D-Link UNIFIED WIRED & WIRELESS ACCESS SYSTEM... Скачать руководство пользователя страница 105 | Manualshive

Страница: 105 / 192

background image

105

16

802.1X Network Access Control

Port-based network access control allows the operation of a system’s port(s) to be controlled to
ensure that access to its services is permitted only by systems that are authorized to do so.

Port Access Control provides a means of preventing unauthorized access by supplicants or
users to the services offered by a System. Control over the access to a switch and the LAN to
which it is connected can be desirable in order to restrict access to publicly accessible bridge
ports or departmental LANs.

The Unified Switch achieves access control by enforcing authentication of supplicants that are
attached to an authenticator’s controlled ports. The result of the authentication process
determines whether the supplicant is authorized to access services on that controlled port.

A PAE (Port Access Entity) can adopt one of two roles within an access control interaction:

•

Authenticator – Port that enforces authentication before allowing access to services avail-
able via that Port.

•

Supplicant – Port that attempts to access services offered by the Authenticator.

Additionally, there exists a third role:

•

Authentication server – Server that performs the authentication function necessary to
check the credentials of the supplicant on behalf of the Authenticator.

Completion of an authentication exchange requires all three roles. The Unified Switch
supports the authenticator role only, in which the PAE is responsible for communicating with
the supplicant. The authenticator PAE is also responsible for submitting information received
from the supplicant to the authentication server in order for the credentials to be checked,
which determines the authorization state of the port. Depending on the outcome of the
authentication process, the authenticator PAE then controls the authorized/unauthorized state
of the controlled Port.

Authentication can be handled locally or via an external authentication server. Two are:
Remote Authentication Dial-In User Service (RADIUS) or Terminal Access Controller Access
Control System (). The Unified Switch currently supports RADIUS for 802.1X.

RADIUS supports an accounting function to maintain data on service usages. Under RFC
2866, an extension was added to the RADIUS protocol giving the client the ability to deliver
accounting information about a user to an accounting server. Exchanges to the accounting
server follow similar guidelines as that of an authentication server but the flows are much

«
...
103
104
105
106
107
...
»

Содержание UNIFIED WIRED & WIRELESS ACCESS SYSTEM...

Страница 1: ...Configuration Guide Product Model DWS 3000 Series Unified Wired Wireless Access System Release 3 0 February 2011 Copyright 2011 All rights reserved ...

Страница 2: ...2 2001 2011 D Link Corporation All Rights Reserved Configuration Guide ...

Страница 3: ...vice 21 System Information and System Setup 21 2 Using the Web Interface 27 Configuring for Web Access 27 Starting the Web Interface 28 Web Page Layout 28 Configuring an SNMP V3 User Profile 29 Command Buttons 30 Switching the Date Time Zone 31 3 Virtual LANs 33 VLAN Configuration Example 34 Configuring a Guest VLAN 34 Configuring Dynamic VLAN Assignments 34 CLI Examples 35 Example 1 Create Two VL...

Страница 4: ...Example 2 show mac address table igmpsnooping 50 Example 3 set igmp Global Config Mode 50 Example 4 set igmp Interface Config Mode 50 Web Examples 51 7 Port Mirroring 57 Overview 57 CLI Examples 57 Example 1 Set up a Port Mirroring Session 57 Example 2 Show the Port Mirroring Session 58 Example 3 Show the Status of All Ports 58 Example 4 Show the Status of the Source and Destination Ports 58 Web E...

Страница 5: ... Configure VRRP 82 13 Proxy Address Resolution Protocol ARP 85 Overview 85 CLI Examples 85 Example 1 show ip interface 85 Example 2 ip proxy arp 86 Web Example 86 14 Routing Information Protocol RIP 87 Overview 87 RIP Configuration 87 RIP Interface Configuration 88 RIP Route Redistribution Configuration 88 15 Access Control Lists ACLs 91 Overview 91 Limitations 91 MAC ACLs 92 IP ACLs 92 ACL Config...

Страница 6: ... Overview 119 Operation 119 CLI Examples 120 Example 1 show port security 120 Example 2 show port security on a specific interface 120 Example 3 Config port security 120 Web Examples 121 19 RADIUS 125 Client Name in Local MAC Authentication List 125 RADIUS Fail through and Failover Server Support 126 RADIUS Configuration Examples 127 Configuring RADIUS for Wired Clients 127 Configuring RADIUS Fail...

Страница 7: ...e 2 Enable DHCP Filtering for an Interface 164 Example 3 Show DHCP Filtering Configuration 164 Web Examples 164 24 Traceroute 167 CLI Example 167 25 Configuration Scripting 169 Overview 169 Considerations 169 CLI Examples 169 Example 1 script 169 Example 2 script list and script delete 170 Example 3 script apply running config scr 170 Example 4 show running config 170 Example 5 copy nvram script 1...

Страница 8: ...80 Example 6 configuring sntp server 181 Example 7 configure sntp client port 181 Web Interface Examples 181 29 Syslog 185 Overview 185 Interpreting Log Files 185 CLI Examples 186 Example 1 show logging 186 Example 2 show logging buffered 186 Example 3 show logging traplogs 187 Example 4 show logging hosts 187 Example 5 logging port configuration 188 Web Examples 189 30 Port Description 191 CLI Ex...

Страница 9: ... Router VLAN Statistics Page 54 Figure 19 IGMP Snooping Multicast Router VLAN Configuration Page 55 Figure 20 Multiple Port Mirroring 59 Figure 21 Multiple Port Mirroring Add Source Ports 59 Figure 22 System Port Utilization Summary 60 Figure 23 LLDP Global Configuration 63 Figure 24 LLDP Interface Configuration 64 Figure 25 LLDP Interface Summary 65 Figure 26 LLDP Statistics 65 Figure 27 Denial o...

Страница 10: ...CP Web Page Customization Authentication Page 115 Figure 63 CP Web Page Customization Welcome Page 115 Figure 64 CP Web Page Customization Logout Page 116 Figure 65 CP Web Page Customization Logout Success Page 116 Figure 66 Port Security Administration 121 Figure 67 Port Security Interface Configuration 121 Figure 68 Port Security Statically Configured MAC Addresses 122 Figure 69 Port Security Dy...

Страница 11: ...cy Summary 157 Figure 103 DiffServ Policy Attribute Summary 157 Figure 104 DiffServ Service Configuration 158 Figure 105 DiffServ Service Summary 158 Figure 106 DiffServ VoIP Example Network Diagram 161 Figure 107 DHCP Filtering Configuration 165 Figure 108 DHCP Filtering Interface Configuration 165 Figure 109 DHCP Filter Binding Information 166 Figure 110 Telnet Session Configuration 175 Figure 1...

Страница 12: ...12 2001 2011 D Link Corporation All Rights Reserved Configuration Guide ...

Страница 13: ...l Port Data 22 Table 3 Quick Start up User Account Management 23 Table 4 Quick Start up IP Address 24 Table 5 Uploading from Networking Device to Out of Band PC XMODEM 25 Table 6 Downloading from Out of Band PC to Networking Device XMODEM 25 Table 7 Downloading from TFTP Server 26 Table 8 Setting to Factory Defaults 26 ...

Страница 14: ...14 2001 2011 D Link Corporation All Rights Reserved Configuration Guide ...

Страница 15: ... network management and Quality of Service functions such as Access Control Lists and Differentiated Services The functions you choose to activate will depend on the size and complexity of your network This document illustrates configuration for the following functions L2 Features Virtual LANs VLANs Storm Control Trunking Link Aggregation Port Channels Internet Group Management Protocol IGMP Snoop...

Страница 16: ...Audience Use this guide if you are a n Experienced system administrator who is responsible for configuring and operating a net work using the D Link DWS 3000 switch Level 1 and or Level 2 Support provider To obtain the greatest benefit from this guide you should have an understanding of the Unified Switch You should also have basic knowledge of Ethernet and networking concepts CLI Documentation Th...

Страница 17: ... IP address subnet mask and default gateway Configure for In band connectivity using one of the following methods BootP or DHCP EIA 232 port Using BootP or DHCP You can assign IP information initially over the network or over the Ethernet service port through BootP or DHCP Check with your system administrator to determine whether BootP or DHCP is enabled You need to configure the BootP or DHCP ser...

Страница 18: ...nd of the serial cable to the EIA 232 port of the switch and the other end to the modem 2 Set up the terminal for VT100 terminal emulation A Set the terminal ON B Launch the VT100 application C Configure the COM port as follows I Set the data rate to 115 200 baud II Set the data format to 8 data bits 1 stop bit and no parity III Set the flow control to none IV Select the proper mode under Properti...

Страница 19: ... or a desktop or a portable system with a serial port running VT100 terminal emulation software An RS 232 cable with a male DB 9 connector for the console port and the appropriate connector for the terminal Perform the following tasks to connect a terminal to the switch console port using out of band connectivity 1 Connect the RS 232 cable to the terminal running VT100 terminal emulation software ...

Страница 20: ...onds Initial Configuration NOTE The initial simple configuration procedure is based on the following assump tions The switch was not configured before and is in the same state as when you received it The switch booted successfully The console connection was established and the console prompt appears on the screen of a VT100 terminal or terminal equivalent The initial switch configuration is perfor...

Страница 21: ... mode does not use a password after typ ing admin press Enter two times The CLI User EXEC prompt is displayed Type enable to switch to the Privileged EXEC mode from User EXEC Type configure to switch to the Global Config mode from Privileged EXEC Type exit to return to the previous mode Enter to show a list of commands that are available in the current mode NOTE For more information about the conf...

Страница 22: ...WS 3026 Serial Number 123456abcdef FRU Number Maintenance Level A Manufacturer 0xbc00 Burned In MAC Address 00 01 17 86 34 55 Software Version D 4 18 8 Additional Packages QOS Wireless Command Details show port all Privileged EXEC Mode Displays the ports Interface slot port See the CLI Command Reference for more informa tion about naming conventions Type Indicates if the port is a special type of ...

Страница 23: ...ig Mode Allows the user to set passwords or change passwords needed to login A prompt appears after the command is entered requesting the user s old password In the absence of an old password leave the area blank The user must press Enter to execute the com mand The system then prompts the user for a new password then a prompt to confirm the new password If the new password and the confirmed passw...

Страница 24: ... interface Default is 255 0 0 0 Default Gateway The default Gateway for this interface Default value is 0 0 0 0 Burned in MAC Address The Burned in MAC Address used for in band connectivity Locally Administered MAC Address Can be configured to allow a locally administered MAC address MAC Address Type Specifies which MAC address should be used for in band connectivity Network Configurations Protoco...

Страница 25: ...nd confirms the upload is progressing The types are config configuration file errorlog error log log message log traplog trap log The url must be specified as xmodem filepath filename If you are using HyperTerminal you must specify where the file is to be received by the PC Table 6 Downloading from Out of Band PC to Networking Device XMODEM Command Details copy url nvram startup config Privileged ...

Страница 26: ...guration file nvram startup config The URL must be specified as tftp ipaddress filepath filename The nvram startup config option down loads the configuration file using tftp and system image option downloads the code file Table 8 Setting to Factory Defaults Command Details clear config Privileged EXEC Mode Enter yes when the prompt pops up to clear all the configu rations made to the networking de...

Страница 27: ...ersion 1 2 or later JavaTM Runtime Plug in 1 50 06 or later There are equivalent functions in the Web interface and the terminal interface both applications usually employ the same menus to accomplish a task For example when you log in there is a Main Menu with the same functions available etc There are several differences between the Web and terminal interfaces For example on the Web interface th...

Страница 28: ... the navigation tree Web Page Layout A Web interface panel for the switch Web page consists of three areas Figure 2 A banner graphic of the switch appears across the top of the panel The second area a hierarchical tree view appears to the left of the panel The tree consists of a combination of folders subfolders and configuration and status HTML pages You can think of the folders and subfolders as...

Страница 29: ...rofile is a part of user configuration Any user can connect to the switch using the SNMPv3 protocol but for authentication and encryption additional steps are needed Use the following steps to configure an SNMP V3 new user profile Figure 3 Configuring an SNMP V3 User Profile 1 From the LAN navigation menu select LAN Administration User Accounts see Figure 3 ...

Страница 30: ...tep 9 8 To enable encryption use the Encryption Protocol pull down menu to select DES for the encryption scheme Then enter an encryption code of eight or more alphanumeric characters in the Encryption Key field 9 Click Submit Command Buttons The following command buttons are used throughout the Web interface panels for the switch Save Pressing the Save button implements and saves the changes you j...

Страница 31: ... Interface 31 2 Using the Web Interface Switching the Date Time Zone To configure the system date and time from the Administration navigation menu select System Description see Figure 4 Figure 4 System Description Page ...

Страница 32: ...32 2001 2011 D Link Corporation All Rights Reserved Configuration Guide ...

Страница 33: ... the packet may either reject it or insert a tag using its default VLAN ID A given port may handle traffic for more than one VLAN but it can only support one default VLAN ID Two features let you define packet filters that the switch uses as the matching criteria to determine if a particular packet belongs to a particular VLAN The IP subnet Based VLAN feature lets you map IP addresses to VLANs by s...

Страница 34: ...twork access If a client station fails to authenticate using 802 1X or RADIUS or if the client does not support 802 1X then after the authentication times out the station is put on the guest VLAN configured for that switch port For more information about how to configure a Guest VLAN for wired clients see Guest VLAN on page 107 Configuring Dynamic VLAN Assignments The software supports VLAN assign...

Страница 35: ...4 Config interface 0 2 DWS 3024 Interface 0 2 vlan participation include 2 DWS 3024 Interface 0 2 vlan acceptframe vlanonly DWS 3024 Interface 0 2 exit DWS 3024 Config exit DWS 3024 config DWS 3024 Config vlan port tagging all 2 DWS 3024 Config exit Example 3 Assign Ports to VLAN3 This example shows how to assign the ports that will belong to VLAN 3 and to specify that untagged frames will be acce...

Страница 36: ...Interface 0 2 exit DWS 3024 Config exit Example 5 Assign IP Addresses to VLAN 2 DWS 3024 vlan database DWS 3024 Vlan vlan association subnet 192 168 10 10 255 255 255 0 2 DWS 3024 Vlan exit DWS 3024 show vlan association subnet IP Address IP Mask VLAN ID 192 168 10 10 255 255 255 0 2 DWS 3024 Web Interface You can perform the same configuration in the CLI Examples section by using the Web interfac...

Страница 37: ... if they have the same VLAN membership Protected ports can forward traffic to unprotected ports Unprotected ports can forward traffic to both protected and unprotected ports You can also configure groups of protected ports Each group s configuration consists of a name and a mask of ports A port can belong to only one set of protected ports An unprotected port can be added to a group as a protected...

Страница 38: ... an IP phone is safeguarded from deterioration when data traffic on the port is high The inherent isolation provided by VLANs ensures that inter VLAN traffic is under management control and that network attached clients cannot initiate a direct attack on voice components A QoS protocol based on the IEEE 802 1P class of service CoS protocol uses classification and scheduling to send network traffic...

Страница 39: ...D The voice VLAN packets are uniquely identified by a number you assign All voice traffic carries this VLAN ID to distinguish it from other data traffic which is assigned the port s default VLAN ID However voice traffic is not prioritized differ ently than other traffic dot1p This parameter is set by the VoIP device for all voice traffic to distinguish voice data from other traffic All other traff...

Страница 40: ...40 2001 2011 D Link Corporation All Rights Reserved Configuration Guide ...

Страница 41: ...idual interfaces and you ll set the threshold storm control level beyond which the broadcast multicast or unicast traffic will be dropped Configuring a storm control level also enables that form of storm control Disabling a storm control level using the no version of the command sets the storm control level back to default value and disables that form of storm control Using the no version of the s...

Страница 42: ...ple 2 Set Multicast Storm Control for All Interfaces DWS 3024 config DWS 3024 Config storm control multicast all cr Press Enter to execute the command level Configure storm control thresholds DWS 3024 Config storm control multicast all level 8 DWS 3024 Config exit DWS 3024 Example 3 Set Unicast Storm Control for All Interfaces DWS 3024 config DWS 3024 Config storm control unicast all level 5 DWS 3...

Страница 43: ...Interface 43 4 Storm Control Web Interface The Storm Control configuration options are available on the Port Configuration Web page under the Administration folder Figure 9 Port Configuration Storm Control ...

Страница 44: ...44 2001 2011 D Link Corporation All Rights Reserved Configuration Guide ...

Страница 45: ... exchanges of LACPDUs Static configuration is used when connecting the switch to an external switch that does not support the exchange of LACPDUs The feature offers the following benefits Increased reliability and availability if one of the physical links in the port channel goes down traffic is dynamically and transparently reassigned to one of the other physical links Increased bandwidth the agg...

Страница 46: ...4 Config port channel lag_10 DWS 3024 Config port channel lag_20 DWS 3024 Config exit Use the show port channel all command to show the logical interface ids you will use to identify the port channels in subsequent commands Assume that lag_10 is assigned id 3 1 and lag_20 is assigned id 3 2 Subnet 3 Port 0 8 LAG_20 Layer 2 Switch Port 0 9 LAG_20 Server Port 0 2 LAG_10 Port 0 3 LAG_10 Layer 3 Switc...

Страница 47: ...nterface 0 2 exit DWS 3024 Config interface 0 3 DWS 3024 Interface 0 3 addport 3 1 DWS 3024 Interface 0 3 exit DWS 3024 Config exit DWS 3024 config DWS 3024 Config interface 0 8 DWS 3024 Interface 0 8 addport 3 2 DWS 3024 Interface 0 8 exit DWS 3024 Config interface 0 9 DWS 3024 Interface 0 9 addport 3 2 DWS 3024 Interface 0 9 exit DWS 3024 Config exit Example 3 Enable both port channels By defaul...

Страница 48: ...e Configuration LAGs Port channels To perform the same configuration using the Web interface use the LAN L2 Features Trunking Configuration page Figure 11 Trunking Configuration To create the port channels specify port participation and enable Link Aggregation LAG support on the switch ...

Страница 49: ...w IGMP Uses Version 3 of IGMP Includes snooping Snooping can be enabled per VLAN CLI Examples The following are examples of the commands used in the IGMP Snooping feature Example 1 show igmpsnooping DWS 3024 show igmpsnooping cr Press Enter to execute the command slot port Enter interface in slot port format mrouter Display IGMP Snooping Multicast Router information 1 3965 Display IGMP Snooping va...

Страница 50: ...DWS 3026 Config set igmp cr Press enter to execute the command groupmembership interval Configure IGMP Group Membership Interval secs interfacemode Enable Disable IGMP Snooping maxresponse Configure IGMP Max Response time secs mcrtrexpiretime Sets the Multicast Router Present Expiration time on the system DWS 3026 Config set igmp Example 4 set igmp Interface Config Mode DWS 3026 Config interface 0...

Страница 51: ...les 51 6 IGMP Snooping Web Examples The following web pages are used in the IGMP Snooping feature Click Help for more information on the web interface Figure 12 IGMP Snooping Global Configuration and Status Page ...

Страница 52: ...52 2001 2011 D Link Corporation All Rights Reserved Configuration Guide Figure 13 IGMP Snooping Interface Configuration Page Figure 14 IGMP Snooping VLAN Configuration ...

Страница 53: ...Web Examples 53 6 IGMP Snooping Figure 15 IGMP Snooping VLAN Status Page Figure 16 IGMP Snooping Multicast Router Statistics Page ...

Страница 54: ...54 2001 2011 D Link Corporation All Rights Reserved Configuration Guide Figure 17 IGMP Snooping Multicast Router Configuration Page Figure 18 IGMP Snooping Multicast Router VLAN Statistics Page ...

Страница 55: ...Web Examples 55 6 IGMP Snooping Figure 19 IGMP Snooping Multicast Router VLAN Configuration Page ...

Страница 56: ...56 2001 2011 D Link Corporation All Rights Reserved Configuration Guide ...

Страница 57: ...eceived on the source port transmitted on a port or both received and transmitted can be mirrored to the destination port CLI Examples The following are examples of the commands used in the Port Mirroring feature Example 1 Set up a Port Mirroring Session The following command sequence enables port mirroring and specifies a source and destination ports DWS 3024 config DWS 3024 Config monitor sessio...

Страница 58: ...own Enable Enable 0 5 Enable Auto Down Enable Enable 0 6 Enable Auto Down Enable Enable 0 7 Mirror Enable Auto Down Enable Enable 0 8 Probe Enable Auto Down Enable Enable 0 9 Enable Auto Down Enable Enable 0 10 Enable Auto Down Enable Enable Example 4 Show the Status of the Source and Destination Ports Use this command for a specific port The output shows whether the port is the mirror or the prob...

Страница 59: ...Web Examples 59 7 Port Mirroring Web Examples The following web pages are used with the Port Mirroring feature Figure 20 Multiple Port Mirroring Figure 21 Multiple Port Mirroring Add Source Ports ...

Страница 60: ...60 2001 2011 D Link Corporation All Rights Reserved Configuration Guide Figure 22 System Port Utilization Summary ...

Страница 61: ...llowing sequence to specify switch wide notification interval and timers for all LLDP interfaces DWS 3024 config DWS 3024 Config lldp notification interval Configure minimum interval to send remote data change notifications timers Configure the LLDP global timer values DWS 3024 Config lldp notification interval interval seconds Range 5 3600 seconds DWS 3024 Config lldp notification interval 1000 D...

Страница 62: ...smit tlv Include Exclude LLDP optional TLV s DWS 3024 Interface 0 10 lldp receive DWS 3024 Interface 0 10 lldp transmit DWS 3024 Interface 0 10 lldp transmit mgmt DWS 3024 Interface 0 10 exit DWS 3024 Config exit DWS 3024 Example 3 Show Global LLDP Parameters DWS 3024 show lldp LLDP Global Configuration Transmit Interval 30 seconds Transmit Hold Multiplier 8 Reinit Delay 5 seconds Notification Int...

Страница 63: ... parameters Figure 23 LLDP Global Configuration The LLDP Global Configuration page contains the following fields Transmit Interval 1 32768 Specifies the interval at which frames are transmitted The default is 30 seconds Hold Multiplier 2 10 Specifies multiplier on the transmit interval to assign to TTL Default is 4 Re Initialization Delay 1 10 Specifies delay before a re initialization Default is ...

Страница 64: ...ers Transmit Mode Enables or disables the transmit function The default is disabled Receive Mode Enables or disables the receive function The default is disabled Transmit Management Information Enables or disables transmission of management address instance Default is disabled Notification Mode Enables or disables remote change notifications The default is dis abled Included TLVs Selects TLV infor...

Страница 65: ... Configure LLDP 65 8 Link Layer Discovery Protocol Figure 25 LLDP Interface Summary Figure 26 LLDP Statistics You can also use the pages in the LAN Monitoring LLDP Status folder to view information about local and remote devices ...

Страница 66: ...66 2001 2011 D Link Corporation All Rights Reserved Configuration Guide ...

Страница 67: ...the host or network unstable Compliant with Nessus Nessus is a widely used vulnerability assessment tool The Unified Switch provides a number of features that help a network administrator pro tect networks against DoS attacks CLI Examples Enter from Global Config mode DWS 3024 configure DWS 3024 Config dos control sipdip DWS 3024 Config dos control firstfrag DWS 3024 Config dos control tcpfrag DWS...

Страница 68: ...e Min TCP Hdr Size 20 TCP Fragment Mode Enable TCP Flag Mode Disable L4 Port Mode Enable ICMP Mode Enable Max ICMP Pkt Size 512 Web Interface You can configure the Denial of Service feature from the Denial of Service Protection Configuration page Figure 27 Denial of Service Protection Configuration ...

Страница 69: ...he Layer 3 address in its address table to determine the outbound port Updates the Layer 3 header Recreates the Layer 2 header The router s IP address is often statically configured in the end station although the Unified Switch supports DHCP that allow the address to be assigned dynamically You may assign static entries in the routing tables used by the router Port Routing Configuration The Unifi...

Страница 70: ... port routing support shown in the diagram Figure 28 Port Routing Example Network Diagram Example 1 Enabling Routing for the Switch Use the following command to enable routing for the switch Execution of the command enables IP forwarding by default config ip routing exit Example 2 Enabling Routing for Ports on the Switch Use the following commands to enable routing for ports on the switch The defa...

Страница 71: ...d the maximum transmission unit MTU size is 1500 bytes config interface 0 2 routing ip address 192 150 2 2 255 255 255 0 exit exit config interface 0 3 routing ip address 192 130 3 1 255 255 255 0 exit exit config interface 0 5 routing ip address 192 64 4 1 255 255 255 0 exit exit ...

Страница 72: ... the Graphical User Interface To enable routing for the switch as shown in Example 1 Enabling Routing for the Switch use the LAN L3 Features IP Configuration page Figure 29 IP Configuration To configure routing on each interface as shown in Example 2 Enabling Routing for Ports on the Switch use the LAN L3 Features IP Interface Configuration page Figure 30 IP Interface Configuration ...

Страница 73: ...r a subset VLAN Routing can be used to allow more than one physical port to reside on the same subnet It could also be used when a VLAN spans multiple physical networks or when additional segmentation or security is required This section shows how to configure the Unified Switch to support VLAN routing A port can be either a VLAN port or a router port but not both However a VLAN port may be part o...

Страница 74: ...abled vlan database vlan 10 vlan 20 exit config interface 0 1 vlan participation include 10 exit interface 0 2 vlan participation include 10 exit interface 0 3 vlan participation include 20 exit exit config vlan port tagging all 10 vlan port tagging all 20 exit VLAN 10 VLAN 20 Physical Port 0 2 VLAN Router Port 4 1 192 150 3 1 Layer 3 Switch Physical Port 0 3 VLAN Router Port 4 2 192 150 4 1 Layer...

Страница 75: ...g for the VLANs vlan database vlan routing 10 vlan routing 20 exit show ip vlan This returns the logical interface IDs that will be used in subsequent routing commands Assume that VLAN 10 is assigned ID 4 1 and VLAN 20 is assigned ID 4 2 Enable routing for the switch config ip routing exit The next sequence shows an example of configuring the IP addresses and subnet masks for the VLAN router ports...

Страница 76: ...y using the Web Interface Use the LAN L2 Features VLAN VLAN Configuration page to create the VLANs specify port participation and configure whether frames will be transmitted tagged or untagged Figure 32 VLAN Configuration Use the LAN L2 Features VLAN Port Configuration page to specify the handling of untagged frames on receipt Figure 33 VLAN Port Configuration ...

Страница 77: ...VLAN Routing Use the LAN L3 Features VLAN Routing Configuration page to enable VLAN routing and configure the ports Figure 34 VLAN Routing Configuration To enable routing for the switch use the LAN L3 Features IP Configuration page Figure 35 Enabling Routing ...

Страница 78: ...rporation All Rights Reserved Configuration Guide Use the LAN L3 Features IP Interface Configuration page to enable routing for the ports and configure their IP addresses and subnet masks Figure 36 IP Interface Configuration ...

Страница 79: ...abling a backup router to take over from a master router without affecting the end stations using the route The end stations will use a virtual IP address that will be recognized by the backup router if the master router fails Participating routers use an election protocol to determine which router is the master router at any given time A given port may appear as more than one virtual router to th...

Страница 80: ...et masks for the port that will participate in the protocol config interface 0 2 routing ip address 192 150 2 1 255 255 255 0 exit Enable VRRP for the switch config ip vrrp exit Assign virtual router IDs to the port that will participate in the protocol config interface 0 2 ip vrrp 20 Port 0 2 192 150 2 1 Virtual Router ID 20 Virtual Addr 192 150 2 1 Port 0 4 192 150 4 1 Virtual Router ID 20 Virtu...

Страница 81: ...g ip routing exit Configure the IP addresses and subnet masks for the port that will participate in the protocol config interface 0 4 routing ip address 192 150 4 1 255 255 255 0 exit Enable VRRP for the switch config ip vrrp 20 exit Assign virtual router IDs to the port that will participate in the protocol config interface 0 4 ip vrrp 20 Specify the IP address that the virtual router function wi...

Страница 82: ...erform the same configuration using the Graphical User Interface To enable routing for the switch use the LAN L3 Features IP Configuration page Figure 38 IP Configuration To enable routing for the ports and configure their IP addresses and subnet masks use the LAN L3 Features IP Interface Configuration page Figure 39 IP Interface Configuration ...

Страница 83: ...undancy Protocol To enable VRRP for the switch use the LAN L3 Features VRRP VRRP Configuration page Figure 40 VRRP Configuration To configure virtual router settings use the LAN L3 Features VRRP Virtual Router Configuration page Figure 41 Virtual Router Configuration ...

Страница 84: ...84 2001 2011 D Link Corporation All Rights Reserved Configuration Guide ...

Страница 85: ...only if the target IP address is an address configured on the interface where the ARP request arrived CLI Examples The following are examples of the commands used in the proxy ARP feature Example 1 show ip interface DWS 3024 show ip interface slot port Enter an interface in slot port format brief Display summary information about IP configuration settings for all ports loopback Display the configu...

Страница 86: ...p proxy arp DWS 3024 Interface 0 24 ip proxy arp cr Press Enter to execute the command DWS 3024 Interface 0 24 ip proxy arp Web Example The following web pages are used in the proxy ARP feature Figure 42 Proxy ARP Configuration ...

Страница 87: ...opology change On receipt of a RIP update depending on whether the specified route exists or does not exist in the route table the router may modify delete or add the route to its route table The DWS 3000 switch supports RIP versions 1 and 2 RIPv2 supports carrying subnet information in RIP packets thereby enabling classless inter domain routing RIPv2 routers are interoperable with RIPv1 routers o...

Страница 88: ...on in the navigation tree Figure 44 RIP Interface Configuration RIP Route Redistribution Configuration Use the RIP Route Redistribution Configuration page to configure which routes are redistributed to other routers using RIP The allowable values for each fields are displayed next to the field If any invalid values are entered an alert message is displayed with the list of all the valid values To ...

Страница 89: ...RIP Route Redistribution Configuration 89 14 Routing Information Protocol RIP Figure 45 RIP Route Redistribution Configuration ...

Страница 90: ...90 2001 2011 D Link Corporation All Rights Reserved Configuration Guide ...

Страница 91: ...ro hit count during that interval You cannot configure the logging interval You can set up ACLs to control traffic at Layer 2 Layer 3 or Layer 4 MAC ACLs operate on Layer 2 IP ACLs operate on Layers 3 and 4 Limitations The following limitations apply to ACLs Maximum of 100 ACLs Maximum rules per ACL is 10 The system supports ACLs set up for inbound traffic only The system does not support MAC ACLs...

Страница 92: ...e CoS 802 1p Ethertype L2 ACLs can apply to one or more interfaces Multiple access lists can be applied to a single interface sequence number determines the order of execution You can assign packets to queues using the assign queue option IP ACLs IP ACLs classify for Layers 3 and 4 Each ACL is a set of up to ten rules applied to inbound traffic Each rule specifies whether the contents of a given f...

Страница 93: ...ws you how to set up an IP ACL with two rules one applicable to TCP traffic and one to UDP traffic The content of the two rules is the same TCP and UDP packets will only be accepted by the Unified Switch if the source and destination stations have IP addresses that fall within the defined sets Figure 46 IP ACL Example Network Diagram Port 0 2 ACL 179 192 168 77 1 192 168 77 2 192 168 77 9 192 168 ...

Страница 94: ...ss list 179 permit udp 192 168 77 0 0 0 0 255 192 168 77 3 0 0 0 255 exit Example 3 Apply the rule to Inbound Traffic on Port 0 2 Only traffic matching the criteria will be accepted interface 0 2 ip access group 179 in exit MAC ACL CLI Examples The following are examples of the commands used for the MAC ACLs feature Example 4 Set up a MAC Access List DWS 3024 Config mac access list extended Config...

Страница 95: ... 44 55 00 00 00 00 FF FF ethertypekey Enter one of the following keywords to specify an Ethertype appletalk arp ibmsna ipv4 ipv6 ipx mplsmcast mplsucast netbios novell pppoe rarp 0x0600 0xffff Enter a four digit hexadecimal number in the range of 0x0600 to 0xffff to specify a custom Ethertype value vlan Configure a match condition based on a VLAN ID cos Configure a match condition based on a COS v...

Страница 96: ...s Control List DWS 3024 Interface 0 5 mac access group mac1 in Enter the direction in DWS 3024 Interface 0 5 mac access group mac1 in cr Press Enter to execute the command 1 4294967295 Enter the sequence number greater than 0 to rank direction A lower sequence number has higher precedence DWS 3024 Interface 0 5 mac access group mac1 in 6 cr Press Enter to execute the command DWS 3024 Interface 0 5...

Страница 97: ...v4 ipv6 ipx mplsmcast mplsucast netbios novell pppoe rarp 0x0600 0xffff Enter a four digit hexadecimal number in the range of 0x0600 to 0xffff to specify a custom Ethertype value vlan Configure a match condition based on a VLAN ID cos Configure a match condition based on a COS value log Configure logging for this access list rule assign queue Configure the Queue Id assignment attribute cr Press En...

Страница 98: ... in this section to configure and view MAC access control list and IP access control lists MAC ACL Web Pages The following figures show the pages available to view and configure MAC ACL settings Figure 47 MAC ACL Configuration Page Create New MAC ACL Figure 48 MAC ACL Rule Configuration Create New Rule ...

Страница 99: ...Web Examples 99 15 Access Control Lists ACLs Figure 49 MAC ACL Rule Configuration Page Add Destination MAC and MAC Mask Figure 50 MAC ACL Rule Configuration Page View the Current Settings ...

Страница 100: ...100 2001 2011 D Link Corporation All Rights Reserved Configuration Guide Figure 51 ACL Interface Configuration Figure 52 MAC ACL Summary ...

Страница 101: ...Control Lists ACLs Figure 53 MAC ACL Rule Summary IP ACL Web Pages The following figures show the pages available to view and configure standard and extended IP ACL settings Figure 54 IP ACL Configuration Page Create a New IP ACL ...

Страница 102: ... D Link Corporation All Rights Reserved Configuration Guide Figure 55 IP ACL Configuration Page Create a Rule and Assign an ID Figure 56 IP ACL Rule Configuration Page Rule with Protocol and Source IP Configuration ...

Страница 103: ...Web Examples 103 15 Access Control Lists ACLs Figure 57 Attach IP ACL to an Interface ...

Страница 104: ...104 2001 2011 D Link Corporation All Rights Reserved Configuration Guide Figure 58 IP ACL Summary Figure 59 IP ACL Rule Summary ...

Страница 105: ...uthentication server Server that performs the authentication function necessary to check the credentials of the supplicant on behalf of the Authenticator Completion of an authentication exchange requires all three roles The Unified Switch supports the authenticator role only in which the PAE is responsible for communicating with the supplicant The authenticator PAE is also responsible for submitti...

Страница 106: ...ssociated with the 802 1x default login 802 1x port based access control is enabled for the system and interface 0 1 is configured to be in force authorized mode because this is where the RADIUS server and protected network resources are located Figure 60 DWS 3000 with 802 1x Network Access Control If a user or supplicant attempts to communicate via the switch on any interface except interface 0 1...

Страница 107: ... the 802 1X enabled switch port The switch verifies the credentials of the client by communicating with an authentication server If the credentials are verified the authentication server informs the switch to unblock the switch port and allows the client unrestricted access to the network i e the client is a member of an internal VLAN Guest VLAN Supplicant mode is a global configuration for all th...

Страница 108: ...Guide Configuring the Guest VLAN by Using the Web Interface To enable the Guest VLAN features by using the Web interface use the LAN Security 802 1x 802 1X Setting page To configure the Guest VLAN settings on a port use the LAN Security 802 1x 802 1X Port Setting page ...

Страница 109: ... for clients based on the RADIUS server authentication To enable the switch to accept VLAN assignment by the RADIUS server use the authorization network radius command in Global Config mode To enable the VLAN Assignment Mode by using the Web interface use the LAN Security 802 1x 802 1X Setting page and select Enable from the VLAN Assignment Mode menu ...

Страница 110: ...110 2001 2011 D Link Corporation All Rights Reserved Configuration Guide ...

Страница 111: ... that interface must enter a username and password that is verified by a local user database Web Example Use the following steps to configure a captive portal for wired clients that connect to the network by using interfaces 0 1 0 10 1 Enable the captive portal A Navigate to the LAN Security Captive Portal Global Configuration page B Select the Enable Captive Portal option C Click Submit 2 Configu...

Страница 112: ...xt on the page the logos that display and the color scheme 3 Configure a captive portal user A Navigate to the LAN Security Captive Portal Local User page B Click Add C Enter the user name user1 and the password 12345678 D Click Add 4 Associate the appropriate interfaces to the configured captive portal A Navigate to the LAN Security Captive Portal Interface Association page B Select Default from ...

Страница 113: ... 0 7 interface 0 8 interface 0 9 interface 0 10 exit user 1 password user 1 name user1 user 1 group 1 exit Customizing the Captive Portal Web Page When a wireless client connects to the access point the user sees a Web page The CP Web Page Customization page allows you to customize the appearance of that page with specific text and images You can create up to five location specific Web pages for e...

Страница 114: ... CP Welcome Page Contains settings that affect the page users see when they successfully connect to the network Logout Page Contains settings that affect the client logout window users see after they successfully authenticate This window contains the logout button Logout Success Page Contains settings that affect the page users see after they success fully deauthenticate The fields available on th...

Страница 115: ...Customizing the Captive Portal Web Page 115 17 Captive Portal Figure 62 CP Web Page Customization Authentication Page Figure 63 CP Web Page Customization Welcome Page ...

Страница 116: ... request the authenticated user connected either through wireless connection or through wired connection is removed from the connection status tables In addition the wireless clients are disassociated as well If the client logout request feature is not enabled or the user does not specifically request logout their connection status will remain authenticated until such time Captive Portal deauthent...

Страница 117: ...These RADIUS parameters are described as follows Radius Attribute WISPr Bandwidth Max Up Number 14122 7 Description Maximum client transmit rate b s Limits the bandwidth at which the client can send data into the network If the attribute is 0 or not present then use the value configured for the captive portal Range Integer Usage Optional Radius Attribute WISPr Bandwidth Max Down Number 14122 8 Des...

Страница 118: ...er 171 126 Description Maximum number of octets the user is allowed to transfer sum of octets transmitted and received After this limit has been reached the user will be disconnected If the attribute is 0 or not present then use the value configured for the captive portal Range Integer Usage Optional The WS acts as a NAS in this case These parameters could also be configured for a user in the Loca...

Страница 119: ...allowable source MAC address are forwarded Static Locking User manually specifies a list of static MAC addresses for a port Dynamically locked addresses can be converted to statically locked addresses Operation Port Security Helps secure network by preventing unknown devices from forwarding packets When link goes down all dynamically locked addresses are freed If a specific MAC address is to be se...

Страница 120: ...urity information for a specific interface dynamic Display dynamically learned MAC addresses static Display statically locked MAC addresses violation Display the source MAC address of the last packet that was discarded on a locked port Example 2 show port security on a specific interface DWS 3024 show port security 0 10 Admin Dynamic Static Violation Intf Mode Limit Limit Trap Mode 0 10 Disabled 6...

Страница 121: ...Web Examples 121 18 Port Security Web Examples The following Web pages are used in the Port Security feature Figure 66 Port Security Administration Figure 67 Port Security Interface Configuration ...

Страница 122: ...rved Configuration Guide Figure 68 Port Security Statically Configured MAC Addresses To view Port Security status information navigate to LAN Monitoring Port Security from the navigation panel Figure 69 Port Security Dynamically Learned MAC Addresses ...

Страница 123: ...Web Examples 123 18 Port Security Figure 70 Port Security Violation Status ...

Страница 124: ...124 2001 2011 D Link Corporation All Rights Reserved Configuration Guide ...

Страница 125: ... functioning RADIUS supported network a device referred to as the Network Access Server NAS first detects the contact For wired clients the NAS is the DWS 3000 switch for wireless clients the AP serves as the NAS The NAS or user login interface then prompts the user for a name and password The NAS encrypts the supplied information and a RADIUS client transports the request to a pre configured RADI...

Страница 126: ...ry server deny the authentication request The secondary server also acts as a failover server in the sense that authentication requests are sent to the secondary server if the primary server is not available for some reason For a managed AP solution the secondary server is defined along with its secret in the AP configuration profile on the DWS 3000 switch Like the primary RADIUS server the second...

Страница 127: ...in the event that the RADIUS server cannot be contacted This authentication list is then associated with the default login Figure 71 RADIUS Servers in a DWS 3000 Network When a user attempts to log in the switch prompts for a username and password The switch then attempts to communicate with the primary RADIUS server at 10 10 10 10 Upon successful connection with the server the login credentials a...

Страница 128: ... 11 11 11 radius server key auth 11 11 11 11 secret2 secret2 radius server primary 10 10 10 10 authentication login radiusList radius local users defaultlogin radiusList exit Using the Web Interface The following Web screens show how to perform the configuration described in the example Figure 72 Add a RADIUS Server ...

Страница 129: ...RADIUS Configuration Examples 129 19 RADIUS Figure 73 Configuring the RADIUS Server ...

Страница 130: ...130 2001 2011 D Link Corporation All Rights Reserved Configuration Guide Figure 74 Create an Authentication List Figure 75 Configure the Authentication List ...

Страница 131: ...s example assumes that a primary RADIUS server has already been configured in the AP profile Note that the same commands can be used in Network Profile mode to configure these parameters on particular wireless network Using CLI Commands config ap profile radius server bakcupone 11 11 11 11 radius server backuponesecret secret2 secret2 radius failthrough Using the Web Interface The following Web sc...

Страница 132: ...132 2001 2011 D Link Corporation All Rights Reserved Configuration Guide Enabling Failthrough Mode at the Global Level Enabling Failthrough Mode for a Particular Network ...

Страница 133: ...heir network IP address You can also assign each a priority to determine the order in which the TACACS client will contact them TACACS contacts the server when a connection attempt fails or times out for a higher priority server You can configure each server host with a specific connection type port timeout and shared key or you can use global configuration for the key and timeout Like RADIUS the ...

Страница 134: ...ls over an encrypted channel The server then grants or denies access which the switch honors and either allows or does not allow the user to gain access to the switch If neither of the two servers can be contacted the switch searches its local user database for the user Configuring TACACS by Using CLI Commands The following CLI commands perform the configuration described in the example config tac...

Страница 135: ...ample 135 20 TACACS Configuring TACACS by Using the Web Interface The following Web screens show how to perform the configuration described in the example Figure 78 Add a TACACS Server Figure 79 Configuring the TACACS Server ...

Страница 136: ...136 2001 2011 D Link Corporation All Rights Reserved Configuration Guide Figure 80 Create an Authentication List TACACS Figure 81 Configure the Authentication List TACACS ...

Страница 137: ...TACACS Configuration Example 137 20 TACACS Figure 82 Set the User Login TACACS ...

Страница 138: ...138 2001 2011 D Link Corporation All Rights Reserved Configuration Guide ...

Страница 139: ...ng table Ingress Port Configuration Each ingress port on the switch has a default priority value set by configuring VLAN Port Priority in the Switching sub menu that determines the egress queue its traffic gets forwarded to Packets that arrive without a priority designation or packets from ports you have identified as untrusted get forwarded according to this default Trusted and Untrusted Ports Co...

Страница 140: ...ues always sent last Weighted scheduling requires a specification of priority for each queue relative to the other queues based on their minimum bandwidth values Queue management tail drop Queue Management Type The D Link DWS 3000 switch supports the tail drop method of queue management This means that any packet forwarded to a full queue is dropped regardless of its importance CLI Examples Figure...

Страница 141: ...the diagram the packet transmission order as seen on the network leading out of Port 0 8 is B A D C Thus packet B with its higher user precedence than the others is able to work its way through the device with minimal delay and is transmitted ahead of the other packets at the egress port UserPri 3 packet A UserPri 7 packet B untagged packet C UserPri 6 packet D time Port 0 10 mode trust dot1p 0 2 ...

Страница 142: ...dot1p mapping 6 3 vlan priority 2 exit interface 0 8 cos queue min bandwidth 0 0 5 5 10 20 40 0 cos queue strict 6 exit exit You can also set traffic shaping parameters for the interface If you wish to shape the egress interface for a sustained maximum data rate of 80 Mbps assuming a 100Mbps link speed you would add a simple configuration line expressing the shaping rate as a percentage of link sp...

Страница 143: ...b Examples 143 21 Class of Service Queuing Web Examples The following web pages are used for the Class of Service feature Figure 85 802 1p Priority Mapping Page Figure 86 CoS Trust Mode Configuration Page ...

Страница 144: ...144 2001 2011 D Link Corporation All Rights Reserved Configuration Guide Figure 87 IP DSCP Mapping Configuration Page Figure 88 CoS Interface Configuration Page ...

Страница 145: ...Web Examples 145 21 Class of Service Queuing Figure 89 CoS Interface Queue Configuration Page Figure 90 CoS Interface Queue Status Page ...

Страница 146: ...146 2001 2011 D Link Corporation All Rights Reserved Configuration Guide ...

Страница 147: ...ased on the contents of the Layer 3 and Layer 4 headers and is recorded in the Differentiated Services Code Point DSCP added to a packet s IP header Interior node A switch in the core of the network is responsible for forwarding packets rather than for classifying them It decodes the DSCP in an incoming packet and provides buffering and forwarding services using the appropriate queue management al...

Страница 148: ...mple This example shows how a network administrator can provide equal access to the Internet or other external network to different departments within a company Each of four departments has its own Class B subnet that is allocated 25 of the available bandwidth on the port accessing the Internet Figure 91 DiffServ Internet Access Example Network Diagram DiffServ Inbound Configuration 1 Ensure DiffS...

Страница 149: ...ress queue This is how the DiffServ inbound policy connects to the CoS queue settings established below policy map internet_access in class finance_dept assign queue 1 exit class marketing_dept assign queue 2 exit class test_dept assign queue 3 exit class development_dept assign queue 4 exit exit 4 Attach the defined policy to interfaces 0 1 through 0 4 in the inbound direction interface 0 1 servi...

Страница 150: ...oming color value to be used as the conforming color The following commands show how to add a color aware policing attribute to the finance_dept class 1 Add a new class to serve as the auxiliary traffic class The match condition for the class must be either IP Precedence or IP DSCP In this example the match condition is IP Prece dence with a value of 2 class map match all color_class match ip prec...

Страница 151: ...ce Value 2 Class Name marketing_dept Assign Queue 2 Class Name test_dept Assign Queue 3 Class Name development_dept Assign Queue 4 Using the Web Interface to Configure Diffserv Access the DiffServ configuration pages from the LAN QoS Differentiated Services folder The following DiffServ pages are available DiffServ Configuration Class Configuration Policy Configuration Policy Class Definition Serv...

Страница 152: ...152 2001 2011 D Link Corporation All Rights Reserved Configuration Guide Figure 92 DiffServ Configuration Figure 93 DiffServ Class Configuration ...

Страница 153: ...Using the Web Interface to Configure Diffserv 153 22 Differentiated Services Figure 94 DiffServ Class Configuration Add Match Criteria Figure 95 Source IP Address ...

Страница 154: ...154 2001 2011 D Link Corporation All Rights Reserved Configuration Guide Figure 96 DiffServ Class Configuration Figure 97 DiffServ Class Summary ...

Страница 155: ...Using the Web Interface to Configure Diffserv 155 22 Differentiated Services Figure 98 DiffServ Policy Configuration Figure 99 DiffServ Policy Configuration ...

Страница 156: ...156 2001 2011 D Link Corporation All Rights Reserved Configuration Guide Figure 100 DiffServ Policy Class Definition Figure 101 Assign Queue ...

Страница 157: ...Using the Web Interface to Configure Diffserv 157 22 Differentiated Services Figure 102 DiffServ Policy Summary Figure 103 DiffServ Policy Attribute Summary ...

Страница 158: ...158 2001 2011 D Link Corporation All Rights Reserved Configuration Guide Figure 104 DiffServ Service Configuration Figure 105 DiffServ Service Summary ...

Страница 159: ... refreshes and the Class Match Selector field appears The match condition for the class must be either IP Precedence or IP DSCP In this example the match condition is IP Precedence with a value of 2 2 From the Class Match Selector field select IP Precedence and click Add Match Criteria 3 From the Precedence Value menu on the IP Precedence page select 2 and then click Submit 4 Navigate to the Polic...

Страница 160: ...er the screen refreshes enter values for the Committed Rate and Committed Burst Size fields D Click Configure Selected Attribute The DiffServ Policy Attribute Summary page appears so you can view information about all of the policies and their attributes configured on the system ...

Страница 161: ...te is vital This example shows one way to provide the necessary quality of service how to set up a class for UDP traffic have that traffic marked on the inbound side and then expedite the traffic on the outbound side The configuration script is for Router 1 in the accompanying diagram a similar script should be applied to Router 2 Figure 106 DiffServ VoIP Example Network Diagram 1 2 3 4 5 6 7 8 9 ...

Страница 162: ...iterion to detect a DiffServ code point DSCP of EF expedited forwarding This handles incoming traffic that was previously marked as expedited elsewhere in the network class map match all class_ef match ip dscp ef exit Create a DiffServ policy for inbound traffic named pol_voip then add the previously created classes class_ef and class_voip as instances within this policy This policy handles incomi...

Страница 163: ...rks by allowing the administrator to configure each port as a trusted or untrusted port The port that has the authorized DHCP server should be configured as a trusted port Any DHCP responses received on a trusted port will be forwarded All other ports should be configured as untrusted Any DHCP or BootP responses received on the ingress side will be discarded Limitations Port Channels LAGs If an in...

Страница 164: ...ig interface 0 11 ip dhcp filtering trust exit exit Example 3 Show DHCP Filtering Configuration show ip dhcp filtering Switch DHCP Filtering is Enabled Interface Trusted 0 1 No 0 2 No 0 3 No 0 4 No 0 5 No 0 6 No 0 7 No 0 8 No 0 9 No 0 10 No 0 11 Yes 0 12 No 0 13 No 0 14 No 0 15 No Web Examples From the Web interface you can perform the following DHCP Filtering tasks Enable or disable administratio...

Страница 165: ...h Figure 107 DHCP Filtering Configuration Use the DHCP Filtering Interface Configuration page to configure DHCP Filtering on specific interfaces Figure 108 DHCP Filtering Interface Configuration To view the DHCP Filtering settings on each interface use the DHCP Filter Binding Information page under LAN Monitoring DHCP Filter Summary ...

Страница 166: ...166 2001 2011 D Link Corporation All Rights Reserved Configuration Guide Figure 109 DHCP Filter Binding Information ...

Страница 167: ...all L3 devices Can be used to detect issues on the network Tracks up to 20 hops Default UDP port uses 33343 unless modified in the traceroute command NOTE You can execute Traceroute with CLI commands only there is no Web interface for this feature CLI Example The following shows an example of using the traceroute command to determine how many hops there are to the destination The command output sh...

Страница 168: ... 2 10 254 253 1 30 ms 49 ms 21 ms 3 63 237 23 33 29 ms 10 ms 10 ms 4 63 144 4 1 39 ms 63 ms 67 ms 5 63 144 1 141 70 ms 50 ms 50 ms 6 205 171 21 89 39 ms 70 ms 50 ms 7 205 171 8 154 70 ms 50 ms 70 ms 8 205 171 8 222 70 ms 50 ms 80 ms 9 205 171 251 34 60 ms 90 ms 50 ms 10 209 244 219 181 60 ms 70 ms 70 ms 11 209 244 11 9 60 ms 60 ms 50 ms 12 4 68 121 146 50 ms 70 ms 60 ms 13 4 79 228 2 60 ms 60 ms 6...

Страница 169: ... Apply Upload Download Provides script format of one CLI command per line Considerations Total number of scripts stored on the system is limited by NVRAM FLASH size Application of scripts is partial if script fails For example if the script executes five of ten commands and the script fails the script stops at five Scripts cannot be modified or deleted while being applied Validation of scripts che...

Страница 170: ...asic scr Are you sure you want to delete the configuration script s y n y 1 configuration script s deleted Example 3 script apply running config scr DWS 3024 script apply running config scr Are you sure you want to apply the configuration script y n y The systems has unsaved changes Would you like to save them now y n y Configuration Saved Example 4 show running config Use this command to capture ...

Страница 171: ...you sure you want to start y n y File transfer operation completed successfully Example 6 script validate running config scr DWS 3024 script validate running config scr serviceport protocol none network protocol dhcp no network javamode vlan database exit configure exit logging buffered logging host 192 168 77 151 Configuration script running config scr validated DWS 3024 script apply running conf...

Страница 172: ...024 script validate default scr network parms 172 30 4 2 255 255 255 0 0 0 0 0 vlan database exit configure lineconfig exit spanning tree configuration name 00 18 00 00 00 10 interface 0 1 exit interface 0 2 exit interface 0 3 exit continues through interface 0 26 exit exit Configuration script default scr validation succeeded ...

Страница 173: ... When a telnet connection is initiated each side of the connection is assumed to originate and terminate at a Network Virtual Terminal NVT Server and user hosts do not maintain information about the characteristics of each other s terminals and terminal handling conventions Must use a valid IP address CLI Examples The following are examples of the commands used in the Outbound Telnet feature ...

Страница 174: ...show telnet DWS 3024 show telnet Outbound Telnet Login Timeout minutes 5 Maximum Number of Outbound Telnet Sessions 5 Allow New Outbound Telnet Sessions Yes Example 3 transport output telnet DWS 3024 Config lineconfig cr Press Enter to execute the command DWS 3024 Config lineconfig DWS 3024 Line transport input Displays the protocols to use to connect to a specific line of the router output Displa...

Страница 175: ...on limit 5 DWS 3024 Line session timeout 1 160 Enter time in minutes DWS 3024 Line session timeout 15 Web Example You can set up the Outbound Telnet session through the Web interface You can Enable or disable administration mode Set how many sessions you want Set the session time outs Figure 110 Telnet Session Configuration ...

Страница 176: ...176 2001 2011 D Link Corporation All Rights Reserved Configuration Guide ...

Страница 177: ...can be uploaded or downloaded File size cannot be larger than 2K The Pre Login Banner feature is only for the CLI interface CLI Example To create a Pre Login Banner follow these steps 1 On your PC using Notepad or another text editor create a banner txt file that contains the banner to be displayed DWS 3000 switch Login Banner Unauthorized access is punishable by law 2 Transfer the file from the P...

Страница 178: ...TFTP Server IP 192 168 77 52 TFTP Path TFTP Filename banner txt Data Type Cli Banner Are you sure you want to start y n y CLI Banner file transfer operation completed successfully DWS 3024 exit DWS 3024 logout DWS 3000 switch Login Banner Unauthorized access is punishable by law User Note The command no clibanner removes the banner from the switch ...

Страница 179: ...nt implemented over UDP which listens on port 123 CLI Examples The following are examples of the commands used in the SNTP feature Example 1 show sntp DWS 3024 show sntp cr Press Enter to execute the command client Display SNTP Client Information server Display SNTP Server Information Example 2 show sntp client DWS 3024 show sntp client Client Supported Modes unicast broadcast SNTP Version 4 Port ...

Страница 180: ... 18 11 59 33 2005 Last Update Status Other Total Unicast Requests 1111 Failed Unicast Requests 361 Example 4 configure sntp DWS 3024 Config sntp broadcast Configure SNTP client broadcast parameters client Configure the SNTP client parameters server Configure SNTP server parameters unicast Configure SNTP client unicast parameters Example 5 configure sntp client mode DWS 3024 Config sntp client mode...

Страница 181: ... client port 1 cr Press Enter to execute the command 6 10 Enter value in the range 6 to 10 Poll interval is 2 value in seconds Web Interface Examples The following are examples of Web Interface pages used in the SNTP feature To configure SNTP settings use the LAN Admin SNTP SNTP Settings Configuration page Figure 111 SNTP Settings Configuration Page Figure 112 SNTP Server Configuration Page To con...

Страница 182: ...ion Guide Figure 113 SNTP Server Configuration Page To configure SNTP server settings use the LAN Admin SNTP Time Zone Configuration page Figure 114 Time Zone Configuration Page To configure SNTP server settings use the LAN Admin SNTP Summer Time Configuration page ...

Страница 183: ...Web Interface Examples 183 28 Simple Network Time Protocol SNTP Figure 115 Summer Time Configuration Page ...

Страница 184: ...184 2001 2011 D Link Corporation All Rights Reserved Configuration Guide ...

Страница 185: ... to local files on the switch or a remote server running a syslog daemon Method of collecting message logs from many systems Interpreting Log Files 130 JAN 01 00 00 06 0 0 0 0 1 UNKN 0x800023 bootos c 386 4 Event 0xaaaaaaaa A Priority B Timestamp C Stack ID D Component Name E Thread ID F File Name G Line Number H Sequence Number I Message A B C D E F G H I ...

Страница 186: ...and DWS 3024 show logging buffered Buffered In Memory Logging enabled Buffered Logging Wrapping Behavior On Buffered Log Count 66 6 Nov 29 13 31 38 0 0 0 0 1 UNKN 292290880 sysapi c 1280 3 sysapiCfgFile sSeparate CRC check failed 0x0 read and 0xce0a37e0 calculated 6 Nov 29 13 31 38 0 0 0 0 1 UNKN 292290880 sysapi c 1131 4 could not sep arate SYSAPI_CONFIG_FILENAME 2 Nov 29 13 31 42 0 0 0 0 1 UNKN ...

Страница 187: ... 4 2 days 23 16 32 Link Down Unit 0 Slot 1 Port 2 5 2 days 23 16 03 Link Down Unit 0 Slot 1 Port 1 6 2 days 19 49 28 Multiple Users Unit 0 Slot 3 Port 1 7 2 days 18 20 56 Multiple Users Unit 0 Slot 3 Port 1 8 2 days 17 10 41 Multiple Users Unit 0 Slot 3 Port 1 9 2 days 00 55 42 Multiple Users Unit 0 Slot 3 Port 1 10 2 days 00 55 38 Failed User Login Unit 1 User ID admin 11 2 days 00 20 12 Multiple...

Страница 188: ...reconfigure Logging Host Reconfiguration remove Logging Host Removal DWS 3024 Config logging host 192 168 21 253 cr Press Enter to execute the command port Enter Port ID from 0 to 65535 DWS 3024 Config logging host 192 168 21 253 4 cr Press Enter to execute the command severitylevel Enter Logging Severity Level emergency 0 alert 1 critical 2 error 3 warning 4 notice 5 info 6 debug 7 DWS 3024 Confi...

Страница 189: ...Web Examples 189 29 Syslog Web Examples The following web pages are used with the Syslog feature Figure 116 Log Syslog Configuration Page Figure 117 Buffered Log Configuration Page ...

Страница 190: ...190 2001 2011 D Link Corporation All Rights Reserved Configuration Guide Figure 118 Log Hosts Configuration Page Add Host Figure 119 Log Hosts Configuration Page ...

Страница 191: ...LI Example Use the commands shown below for the Port Description feature Example 1 Enter a Description for a Port This example specifies the name Test for port 0 10 config interface 0 10 description Test exit exit Example 2 Show the Port Description show port description 0 10 Interface 0 10 ifIndex 10 Description Test MAC Address 00 00 00 01 00 02 Bit Offset Val 10 ...

Страница 192: ...poration All Rights Reserved Configuration Guide Configuring Port Description with the Web Interface Use the following Web screen to enter Port Description information Figure 120 Port Configuration Screen Set Port Description ...

Отзывы:

Нет отзывов

Похожие инструкции для UNIFIED WIRED & WIRELESS ACCESS SYSTEM...

Dual-Band Wi-Fi Kit 600

Бренд: BT Страницы: 6

Бренд: Cisco MERAKI Страницы: 19

Бренд: Emka Electronics Страницы: 7

Бренд: Mach Power Страницы: 24

Бренд: E-TOP Страницы: 93

WAP11 - Instant Wireless Network Access Point

Бренд: Linksys Страницы: 33

Бренд: 4IPNET Страницы: 15

Бренд: 4gon Страницы: 24

Бренд: iBall Baton Страницы: 62

Бренд: SWEEX Страницы: 8

Бренд: SWEEX Страницы: 32

Бренд: HomeMatic Страницы: 55

Бренд: Nimbus Water Systems Страницы: 10

ORiNOCO AP-9200R

Бренд: Proxim Страницы: 30

AS-1200-ABG-EXT

Бренд: Nortel Страницы: 28

Бренд: Northbound Networks Страницы: 15

Бренд: IPone Страницы: 45

Бренд: CAMBRIDGE Страницы: 28

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды