница 14: ...og on to the Switch To return to the Device Information window after viewing other windows click the DES 3528 DES 3552 Series link The Device Information window shows the Switch s MAC Address assigned...

Страница 15: ...iate feature page for configuration System Information Settings The user can enter a System Name System Location and System Contact to aid in defining the Switch This window also displays the MAC Addr...

Страница 16: ...information Parameter Description ID State the ID number of the configuration file located in the Switch s memory The Switch can store two configuration files for use ID 1 will be the default boot up...

Страница 17: ...e ways firmware may be downloaded to the Switch R If the IP address has this letter attached it denotes a firmware upgrade through the serial port RS232 T If the IP address has this letter attached to...

Страница 18: ...hoose the port or sequential range of ports using the From Port and To Port pull down menus 2 Use the remaining pull down menus to configure the parameters described below The fields that can be confi...

Страница 19: ...et for 1000M Full_Master the other side of the connection must be set for 1000M Full_Slave Any other configuration will result in a link down status for both ports Flow Control Displays the flow contr...

Страница 20: ...r the selected ports If configuring the Combo ports the Medium Type defines the type of transport medium to be used whether Copper or Fiber Description Users may then enter a description for the chose...

Страница 21: ...ame Use the radio buttons to enable or disable the Jumbo Frame function on the Switch The default is Disabled The maximum frame size is 1536 bytes Click the Apply button to implement changes made PoE...

Страница 22: ...e Power Limit for the PoE system enter a value between 37W and 370W for the DES 3528P DES 3552P in the Power Limit field The default setting is 370W When the total consumed power exceeds the power lim...

Страница 23: ...en exceeded the next port attempting to power up is denied regardless of its priority If Power Disconnection Method is set to Deny Next Port the system cannot utilize out of its maximum power capacity...

Страница 24: ...there are different PD classes and power consumption ranges Class 0 0 44 12 95W Class 1 0 44 3 84W Class 2 3 84 6 49W Class 3 6 49 12 95W Class 4 12 95W 29 5W only ports 1 8 The following is the power...

Страница 25: ...to choose a method for which to save the switch log to the flash memory of the Switch To view the following window click System Configuration System Log Configuration System Log Settings as shown bel...

Страница 26: ...ill be sent The options are Emergency Alert Critical Error Warning Notice Informational and Debug Server IPv4 Address Click the radio button and enter the IPv4 address of the Syslog server Server IPv6...

Страница 27: ...P or ERPS Attack Log When selecting Attack Log all attacks will be listed Index A counter incremented whenever an entry to the Switch s history log is made The table displays the last entry highest se...

Страница 28: ...triggers either a log entry or a trap message can be set as well Use the System Severity Settings window to set the criteria for alerts The current settings are displayed below the System Severity Ta...

Страница 29: ...o identify this time range on the Switch This range name will be used in the Access Profile table to identify the access profile and associated rule to be enabled during this time range Hours This par...

Страница 30: ...igure 2 17 User Accounts Settings window To add a new user type in a User Name and New Password and retype the same password in the Confirm New Password field Choose the level of privilege Admin Opera...

Страница 31: ...t switches can be combined to be managed by one IP address through Telnet the GUI interface Web the console port or through SNMP Each switch of this series has two stacking ports located at the rear o...

Страница 32: ...LED will flash between its given Box ID and H Backup Master The Backup Master is the backup to the Primary Master and will take over the functions of the Primary Master if the Primary Master fails or...

Страница 33: ...is down Once the device has been removed the remaining switches will update their stacking topology database to reflect the change Any one of the three roles Primary Master Backup Master or Slave may...

Страница 34: ...ensure the master role is unchanged when adding a new device to the current stacking topology If the Enabled radio button is selected the master s priority will become zero after the stacking has sta...

Страница 35: ...s can be defined in the ARP table When static entries are defined a permanent entry is entered and is used to translate IP addresses to MAC addresses To view the following window click Management ARP...

Страница 36: ...r 3 switch will see the ARP request from A This local proxy ARP function allows the Switch to respond to the proxy ARP if the source IP and destination IP are in the same interface To view the followi...

Страница 37: ...ARP request packet while the IPIF interface become up This is used to automatically announce the interface s IP address to other nodes By default the state is disabled and only one gratuitous ARP pack...

Страница 38: ...event log is Enabled Interface Name Enter the interface name of the Layer 3 interface Select All to enable or disable gratuitous ARP trap or log on all interfaces Interval Time Enter the periodically...

Страница 39: ...t to the state option Click the Add button to add a new entry based on the information entered Click the Find button to locate a specific entry based on the information entered Click the Clear button...

Страница 40: ...witch can access the Switch until a management VLAN is specified or Management Station IP addresses are assigned Interface Admin State Use the drop down menu to enable or disable the configuration on...

Страница 41: ...NOTE To create IPv6 interfaces the user has to create an IPv4 interface then edit it to IPv6 Click the Add button to see the following window Figure 3 9 IPv4 Interface Settings Add window The fields...

Страница 42: ...window The fields that can be configured are described below Parameter Description Interface Name Display the IPv6 interface name IPv6 State Use the drop down menu to enable or disable IPv6 State Inte...

Страница 43: ...re information about loading a configuration file for use by a client see the DHCP server and or TFTP server software instructions The user may also consult the Upload Log File window description loca...

Страница 44: ...ncept that will stack switches together over Ethernet instead of using stacking ports or modules There are some advantages in implementing the Single IP Management feature 1 SIM can simplify managemen...

Страница 45: ...e following characteristics a It is not a CS or MS of another Single IP group b It is connected to the CS through the CS management VLAN The following rules also apply to the above roles Each device b...

Страница 46: ...t picture 3 This version will support switch upload and downloads for firmware configuration files and log files as follows a Firmware The Switch now supports MS firmware downloads from a TFTP server...

Страница 47: ...hold information sent to it from other switches utilizing the Discovery Interval The user may set the hold time from 100 to 255 seconds The default value is 100 seconds Click the Apply button to acce...

Страница 48: ...ote Port Displays the number of the physical port on the MS or CaS to which the CS is connected The CS will have no entry in this field MAC Address Displays the MAC Address of the corresponding Switch...

Страница 49: ...se plays an important role in configuration and in viewing device information Setting the mouse cursor over a specific device in the topology window tool tip will display the same information about a...

Страница 50: ...display the group information Figure 3 21 Property window Parameter Description Device Name This field will display the Device Name of the switches in the SIM group configured by the user If no Devic...

Страница 51: ...a single icon Expand To expand the SIM group in detail Property To pop up a window to display the group information Member Switch Icon Figure 3 23 Right clicking a Member icon The following options m...

Страница 52: ...the device information Menu Bar The Single IP Management window contains a menu bar for device configurations as seen below Figure 3 26 Menu Bar of the Topology View File Print Setup Will view the im...

Страница 53: ...Address where the firmware resides and enter the Path Filename of the firmware Click Download to initiate the file transfer To view the following window click Management Single IP Management Firmware...

Страница 54: ...f variables managed objects is maintained by the SNMP agent and used to manage the device These objects are defined in a Management Information Base MIB which provides a standard presentation of the i...

Страница 55: ...gement Information Base MIB stores management and counter information The Switch uses the standard MIB II Management Information Base module Consequently values for MIB objects can be retrieved from a...

Страница 56: ...he fields that can be configured are described below Parameter Description SNMP Traps Enable this option to use the SNMP Traps feature SNMP Authentication Trap Enable this option to use the SNMP Authe...

Страница 57: ...rts to use State Use the drop down menu to enable or disable the SNMP link change Trap Click the Apply button to accept the changes made SNMP View Table Settings Users can assign views to community st...

Страница 58: ...hat an SNMP manager can access Click the Apply button to accept the changes made Click the Delete button to remove the specific entry SNMP Community Table Settings Users can create an SNMP community s...

Страница 59: ...nager is allowed to access on the Switch The view name must exist in the SNMP View Table Access Right Read Only Specify that SNMP community members using the community string created can only read the...

Страница 60: ...y to SNMPv3 NoAuthNoPriv Specify that there will be no authorization and no encryption of packets sent between the Switch and a remote SNMP manager AuthNoPriv Specify that authorization will be requir...

Страница 61: ...own menu to enable encryption for SNMP V3 This is only operable in SNMP V3 mode The choices are None Password or Key Auth Protocol MD5 Specify that the HMAC MD5 96 authentication level will be used Th...

Страница 62: ...be used SNMPv2 Specify that SNMP version 2 will be used SNMPv3 Specify that SNMP version 3 will be used Security Level NoAuthNoPriv To specify that the SNMP version 3 will be used with a NoAuth NoPriv...

Страница 63: ...riv To specify that the SNMP version 3 will be used with an Auth NoPriv security level AuthPriv To specify that the SNMP version 3 will be used with an Auth Priv security level Community String SNMPv3...

Страница 64: ...abled Port 1 65535 The TCP port number used for Telnet management of the Switch The well known TCP port for the Telnet protocol is 23 Click the Apply button to accept the changes made Web Settings Use...

Страница 65: ...e lowest priority data and 7 assigned to the highest The highest priority tag 7 is generally only used for data associated with video or audio applications which are sensitive to even slight delays or...

Страница 66: ...n all ports to a single 802 1Q VLAN named default The default VLAN has a VID 1 The member ports of Port based VLANs may overlap if desired IEEE 802 1Q VLANs Some relevant terms Tagging The act of putt...

Страница 67: ...AN Tags The figure below shows the 802 1Q VLAN tag There are four additional octets inserted after the source MAC address Their presence is indicated by a value of 0x8100 in the EtherType field When a...

Страница 68: ...erent PVIDs mean different VLANs remember that two VLANs cannot communicate without an external router So VLAN identification based upon the PVIDs cannot create VLANs that extend outside a given switc...

Страница 69: ...ort will first determine if the ingress port itself is a member of the tagged VLAN If it is not the packet will be dropped If the ingress port is a member of the 802 1Q VLAN the Switch then determines...

Страница 70: ...Segmentation Take for example a packet that is transmitted by a machine on Port 1 that is a member of VLAN 2 If the destination lies on another port found through a normal forwarding table lookup the...

Страница 71: ...ent Enable this function to allow the Switch sending out GVRP packets to outside sources notifying that they may join the existing VLAN Unit Select the unit to configure Port Display all ports of the...

Страница 72: ...tch entry click the VLAN Batch Settings tab as shown below Figure 4 7 802 1Q VLAN Settings VLAN Batch Settings Tab window The fields that can be configured are described below Parameter Description VI...

Страница 73: ...wer half of the table displays any previously created groups To view the following window click L2 Features VLAN 802 1v protocol VLAN 802 1v Protocol Group Settings as shown below Figure 4 8 802 1v Pr...

Страница 74: ...Figure 4 9 802 1v Protocol VLAN Settings window The fields that can be configured are described below Parameter Description Group ID Select a previously configured Group ID from the drop down menu Gro...

Страница 75: ...Click the Delete button to remove the specific entry Asymmetric VLAN Settings Shared VLAN Learning is a primary example of the requirement for Asymmetric VLANs Under normal circumstances a pair of dev...

Страница 76: ...e Leave All Time value in milliseconds NNI BPDU Address Use the drop down menu to determine the BPDU protocol address for GVRP in service provide site It can use an 802 1d GVRP address 802 1ad service...

Страница 77: ...ice will use the PVID to make VLAN forwarding decisions If the port receives a packet and Ingress filtering is Enabled the port will compare the VID of the incoming packet to its PVID If the two are u...

Страница 78: ...reate a MAC based VLAN entry VID 1 4094 Select this option and enter the VLAN ID VLAN Name Select this option and enter the VLAN name of a previously configured VLAN Click the Find button to locate a...

Страница 79: ...al server through VLAN 20 However with the subnet VLAN configuration in the example IP 172 18 0 1 is assigned to VLAN 10 and 172 18 0 2 is assigned to VLAN 20 Customer A can only access Internet and c...

Страница 80: ...n and click Add to create a new entry To search for a particular entry enter the appropriate information and click Find To remove an entry click Delete To view all entries on the Switch click Show All...

Страница 81: ...VLAN Precedence Use the drop down menu to select the VLAN precedence choose either MAC based VLAN or Subnet VLAN MAC based VLAN Specifies that the MAC based VLAN classification is given precedence ove...

Страница 82: ...at the packet level Byte Specify to count at the byte level Enter the appropriate information and click Add to create a new entry To search for a particular entry enter the appropriate information and...

Страница 83: ...5535 minutes The default value is 720 minutes The aging time is used to remove a port from voice VLAN if the port is an automatic VLAN member When the last voice device stops sending traffic and the M...

Страница 84: ...e Select the state of the port Mode Select the mode of the port Click the Apply button to accept the changes made Voice VLAN OUI Settings This page is used to configure the user defined voice traffic...

Страница 85: ...tton to remove all the entries listed Click the Edit button to re configure the specific entry Click the Delete button to remove the specific entry Voice VLAN Device This page is used to show voice de...

Страница 86: ...atically allow frames with VLAN group tags 1 and 2 VLAN groups that are unknown to those switches to pass through their VLAN trunking port s Refer to the following figure for an illustrated example Fi...

Страница 87: ...e Go button to navigate to a specific page when multiple pages exist NOTE The abbreviations used on this page are Tagged Port T Untagged Port U and Forbidden Port F Show VLAN Ports Users can display t...

Страница 88: ...d Therefore customers in the same service provider network may have VLAN ranges that overlap which might cause traffic to become mixed up So assigning a unique range of VLAN IDs to each customer might...

Страница 89: ...ts and inserts the outer tag into the packet based on the VLAN ID and Inner Priority Use Inner Priority This is the priority given to the inner tag that is copied to the outer tag if this setting is e...

Страница 90: ...When the device is operating with the Q in Q enabled DA will be replaced by the tunnel multicast address and the BPDU will be tagged with the tunnel VLAN based on the QinQ VLAN configuration and the...

Страница 91: ...ughout interconnected bridges utilizing any of the three spanning tree protocols STP RSTP or MSTP This protocol will also tag BDPU packets so receiving devices can distinguish spanning tree instances...

Страница 92: ...ding the port state transition All three protocols calculate a stable topology in the same way Every segment will have a single path to the root bridge All bridges listen for BPDU packets However BPDU...

Страница 93: ...U Loop Back on Port Setting the Loop back Timer The Loop back timer plays a key role in the next step for the Switch to take to resolve this problem Choosing a non zero value on the timer will enable...

Страница 94: ...ridge Max Age 6 40 The Max Age may be set to ensure that old information does not endlessly circulate through redundant paths in the network preventing the effective propagation of the new information...

Страница 95: ...ies GVRP s BPDU MAC address of NNI port using the definition of 802 1d dot1ad Specifies GVRP s BPDU MAC address of NNI port using the definition of 802 1ad Click the Apply button to accept the changes...

Страница 96: ...ge Notification is a simple BPDU that a bridge sends out to its root port to signal a topology change Restricted TCN can be toggled between True and False If set to True this stops the port from propa...

Страница 97: ...esired method for altering the MSTI settings The user has two choices Add VID Select this parameter to add VIDs to the MSTI ID in conjunction with the VID List parameter Remove VID Select this paramet...

Страница 98: ...port configuration for an MSTI ID If a loop occurs the MSTP function will use the port priority to select an interface to put into the forwarding state Set a higher priority value for interfaces to b...

Страница 99: ...n interface is selected within an STP instance Selecting this parameter with a value in the range of 1 to 200000000 will set the quickest route when a loop occurs A lower Internal cost represents a qu...

Страница 100: ...in the same order they were sent Link aggregation allows several ports to be grouped together and to act as a single link This gives a bandwidth that is a multiple of a single link s bandwidth Link ag...

Страница 101: ...ad shared among the other linked ports of the link aggregation group Port Trunking Settings On this page the user can configure the port trunk settings for the Switch To view the following window clic...

Страница 102: ...ing LACP control frames To view the following window click L2 Features Link Aggregation LACP Port Settings as shown below Figure 4 35 LACP Port Settings window The fields that can be configured are de...

Страница 103: ...an be configured are described below Parameter Description VLAN Name Click the radio button and enter the VLAN name of the VLAN on which the associated unicast MAC address resides VLAN List Click the...

Страница 104: ...ast group dynamically using GMRP The options are None No restrictions on the port dynamically joining the multicast group When None is chosen the port will not be a member of the Static Multicast Grou...

Страница 105: ...ry Size The maximum number of entries listed in the history log used for notification Up to 500 entries can be specified Unit Select the unit to configure From Port To Port Select the starting and end...

Страница 106: ...onds Click the Apply button to accept the changes made MAC Address Table This allows the Switch s MAC address forwarding table to be viewed When the Switch learns an association between a MAC address...

Страница 107: ...scribed below Parameter Description Unit Select the unit to configure Port Select the port number to use for this configuration MAC Address Enter the MAC address to use for this configuration IP Addre...

Страница 108: ...there are no longer hosts requesting that they continue To view the following window click L2 Features L2 Multicast Control IGMP Snooping IGMP Snooping Settings as shown below Figure 4 42 IGMP Snoopi...

Страница 109: ...kes a router to detect the loss of the last member of a group Data Drive Group Expiry Time 1 65535 Specify the data driven group lifetime in seconds Querier State Specify to enable or disable the quer...

Страница 110: ...s as being not connected to multicast enabled routers This ensures that the forbidden router port will not become a router port to forward the packet to the destined router Dynamic Router Port Display...

Страница 111: ...e information entered Click the Edit button to re configure the specific entry Enter a page number and click the Go button to navigate to a specific page when multiple pages exist IGMP Snooping Static...

Страница 112: ...guration Click the Clear All button to unselect all the ports for configuration Click the Apply button to accept the changes made Click the Back button to discard the changes made and return to the pr...

Страница 113: ...ID list of the multicast group Port List Specify the port number s used to find a multicast group Group IPv4 Address Enter the IPv4 address Data Driven If Data Drive is selected only data driven group...

Страница 114: ...Switch s IGMP Snooping counter table To view the following window click L2 Features L2 Multicast Control IGMP Snooping IGMP Snooping Counter as shown below Figure 4 51 IGMP Snooping Counter window The...

Страница 115: ...new information will appear Click the Back button to return to the previous page CPU Filter L3 Control Packet Settings The CPU Filter L3 Control Packet Settings is used to discard the Layer 3 control...

Страница 116: ...ion and click Apply MLD Snooping Multicast Listener Discovery MLD Snooping is an IPv6 function used similarly to IGMP snooping in IPv4 It is used to discover ports on a VLAN that are requesting multic...

Страница 117: ...message is received by the Switch it will no longer forward multicast traffic from a specific multicast group address to this listening port 4 Multicast Listener Report Version 2 Comparable to the Hos...

Страница 118: ...ng Router Port Settings for a specific entry After clicking the Edit button the following page will appear Figure 4 55 MLD Snooping Parameters Settings window The fields that can be configured or view...

Страница 119: ...een group specific query messages including Interval 1 25 The maximum amount of time betw those sent in response to done group messages You might lower this interval to reduce the amount of time it t...

Страница 120: ...ures that the forbidden router port will not become a router port to forward the packet to the destined router Dynamic Router Port Displays router ports that have been dynamically configured Ports Sel...

Страница 121: ...anges made for each individual section Click the Find button to locate a specific entry based on the information entered Click the Edit button to re configure the specific entry MLD Snooping Static Gr...

Страница 122: ...Back button to discard the changes made and return to the previous page MLD Router Port Users can display which of the Switch s ports are currently configured as router ports in IPv6 A router port co...

Страница 123: ...iven option to enable the data driven feature for this MLD snooping group Data Driven If Data Driven is selected only data driven groups will be displayed Click the Find button to locate a specific en...

Страница 124: ...the statistics counter for MLD protocol packets that are received by the Switch since MLD Snooping is enabled To view the following window click L2 Features L2 Multicast Control MLD Snooping MLD Snoo...

Страница 125: ...ic is entering the Switch and then set the ports where the incoming multicast traffic is to be sent The source port cannot be a recipient port and if configured to do so will cause error messages to b...

Страница 126: ...s shown below Figure 4 65 IGMP Multicast Group Profile Settings window The fields that can be configured are described below Parameter Description Profile Name Enter a name for the IP Multicast Profil...

Страница 127: ...LAN state IGMP Multicast VLAN Forward Unmatched Click the radio buttons to enable or disable the IGMP Multicast VLAN Forwarding state VLAN Name Enter the VLAN Name used VID Enter the VID used Remap Pr...

Страница 128: ...igured Untagged Member Ports Specify the untagged member port of the multicast VLAN Click the Select All button to select all the ports or click the Clear All button to unselect all the ports Tagged M...

Страница 129: ...cast VLAN Entries link to view the IGMP Snooping Multicast VLAN Settings MLD Multicast Group Profile Settings Users can add delete or configure the MLD multicast group profile on this page To view the...

Страница 130: ...de and return to the previous page Click the Delete button to remove the specific entry MLD Snooping Multicast VLAN Settings Users can add delete or configure the MLD snooping multicast VLAN on this p...

Страница 131: ...link to configure the MLD Snooping Multicast VLAN Settings for the specific entry After clicking the Edit button the following page will appear Figure 4 73 MLD Snooping Multicast VLAN Settings Edit w...

Страница 132: ...s for configuration lick the Back button to discard the changes made and return to the previous page After clicking the Profile List Click the Apply button to accept the changes made C link the follow...

Страница 133: ...l button to remove all the entries liste Click the Group List link to configure the multicast address group list settings for the specific entry lick the Edit button to re configure the specific entry...

Страница 134: ...used for the configuration Access Assign access permissions to the ports selected Options listed are Permit and Deny Profile ID Profile Name Use the drop down menu to select the profile ID or profile...

Страница 135: ...e action Click the Apply button to accept the changes made Click the Find button to locate a specific entry based on the information entered Enter a page number and click the Go button to navigate to...

Страница 136: ...he Ethernet layer One link within a ring will be blocked to avoid a Loop RPL Ring Protection Link When the failure happens protection switching blocks the failed link and unblocks the RPL When the fai...

Страница 137: ...S is enabled To view the following window click L2 Features ERPS Settings as shown below Figure 4 81 ERPS Settings window The fields that can be configured are described below Parameter Description ER...

Страница 138: ...t Select None to have no RPL port RPL Owner Tick the check box and use the drop down menu to enable or disable the device as an RPL owner node Protected VLAN s e g 4 6 Tick the check box select the Ad...

Страница 139: ...his ring TC Propagation State Tick the check box and use the drop down menu to enable or disable the propagation state of topology change for the sub ring When Enabled the switch will flush the FDB wh...

Страница 140: ...ent expires the advertised data is then deleted from the neighbor Switch s MIB LLDP ReInit Delay 1 10 The LLDP re initialization delay interval is the minimum time that an LLDP port will wait before r...

Страница 141: ...on is disabled Admin Status This function controls the local LLDP agent and allows it to send and receive LLDP frames on the ports This option contains TX RX TX and RX or Disabled TX the local LLDP ag...

Страница 142: ...nd button to locate a specific entry based on the information entered LLDP Basic TLVs Settings TLV stands for Type length value which allows the specific sending information as a TLV element within LL...

Страница 143: ...ble or disable the System Name option System Description Use the drop down menu to enable or disable the System Description option System Capabilities Use the drop down menu to enable or disable the S...

Страница 144: ...enabling this option the user can select to use VLAN Name VID List or All in the next drop down menu After selecting this the user can enter either the VLAN Name or VID List value in the space provid...

Страница 145: ...es that the LLDP agent should transmit the MAC PHY configuration status TLV This indicates it is possible for two ends of an IEEE 802 3 link to be configured with different duplex and or speed setting...

Страница 146: ...ghbor detection activity LLDP Statistics and the settings for individual ports on the Switch Select a Port number from the drop down menu and click the Find button to view statistics for a certain por...

Страница 147: ...information page per port click the Show Normal button To view the brief LLDP Local Port information page per port click the Show Brief button Figure 4 92 LLDP Local Port Information Show Normal wind...

Страница 148: ...ch receives packets from a remote station but is able to store the information as local To view the following window click L2 Features LLDP LLDP Remote Port Information as shown below Figure 4 94 LLDP...

Страница 149: ...nable or disable IPv6 local route The function is disabled by default Click the Apply button to accept the changes made for each individual section NOTE IPv4 and IPv6 static routes are mutually exclus...

Страница 150: ...subnet mask to be applied to the corresponding subnet mask of the IP address Gateway This field allows the entry of a Gateway IP Address to be applied to the corresponding gateway of the IP address M...

Страница 151: ...Length of the IPv6 Static or Default Route entry Interface Name The IP Interface where the static IPv6 route is created Nexthop Address The corresponding IPv6 address for the next hop Gateway address...

Страница 152: ...window is use to configure the policy route in To view the following window click L3 Features Policy Ro Figure 5 6 Policy Route Settings window he fields that can be configured are described below T...

Страница 153: ...e user can view all the direct w click L3 Features IP Forwarding Table as shown below lement the changes made Click the Back button to go back to the previous windo IP Forwarding Table The IP forwardi...

Страница 154: ...1p standard that allows network administrators a method of reserving bandwidth for important functions that require a large bandwidth or have a high priority such as VoIP voice over Internet Protocol...

Страница 155: ...he eight priority tags specified in IEEE 802 1p p0 to p7 are mapped to the Switch s priority queues as follows Priority 0 is assigned to the Switch s Q2 queue Priority 1 is assigned to the Switch s Q0...

Страница 156: ...ctive priority indicates the actual priority assigned by RADIUS If the RADIUS assigned value exceeds the specified limit the value will be set at the default priority For example if the RADIUS assigns...

Страница 157: ...ed are described below Parameter Description Unit Select the unit to configure From Port To Port Select the starting and ending ports to use Priority Use the drop down menu to select a value from 0 to...

Страница 158: ...802 1p Settings 802 1p Map Settings as shown below The fields that can be configured are described below Parameter Description Unit Select the unit to configure From Port To Port A consecutive group...

Страница 159: ...dth Control Bandwidth Control Settings as shown below Figure 6 4 Bandwidth Control Settings window The fields that can be configured or viewed are described below Parameter Description Unit Select the...

Страница 160: ...ecific port The final RX bandwidth will be the largest one among these multiple RX bandwidths Effective TX If a RADIUS server has assigned the TX bandwidth then it will be the effective TX bandwidth T...

Страница 161: ...torm has been detected the Switch will drop overload packets coming into the Switch until the storm has subsided This method can be utilized by selecting the Drop option of the Action parameter in the...

Страница 162: ...ing Tree operational on the Switch If the Count Down timer has expired and yet the Packet Storm continues the port will be placed in Shutdown Forever mode and is no longer operational until the port r...

Страница 163: ...fic Storm is one of the following None Will send no Storm trap warning messages regardless of action taken by the Traffic Control mechanism Storm Occurred Will send Storm Trap warning messages upon th...

Страница 164: ...g the DSCP Map settings instead of the default port priority To view the following window click QoS DSCP DSCP Trust Settings as shown below Figure 6 7 DSCP Trust Settings window The fields that can be...

Страница 165: ...igure 6 8 DSCP Map Settings window The fields that can be configured are described below Parameter Description Unit Select the unit to configure From Port To Port Use the drop down menu to select a ra...

Страница 166: ...select one of two options DSCP Priority Specify a list of DSCP values to be mapped to a specific priority DSCP DSCP Specify a list of DSCP value to be mapped to a specific DSCP DSCP Color Specify a li...

Страница 167: ...fy a list of DSCP values to be mapped to a specific color DSCP List 0 63 Enter a DSCP List value Color Use the drop down menu to specify the result color of the mapping Click the Apply button to accep...

Страница 168: ...L Blocking Prevention State Click the radio buttons to enable of disable the HOL blocking prevention global settings Click the Apply button to accept the changes made Scheduling Settings QoS Schedulin...

Страница 169: ...bution in priority classes of service Click the Apply button to accept the changes made QoS Scheduling Mechanism Changing the output scheduling used for the hardware queues in the Switch can customize...

Страница 170: ...e Scheduling Mechanism Strict The highest class of service is the first to process traffic That is the highest class of service will finish before other queues empty Weighted Round Robin Use the weigh...

Страница 171: ...l If this queue depth is less than the threshold there is minimal or no congestion and the packet is enquired If congestion is detected the packet is dropped or queued based on the DSCP Simple RED pro...

Страница 172: ...eue depth is above the low threshold and drop yellow colored packets if the queue depth is above the high threshold Select Enable to drop yellow and red colored packets if the queue depth is above the...

Страница 173: ...de SRED Drop Counter This window is used to display sRED drop counter To view this window click QoS SRED SRED Drop Counter as shown below Figure 6 15 SRED Drop Counter window The fields that can be co...

Страница 174: ...t can be configured are described below Parameter Description Type Select one of two general ACL Rule types Normal Selecting this option will create a Normal ACL Rule CPU Selecting this option will cr...

Страница 175: ...e Apply button to accept the changes made NOTE The Switch will use one minimum mask to cover all the terms that user input however some extra bits may also be masked at the same time To optimize the A...

Страница 176: ...remove the specific entry Enter a page number and click the Go button to navigate to a specific page when multiple pages exist There are four Add Access Profile windows one for Ethernet or MAC addres...

Страница 177: ...et ACL to instruct the Switch to examine the layer 2 part of each packet header Select IPv4 ACL to instruct the Switch to examine the IPv4 address in each frame s header Select IPv6 ACL to instruct th...

Страница 178: ...will appear Figure 7 4 Access Profile Detail Information window Ethernet ACL Click the Show All Profiles button to navigate back to the Access Profile List window After clicking the Add View Rules bu...

Страница 179: ...Mirroring must be enabled and a target port must be set Priority 0 7 Tick the corresponding check box if you want to re write the 802 1p default priority of a packet to the value entered in the Prior...

Страница 180: ...n the Access ID field of this window If not the user will be presented with an error message and the access rule will not be configured VLAN Name Specify the VLAN name to apply to the access rule VLAN...

Страница 181: ...t header Select IPv4 ACL to instruct the Switch to examine the IPv4 address in each frame s header Select IPv6 ACL to instruct the Switch to examine the IPv6 address in each frame s header Select Pack...

Страница 182: ...you wish to filter TCP Flag Bits The user may also identify which flag bits to filter Flag bits are parts of a packet that determine what to do with the packet The user may filter packets by filterin...

Страница 183: ...Details button to view more information about the specific rule created Click the Delete Rules button to remove the specific entry Enter a page number and click the Go button to navigate to a specifi...

Страница 184: ...cent field When an ACL rule is added to change both the priority and DSCP of an IPv4 packet only one of them can be modified due to a chip limitation Currently the priority is changed when both the pr...

Страница 185: ...ibed below Parameter Description Profile ID Enter a unique identifier number for this profile set This value can be set from 1 to 14 Select ACL Type Select profile based on Ethernet MAC Address IPv4 a...

Страница 186: ...ticking the corresponding check box and entering the IPv6 address mask IPv6 Destination Mask The user may specify an IPv6 address mask for the destination IPv6 address by ticking the corresponding ch...

Страница 187: ...Mirroring must be enabled and a target port must be set Priority 0 7 Tick the corresponding check box to re write the 802 1p default priority of a packet to the value entered in the Priority field whi...

Страница 188: ...not the user will be presented with an error message and the access rule will not be configured Ticking the All Ports check box will denote all ports on the Switch VLAN Name Specify the VLAN name to...

Страница 189: ...Switch to examine the layer 2 part of each packet header Select IPv4 ACL to instruct the Switch to examine the IPv4 address in each frame s header Select IPv6 ACL to instruct the Switch to examine th...

Страница 190: ...of a packet in different protocol layers Click the Select button to select an ACL type Click the Create button to create a profile Click the Back button to discard the changes made and return to the p...

Страница 191: ...fier number for this access This value can be set from 1 to 128 Tick the Auto Assign check box to instruct the Switch to automatically assign an Access ID for the rule being created Chunk Tick the che...

Страница 192: ...the new value If used without an action priority the packet is sent to the default TC Time Range Name Tick the check box and enter the name of the Time Range settings that has been previously configu...

Страница 193: ...To view CPU Access Profile List window click ACL CPU Access Profile List as shown below Creating an access profile for the CPU is divided into two basic parts The first is to specify which part or par...

Страница 194: ...it red This will add more filed to the mask After clicking the Add CPU ACL Profile button the following page will appear Figure 7 24 Add CPU ACL Profile Ethernet ACL The fields that can be configured...

Страница 195: ...amine the Ethernet type value in each frame s header Click the Select button to select an CPU ACL type Click the Create button to create a profile Click the Back button to discard the changes made and...

Страница 196: ...tch the access profile are forwarded by the Switch according to any additional rule added see below Select Deny to specify that the packets that match the access profile are not forwarded by the Switc...

Страница 197: ...s the Add CPU ACL Profile window for IP IPv4 To use specific filtering masks in this ACL profile click the packet filtering mask field to highlight it red This will add more filed to the mask After cl...

Страница 198: ...value or specify Code to further specify that the access profile will apply an ICMP code value Select IGMP to instruct the Switch to examine the Internet Group Management Protocol IGMP field in each...

Страница 199: ...nd return to the previous page After clicking the Show Details button the following page will appear Figure 7 30 CPU Access Profile Detail Information IPv4 ACL Click the Show All Profiles button to na...

Страница 200: ...that the packets that match the access profile are not forwarded by the Switch and will be filtered Time Range Name Tick the check box and enter the name of the Time Range settings that has been prev...

Страница 201: ...appear Figure 7 34 Add CPU ACL Profile IPv6 ACL The fields that can be configured are described below Parameter Description Profile ID 1 5 Enter a unique identifier number for this profile set This va...

Страница 202: ...IPv6 address mask for the destination IPv6 address by checking the corresponding box and entering the IPv6 address mask Click the Select button to select an CPU ACL type Click the Create button to cr...

Страница 203: ...w Label Configuring this field in hex form will instruct the Switch to examine the flow label field of the IPv6 header This flow label field is used by a source to label sequences of packets such as n...

Страница 204: ...PU Access Rule List Adding a CPU Packet Content ACL Profile The window shown below is the Add CPU ACL Profile window for Packet Content To use specific filtering masks in this ACL profile click the pa...

Страница 205: ...et to the 15th byte 16 31 Enter a value in hex form to mask the packet from byte 16 to byte 31 32 47 Enter a value in hex form to mask the packet from byte 32 to byte 47 48 63 Enter a value in hex for...

Страница 206: ...cket header beginning with the offset value specified Offset 0 15 Enter a value in hex form to mask the packet from the beginning of the packet to the 15th byte Offset 16 31 Enter a value in hex form...

Страница 207: ...inder window The fields that can be configured are described below Parameter Description Profile ID Use the drop down menu to select the Profile ID for the ACL rule finder to identify the rule Unit Se...

Страница 208: ...and the red color packet will be treated as the violating action Users may also choose to count conformed exceeded and violated packets by selecting Enabled from the Counter drop down menu If the coun...

Страница 209: ...single rate two color mode The action can be specified as one of the following Drop Packet Drop the overload packets immediately Remark DSCP Mark the packet with a specified DSCP trTCM Specify the two...

Страница 210: ...s by checking its radio button and entering a new DSCP value in the allotted field Counter Use this parameter to enable or disable the packet counter for the specified ACL entry in the yellow flow Vio...

Страница 211: ...henticating users to gain access to various wired or wireless devices on a specified Local Area Network by using a Client and Server based access control model This is accomplished by using a RADIUS s...

Страница 212: ...o purposes when utilizing the 802 1X function The first purpose is to request certification information from the Client through EAPOL packets which is the only information allowed to pass through the...

Страница 213: ...remote RADIUS server before being allowed access to the Network Understanding 802 1X Port based and Host based Network Access Control The original intent behind the development of 802 1X was to levera...

Страница 214: ...d Configuration 802 1X Global Settings Users can configure the 802 1X global parameter To view this window click Security 802 1X 802 1X Global Settings as shown below Figure 8 9 802 1X Global Settings...

Страница 215: ...setting is 60 seconds SuppTimeout 1 65535 This value determines timeout conditions in the exchanges between the Authenticator and the client The default setting is 30 seconds ServerTimeout 1 65535 Thi...

Страница 216: ...Capability This allows the 802 1X Authenticator settings to be applied on a per port basis Select Authenticator to apply the settings to the port When the setting is activated a user must pass the aut...

Страница 217: ...s to the network without full authorization or local authentication on the Switch To supplement these circumstances this switch now implements 802 1X Guest VLANs These VLANs should have limited access...

Страница 218: ...ty 802 1X Guest VLAN Settings as shown below Figure 8 13 Guest VLAN Settings window The fields that can be configured are described below Parameter Description VLAN Name Enter the pre configured VLAN...

Страница 219: ...button to refresh the display table so that new entries will appear NOTE The Authenticator State cannot be viewed on the Switch unless 802 1X is enabled To enable 802 1X go to Security 802 1X 802 1X...

Страница 220: ...nges made NOTE The Authenticator State cannot be viewed on the Switch unless 802 1X is enabled To enable 802 1X go to Security 802 1X 802 1X Global Settings and select Enabled from the Authentication...

Страница 221: ...changes made NOTE The Authenticator State cannot be viewed on the Switch unless 802 1X is enabled To enable 802 1X go to Security 802 1X 802 1X Global Settings and select Enabled from the Authenticati...

Страница 222: ...t to be displayed Click the Apply button to accept the changes made NOTE The Authenticator Diagnostics cannot be viewed on the Switch unless 802 1X is enabled To enable 802 1X go to Security 802 1X 80...

Страница 223: ...d from the Authentication State drop down menu Reauthenticate Port s This window displays reauthentication of a port or group of ports To view this window click Security 802 1X Reauthenticate Port s a...

Страница 224: ...IPv4 Address Click the radio button to enter the RADIUS server IP address IPv6 Address Click the radio button to enter the RADIUS server IPv6 address Authentication Port 1 65535 Set the RADIUS authent...

Страница 225: ...WAC and JWAC port access control events occur on the Switch Shell When enabled the Switch will send informational packets to a remote RADIUS server when a user either logs in logs out or times out on...

Страница 226: ...ADIUS Authentication server that the client shares a secret with AuthServerAddress The conceptual table listing the RADIUS authentication servers with which the client shares a secret ServerPortNumber...

Страница 227: ...a response This variable is incremented when an Access Request is sent and decremented due to receipt of an Access Accept Access Reject or Access Challenge a timeout or retransmission Timeouts The num...

Страница 228: ...ier of the RADIUS accounting client ServerAddr The conceptual table listing the RADIUS accounting servers with which the client shares a secret ServerPortNumber The UDP port the client is using to sen...

Страница 229: ...ort Binding IMPB The IP network layer uses a four byte address The Ethernet link layer uses a six byte MAC address Binding these two address types together allows the transmission of data between the...

Страница 230: ...ing IPv6 Click the radio buttons to enable or disable DHCP snooping for IPv6 ND Snooping Click the radio buttons to enable or disable ND snooping Recover Learning Ports Enter the port numbers used to...

Страница 231: ...ific source MAC address is blocked by the software The port will check ARP packets by IP MAC port binding entries When the packet is found by the entry the MAC address will be set to dynamic state If...

Страница 232: ...the existing entries Click the Delete All button to remove all the entries listed MAC Block List This window is used to view unauthorized devices that have been blocked by IP MAC binding restrictions...

Страница 233: ...ange of ports to use Maximum Entry 1 50 Enter the maximum entry value Tick the No Limit check box to have unlimited entries Maximum IPv6 Entry 1 50 Enter the maximum IPv6 entry value Tick the No Limit...

Страница 234: ...etwork security by building and maintaining a ND snooping binding white list and by filtering untrusted hosts ND Snooping process is designed for stateless auto configuration assigned IPv6 address and...

Страница 235: ...drop down menus to select a range of ports to use Maximum Entry 1 10 Enter the maximum entry value Tick the No Limit check box to have unlimited entries Click the Apply button to accept the changes m...

Страница 236: ...authentication result users achieve different levels of authorization Notes about MAC based Access Control There are certain limitations and regulations regarding MAC based access control 1 Once this...

Страница 237: ...access control This MAC address list can be configured in the MAC based access control Local Database Settings window RADIUS Use this method to utilize a remote RADIUS server as the authenticator for...

Страница 238: ...addresses along with their corresponding target VLAN which will be authenticated for the Switch Once a queried MAC address is matched in this window it will be placed in the VLAN associated with it h...

Страница 239: ...ple pages exist MAC based Access Control Authentication State Users can display MAC based access control Authentication State information To view this window click Security MAC based Access Control MA...

Страница 240: ...IF IP interface address of the Switch to make the communication possible The host PC and other servers IP configurations do not depend on the virtual IP of WAC The virtual IP does not respond to any I...

Страница 241: ...t Ethernet Managed Switch Web UI Reference Guide Conditions and Limitations 1 If the client is utilizing DHCP to attain an IP address the authentication VLAN must provide a DHCP server or a DHCP relay...

Страница 242: ...tual IPv6 Enter a virtual IPv6 address This address is only used by WAC and is not known by any other modules of the Switch Redirection Path Enter the URL of the website that authenticated users place...

Страница 243: ...ttings as shown below Figure 8 38 WAC User Settings window The fields that can be configured are described below Parameter Description User Name Enter the user name of up to 15 alphanumeric characters...

Страница 244: ...to be enabled as WAC ports To Port Use this drop down menu to select the ending port of a range of ports to be enabled as WAC ports Aging Time 1 1440 This parameter specifies the time period during wh...

Страница 245: ...port Authenticating Tick this check box to clear all authenticating users for a port Blocked Tick this check box to clear all blocked users for a port Click the Find button to locate a specific entry...

Страница 246: ...specifies the TCP port that the JWAC Switch listens to and uses to finish the authentication process Forcible Logout This parameter enables or disables JWAC Forcible Logout When Forcible Logout is Ena...

Страница 247: ...bles the JWAC Quarantine Server Monitor When Enabled the JWAC Switch will monitor the Quarantine Server to ensure the server is okay If the Switch detects no Quarantine Server it will redirect all una...

Страница 248: ...p in authenticated state after it successes to authenticate Enter a value between 1 and 1440 minutes The default setting is 1440 minutes To maintain a constant Port Configuration tick the Infinite che...

Страница 249: ...word entered in the previous field VID 1 4094 Enter a VLAN ID up to 4094 Click the Add button to create a new entry Click the Delete All button to remove all the entries listed Click the Edit button t...

Страница 250: ...based on the port list entered Click the View All Hosts button to display all the existing entries Click the Clear All Hosts button to remove all the entries listed JWAC Customize Page Language This w...

Страница 251: ...glish Japanese Click the link to toggle between English and Japanese User Name Enter the user name title of the authenticate page Password Enter the password title of the authenticate page Logout From...

Страница 252: ...to authenticate the client using one of these methods and if the client passes they will be granted access to the network Any MAC 802 1X or JWAC Mode In the diagram above the Switch port has been conf...

Страница 253: ...authentication methods access will be denied MAC IMPB Mode This mode adds an extra layer of security by checking the IP MAC Binding Port Binding IMPB table before trying one of the supported authentic...

Страница 254: ...d as un authenticated otherwise it authenticated Permit The client is always regarded as authenticated If guest VLAN is enabled clients will stay on the guest VLAN otherwise they will stay on the orig...

Страница 255: ...re authenticated individually VID List e g 1 6 9 Enter a list of VLAN ID State Use the drop down menu to assign or remove the specified VID list as authentication VLAN s Click the Apply button to acce...

Страница 256: ...uthorized computers with source MAC addresses unknown to the Switch prior to locking the port or ports from connecting to the Switch s locked ports and gaining access to the network To view this windo...

Страница 257: ...has been reset or rebooted Max Learning Address Specify the maximum value of port security entries that can be learned on this port Click the Apply button to accept the changes made for each individua...

Страница 258: ...tch Port List Enter the port number or list here to be used for the port security entry search When All is selected all the ports configured will be displayed MAC Address The MAC address of the entry...

Страница 259: ...for the ports on the Switch In generally there are two states in BPDU protection function One is normal state and another is under attack state The under attack state have three modes drop block and s...

Страница 260: ...ck Detected Attack Cleared or Both Recover Time Specify the BPDU protection Auto Recovery timer The default value of the recovery timer is 60 Unit Select the unit to configure From Port To Port Select...

Страница 261: ...down menu To view this window click Security Loopback Detection Settings as shown below Figure 8 55 Loopback Detection Settings window The fields that can be configured are described below Parameter...

Страница 262: ...fic is similar to using VLANs to limit traffic but is more restrictive It provides a method of directing traffic that does not increase the overhead of the master switch CPU To view this window click...

Страница 263: ...international standards described in RFC 1001 and RFC 1002 NetBIOS over TCP IP NBT If the network administrator wants to block the network communication on more than two computers which use NETBUEI p...

Страница 264: ...create one access profile and one access rule entry the first time the DHCP client MAC address is used as the client MAC address The Source IP address is the same as the DHCP server s IP address UDP p...

Страница 265: ...ured are described below Parameter Description Server IP Address The IP address of the DHCP server to be permitted Client s MAC Address The MAC address of the DHCP client Ports The port numbers of the...

Страница 266: ...to authenticate users trying to access the Switch The users will set Authentication Server Hosts in a preferable order in the built in Authentication Server Groups and when a user tries to gain access...

Страница 267: ...ying to access the Switch When enabled the device will check the Login Method List and choose a technique for user authentication upon login To view this window click Security Access Authentication Co...

Страница 268: ...configured method list The user may use the default Method List or other Method List configured by the user See the Login Method Lists window in this section for more information Enable Method List U...

Страница 269: ...en click the Add button To modify a particular group click the Edit button or the Edit Server Group tab which will then display the following Edit Server Group tab Figure 8 64 Authentication Server Gr...

Страница 270: ...this window click Security Access Authentication Control Authentication Server Settings as shown below Figure 8 65 Authentication Server Settings window The fields that can be configured are described...

Страница 271: ...tch Successful login using any of these techniques will give the user a User privilege only If the user wishes to upgrade his or her status to the administrator level the user must use the Enable Admi...

Страница 272: ...List cannot be deleted but can be configured The sequence of methods implemented in this command will affect the authentication result For example if a user enters a sequence of methods like TACACS X...

Страница 273: ...ocol from a remote XTACACS server Click the Apply button to accept the changes made Click the Edit button to re configure the specific entry Click the Delete button to remove the specific entry Local...

Страница 274: ...embled in four choices on the Switch to create a three layered encryption code for secure communication between the server and the host The user may implement any one or combination of the cipher suit...

Страница 275: ...te function on the Switch configure the parameters in the SSL Cipher suite Settings section described below Parameter Description RSA with RC4_128_MD5 This cipher suite combines the RSA key exchange s...

Страница 276: ...ovide secure encrypted and authenticated communication between two non trusted hosts SSH with its array of unmatched security features is an essential tool in today s networking environment It is a po...

Страница 277: ...d the Switch will be disconnected and the user must reconnect to the Switch to attempt another login The number of maximum attempts may be set between 2 and 20 The default setting is 2 Rekey Timeout T...

Страница 278: ...on Algorithm are described below Parameter Description 3DES CBC Use the check box to enable or disable the Triple Data Encryption Standard encryption algorithm with Cipher Block Chaining The default i...

Страница 279: ...e HMAC Hash for Message Authentication Code mechanism utilizing the Digital Signature Algorithm DSA encryption The default is enabled Click the Apply button to accept the changes made SSH User Authent...

Страница 280: ...ess of the SSH user This parameter is only used in conjunction with the Host Based choice in the Auth Mode field Click the Edit button to re configure the specific entry Click the Apply button to acce...

Страница 281: ...ver its network in a limited bandwidth The Safeguard Engine has two operating modes that can be configured by the user Strict and Fuzzy In Strict mode when the Switch either a receives too many packet...

Страница 282: ...IP broadcast packets will return to 5 seconds and the process will resume In Fuzzy mode once the Safeguard Engine has entered the Exhausted mode the Safeguard Engine will decrease the packet flow by...

Страница 283: ...ization as a percentage where the Switch leaves the Safeguard Engine state and returns to normal mode The default is 20 Trap Log Use the pull down menu to enable or disable the sending of messages to...

Страница 284: ...65 535 seconds with a default value of 0 seconds To view this window click Network Application DHCP DHCP Relay DHCP Relay Global Settings as shown below Figure 9 1 DHCP Relay Global Settings window Th...

Страница 285: ...ay agent will check the validity of the packet s option 82 field If the Switch receives a packet that contains the option 82 field from a DHCP client the Switch drops the packet because it is invalid...

Страница 286: ...dule is always 0 for a stackable switch the Module is the Unit ID 7 Port The incoming port number of the DHCP client packet the port number starts from 1 Remote ID sub option format Figure 9 3 Remote...

Страница 287: ...tton to accept the changes made DHCP Relay VLAN Settings To view this window click Network Application DHCP DHCP Relay DHCP Relay VLAN Settings as shown below Figure 9 5 DHCP Relay VLAN Settings windo...

Страница 288: ...ic entry Click the Delete All button to remove all the entries listed NOTE When there is no matching server found for the packet based on option 60 the relay servers will be determined by the default...

Страница 289: ...ll button to remove all the entries listed Click the Delete button to remove the specific entry DHCP Relay Option 61 Settings On this page the user can configure add and delete DHCP relay option 61 pa...

Страница 290: ...rk or to assign the IP address of an important device such as a DNS server or the IP address of the default route to another device on the network Users also have the ability to bind IP addresses with...

Страница 291: ...ck the Apply button to add a new entry based on the information entered Click the Delete All button to remove all the entries listed Click the Delete button to remove the specific entry DHCP Server Po...

Страница 292: ...file that will be used as the boot image of the DHCP client This image is usually the operating system that the client uses to load its IP parameters Next Server This field is used to identify the IP...

Страница 293: ...ing as shown below Figure 9 13 DHCP Server Manual Binding window The fields that can be configured are described below Parameter Description Pool Name Enter the name of the DHCP pool within which will...

Страница 294: ...lick the Clear button to remove the specific entry based on the information entered Click the Clear All button to remove all the entries DHCP Conflict IP To view this window click Network Application...

Страница 295: ...plication DHCP DHCPv6 Relay DHCPv6 Relay Settings as shown below Figure 9 17 DHCPv6 Relay Settings The fields that can be configured are described below Parameter Description Interface Name Enter a na...

Страница 296: ...es to apply the DHCP Local Relay operation State Enable or disable the configure DHCP Local Relay for VLAN state Click the Apply button to accept the changes made for each individual section DNS DNS R...

Страница 297: ...r the client should contact Each client must be able to contact at least one DNS server and each DNS server must be able to contact at least one root server The address of the machine that supplies do...

Страница 298: ...c entry PPPoE Circuit ID Insertion Settings This window allows to enable or disable PPPoE Circuit ID Insertion To view this window click Network Application PPPoE Circuit ID Insertion Settings as show...

Страница 299: ...dow click Network Application SNTP SNTP Settings as shown below Figure 9 23 SNTP Settings window The fields that can be configured are described below Parameter Description SNTP State Use this radio b...

Страница 300: ...Saving Time Offset In Minutes Use this pull down menu to specify the amount of time that will constitute your local DST offset 30 60 90 or 120 minutes Time Zone Offset From GMT In HH MM Use these pull...

Страница 301: ...DST will end Parameter Description DST Annual Settings Using annual mode will enable DST seasonal time adjustment Annual mode requires that the DST beginning and ending date be specified concisely Fo...

Страница 302: ...domain per VLAN basis There are different message types which are identified by unique Opcode of the CFM frame payload CFM message types that are supported include Continuity Check Message CCM Loopbac...

Страница 303: ...ameter Description MA Max 22 characters Enter the CFM maintenance association MA name VID 1 4094 Enter a VLAN ID for CFM MA MIP Use the drop down menu to select the control creation of MIP None Do not...

Страница 304: ...on to configure the CFM MEP settings Click the MIP Port Table button to see the following window Figure 10 3 CFM MIP Table window Click the Back button to go back to the CFM MA Settings window Click t...

Страница 305: ...enu to select the CCM transmission state to Disabled or Enabled PDU Priority Use the drop down menu to set the 802 1p priority in the CCMs and the LTMs messages transmitted by the MEP The default valu...

Страница 306: ...the fault alarm to be sent if a defect is reported continuously The default value is 250 Alarm Reset Time 250 1000 Enter the time period in centisecond to reset the fault alarm if a defect hasn t bee...

Страница 307: ...ll ports by default To view this window click OAM CFM CFM Port Settings as shown below Figure 10 8 CFM Port Settings window The fields that can be configured are described below Parameter Description...

Страница 308: ...oint between 1 and 8191 MD Max 22 characters The Maintenance Domain Name MA Max 22 characters The Maintenance Association Name MAC Address The destination MAC address LBMs Number 1 65535 The number of...

Страница 309: ...The Maintenance Domain Name MA Name The Maintenance Association Name MAC Address The destination MAC address TTL 2 255 The linktrace message TTL value The default value is 64 PDU Priority The 802 1p p...

Страница 310: ...down menu allows you to select among Transmit Receive and CCM Click the Find button to locate a specific entry based on the information entered Click the Clear button to clear all the information ente...

Страница 311: ...clause 57 is a data link layer protocol which provides network operators the ability to monitor the health of the network and quickly determine the location of failing links or fault conditions on poi...

Страница 312: ...Specify that the OAM function state is Enabled or Disabled The default state is Disabled Remote Loopback Specify to Start or Stop the OAM remote loopback function Received Remote Loopback Specify whet...

Страница 313: ...M critical link event Link Monitor Use the drop down menu to select various types of link monitoring Critical Link Event Use the drop down menu to select the critical link event between Dying Gasp and...

Страница 314: ...OAM Event Log as shown below Figure 10 16 Ethernet OAM Event Log window The fields that can be configured are described below Parameter Description Port Use the drop down menu to specify the port num...

Страница 315: ...nter to show Tick All Ports to view all ports Click the Clear button to clear all the information entered in the fields DULD Settings The window is used to configure unidirectional link detection on p...

Страница 316: ...s Shutdown If unidirectional link is detected disable the port and log the event Normal Only log unidirectional link event when unidirectional link is detected Discovery Time Enter the neighbor discov...

Страница 317: ...unction limitation Cross talk errors detection is not supported on FE ports NOTE The available cable diagnosis length is from 5 to 120 meters NOTE The deviation of cable length detection is 5M Fault m...

Страница 318: ...mple average by time interval To view this window click Monitoring Utilization CPU Utilization as shown below Figure 11 1 CPU Utilization window The fields that can be configured are described below P...

Страница 319: ...nformation regarding the DRAM and Flash utilization To view this window click Monitoring Utilization DRAM Flash Utilization as shown below Figure 11 2 DRAM Flash Utilization window Port Utilization Us...

Страница 320: ...ll be polled between 20 and 200 The default value is 200 Show Hide Check whether or not to display Port Util Click the Apply button to accept the changes made for each individual section Statistics Po...

Страница 321: ...11 4 Received RX window for Bytes and Packets Click the View Table link to display the information in a table rather than a line graph Figure 11 5 Received RX Table window for Bytes and Packets The f...

Страница 322: ...of good packets that were received by a broadcast address Show Hide Check whether to display Bytes and Packets Click the Apply button to accept the changes made for each individual section Click the...

Страница 323: ...the total number of good packets that were received by a multicast address Broadcast Counts the total number of good packets that were received by a broadcast address Show Hide Check whether or not t...

Страница 324: ...for Bytes and Packets Click the View Table link to display the information in a table rather than a line graph Figure 11 9 Transmitted TX Table window table for Bytes and Packets The fields that can...

Страница 325: ...transmitted by a broadcast address Show Hide Check whether or not to display Bytes and Packets Click the Apply button to accept the changes made for each individual section Click the Clear button to c...

Страница 326: ...information in a table rather than a line graph Figure 11 11 Received RX Table window for errors The fields that can be configured are described below Parameter Description Unit Select the unit to con...

Страница 327: ...longer than 1518 octets and less than the MAX_PKT_LEN Internally MAX_PKT_LEN is equal to 1536 Drop The number of packets that are dropped by this port since the last Switch reboot Symbol Counts the nu...

Страница 328: ...information in a table rather than a line graph Figure 11 13 Transmitted TX Table window for errors The fields that can be configured are described below Parameter Description Unit Select the unit to...

Страница 329: ...inhibited by more than one collision Collision An estimate of the total number of collisions on this network segment Show Hide Check whether or not to display ExDefer CRCError LateColl ExColl SingCol...

Страница 330: ...formation in a table rather than a line graph Figure 11 15 RX Size Analysis window table The fields that can be configured are described below Parameter Description Unit Select the unit to configure P...

Страница 331: ...ets 1024 1518 The total number of packets including bad packets received that were between 1024 and 1518 octets in length inclusive excluding framing bits but including FCS octets Show Hide Check whet...

Страница 332: ...ature Target Port Use the drop down menu to select the Target Port used for Port Mirroring Unit Select the unit to configure TX Egress Click the radio buttons to select whether the port should include...

Страница 333: ...N is enabled when one RSPAN VLAN has been configured with a source port The RSPAN redirect function will work when RSPAN is enabled and at least one RSPAN VLAN has been configured with redirect ports...

Страница 334: ...Add or Delete to add or delete redirect ports Click the Apply button to accept the changes made Click the Back button to discard the changes made and return to the previous page sFlow sFlow RFC3176 i...

Страница 335: ...he server times out When the analyzer server times out all of the flow samplers and counter pollers associated with this analyzer server will be deleted If not specified its default value is 400 Colle...

Страница 336: ...if the rate is 20 the actual rate 5120 One packet will be sampled from every 5120 packets If set to 0 the sampler is disabled If the rate is not specified its default value is 0 Max Header Size 18 256...

Страница 337: ...fic entry Click the Delete button to remove the specific entry Ping Test Ping is a small program that sends ICMP Echo packets to the IP address you specify The destination node then responds to or ech...

Страница 338: ...ut Select a timeout period between 1 and 99 seconds for this Ping message to reach its destination If the packet fails to find the IP address in this specified time the Ping packet will be dropped Cli...

Страница 339: ...e trace route option will cross while seeking the network path between two devices The range for the TTL is 1 to 60 hops Port 30000 64900 The port number The value range is from 30000 to 64900 Timeout...

Страница 340: ...to halt the Trace Route Click the Resume button to resume the Trace Route Peripheral Device Status This window displays power and fan status of the Switch To view this window click Monitoring Peripher...

Страница 341: ...tion File Upload Configuration File Upload Log File Reset Reboot System Save Configuration ID 1 Open the Save drop down menu at the top of the Web manager and click Save Configuration ID 1 to see the...

Страница 342: ...example the order in the stack see System Configuration Stacking Stacking Mode Settings window The number of switches in the switch stack up to 8 total are displayed next to the Tools drop down menu...

Страница 343: ...ssigned automatically Auto or can be assigned statically The default is Auto Type Display the model name of the corresponding switch in a stack Exist Denote whether a switch does or does not exist in...

Страница 344: ...menu to select a unit for receiving the firmware Select All for all units TFTP Server IP Click the IPv4 or IPv6 radio button to enter the TFTP Server IP Address File Enter the location and name of the...

Страница 345: ...File Enter the location and name of the source file or click the Browse button to navigate to the configuration file for the download Configuration ID Select a configuration ID Click Download to init...

Страница 346: ...nd enter the service name in the space provided Click Upload to initiate the upload Upload Log File This page allows the user to upload the log file from the Switch to a TFTP Server Open the Tools dro...

Страница 347: ...Switch will return to the last saved configuration when rebooted Open the Tools drop down menu at the top of the Web manager and click Reset to see the following window Figure 12 10 Reset System wind...

Страница 348: ...ddress Resolution Protocol Works In the process of ARP PC A will first issue an ARP request to query PC B s MAC address The network structure is shown in Figure 1 Figure 1 In the meantime PC A s MAC a...

Страница 349: ...d the associated port into its Forwarding Table In addition when the switch receives the broadcasted ARP request it will flood the frame to all ports except the source port port 1 see Figure 2 Figure...

Страница 350: ...to send the fake or spoofed ARP messages to an Ethernet network Generally the aim is to associate the attacker s or random MAC address with the IP address of another node such as the default gateway A...

Страница 351: ...nd cheats the router that it is the victim As can be seen in Figure 5 all traffic will be then sniffed by the hacker but the users will not discover Prevent ARP Spoofing via Packet Content ACL D Link...

Страница 352: ...Offset Chunk14 Offset Chunk15 Byte 127 3 7 11 15 19 23 27 31 35 39 43 47 51 55 59 Byte 128 4 8 12 16 20 24 28 32 36 40 44 48 52 56 60 Byte 1 5 9 13 17 21 25 29 33 37 41 45 49 53 57 61 Byte 2 6 10 14...

Страница 353: ...rom Chunk 3 mask for Ethernet Type Blue in Table 6 13th and 14th bytes The second chunk starts from Chunk 7 mask for Sender IP in ARP packet Green in Table 6 29th and 30th bytes The third chunk starts...

Страница 354: ...undant Power failed Critical Redundant Power is working Unit unitID Redundant Power is working Critical Access flash failed Unit unitID Access flash failed operation operation physical address address...

Страница 355: ...rough Web Username username IP ipaddr Warning Logout through Web Logout through Web Username username IP ipaddr Informational SSL Successful login through Web SSL Successful login through Web SSL User...

Страница 356: ...authenticated by AAA local method Username username Warning Successful login through Web authenticated by AAA local method Successful login through Web from userIP authenticated by AAA local method Us...

Страница 357: ...through Web authenticated by AAA server Successful login through Web from userIP authenticated by AAA server serverIP Username username Informational Login failed through Web authenticated by AAA ser...

Страница 358: ...g Successful Enable Admin through SSH authenticated by AAA local_enable method Successful Enable Admin through SSH from userIP authenticated by AAA local_enable method Username username Informational...

Страница 359: ...ation Username username Warning Enable Admin failed through Console due to AAA server timeout or improper configuration Enable Admin failed through Console due to AAA server timeout or improper config...

Страница 360: ...cleared Port portNum Multicast storm has cleared Informational Port shut down due to a packet storm Port portNum is currently shut down due to a packet storm Warning IP MAC PORT Binding Unauthenticat...

Страница 361: ...name username IP ipaddr Informational Gratuitous ARP Conflict IP was detected with this device Conflict IP was detected with this device IP ipaddr MAC macaddr Port unitID portNum Interface ipif_name I...

Страница 362: ...rmational DES 3528 DES 3552 Series Trap List Trap Name OID Variable Bind Format MIB Name Severity coldStart 1 3 6 1 6 3 1 1 5 1 None V2 RFC1907 SNMPv2 MIB Critical warmStart 1 3 6 1 6 3 1 1 5 2 None V...

Страница 363: ...SafeGuard m ib Warning swSafeGuardChgToNormal 1 3 6 1 4 1 171 12 19 4 1 0 2 swSafeGuardCurrentStatus V2 SafeGuard m ib Warning swPktStormOccurred 1 3 6 1 4 1 171 12 25 5 0 1 swPktStormCtrlPortIndex V2...

Страница 364: ...mgmt MIB Warning swPortLoopOccurred 1 3 6 1 4 1 171 12 41 10 0 1 swLoopDetectPortIndex V2 LBD MIB Warning swPortLoopRestart 1 3 6 1 4 1 171 12 41 10 0 2 swLoopDetectPortIndex V2 LBD MIB Warning swVlan...

Страница 365: ...the user needs to attach a terminal or PC with terminal emulation to the console port of the switch 2 Power on the Switch After the UART init is loaded to 100 the Switch will allow 2 seconds for the...

Страница 366: ...ata transmission links This port is most often used for dedicated local management CSMA CD Channel access method used by Ethernet and IEEE 802 3 standards in which devices transmit only after finding...

Страница 367: ...nce on networks STP works by allowing the user to implement parallel paths for network traffic and ensure that redundant paths are disabled when the main paths are operational and enabled if the main...

Отзывы:

Нет отзывов

Похожие инструкции для DES-3528 - xStack Switch - Stackable

Бренд: D-Link Страницы: 2

Бренд: D-Link Страницы: 2

DKVM-16 - KVM Switch

Бренд: D-Link Страницы: 24

Dis-200G Series

Бренд: D-Link Страницы: 161

Dis-200G Series

Бренд: D-Link Страницы: 16

Dis-200G Series

Бренд: D-Link Страницы: 47

Бренд: D-Link Страницы: 25

DGS-3100 SERIES

Бренд: D-Link Страницы: 54

DGS-3100 SERIES

Бренд: D-Link Страницы: 220

Бренд: D-Link Страницы: 24

DGS-1248T - Switch

Бренд: D-Link Страницы: 52

DGS-1216T - Switch

Бренд: D-Link Страницы: 42

DGS-1216T - Switch

Бренд: D-Link Страницы: 10

Бренд: D-Link Страницы: 8

Бренд: D-Link Страницы: 379

Бренд: D-Link Страницы: 240

Бренд: D-Link Страницы: 188

DES-3326S - Switch - Stackable

Бренд: D-Link Страницы: 349

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды