background image

5  Configuration  

D-Link Web Smart Switch User Manual

 

4

4

1

1

 

 

L2 Functions > Spanning Tree > STP Bridge Global Settings 

The Switch implements three  versions of the Spanning Tree Protocol, the Rapid Spanning Tree Protocol 
(RSTP) as defined by the IEEE 802.1w specification, a version compatible with the IEEE 802.1D STP and 
the Multiple Spanning Tree Protocol (MSTP) as defined by the IEEE802.1 specification. RSTP can operate 
with legacy equipment implementing IEEE 802.1D, however the advantages of using RSTP will be lost.   

 

The IEEE 802.1w Rapid Spanning Tree Protocol (RSTP) evolved from the 802.1D STP standard. RSTP was 
developed in order to overcome some limitations of STP that impede the function of some recent switching 
innovations.  The basic function and much of the terminology is the same as STP. Most of the settings 
configured for STP are also used for RSTP. This section introduces some new Spanning Tree concepts and 
illustrates the main differences between the two protocols.  

 

The IEEE 802.1 Multiple Spanning Tree (MSTP) provides various load balancing scenarios by allowing 
multiple VLANs  to be mapped to a single spanning tree instance, providing multiple pathways across the 
network. For example, while port A is blocked in one STP instance, the same port can be placed in the 
Forwarding state in another STP instance.  

 

By default, Rapid Spanning Tree is disabled. If enabled, the Switch will listen for BPDU packets and its 
accompanying Hello packet. BPDU packets are sent even if a BPDU packet was not received. Therefore, 
each link between bridges is sensitive to the status of the link. Ultimately this difference results in faster 
detection of failed links, and thus faster topology adjustment.  

 

By default Multiple Spanning Tree is enabled. It will tag BPDU packets to receiving devices and distinguish 
spanning tree instances, spanning tree regions and the VLANs associated with them.  

 

After enabling STP, setting the STP Bridge Global Setting includes the following options.  

 

Figure 5.42 – L2 Functions > Spanning Tree > STP Bridge Global Settings 

 

Spanning Tree Protocol: Specify the Spanning Tree Protocol to be Enabled or Disabled. 

STP Version: You can choose MSTP, RSTP or STP Compatible. The default setting is MSTP. 

Bridge Priority: This value between 0 and 61410 specifies the priority for forwarding packets: the lower the 
value, the higher the priority. The default is 32768. 

Содержание DGS-1500-28P

Страница 1: ......

Страница 2: ...allation 6 Desktop or Shelf Installation 6 Rack Installation 6 Step 3 Plugging in the AC Power Cord 7 Power Failure 8 3 Getting Started 9 Management Options 9 Using Web based Management 9 Supported Web Browsers 9 Connecting to the Switch 9 Login Web based Management 10 Smart Wizard 10 Web based Management 10 SmartConsole Utility 10 4 SmartConsole Utility 12 SmartConsole Settings 12 Utility Setting...

Страница 3: ...gs 35 VLAN Voice VLAN Voice VLAN Port Settings 36 VLAN Voice VLAN Voice Device List 37 VLAN Auto Surveillance VLAN 37 L2 Functions Jumbo Frame 38 L2 Functions Port Mirroring 38 L2 Functions Loopback Detection 39 L2 Functions MAC Address Table Static MAC 40 L2 Functions MAC Address Table Dynamic Forwarding Table 40 L2 Functions Spanning Tree STP Bridge Global Settings 41 L2 Functions Spanning Tree ...

Страница 4: ...oS Bandwidth Control 61 QoS 802 1p DSCP ToS 62 QoS TCP UDP Port Priority Settings 62 QoS IPv6 Traffic Class Priority Settings 63 Security Trusted Host 63 Security Port Security 63 Security Traffic Segmentation 64 Security Safeguard Engine 65 Security Storm Control 65 Security ARP Spoofing Prevention 65 Security DHCP Server Screening 66 Security SSL 66 Security SSH SSH Settings 67 Security SSH SSH ...

Страница 5: ...e 95 To connect a switch via TELNET 95 Logging on to the Command Line Interface 95 CLI Commands 95 96 download 96 upload 97 config ipif 98 logout 99 ping 99 ping6 100 reboot 100 reset config 101 show ipif 101 show switch 102 config account admin password 102 save 102 debug info 103 Appendix A Technical Specifications 105 Hardware Specifications 105 Key Components Performance 105 Port Functions 105...

Страница 6: ...Terms Usage In this guide the term Switch first letter capitalized refers to the SmartPro Switch and switch first letter lower case refers to other Ethernet switches Some technologies refer to terms switch bridge and switching hubs interchangeably and both are commonly accepted for Ethernet switches A NOTE indicates important information that helps a better use of the device A CAUTION indicates po...

Страница 7: ...ng Tree 802 3ad LACP SNTP LLDP and Loopback Detection to enhance performance and network resiliency Extensive Layer 3 Features Implemented as complete L3 devices these switches include functions such as IP interface static route IPv6 Static Route ARP and single IP management to enhance performance and network resiliency QoS The switches supports bandwidth control and 802 1p priority queues enablin...

Страница 8: ...hts up when the Switch is connected to a power source Reset By pressing the Reset button the Switch will change back to the default configuration and all changes will be lost Port Link Act Speed LED 1 16 17F 18F 19F 20F The port LEDs indicate a network link through the corresponding port Blinking indicates the Switch is either sending or receiving data to the port When the port LED glows in amber ...

Страница 9: ...when the Switch is connected to a power source Pwr Max The Pwr Max LED lights up when the Switch reaches the maximum power budget defined by the administrator via PoE System Settings page of Web GUI or the default power budget of 78 Watts Reset By pressing the Reset button the Switch will change back to the default configuration and all changes will be lost Mode By pressing the Mode button the Por...

Страница 10: ...F The Link Act Speed LED flashes which indicates a network link through the corresponding port Blinking indicates that the Switch is either sending or receiving data to the port When a port has an amber light this indicates that the port is running on 10M or 100M When it has a green light it is running on 1000M Fan The Fan LED lights green when fans work well and lights red when fans fail Reset Pr...

Страница 11: ......

Страница 12: ... Loading Mounting of the equipment in the rack should be such that a hazardous condition is not achieved due to uneven mechanical loading D Circuit Overloading Consideration should be given to the connection of the equipment to the supply circuit and the effect that overloading of the circuits might have on overcurrent protection and supply wiring Appropriate consideration of equipment nameplate r...

Страница 13: ...2 Hardware Installation D Link Web Smart Switch User Manual 8 Power Failure As a precaution the switch should be unplugged in case of power failure When power is resumed plug the switch back in ...

Страница 14: ......

Страница 15: ...he web configuration in your web browser When the following logon dialog box appears enter the password and choose the language of the Web based Management interface then click OK The switch supports 10 languages including English Traditional Chinese Simplified Chinese German Spanish French Italian Portuguese Japanese and Russian By default the password is admin and the language is English Figure ...

Страница 16: ...s Option 2 Follow these steps to install the SmartConsole Utility manually 1 Insert the Utility CD into your CD Rom DVD Rom Drive 2 From the Start menu on the Windows desktop click Run 3 In the Run dialog box type D D Link SmartConsole Utility D Link_SmartConsole_Utility_v3 00 10 exe where D represents the drive letter of your CD Rom and click OK 4 Follow the on screen instructions to install the ...

Страница 17: ... Monitor list and About Utility Settings Click this icon to launch the Utility Settings window Refresh time refreshes the devices which were selected as monitored devices in the Device List Choices include 15 secs 30 secs 1 mins 2 mins and 5 mins for selecting the monitoring time intervals Utility Group Interval establishes the intervals in seconds that the Switch will be discovered in the SmartCo...

Страница 18: ...he device Time indicates when the trap message was received Location indicates where the trap message was received IP denotes where it comes from and Event shows the content of this trap message Click Refresh to redisplay all traps click Clear to clear all entries Click Exit to exit Figure 4 4 SmartConsole Trap The trap icon in the SmartConsole Settings will change while receiving new trap message...

Страница 19: ... 6 SmartConsole About Device Configuration The Device Configuration in the SmartConsole Utility has five icons Device Settings Password Settings Firmware Upgrade DHCP Refresh Web Access and the device buttons for the Device List Device Settings Select a switch from the Device List Click on this icon to launch the Device Settings window Here you can configure the Product Name MAC Address IPv4 Addre...

Страница 20: ...ord and confirm it Figure 4 8 SmartConsole Password Settings Firmware Upgrade Select one or many switches of the same model name from the Device List Click on this icon to launch the Firmware Upgrade window Specify the Firmware Path or Browse for one that you are going to use Input the correct password of the device and then click Upgrade The state will show OK after completion or Fail if the firm...

Страница 21: ... the correct Device Password and then click OK The device will renew the IPv4 address from the DHCP server Figure 4 10 DHCP Refresh Web Access Select a switch from the Device List Click this icon to launch your Internet browser eg The Internet Explorer Here you can configure the Switch through the Web based Management utility You may also get into the Web based Management by double clicking the de...

Страница 22: ...g or trap to the SmartConsole Utility The icon will appear When the device was detected as not reachable the icon will change to Please check if the power or the cable of this device is disconnected Product Name Displays the device product name IP Address Displays the current IP addresses of devices Subnet Mask Displays the Subnet Mask setting of the device Gateway Displays the Gateway setting of ...

Страница 23: ...red in the SmartConsole Device List NOTE If the devices are marked red in the device list it means that a firmware upgrade is required again NOTE If the IP address of device is showed with IPv6 address then it can not be configured with Smartconsole Utility The user needs to double click the selected device and login the web for configuration ...

Страница 24: ... configurations on 3 steps for the IP Information access password and SNMP Select Static DHCP or BOOTP and type the desired new IP Address select the Netmask and type the Gateway address then click the Apply button to enter the next Password setting page No need to enter IP Address Netmask and Gateway of DHCP and BOOTP selection The IP address is allowed for IPv4 and IPv6 address If you are not ch...

Страница 25: ...default SNMP Setting is Disabled Click Enabled and then click Apply to make it effective Figure 5 3 SNMP Setting in Smart Wizard NOTE Changing the system IP address will disconnect you from the current connection Please enter the correct IP address in the Web browser again and make sure your PC is in the same subnet with the switch See Login Web based Management for a detailed description ...

Страница 26: ... provides a quick and convenient way for essential utility functions like firmware and configuration management By choosing different functions in the Function Tree you can change all the settings in the Main Configuration Screen The main configuration screen will show the current status of your Switch by clicking the model name on top of the function tree At the upper right corner of the screen t...

Страница 27: ...al drive and a pop up message will prompt you for the file path You can view or edit the log file by using text editor e g Notepad Figure 5 7 Save Log Tool Bar Tool Menu The Tool Menu offers global function controls such as Reset Reset System Reboot Device Configuration Backup and Restore Firmware Backup and Upgrade Figure 5 8 Tool Menu Reset Provide a safe reset option for the Switch All configur...

Страница 28: ... Click Browse to browse your inventories for a saved backup settings file Click Restore after selecting the backup settings file you want to restore TFTP TFTP Trivial File Transfer Protocol is a file transfer protocol that allows you to transfer files to a remote TFTP server Select IPv4 or IPv6 and specify TFTP Server IP Address and TFTP File Name for the configuration file you want to save to res...

Страница 29: ...aximum Telnet Server connection is 4 Click Backup to save the firmware to the TFTP server Click Upgrade after selecting the firmware file you want to restore CAUTION Do not disconnect the PC or remove the power cord from device until the upgrade completes The Switch may crash if the Firmware upgrade is incomplete Tool Bar Smart Wizard By clicking the Smart Wizard button you can return to the Smart...

Страница 30: ...5 Configuration D Link Web Smart Switch User Manual 2 25 5 Figure 5 15 User Guide Micro Site ...

Страница 31: ...ick Settings to link to L2 Functions Port Mirroring Default is disabled Storm Control Click Settings to link to Security Storm Control Default is disabled DHCP Client Click Settings to link to System System Settings Default is disabled Single IP Management Click Settings to link to L3 Functions Single IP Management SIM Global Settings Default is disabled Power Saving Click Settings to link to Syst...

Страница 32: ... is 10 90 90 90 and subnet mask is 255 0 0 0 System Information By entering a System Name and System Location the device can more easily be recognized through the SmartConsole Utility and from other Web Smart devices on the LAN Login Timeout The Login Timeout controls the idle time out period for security purposes and when there is no action for a specific time span in the Web based Management If ...

Страница 33: ...t you wish to set on the Switch to authenticate users attempting to access Administrator Level privileges on the Switch The user may set a password of up to 20 characters Confirm Password Confirm the new password entered above Entering a different password here from the one set in the New Local Enabled field will result in a fail message System Port Settings In the Port Setting page the status of ...

Страница 34: ... a configurable MDI MDIX function for users The switches can be set as an MDI port in order to connect to other hubs or switches without an Ethernet crossover cable Auto MDI MDIX is designed on the switch to detect if the connection is backwards and automatically chooses MDI or MDIX to properly match the connection The default setting is Auto MDI MDIX Flow Control You can enable this function to m...

Страница 35: ...election are selected automatically The possible levels are Warning The lowest level of a device warning The device is functioning but an operational problem has occurred Informational Provides device information All Displays all levels of system logs Facility Specifies an application from which system logs are sent to the remote server Only one facility can be assigned to a single server If a sec...

Страница 36: ... the same as LED Therefore if the Port Shut off sate is already disabled the Time Profile function will not take effect Port Standby The system changes to standby state and wait for a wake up event Each port on the system enters sleep state by schedule System Hibernation In this mode switches get most power saving figures since main chipsets both MAC and PHY are disabled for all ports and energy r...

Страница 37: ...ups such as e mail or multicast groups multimedia applications such as video conferencing and therefore help to simplify network management by allowing users to move devices to a new VLAN without having to change any physical connections The IEEE 802 1Q VLAN Configuration page provides powerful VID management functions The original settings have the VID as 1 no default name and all ports as Untagg...

Страница 38: ...ration 802 1Q VLAN Add VID Figure 5 28 Configuration 802 1Q VLAN Example VIDs Figure 5 29 Configuration 802 1Q VLAN VID Assignments VLAN VLAN Status The VLAN Status page is for user to search the VLAN which has already existed by VLAN ID or VLAN Name Figure 5 30 VLAN VLAN Status ...

Страница 39: ...y the Join message The default value is 600ms Leave_All Time 100 100000 Used to confirm the port within the VLAN The time in milliseconds between messages sent The default value is 10000ms Click Apply to implement changes made NOTE Leave time must be greater than or equal to three times the join time Leave_all time must be greater than the leave time VLAN GVRP GVRP Port Settings The GVRP Port Sett...

Страница 40: ...y default Acceptable Frame Type This field denotes the type of frame that will be accepted by the port The user may choose between Tagged Only which means only VLAN tagged frames will be accepted and Admit_All which mean both tagged and untagged frames will be accepted Admit_All is enabled by default Click Apply to implement changes made VLAN Voice VLAN Voice VLAN Global Settings Voice VLAN is a f...

Страница 41: ...ndor Mnemonic Name 00 E0 BB 3COM 3com 00 03 6B Cisco cisco 00 E0 75 Veritel veritel 00 D0 1E Pingtel pingtel 00 01 E3 Siemens siemens 00 60 B9 NEC Philips nec philips 00 0F E2 Huawei 3COM huawei 3com 00 09 6E Avaya avaya Select the OUI and press Add to the lower table to complete the Auto Voice VLAN setting Note The default OUI for 3COM Cisco Veritel Pingtel Siemens NEC Philips Huawei3COM and Avay...

Страница 42: ...ormation of Voice VLAN Figure 5 35 VLAN Voice VLAN Voice Device List Select a port or all ports and click Search to display the Voice Device information in the table VLAN Auto Surveillance VLAN Similar as Voice VLAN Auto Surveillance VLAN is a feature that allows you to automatically place the video traffic from D Link IP cameras to an assigned VLAN to enhance the IP surveillance service With a hi...

Страница 43: ...e five components are Video Management Server VMS VMS Client Remote viewer Video Encoder Network Storage and Other IP Surveillance Devices Description Specifies the description for the component type MAC OUI You can manually create an MAC or OUI address for the surveillance component The maximum number of user defined MAC address is 5 System will auto generate an ACL profile Profile ID 56 for all ...

Страница 44: ...signed Target Port Click all to include all ports into port mirroring None Turns off the mirroring of the port Click all to remove all ports from mirroring Click Apply to capture the configured Source Ports L2 Functions Loopback Detection The Loopback Detection function is used to detect the loop created by a specific port while Spanning Tree Protocol STP is not enabled in the network especially w...

Страница 45: ...rning off the function of learning MAC address automatically if a port isn t specified as an uplink port for example connects to a DHCP Server or Gateway By default this feature is Disabled Figure 5 40 L2 Functions MAC Address Table Static MAC To initiate the removal of auto learning for any of the uplink ports enable this feature and then select the port s for auto learning to be disabled The Sta...

Страница 46: ...ple VLANs to be mapped to a single spanning tree instance providing multiple pathways across the network For example while port A is blocked in one STP instance the same port can be placed in the Forwarding state in another STP instance By default Rapid Spanning Tree is disabled If enabled the Switch will listen for BPDU packets and its accompanying Hello packet BPDU packets are sent even if a BPD...

Страница 47: ...eeding a separate spanning tree BPDU filtering functions only when STP is disabled either globally or on a single interface The possible field values are Disabled BPDU filtering is enabled on the port Enabled BPDU forwarding is enabled on the port if STP is disabled Root Bridge Displays the MAC address of the Root Bridge Root Cost Displays the cost of the Root Bridge The default is 0 Root Maximum ...

Страница 48: ...ey are restricted in that a P2P port must operate in full duplex Like edge ports P2P ports transition to a forwarding state rapidly thus benefiting from RSTP A p2p value of false indicates that the port cannot have p2p status Auto allows the port to have p2p status whenever possible and operate as if the p2p status were true If the port cannot maintain this status for example if the port is forced...

Страница 49: ...s 1 15 Type Defines the type of edit The possible values are Add VID Indicates that edit type is add Remove VID Indicates that edit type is removed VID List 1 4094 Displays the VID List Click Apply to implement the changes made Click Edit to modify the setting of VID or click Delete to remove it L2 Functions Spanning Tree STP Instance Settings The STP Instance Settings page display MSTIs currently...

Страница 50: ...ill set the quickest route automatically and optimally for an interface Priority Defines the interface priority for the specified instance The default value is 128 A higher priority will designate the interface to forward packets first A low number denotes a higher priority Click Apply to implement the changes made or Edit to change the port settings L2 Functions Link Aggregation Port Trunking The...

Страница 51: ...gated port group that is to add or subtract ports from the group at least one of the participating devices must designate LACP ports as active Both devices must support LACP Passive LACP ports that are designated as passive cannot initially send LACP control frames In order to allow the linked port group to negotiate adjustments and make changes dynamically one end of the connection must have acti...

Страница 52: ...al This timer will be restarted whenever a Query control message is received over that port If there are no Query control messages received for Router Port Purge Interval time the learned router port entry will be purged Default is 260 seconds Last Member Query Interval 1 25 sec The Last Member Query Interval is the Max Response Time inserted into Group Specific Queries sent in response to Leave G...

Страница 53: ...ettings then click Add Figure 5 52 L2 Functaions Multicast Multicast Forwarding VID The VLAN ID of the VLAN to which the corresponding MAC address belongs Multicast MAC Address The MAC address of the static source of multicast packets This must be a multicast MAC address Port Settings Allows the selection of ports that will be members of the static multicast group and ports either that are forbidd...

Страница 54: ...ions SNTP Time Settings SNTP or Simple Network Time Protocol is used by the Switch to synchronize the clock of the computer The SNTP settings folders contain two windows Time Settings and TimeZone Settings Users can configure the time settings for the switch and the following parameters can be set or are displayed in the Time Settings page Figure 5 54 L2 Functions SNTP Time Settings Clock Source S...

Страница 55: ...ings Daylight Saving Time State Enable or disable the DST Settings Daylight Saving Time Offset Use this drop down menu to specify the amount of time that will constitute your local DST offset 30 60 90 or 120 minutes Time Zone Offset GMT HH MM Use these drop down menus to specify your local time zone s offset from Greenwich Mean Time GMT Daylight Saving Time Settings From Month Day Enter the month ...

Страница 56: ...attempted The default value is 2 seconds LLDP TX Delay 1 8192 This parameter indicates the delay between successive LLDP frame transmissions initiated by value or status changes in the LLDP local systems MIB The value for txDelay is set by the following range formula 1 txDelay 0 25 msgTxInterval The default value is 2 seconds L2 Functions LLDP LLDP Port Settings The Basic LLDP Port Settings page d...

Страница 57: ...es whether the System Capabilities TLV is enabled on the port The possible field values are Enabled Enables the System Capabilities TLV on the port Disabled Disables the System Capabilities TLV on the port Define these parameter fields Click Apply to implement changes made and click Refresh to refresh the table information L2 Functions LLDP 802 1 Extension TLV This 802 1 Extension TLV page is used...

Страница 58: ...tises the Power via MDI implementations supported by the port The possible field values are Enabled Enables the Power via MDI configured on the port Disabled Disables the Power via MDI configured on the port Link Aggregation Specifies whether the link aggregation is enabled on the port The possible field values are Enabled Enables the link aggregation configured on the port Disabled Disables the l...

Страница 59: ...port Click Apply to implement changes made L2 Functions LLDP LLDP Management Address Table The LLDP Management Address Table page displays the detailed management address information for the entry Figure 5 61 L2 Functions LLDP LLDP Management Address Table Management Address Specifies IPv4 or MAC address then enter the address Click Search and the table will update and display the values required ...

Страница 60: ...plays the port ID Unit number Port number Port Description Displays the port description Click View Normal or Detailed to displays more information L2 Functions LLDP LLDP Remote Port Table This LLDP Remote Port Table page is used to display the LLDP Remote Port Brief Table Select port number and click Search to display additional information Figure 5 63 L2 Functions LLDP LLDP Remote Port Table ...

Страница 61: ...hange entry was last deleted or added It is also displays the time elapsed since last change was detected Number of Table Insert Displays the number of new entries inserted since switch reboot Number of Table Delete Displays the number of new entries deleted since switch reboot Number of Table Drop Displays the number of LLDP frames dropped due to that the table was full Number of Table Age Out Di...

Страница 62: ...the IP address for the interface Netmask Select the netmask of IP address Interface Admin State Enables or disables the interface administration state Click Add for the settings to take effect L3 Functions IPv6 Neighbor Settings The user can configure the Switch s IPv6 neighbor settings The Switch s current IPv6 neighbor settings will be displayed in the table at the bottom of this window Figure 5...

Страница 63: ...te table Gateway Specifies the corresponding Gateway of the IP address entered into the Static Route table Metric 1 65535 Represents the metric value of the IP interface entered into the table This field may read a number between 1 65535 for an OSPF setting and 1 16 for a RIP setting Backup State The user may choose between Primary and Backup If the Primary Static Route fails the Backup Route will...

Страница 64: ...gure 5 72 L3 Functions IPv6 Routing Table Finder IPv6 Network Address Specify the IPv6 address NOTE The Static Route settings and Routing Table Finder of IPv4 IPv6 need to be configured with different setting pages L3 Functions ARP ARP Table Global Settings The ARP Table Global Settings page allows network managers to view define modify and delete ARP information for specific devices When static e...

Страница 65: ...ure 5 75 L3 Functions ARP Gratuitous ARP Specifies the Send when IP Interface is up Send when duplicated IP is detected and Learn received Gratuitous ARP are enabled or disabled then click Apply to take effect Gratuitous ARP Send Interval Interface Name Specifies the Interface Name of Gratuitous ARP Time Interval 0 65535 Specifies the time interval for Gratuitous ARP Click Apply for the settings t...

Страница 66: ...x MS CaS The user may set the Discovery Interval from 30 to 90 seconds Hold Time 100 255 This parameter may be set for the time in seconds the Switch will hold information sent to it from other switches utilizing the Discovery Interval The user may set the hold time from 100 to 255 seconds Click Apply for the settings to take effect NOTE The function does not work with management switch NOTE The S...

Страница 67: ...e traffic from this port will be first handled by the switch For packets that are untagged the switch will assign the priority depending on your configuration Figure 5 78 QoS 802 1p DSCP ToS Select QoS Mode Specifies the QoS mode to be 802 1p DSCP or ToS Queuing Mechanism Strict Priority Denoting a Strict scheduling will set the highest queue to be emptied first while the other queues will follow ...

Страница 68: ...ttings to take effect Security Trusted Host Use Trusted Host function to manage the switch from a remote station You can enter up to ten designated management stations networks by defining the IPv4 Address Netmask or IPv6 Address Prefix as seen in the figure below Figure 5 81 Security Trusted Host Click Apply to enable or disable the Trusted Host feature Type in the IP Address and select Netmask t...

Страница 69: ... ports on a single Switch This method of segmenting the flow of traffic is similar to using VLANs to limit traffic but is more restrictive Figure 5 83 Security Traffic Segmentation Click Apply to enable or disable this feature To configure traffic segmentation specify a port or All ports from the switch using the From Port pull down menu and select To Port then click Apply to enter the settings in...

Страница 70: ...steps N of 64Kbps N can be from 1 to 16000 Click Apply for the settings to take effect Security ARP Spoofing Prevention ARP spoofing also known as ARP poisoning is a method to attack an Ethernet network by allowing an attacker to sniff data frames on a LAN modifying the traffic or stopping the traffic known as a Denial of Service DoS attack The main idea of ARP spoofing is to send fake or spoofed ...

Страница 71: ...ct Ports to be DHCP server trusted port and then click Apply to enable the function Figure 5 87 Security DHCP Server Screening Trusted DHCP Server IP Settings To add the DHCP Trusted DHCP Server set the following fields and click Add IPv4 Specifies the IPv4 address of the DHCP server to be trusted IPv6 Specifies the IPv6 address of the DHCP server to be trusted Click Apply for the settings to take...

Страница 72: ... 89 Security SSH SSH Settings To configure the SSH server on the Switch modify the following parameters and click Apply SSH State Enabled or Disabled SSH on the Switch The default is Disabled Max Session 1 4 Enter a value between 1 and 4 to set the number of users that may simultaneously access the Switch The default setting is 4 Connection Timeout 120 600 Allows the user to set the connection tim...

Страница 73: ...Standard encryption algorithm with Cipher Block Chaining The default is enabled 3DES CBC Use the check box to enable or disable the Triple Data Encryption Standard encryption algorithm with Cipher Block Chaining The default is enabled Data Integrity Algorithm When SSH status is enabled the HMAC MD5 and HMAC SHA1 are enabled by default HMAC MD5 Use the check box to enable the supports of hash for m...

Страница 74: ...horized clients can access a switch s port by either checking the pair of IP MAC address with the pre configured database or if DHCP snooping has been enabled in which case the switch will automatically learn the IP MAC pairs by snooping DHCP packets and saving them to the Smart Binding white list If an unauthorized client tries to access a Smart Binding enabled port the system will block the acce...

Страница 75: ...nge of IP Address to scan all devices in the network Click Scan and the search results will be listed in below table Binding check the box to select desired binding devices Apply click Apply to set Smart Binding entries Select All to check the boxes of Binding for all found devices Clear All to cancel the box of Binding Security Smart Binding White List The White List displays the authorized clien...

Страница 76: ...P Address Select IPv4 or IPv6 and set the RADIUS server IP address Authentication Port 1 65535 Set the RADIUS authentic server s UDP port The default port is 1812 Accounting Port 1 65535 Set the RADIUS account server s UDP port The default port is 1813 Timeout 1 255 sec This field will set the time the Switch will wait for a response of authentication from the user The user may set a time between ...

Страница 77: ...available to the user or the user is denied access to the network Figure 5 97 AAA 802 1X 802 1X Global Settings NOTE The Forward EAPOL PDU option will be useless if the Authentication State is Enabled AAA 802 1X 802 1X Port Settings The 802 1X Port Settings page provide users to configure the 802 1X Port settings Figure 5 98 AAA 802 1X 802 1X Port Settings From Port To Port Enter the port or ports...

Страница 78: ... the port transitions from down to up or when an EAPOL start frame is received The Switch then requests the identity of the client and begins relaying authentication messages between the client and the authentication server The default setting is Auto Direction Sets the administrative controlled direction on the port The possible field values are Both Specify the control is exerted over both incom...

Страница 79: ...ion will be on packets from this IPv6 source address Service Type Specify the type of service The possible values are Any Indicates ACL action will be on packets from any service type Ether type Specifies an Ethernet type for filtering packets ICMP All Indicates ACL action will be on packets from ICMP packets IGMP IGMP packets can be filtered by IGMP message type TCP All Indicates ACL action will ...

Страница 80: ... Profile ID Indicates the profile Identification number The possible configured profile IDs are 1 50 and profile ID 51 57 are reserved for the pre defined features Type The owner type of ACL profile Profile Summary Displays the profile summary Show Details To display an ACL s profile details The ACL profile details are displayed below the ACL table Show Rules To show the access rule in this profil...

Страница 81: ...Select Packet Content to instruct the Switch to examine the packet content in each frame s header MAC ACL Defines the ACL profile Layer 2 protocols The possible values are Tagged Defines the profile Layer 2 to match 802 1Q fields in the Layer 2 header Untagged Defines the profile Layer 2 to check the Layer 2 header without the 802 1Q fields IPv4 ACL Defines the IPv4 ACL profile protocols The possi...

Страница 82: ...ion instructs the Switch to examine the 802 1Q VLAN identifier of each packet header and use this as the full or partial criterion for forwarding VLAN ID Selecting this option instructs the Switch to examine the 802 1p priority value of each packet header and use this as the or part of the criterion for forwarding Ether Type Selecting this option instructs the Switch to examine the Ethernet type v...

Страница 83: ...ple to set 176 212 XX XX use mask 255 255 0 0 Destination IP Mask Defines the range of destination IP addresses relevant to the ACL rules 0 ignore 1 check For example to set 176 212 XX XX use mask 255 255 0 0 ICMP Type Sets the ICMP Type field as an essential field to match ICMP Code Sets the ICMP code field as an essential field to match Click Add button then the ACL profile is added To define th...

Страница 84: ...9 9 Figure 5 107 Add Access Profile IPv4 ACL IGMP Click Add button then the ACL profile is added To define the IPv4 ACL TCP profile Select IPv4 ACL with TCP and click Select button The updates to show the follows Figure 5 107 Add Access Profile IPv4 ACL TCP ...

Страница 85: ... ACL profile is added To define the IPv4 ACL UDP profile Select IPv4 ACL with UDP and click Select button The updates to show the follows Figure 5 108 Add Access Profile IPv4 ACL UDP The Add ACL Profile IPv4 ACL UDP port page contains the following fields Field Description Source Port Mask Defines the range of source Ports relevant to the ACL rules 0 ignore 1 check For example to set 0 15 set mask...

Страница 86: ... addresses relevant to the ACL rules 0 ignore 1 check For example to set 2002 0 0 0 0 0 b0d4 0 use mask 128 Destination IP Prefix Defines the range of destination IP addresses relevant to the ACL rules 0 ignore 1 check For example to set 2002 0 0 0 0 0 bfd4 0 use mask 128 ICMP Type Sets the ICMP Type field as an essential field to match ICMP Code Sets the ICMP code field as an essential field to m...

Страница 87: ... range of source Ports relevant to the ACL rules 0 ignore 1 check For example to set 0 15 set mask of FFF0 Destination Port Mask Defines the range of destination IP addresses relevant to the ACL rules 0 ignore 1 check For example to set 0 15 set mask of FFF0 Click Add button then the ACL profile is added To define the IPv6 ACL UDP profile Select IPv6 ACL with UDP and click Select button The update...

Страница 88: ...eck For example to set 0 15 set mask of F Click Add button then the ACL profile is added NOTE A combination of one or several filtering masks can be selected simultaneously The page updates with the relevant field s 2 Selecting the field of interest will display the related columns in the lower part of the page Enter the filtering mask and click Apply when done A filtering mask is to specify the d...

Страница 89: ...to which the rule is being added to including Profile ID and Ether Type In Rule Detail you can specify the details of an access rule Below are all the possible parameters that can be set Access ID Specify the Access ID 1 65535 Type Display the type of rule VLAN ID Specify the VLAN ID Destination MAC Address Specify the destination MAC address Source MAC Address Specify the source MAC address 802 1...

Страница 90: ... 5 116 ACL ACL Finder PoE PoE Global Settings DGS 1500 28P only This page allows user to configure the global PoE settings of the device and also displays current PoE status including RPS Status Total PoE Power Budget Power Used Power Left and The percentage of system power supplied Figure 5 117 PoE PoE Global Settings PoE Power Threshold To configure the maximum power for PoE function The maximum...

Страница 91: ...orts or 30W for port 1 24 meeting IEEE802 3af standards and pre 802 3at standards IEEE 802 3at defined that the PSE provides power according to the following classification Class Usage Output power limit by PSE 0 Default 15 4W 1 Optional 4 0W 2 Optional 7 0W 3 Optional 15 4W 4 Optional 30W The PoE port table will display the PoE status including Port State Time Range Priority Power Limit Power W V...

Страница 92: ...Trap to SmartConsole page allows user the set the difference status of SNMP notifications trapped to the Smartconsole Figure 5 119 SNMP Trap to SmartConsole Destination IP Specifies the destination IP Illegal Login Specifies the device to send illegal login notifications Device Bootup Specifies the device to send bootup notifications Port Link Up Link Down Specifies the device to send notification...

Страница 93: ...te changes Firmware Upgrade State Specifies the device to send notifications when firmware upgrades Duplicate IP Detected Specifies the device to send notifications when duplicate IP were detected SNMP SNMP SNMP User This page is used to maintain the SNMP user table for the use of SNMPv3 SNMPv3 allows or restricts users using the MIB OID and also encrypts the SNMP messages sent out between users a...

Страница 94: ...and encrypting packets over the network Security Level This function is only available when you select SNMPv3 security level NoAuthNoPriv No authorization and no encryption for packets sent between the Switch and SNMP manager AuthNoPriv Authorization is required but no encryption for packets sent between the Switch and SNMP manager AuthPriv Both authorization and encryption are required for packet...

Страница 95: ...sible to the SNMP community Click Add to create a new SNMP community Delete to remove an existing community SNMP SNMP SNMP Host The SNMP Host page is to configure the SNMP trap recipients Figure 5 125 SNMP SNMP SNMP Host Host IP Address Select IPv4 or IPv6 and specify the IP address of SNMP management host SNMP Version Specify the SNMP version to be used to the management host Community String SNM...

Страница 96: ...e configurations take effects or click to renew the details collected and displayed SNMP RMON RMON History The RMON History Control Configuration page contains information about samples of data taken from ports For example the samples may include interface definitions or polling periods Figure 5 129 SNMP RMON RMON History The History Control Configuration contains the following fields Index 1 6553...

Страница 97: ...mpared to the threshold Absolute value Compares the values directly with the thresholds at the end of the sampling interval Falling Threshold 0 2 31 1 Displays the falling counter value that triggers the falling threshold alarm Falling Event Index 1 65535 Displays the event that triggers the specific alarm The possible field values are user defined RMON events Click Add to make the configurations ...

Страница 98: ...ackets received successfully TxError Number of transmitted packets resulting in error RxError Number of received packets resulting in error To view the statistics of individual ports click one of the linked port numbers for details Figure 5 133 Monitoring Port Statistics Back Go back to the Statistics main page Refresh To renew the details collected and displayed Clear To reset the details display...

Страница 99: ...hows OK then cable length will be indicated for the total length of the cable The cable lengths are categorized into four types 50 meters 50 80 meters 80 100 meters and 100 meters NOTE Cable length detection is effective on Gigabit ports only NOTE Please be sure that Power Saving feature is disabled before enabling Cable Diagnostics function Monitoring System Log The System Log page provides infor...

Страница 100: ... is 5 minutes To change the login timeout session please refer to chapter 5 CLI Commands The Basic Switch commands in the Command Line Interface CLI are listed along with the appropriate parameters in the following table Command Syntax Description of Usage The Displays a list of CLI commands on the device download firmware_fromTFTP cfg_fromTFTP ipaddr ipv6addr path_filename Download the firmware c...

Страница 101: ...sage To display a list of commands of the switch DGS 1500 28 USEREXEC commands config account admin password passwd config ipif ipif_name ipaddress ip address subnet mask gateway gw address dhcp bootp config ipif ipif_name ipv6 ipv6address ipv6networkaddr dhcpv6_client enable disable debug info download firmware_fromTFTP cfg_fromTFTP ipaddr ipv6addr path_filename logout ping ip_addr ping6 ipv6addr...

Страница 102: ...onfiguration file on the TFTP server You need to specify the DOS path if the file is not at the root directory of the TFTP server Restrictions None Example usage To download a firmware file DGS 1500 28 download firmware_fromTFTP 1 1 1 23 1 dgs_1500 10032 ros 01 Jan 2000 01 19 48 COPY I FILECPY Files Copy source URL tftp 1 1 1 23 1 dgs_1500 10032 ros destination URL Unit all flash image 01 Jan 2000...

Страница 103: ...tination URL tftp 1 1 1 23 1 running config 01 Jan 2000 01 26 16 COPY W TRAP The copy operation was completed success fully 158 bytes copied in 00 00 05 hh mm ss DGS 1500 28 config ipif Purpose To configure the System IP interface Syntax config ipif ipif_name ipaddress ip address subnet mask gateway gw address dhcp bootp config ipif ipif_name ipv6 ipv6address ipv6networkaddr dhcpv6_client enable d...

Страница 104: ...rpose To log out a user from the Switch s console Syntax logout Description The logout command terminates the current user s session on the Switch s console Parameters None Restrictions None Example usage To terminate the current user s console session DGS 1500 28 logout NOTE Save your configuration changes before logging out ping Purpose To test the connectivity between network devices Syntax pin...

Страница 105: ...uipment By default Switch sends five pings to the target IP Parameters ipv6addr Specifies the IPv6 address of the host Restrictions None Example usage To ping the IPv6 address 2009 280 C8FF FE3C 5C8A DGS 1500 28 ping6 2009 280 C8FF FE3C 5C8A Reply Received From 2009 280 C8FF FE3C 5C8A TimeTaken 20 msecs Reply Received From 2009 280 C8FF FE3C 5C8A TimeTaken 20 msecs Reply Received From 2009 280 C8F...

Страница 106: ...ers to their default values DGS 1500 28 reset config Device will reboot after reset configuration successfully DGS 1500 28 show ipif Purpose To display the configuration of an IP interface on the Switch Syntax show ipif ipif_name Description The s how ipif command displays the current IP address of the switch Parameters ipif_name Specify the name to be displayed Restrictions None Example usage To ...

Страница 107: ...m firmware version 1 00 001 System boot version 1 00 000 System Protocol version 2 001 004 System serial number LAB1500280022 MAC Address 00 18 E7 48 85 50 DGS 1500 28 config account admin password Purpose To display the configuration of an IP interface on the Switch Syntax config account admin pas sword Description The config account admin pas s word command sets the administrator password Parame...

Страница 108: ...tion of the Switch Syntax debug info Description The debut info command displays the ARP table and MAC FDB of the Switch Parameters None Restrictions None Example usage To display the ARP table and MAC FDB information of the Switch DGS 1500 28 debug info segmentation fault log file File doesn t exist ARP table Address Hardware Address Type Interface Mapping 10 90 90 90 00 18 8b bf 75 30 ARPA vlan1...

Страница 109: ...6 Command Line Interface D Link Web Smart Switch User Manual 104 Total Mac Addresses displayed 1 DGS 1500 28 ...

Страница 110: ......

Страница 111: ......

Страница 112: ......

Страница 113: ......

Отзывы: