D-Link xStack DES-3800 Series Скачать руководство пользователя страница 215 | Manualshive

Страница: 215 / 360

background image

xStack DES-3800 Series Layer 3 Stackable Fast Ethernet Managed Switch

Section 11

Security

Traffic Control

Port Security

Port Lock Entries

802.1X

Trusted Host

Access Authentication Control

Traffic Segmentation

SSL

SSH

IP MAC Binding

Limited IP Multicast Range Settings

Web-based Access Control

MAC-based Access Control

Safeguard Engine

Traffic Control

Figure 6- 53. Traffic Control Table window

On a computer network, packets such as Multicast packets and
Broadcast packets continually flood the network as normal
procedure. At times, this traffic may increase do to a malicious
endstation on the network or a malfunctioning device, such as a
faulty network card. Thus, switch throughput problems will arise
and consequently affect the overall performance of the switch
network. To help rectify this packet storm, the Switch will monitor
and control the situation.

The packet storm is monitored to determine if too many packets are
flooding the network, based on the threshold level provided by the
user. Once a packet storm has been detected, the Switch will drop
packets coming into the Switch until the storm has subsided. This
method can be utilized by selecting the

Drop

option of the

Action

field in the window below.

The Switch will also scan and monitor packets coming into the
Switch by monitoring the Switch’s chip counter. This method is
only viable for Broadcast and Multicast storms because the chip
only has counters for these two types of packets. Once a storm has
been detected (that is, once the packet threshold set below has been
exceeded), the Switch will shutdown the port to all incoming traffic
with the exception of STP BPDU packets, for a time period
specified using the CountDown field. If this field times out and the
packet storm continues, the port will be placed in a Shutdown
Forever mode which will produce a warning message to be sent to
the Trap Receiver. Once in Shutdown Forever mode, the only
method of recovering this port is to manually recoup it using the

Port Configuration

window in the

Administration

folder and

selecting the disabled port and returning it to an Enabled status. To
utilize this method of Storm Control, choose the

Shutdown

option

of the

Action

field in the window below.

To view the following window to configure Traffic Control, click

Security > Traffic Control

.

200

«
...
213
214
215
216
217
...
»

Содержание xStack DES-3800 Series

Страница 1: ...Product Model DES 3800 Series Layer 3 Stackable Fast Ethernet Managed Switch Release 3 User Manual Copyright 2006 All rights reserved ...

Страница 2: ...permission of D Link Computer Corporation is strictly forbidden Trademarks used in this text D Link and the D LINK logo are trademarks of D Link Computer Corporation Microsoft and Windows are registered trademarks of Microsoft Corporation Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products D Link Computer Corp...

Страница 3: ...scription 7 Gigabit Ports 7 Installation 8 Package Contents 8 Before You Connect to the Network 8 Installing the Switch without the Rack 9 Installing the Switch in a Rack 9 Mounting the Switch in a Standard 19 Rack 10 Wall Mounting the DES 3828P 11 Connecting DC Power to the DES 3828DC 12 RPS Installation 13 Connecting the Switch 17 Switch to End Node 17 Switch to Hub or Switch 18 Connecting To Ne...

Страница 4: ...gs 46 Time Settings 46 Time Zone and DST 47 MAC Notification Settings 49 TFTP Services 50 Multiple Image Services 51 Firmware Information 51 Dual Configuration Services 52 Ping Test 53 SNMP Manager 54 SNMP Settings 54 SNMP User Table 55 SNMP View Table 57 SNMP Group Table 58 SNMP Community Table Configuration 59 SNMP Host Table 60 SNMP Engine ID 61 D Link Single IP Management 62 Single IP Manageme...

Страница 5: ...ort Settings 99 STP Port Information of Instance 101 Forwarding 102 Unicast Forwarding 102 Multicast Forwarding 102 Layer 3 Features 104 IP Multinetting 104 IP Interface Settings 105 MD5 Key Settings 108 Route Redistribution Settings 109 Static Default Route Settings 110 Route Preference Settings 111 Static ARP Table 113 RIP 114 RIP Global Settings 115 RIP Interface Settings 116 OSPF 118 OSPF Glob...

Страница 6: ... Candidate BSR Settings 162 PIM Parameter Settings 163 PIM Candidate RP Global Settings 164 PIM Candidate RP Settings 164 PIM Register Checksum Settings 165 PIM Static RP Settings 166 QoS 167 Advantages of QoS 167 Understanding QoS 168 Port Bandwidth 169 QoS Scheduling Mechanism 170 QoS Output Scheduling 171 802 1p Default Priority 172 802 1p User Priority 173 WRED Settings 173 ACL 175 Access Prof...

Страница 7: ...oup 220 Authentication Server Host 221 Login Method Lists 222 Enable Method Lists 224 Configure Local Enable Password 226 Enable Admin 226 Accounting 227 Traffic Segmentation 228 Secure Socket Layer SSL 229 Download Certificate 229 Ciphersuite 229 SSH 232 SSH Server Configuration 232 SSH Authentication Mode and Algorithm Settings 233 SSH User Authentication 234 IP MAC Binding 236 ACL Mode 236 IP M...

Страница 8: ...Routing Table 275 Browse ARP Table 275 Browse IP Multicast Forwarding Table 276 IGMP Snooping Group 276 IGMP Snooping Forwarding 277 Browse IGMP Group Table 277 DVMRP Monitoring 279 Browse DVMRP Routing Table 279 Browse DVMRP Neighbor Table 279 Browse DVMRP Routing Next Hop Table 279 PIM Monitoring 280 Browse PIM Neighbor Table 280 PIM IP MRoute Table 280 Browse PIM RP Set Table 281 Browse PIM Act...

Страница 9: ...et Managed Switch Reboot System 288 Save Changes 289 Logout 289 Technical Specifications 290 System Log Entries 292 Cables and Connectors 302 Console Cable Pin Assignment 303 Cable Lengths 304 Glossary 305 Warranties Registration 308 Tech Support 315 ix ...

Страница 10: ...n Settings Static Dynamic Route Settings Route Preference Settings Static ARP Settings RIP OSPF DCHP BOOTP Relay DNS Relay VRRP and IP Multicast Routing Protocol Section 9 QoS Features information on QoS including Bandwidth Control QoS Scheduling Mechanism QoS Output Scheduling 802 1P Default Priority 802 1P User Priority and WRED Settings Section 10 ACL Discussion on the ACL function of the Switc...

Страница 11: ...ames program names and commands For example use the copy command Boldface Typewriter Font Indicates commands and responses to prompts that must be typed exactly as printed in the manual Initial capital letter Indicates a window name Names of keys on the keyboard have initial capitals For example Click Enter Italics Indicates a window name or a field Also can indicate a variables or parameter that ...

Страница 12: ...ent If the system gets wet see the appropriate section in your troubleshooting guide or contact your trained service provider Do not push any objects into the openings of your system Doing so can cause fire or electric shock by shorting out interior components Use the product only with approved equipment Allow the product to cool before removing covers or touching internal components Operate the p...

Страница 13: ...cts with care ensure that all casters and or stabilizers are firmly connected to the system Avoid sudden stops and uneven surfaces General Precautions for Rack Mountable Products Observe the following precautions for rack stability and safety Also refer to the rack installation documentation accompanying the system and the rack for specific caution statements and procedures Systems are considered ...

Страница 14: ...se of used batteries according to the instructions Protecting Against Electrostatic Discharge Static electricity can harm delicate components inside your system To prevent static damage discharge static electricity from your body before you touch any of the electronic components such as the microprocessor You can do so by periodically touching an unpainted metal surface on the chassis You can also...

Страница 15: ...d fold increase over 10Mbps Ethernet Since it is compatible with all 10Mbps and 100Mbps Ether net environments Gigabit Ethernet provides a straightforward upgrade without wasting a company s existing investment in hardware software and trained personnel The increased speed and extra bandwidth offered by Gigabit Ethernet are essential to coping with the network bottlenecks that frequently develop a...

Страница 16: ...rol utilizing TACACS XTACACS and TACACS Dual Image Firmware Simple Network Time Protocol support MAC Notification support System and Port Utilization support System Log Support Support port based enable and disable Address table Supports up to 16K MAC addresses per device Supports a packet buffer of up to 32M bytes Supports Port based VLAN Groups Port Trunking with flexible load distribution and f...

Страница 17: ...ply with the following standards IEEE 802 3 IEEE 802 3u Support Half Full Duplex operations All ports support Auto MDI X MDI II cross over Support back pressure for Half duplex mode IEEE 802 3x Flow Control support for Full Duplex mode NOTE On the DES 3828P all twenty four 10 100BASE TX ports also comply with the IEEE 802 3af Power over Ethernet standard The Switch provides two 1000 BASE T SFP com...

Страница 18: ...0BASE TX ports for the DES 3852 two 1000 Base T SFP combo ports and an RS 232 console port for the DES 3828 DES 3828P and DES 3828DC only The DES 3828P also includes a Mode Select button for changing the mode from Link Act State to PoE Figure 1 1 Front Panel of the DES 3828 Figure 1 2 Front Panel of the DES 3852 Figure 1 3 Front Panel of the DES 3828P Figure 1 4 Front Panel of the DES 3828DC DES 3...

Страница 19: ...EDs The front panel of DES 3852 has LED indicators for power console RPS port 49 GE port 50 GE port 51 GE rear port port 52 GE rear port for each of the forty eight 10 100 Mbps Ethernet ports and for the two 1000BASE T SFP ports Figure 1 7 LED Indicators for the DES 3852 The following table describes the LEDs for DES 3828 DES 3828P DES 3828DC DES 3852 LED Description Power Off Power Off Solid Gree...

Страница 20: ...rt is located above the ports on the front panel The first LED is for the top port and the second one is for the bottom ports These port LEDs display the following information For Link Act Speed Mode Solid Green Link for 100Mbps Blinking Green Activity for 100Mbps Solid Amber Link for 10Mbps Blinking Amber Activity for 10Mbps Off Link down For PoE Mode DES 3828P only Solid Green Power feeding 802 ...

Страница 21: ...o dissipate heat Do not block this opening and leave at least 6 inches of space at the rear of the Switch for proper ventilation Be reminded that without proper heat dissipation and air circulation system components might overheat which could lead to system failure The rear panel also includes an outlet for an optional external redundant power supply When power fails the optional external RPS will...

Страница 22: ...inded that without proper heat dissipation and air circulation system components might overheat which could lead to system failure Figure 1 12 Side Panels Gigabit Ports In addition to the twenty four forty eight for DES 3852 10 100 Mbps ports the Switch features two 1000BASE T SFP Gigabit Ethernet Combo ports on the front panel and two 1000BASE T copper ports on the rear panel The diagrams below s...

Страница 23: ...the Switch Install the Switch on a sturdy level surface that can support at least 4 24kg 9 35lbs of weight for DES 3828 DES 3828DC DES 3852 or 6 02kg 13 27lbs for DES 3828P Do not place heavy objects on the Switch The power outlet should be within 1 82 meters 6 feet of the Switch Visually inspect the power cord and see that it is fully secured to the AC DC power port Make sure that there is proper...

Страница 24: ...llow enough ventilation space between the Switch and any other objects in the vicinity Figure 2 1 Prepare Switch for installation on a desktop or shelf Installing the Switch in a Rack The Switch can be mounted in a standard 19 rack Use the following diagrams to guide you Figure 2 2 Fasten mounting brackets to Switch Fasten the mounting brackets to the Switch using the screws provided With the brac...

Страница 25: ... over potentially resulting in bodily injury under certain circumstances Therefore always install the stabilizers before installing components in the rack After installing components in a rack do not pull more than one component out of the rack on its slide assemblies at one time The weight of more than one extended component could cause the rack to tip over and may result in injury Figure 2 3 Ins...

Страница 26: ...s to a wooden wall using wood screws Regardless of mounting placement the user must set enough space between the switch and the wall for proper air ventilation to ensure the Switch will not overheat Figure 1 14 Mounting the switch to a wooden wall Power on AC Power Plug one end of the AC power cord into the power connector of the Switch and the other end into the local power source outlet After th...

Страница 27: ... power source Figure 2 4 Power connections attached to contacts after assembly 1 Firmly attach the DC power to the negative and positive contacts on the wiring assembly The negative pole connects to the 48V contact The positive pole connects to the 48V Return contact If available an earth ground may be connected to the center contact post 2 Tighten the contact screws to secure the connection 12 ...

Страница 28: ...ts in height designed to hold up to eight DPS 200 redundant power supplies Figure 2 5 Installing the DPS 200 into the DPS 900 The RPS can be mounted in a standard 19 rack Use the following diagram to guide you Figure 2 6 Installing the DPS 900 into the equipment rack CAUTION Installing systems in a rack without the front and side stabilizers installed could cause the rack to tip over potentially r...

Страница 29: ...0 is a standard size rack mount 1 standard unit in height designed to hold up to two DPS 200 redundant power supplies Figure 2 7 Install DPS 200 in DPS 800 The RPS can be mounted in a standard 19 rack Use the following diagram to guide you Figure 2 8 Install DPS 800 in an Equipment Rack 14 ...

Страница 30: ... end into the redundant power supply 2 Using a standard AC power cable connect the redundant power supply to the main AC power source A green LED on the front of the DPS 200 will glow to indicate a successful connection 3 Re connect the switch to the AC power source On certain switches such as the DES 3828 an LED indicator will show that a redundant power supply is now in operation 4 No change in ...

Страница 31: ...ries Layer 3 Stackable Fast Ethernet Managed Switch DPS 600 DES 3828P also supports the DPS 600 external redundant power supply DPS 600 DES 3828P Figure 2 10 DES 3828P with the DPS 600 External Redundant Rower Supply 16 ...

Страница 32: ...to End Node End nodes include PCs outfitted with a 10 100 or 1000 Mbps RJ 45 Ethernet Fast Ethernet Network Interface Card NIC and most routers An end node can be connected to the Switch via a twisted pair Category 3 4 or 5 UTP STP cable The end node should be connected to any of the ports of the Switch Figure 3 1 Switch connected to an end node The Link Act LEDs for each UTP port will light green...

Страница 33: ...a a twisted pair Category 5e UTP STP cable A switch supporting a fiber optic uplink can be connected to the Switch s SFP ports via fiber optic cabling The Switch can be changed to PoE mode using the Mode Select button When in PoE Mode the DES 3828P will work with all D Link 802 3af capable devices The Switch also works in PoE mode with all non 802 3af capable D Link AP IP Cam and IP phone equipmen...

Страница 34: ...r The copper ports operate at a speed of 1000 100 or 10Mbps in full duplex mode The fiber optic ports can operate at 1000Mbps in full duplex mode Connections to the Gigabit Ethernet ports are made using fiber optic cable or Category 5 copper cable depending on the type of port A valid connection is indicated when the Link LED is lit Figure 3 3 Uplink Connection to a server PC or switch stack 19 ...

Страница 35: ...P agent decodes the incoming SNMP messages and responds to requests with MIB objects stored in the database The SNMP agent updates the MIB objects to generate statistics and counters Connecting the Console Port RS 232 DCE The Switch provides an RS 232 serial port that enables a connection to a computer or terminal for monitoring and configuring the Switch This port is a female DB 9 connector imple...

Страница 36: ...t section for more information on setting up user accounts See the xStack DES 3800 Series CLI Manual on the documentation CD for a list of all commands and additional information on using the CLI 13 When all tasks have been completed exit the session with the logout command or close the emulator program 14 Make sure the terminal or PC you are using to make this connection is configured to match th...

Страница 37: ...on to the Switch users will be presented with the first login screen NOTE Press Ctrl R to refresh the screen This command can be used at any time to force the console program in the Switch to refresh the console screen Press Enter in both the Username and Password fields You will be given access to the command prompt DES 3828 admin shown below There is no initial username or password Leave the Use...

Страница 38: ...me password again to verify it Type the same password and press the Enter key Successful creation of the new administrator account will be verified by a Success message NOTE Passwords are case sensitive User names and passwords can be up to 15 characters in length The sample below illustrates a successful creation of a new administrator level account with the user name newmanager DES 3800 admin cr...

Страница 39: ...rocess that is separated into two parts The first part is to maintain a list of users and their attributes that are allowed to act as SNMP managers The second part describes what each user on that list can do as an SNMP manager The Switch allows groups of users to be listed and configured with a shared set of privileges The SNMP version may also be set for a listed group of SNMP managers Thus user...

Страница 40: ...Switch must be set before it can be managed with the Web based manager The Switch IP address can be automatically set using BOOTP or DHCP protocols in which case the actual address assigned to the Switch must be known The IP address may be set using the Command Line Interface CLI over the console serial port as follows Starting at the command line prompt enter the commands config ipif System ipadd...

Страница 41: ... the Switch was assigned an IP address of 10 53 13 83 with a subnet mask of 255 0 0 0 The user may also use the CIDR form to set the address 10 53 13 83 8 The system message Success indicates that the command was executed successfully The Switch can now be configured and managed via Telnet and the CLI or via the Web based management 26 ...

Страница 42: ...management module and the Console program and Telnet are different ways to access the same internal switching software and configure it Thus all settings encountered in web based management are the same as those found in the console program Login to Web Manager To begin managing the Switch simply run the browser installed on your computer and point it to the IP address defined for the device The U...

Страница 43: ... icons can be opened to display the hyper linked menu buttons and subfolders contained within them Click the D Link logo to go to the D Link website Area 2 Presents a graphical near real time image of the front panel of the Switch This area displays the Switch s ports and expansion modules showing port activity duplex mode or flow control depending on the specified mode Various areas of the graphi...

Страница 44: ...atic ARP Settings RIP OSPF DHCP BOOTP Relay DNS Relay VRRP and IP Multicast Routing Settings QoS Contains windows concerning Bandwidth Control QoS Scheduling Mechanism QoS Output Scheduling 802 1P Default Priority 802 1P User Priority and WRED Settings ACL Contains the window for the Access Profile Table and CPU Interface Filtering Security Contains windows for Traffic Control Port Security Port L...

Страница 45: ...ice Information IP Address Port Configuration PoE Configuration User Accounts Port Mirroring System Log Settings System Severity Settings SNTP Settings MAC Notification Settings TFTP Services Multiple Image Services Dual Configurations Services Ping Test SNMP Manager Single IP Management Setting 30 ...

Страница 46: ... Boot PROM Firmware Version and Hardware Version This information is helpful to keep track of PROM and firmware updates and to obtain the Switch s MAC address for entry into another network device s address table if necessary The user may also enter a System Name System Location and System Contact to aid in defining the Switch to the user s preference In addition this screen displays the status of...

Страница 47: ...atures folder Multicast Router Only This field specifies that the Switch should only forward all multicast traffic to a multicast enabled router if enabled Otherwise the Switch will forward all multicast traffic to any IP router The default is Disabled GVRP Status Use this pull down menu to enable or disable GVRP on the Switch Telnet Status Telnet configuration is Enabled by default If you do not ...

Страница 48: ...h a default setting of 20 minutes CPU Interface Filtering The user may globally enable or disable the CPU Interface Filtering function by using the pull down menu Click Apply to implement changes made IP Address The IP Address may initially be set using the console interface prior to connecting to it through the Ethernet If the Switch IP address has not yet been changed read the introduction of th...

Страница 49: ...xx xxx where each xxx is a number represented in decimal between 0 and 255 The value should be 255 0 0 0 for a Class A network 255 255 0 0 for a Class B network and 255 255 255 0 for a Class C network but custom subnet masks are allowed Default Gateway IP address that determines where packets with a destination address outside the current subnet should be sent This is usually the address of a rout...

Страница 50: ...xStack DES 3800 Series Layer 3 Stackable Fast Ethernet Managed Switch 35 ...

Страница 51: ... 100M Full and 1000M Full There is no automatic adjustment of port settings with any option other than Auto Flow Control Displays the flow control scheme used for the various port configurations Ports configured for full duplex use 802 3x flow control half duplex ports use backpressure flow control and Auto ports use an automatic selection of the two The default is Disabled Learning Enable or disa...

Страница 52: ...ch At the bottom of the Port Configuration window is a Show Err disabled ports link to display the information about ports that have had their connection status disabled for reasons such as STP loopback detection or link down status Clicking this link will display the following window Figure 6 4 Err Disabled Ports window 37 ...

Страница 53: ...s on the Switch To assign names to various ports click Administration Port Configuration Port Description to view the following window Figure 6 5 Port Description Setting window Use the From and To pull down menu to choose a port or range of ports to describe and then enter a description of the port s Click Apply to set the descriptions in the Port Description Table 38 ...

Страница 54: ...ystem window is used to assign a power limit and power disconnect method for the whole PoE system To configure the Power Limit for the PoE system enter a value between 37W and 370W in the Power Limit field The default setting is 370W When the total consumed power exceeds the power limit the PoE controller located in the PSE disconnects the power to prevent overloading the power supply To configure...

Страница 55: ...it Sets the power limit per PoE port Once this threshold has been reached on the port the PoE will go into the Power Disconnect Method as described above The user may set a limit between 1000 and 16800mW Click Apply to implement changes made to the PoE settings The port status of all PoE configured ports is displayed in the table in the bottom half of the screen shown above User Accounts Use the U...

Страница 56: ... this document Once the user has logged in to the Switch in the Operator level certain security screens and windows will not be made available to view or to configure Only Admin level users have access to these features There are three levels of user privileges Admin Operator and User Some menu selections available to users with Admin privileges may not be available to those with User or Operator ...

Страница 57: ...ts passing through the first port This is useful for network monitoring and troubleshooting purposes To view the Port Mirroring window click Port Mirroring in the Administration folder Figure 6 10 Port Mirroring window To configure a mirror port 1 Select the Source Port from where you want to copy frames and the Target Port which receives the copies from the source port 2 Select the Source Directi...

Страница 58: ...ing parameters can be set Parameter Description Index Syslog server settings index 1 4 Server IP The IP address of the Syslog server Severity This drop down menu allows you to select the level of messages that will be sent The options are Warning Informational and All Facility Some of the operating system daemons and processes have been assigned Facility values Processes and daemons that have not ...

Страница 59: ...on local use 0 local0 local use 1 local1 local use 2 local2 local use 3 local3 local use 4 local4 local use 5 local5 local use 6 local6 local use 7 local7 UDP Port 514 or 6000 65535 Type the UDP port number used for sending Syslog messages The default is 514 Status Choose Enabled or Disabled to activate or deactivate Figure 6 13 Configure System Log Server Edit To set the System Log Server configu...

Страница 60: ...scribed below Parameter Description System Severity Choose how the alerts are used from the drop down menu Select log to send the alert of the Severity Type configured to the Switch s log for analysis Choose trap to send it to an SNMP agent for analysis Select all to send the chosen alert type to an SNMP agent and the Switch s log for analysis Severity Level Choose what level of alert will trigger...

Страница 61: ...lays the time source for the system SNTP Settings SNTP State Use this pull down menu to Enabled or Disabled SNTP SNTP Primary Server This is the IP address of the primary server the SNTP information will be taken from SNTP Secondary Server This is the IP address of the secondary server the SNTP information will be taken from SNTP Poll Interval in Seconds 30 99999 This is the interval in seconds be...

Страница 62: ...nable or disable the DST Settings Daylight Saving Time Offset in Minutes Use this pull down menu to specify the amount of time that will constitute your local DST offset 30 60 90 or 120 minutes Time Zone Offset from GMT in HH MM Use these pull down menus to specify your local time zone s offset from Greenwich Mean Time GMT DST Repeating Settings Using repeating mode will enable DST seasonal time a...

Страница 63: ... Settings Using annual mode will enable DST seasonal time adjustment Annual mode requires that the DST beginning and ending date be specified concisely For example specify to begin DST on April 3 and end DST on October 14 From Month Enter the month DST will start on each year From Day Enter the day of the week DST will start on each year From Time in HH MM Enter the time of day DST will start on e...

Страница 64: ...ble or disable MAC notification globally on the Switch Interval sec The time in seconds between notifications History Size The maximum number of entries listed in the history log used for notification Up to 500 entries can be specified Port Settings To change MAC notification settings for a port or group of ports on the Switch configure the following parameters Parameter Description From To Select...

Страница 65: ...uration file on the TFTP server Click Start to record the IP address of the TFTP server and to initiate the file transfer Upload Configuration Enter the IP address of the TFTP server and the path and filename for the switch settings on the TFTP server Click Start to record the IP address of the TFTP server and to initiate the file transfer Upload Log Enter the IP address of the TFTP server and the...

Страница 66: ... window holds the following information Parameter Description ID States the image ID number of the firmware in the Switch s memory The Switch can store two firmware images for use Image ID 1 will be the default boot up firmware for the Switch unless otherwise configured by the user Version States the firmware version Size States the size of the corresponding firmware in bytes Update Time States th...

Страница 67: ... the default boot up configuration file for the Switch unless otherwise configured by the user Version Displays the firmware version set in the Switch Size Displays the size of the configuration file in bytes Update time Displays the time that the configuration file was updated to the Switch From Displays the location from which the configuration file was uploaded User Displays the name of the use...

Страница 68: ...ivity between the Switch and other nodes on the network Figure 6 21 Ping Test window The user may use Infinite times radio button in the Repeat Pinging for field which will tell the ping program to keep sending ICMP Echo packets to the specified IP address until the program is stopped The user may opt to choose a specific number of times to ping the Target IP Address by clicking its radio button a...

Страница 69: ...a listed group of SNMP managers Thus you may create a group of SNMP managers that are allowed to view read only information or receive traps using SNMPv1 while assigning a higher level of security to another group granting read write privi leges using SNMPv3 Using SNMPv3 individual users or groups of SNMP managers can be allowed to perform or be restricted from performing specific SNMP management ...

Страница 70: ...dow as shown below Figure 6 23 SNMP User Table Display window The following parameters are displayed Parameter Description User Name An alphanumeric string of up to 32 characters This is used to identify the SNMP users Group Name This name is used to specify the SNMP group created can request SNMP messages SNMP Version V1 Indicates that SNMP version 1 is in use V2 Indicates that SNMP version 2 is ...

Страница 71: ...entication level will be used This field is only operable when V3 is selected in the SNMP Version field and the Encryption field has been checked This field will require the user to enter a password SHA Specifies that the HMAC SHA authentication protocol will be used This field is only operable when V3 is selected in the SNMP Version field and the Encryption field has been checked This field will ...

Страница 72: ...le Configuration window The SNMP Group created with this table maps SNMP users identified in the SNMP User Table to the views created in the previous window The following parameters can set Parameter Description View Name Type an alphanumeric string of up to 32 characters This is used to identify the new SNMP view being created Subtree OID Type the Object Identifier OID Subtree for the view The OI...

Страница 73: ...ure 6 27 SNMP Group Table window To delete an existing SNMP Group Table entry click the corresponding under the Delete heading To display the current settings for an existing SNMP Group Table entry click the hyperlink for the entry under the Group Name Figure 6 28 SNMP Group Table Display window To add a new entry to the Switch s SNMP Group Table click the Add button in the upper left hand corner ...

Страница 74: ...t between the Switch and a remote SNMP manager AuthNoPriv Specifies that authorization will be required but there will be no encryption of packets sent between the Switch and a remote SNMP manager AuthPriv Specifies that authorization will be required and that packets sent between the Switch and a remote SNMP manger will be encrypted To implement your new settings click Apply To return to the SNMP...

Страница 75: ...nd click on the SNMP Host Table Configuration link This will open the SNMP Host Table window as shown to the right To delete an existing SNMP Host Table entry click the corresponding under the Delete heading To display the cu settings for a rrent n existing SNMP Host Table entry click the blue link for the entry under the Host IP Address heading To add a new entry to the Switch s SNMP Host Table c...

Страница 76: ...ntations This is an alphanumeric string used to identify the SNMP engine on the Switch To display the Switch s SNMP Engine ID open the SNMP Manger folder located in the Administration folder and click on the SNMP Engine ID link This will open the SNMP Engine ID Configuration window as shown below To change the Engine ID type the new Engine ID in the space provided and click the Apply button 61 ...

Страница 77: ...om the CS The SIM group is a group of switches that are managed as a single entity SIM switches may take on three different roles 1 Commander Switch CS This is a switch that has been manually configured as the controlling device for a group and takes on the following characteristics It has an IP Address It is not a commander switch or member switch of another Single IP group It is connected to the...

Страница 78: ...udes new features for connections that are a member of a port trunking group It will display the speed and number of Ethernet connections creating this port trunk group as shown in the adjacent picture 3 This version will support multiple switch upload and downloads for firmware configuration files and log files as follows Firmware The switch now supports multiple MS firmware downloads from a TFTP...

Страница 79: ...s to this Switch over Ethernet to be part of its SIM group Choosing this option will also enable the Switch to be configured for SIM Discovery Interval The user may set the discovery protocol interval in seconds that the Switch will send out discovery packets Returning information to a Commander Switch will include information about other switches connected to it Ex MS CaS The user may set the Dis...

Страница 80: ...ill display the Device Name of the switches in the SIM group configured by the user If no Device Name is configured by the name it will be given the name default and tagged with the last six digits of the MAC Address to identify it Local Port Displays the number of the physical port on the CS that the MS or CaS is connected to The CS will have no entry in this field Speed Displays the connection s...

Страница 81: ...ault Figure 6 38 Topology view This screen will display how the devices within the Single IP Management Group are connected to other groups and devices Possible icons in this screen are as follows Icon Description Group Layer 2 commander switch Layer 3 commander switch Commander switch of other group Layer 2 member switch Layer 3 member switch Member switch of other group Layer 2 candidate switch ...

Страница 82: ... cursor over a specific device in the topology window tool tip will display the same information about a specific device as the Tree view does See the window below for an example Figure 6 39 Device Information Utilizing the Tool Tip Setting the mouse cursor over a line between two devices will display the connection speed between the two devices as shown below Figure 6 40 Port Speed Utilizing the ...

Страница 83: ... of the MAC Address to identify it Module Name Displays the full module name of the switch that was right clicked MAC Address Displays the MAC Address of the corresponding Switch Remote Port No Displays the number of the physical port on the MS or CaS that the CS is connected to The CS will have no entry in this field Local Port No Displays the number of the physical port on the CS that the MS or ...

Страница 84: ... Clicking a Member icon The following options may appear for the user to configure Collapse to collapse the group that will be represented by a single icon Expand to expand the SIM group in detail Remove from group remove a member from a group Configure launch the web management to configure the Switch Property to pop up a window to display the device information Candidate Switch Icon Figure 6 45 ...

Страница 85: ...the menu bar are as follows File Print Setup will view the image to be printed Print Topology will print the topology map Preference will set display properties such as polling interval and the views to open at SIM startup Group Add to group add a candidate to a group Clicking this option will reveal the following screen for the user to enter a password for authentication from the Candidate Switch...

Страница 86: ...ackable Fast Ethernet Managed Switch NOTE Upon this firmware release some functions of the SIM can only be configured through the Command Line Interface See the DES 3800 CLI Manual for more information on SIM and its configurations 71 ...

Страница 87: ...tches will be listed in the table and will be specified by Port port on the CS where the MS resides MAC Address Model Name and Version To specify a certain Switch for upgrading configuration files click its corresponding radio button under the Port heading To update the configuration file enter the Server IP Address where the file resides and enter the Path Filename of the configuration file Click...

Страница 88: ...data allows you to specify its relative priority to suit the needs of your network There may be circumstances where it would be advantageous to group two or more differently tagged packets into the same queue Generally however it is rec ommended that the highest priority queue Queue 7 be reserved for data packets with a priority value of 7 Packets that have not been given any priority value are pl...

Страница 89: ...ant VLANs allow a network to be segmented in order to reduce the size of broadcast domains All packets entering a VLAN will only be forwarded to the stations over IEEE 802 1Q enabled switches that are members of that VLAN and this includes broadcast multicast and unicast packets from unknown sources VLANs can also provide a level of security to your network IEEE 802 1Q VLANs will only deliver pack...

Страница 90: ...packets so they can be carried across Ethernet backbones and 12 bits of VLAN ID VID The 3 bits of user priority are used by 802 1p The VID is the VLAN identifier and is used by the 802 1Q standard Because the VID is 12 bits long 4094 unique VLANs can be identified The tag is inserted into the packet header making the entire packet longer by 4 octets All of the information originally contained in t...

Страница 91: ...hould the packet to be transmitted have a tag or not If the transmitting port is connected to a tag unaware device the packet should be untagged If the transmitting port is connected to a tag aware device the packet should be tagged Tagging and Untagging Every port on an 802 1Q compliant switch can be configured as tagging or untagging Ports with tagging enabled will put the VID number priority an...

Страница 92: ... considerations come into play to decide if the packet gets dropped by the Switch or delivered VLAN Segmentation Take for example a packet that is transmitted by a machine on Port 1 that is a member of VLAN 2 If the destination lies on another port found through a normal forwarding table lookup the Switch then looks to see if the other port Port 10 is a member of VLAN 2 and can therefore receive V...

Страница 93: ... hex form to be encapsulated within the VLAN tag of the packet This identifies the packet as double tagged and segregates it from other VLANs on the network therefore creating a hierarchy of VLANs within a single packet Here is an example Double VLAN tagged packet Destination Address Source Address SPVLAN TPID Service Provider VLAN Tag 802 1Q CEVLAN Tag TPID Customer VLAN Tag Ether Type Payload Co...

Страница 94: ...uble VLANs are enabled GVRP must be disabled 7 All packets sent from the CPU to the Access ports must be untagged 8 The following functions will not operate when the switch is in Double VLAN mode Guest VLANs Web based Access Control IP Multicast Routing GVRP All Regular 802 1Q VLAN functions Static VLAN Entry In the L2 Features folder click VLAN Static VLAN Entry to open the following window Figur...

Страница 95: ...ry click the Hyperlinked VLAN ID of the corresponding entry to modify A new menu will appear to configure the port settings and to assign a unique name and number to the new VLAN See the table below for a description of the parameters in the new menu NOTE The Switch supports up to 4k static VLAN entries Figure 7 8 802 1Q Static VLANs Modify The following fields can then be set in either the Add or...

Страница 96: ... individual port to be specified as a non VLAN member Egress Select this to specify the port as a static member of the VLAN Egress member ports are ports that will be transmitting traffic for the VLAN These ports can be either tagged or untagged Forbidden Select this to specify the port as not being a member of the VLAN and that the port is forbidden from becoming a member of the VLAN dynamically ...

Страница 97: ...n the 802 1Q Port Settings table The Switch s default is to assign all ports to the default VLAN with a VID of 1 The PVID is used by the port to tag outgoing untagged packets and to make filtering decisions about incoming packets If the port is specified to accept only tagged frames as tagging and an untagged packet is forwarded to the port for transmission the port will add an 802 1Q tag using th...

Страница 98: ...ts intended for the disconnected port will be load shared among the other unlinked ports of the link aggregation group Link aggregation allows several ports to be grouped together and to act as a single link This gives a bandwidth that is a multiple of a single link s bandwidth Link aggregation is most commonly used to link a bandwidth intensive network device or devices such as a server to the ba...

Страница 99: ...t level the STP will use the port parameters of the Master Port in the calculation of port cost and in determining the state of the link aggregation group If two redundant link aggregation groups are configured on the Switch STP will block one entire group in the same way STP will block a single port that has a redundant link Link Aggregation To configure port trunking click on the Link Aggregatio...

Страница 100: ...ster Port Choose the Master Port for the trunk group using the pull down menu Member Ports Choose the members of a trunked group Up to eight ports per group can be assigned to a group Flooding Port A trunking group must designate one port to allow transmission of broadcasts and unknown unicasts Active Port Shows the port that is currently forwarding packets Type This pull down menu allows you to s...

Страница 101: ...LACP ports are capable of processing and sending LACP control frames This allows LACP compliant devices to negotiate the aggregated link so the group may be changed dynamically as needs require In order to utilize the ability to change an aggregated port group that is to add or subtract ports from the group at least one of the participating devices must designate LACP ports as active Both devices ...

Страница 102: ...IGMP Snooping link in the L2 Features folder When enabled for IGMP snooping the Switch can open or close a port to a specific multicast group member based on IGMP messages sent from the device to the IGMP host or vice versa The Switch monitors IGMP messages and discontinues forwarding multicast packets when there are no longer hosts requesting that they continue IGMP Snooping Use the IGMP Snooping...

Страница 103: ...he Switch receiving a host membership report Default 260 Route Timeout This is the maximum amount of time in seconds a route is kept in the forwarding table without receiving a membership report Default 260 Leave Timer This specifies the maximum amount of time in seconds between the Switch receiving a leave group message from a host and the Switch issuing a group membership query If no response to...

Страница 104: ... to the router port A router port will be dynamically configured when IGMP query packets RIPv2 multicast DVMRP multicast or PIM DM multicast packets are detected flowing into a port Open the IGMP folder in the L2 Features folder and the click on the Static Router Port Settings link to open the following page as shown below Figure 7 17 Static Router Ports Settings window The previous window display...

Страница 105: ...the MST Configuration Identification window and 3 A 4096 element table defined here as a VID List in the MST Configuration Identification window which will associate each of the possible 4096 VLANs supported by the Switch for a given instance To utilize the MSTP function on the Switch three steps need to be taken 1 The Switch must be set to the MSTP setting found in the STP Bridge Global Settings ...

Страница 106: ...ocol introduces two new variables the edge port and the point to point P2P port Edge Port The edge port is a configurable designation used for a port that is directly connected to a segment where a loop cannot be created An example would be a port connected directly to a single workstation Ports that are designated as edge ports transition to a forwarding state immediately without going through th...

Страница 107: ...ettings link Figure 7 19 STP Bridge Global Settings window RSTP default Figure 7 20 STP Bridge Global Settings window MSTP Figure 7 21 STP Bridge Global Settings STP Compatible window NOTE The Hello Time cannot be longer than the Max Age Otherwise a configuration error will occur Observe the following formulas when setting the above parameters Max Age 2 x Forward Delay 1 second Max Age 2 x Hello T...

Страница 108: ...n be from 4 to 30 seconds Any port on the Switch spends this time in the listening state while moving from the blocking state to the forwarding state Max Hops Used to set the number of hops between devices in a spanning tree region before the BPDU bridge protocol data unit packet sent by the Switch will be discarded Each switch on the hop count will reduce the hop count by one until the value reac...

Страница 109: ...MST Configuration Identification Figure 7 22 MST Configuration Identification and Settings window The window above contains the following information Parameter Description Configuration Name A previously configured name set on the Switch to uniquely identify the MSTI Multiple Spanning Tree Instance If a configuration name is not set this field will show the MAC address to the device running MSTP T...

Страница 110: ...w to configure Figure 7 24 Instance ID Settings window CIST modify The user may configure the following parameters to configure the CIST on the Switch Parameter Description MSTI ID The MSTI ID of the CIST is 0 and cannot be altered Type This field allows the user to choose a desired method for altering the MSTI settings The user has 2 choices Add VID Select this parameter to add VIDs to the MSTI I...

Страница 111: ...osen is Add or Remove Click Apply to implement changes made MSTP Port Information This window displays the current MSTP Port Information and can be used to update the port configuration for an MSTI ID If a loop occurs the MSTP function will use the port priority to select an interface to put into the forwarding state Set a higher priority value for interfaces to be selected for forwarding first In...

Страница 112: ...ts a quicker transmission Priority Enter a value between 0 and 240 to set the priority for the port interface A higher priority will designate the interface to forward packets first A lower number denotes a higher priority Click Apply to implement changes made STP Instance Settings The following window displays MSTIs currently set on the Switch To view the following table click L2 Features Spannin...

Страница 113: ...eter Description MSTI ID Displays the MSTI ID of the instance being modified An entry of 0 in this field denotes the CIST default MSTI Type The Type field in this window will be permanently set to Set Priority Only Priority 0 61440 Enter the new priority in the Priority field The user may set a priority value between 0 61440 Click Apply to implement the new priority setting 98 ...

Страница 114: ...nds This field is only operable when the Switch is enabled for MSTP Migrate When operating in RSTP mode selecting yes forces the port that has been selected to transmit RSTP BPDUs STP can be set up on a port per port basis To view the STP Port Settings window click L2 Features Spanning Tree STP Port Settings In addition to setting Spanning Tree parameters for use on the switch level the Switch all...

Страница 115: ...rced to half duplex operation the p2p status changes to operate as if the p2p value were false The default setting for this parameter is true Forward BPDU Choosing True will allow the forwarding of BPDU packets in the specified ports from other network devices This will go into effect only if STP is globally disabled AND Forwarding BPDU is globally enabled See STP Bridge Global Settings above The ...

Страница 116: ... the STP Port Instance Information window To view the STP Port Instance Information window click L2 Features Spanning Tree STP Port Information of Instance All information in this window is read only and are described previously in this section Each port has information regarding the individual port spanning tree settings Figure 7 31 STP Ports Instance Information window 101 ...

Страница 117: ...be statically forwarded This must be a unicast MAC address Port Allows the selection of the port number on which the MAC address entered above resides To delete an entry in the Unicast Forwarding Table click the corresponding under the Delete heading Multicast Forwarding The following figure and table describe how to set up Multicast Forwarding on the Switch Open the Forwarding folder located in L...

Страница 118: ...bers of the static multicast group and ports that are either forbidden from joining dynamically or that can join the multicast group dynamically using GMRP The options are None No restrictions on the port dynamically joining the multicast group When None is chosen the port will not be a member of the Static Multicast Group Egress The port is a static member of the multicast group Click Apply to im...

Страница 119: ...e Two types of interfaces are configured for IP multinetting primary and secondary and every IP interface must be classified as one of these A primary interface refers to the first interface created on a VLAN with no exceptions All other interfaces created will be regarded as secondary only and can only be created once a primary interface has been configured There may be five interfaces per VLAN o...

Страница 120: ...ary or 255 224 0 0 decimal Using a 10 xxx xxx xxx IP address notation the above example would give 6 network addresses and 6 subnets Any IP address from the allowed range of IP addresses for each subnet can be chosen as an IP address for an IP interface on the switch For this example we have chosen the next IP address above the network address for the IP interface s IP Address VLAN Name VID Networ...

Страница 121: ... broadcast requests from A and therefore cannot respond Yet if the physical network of A is connected by a router or layer 3 switch to B the router or Layer 3 switch will see the ARP request from A Figure 8 1 Proxy ARP with Traffic Segmentation To setup IP Interfaces on the Switch Go to the L3 Features folder and click on the folder and then click on the IP Interfaces Settings link to open the fol...

Страница 122: ... an IP address to be assigned to this IP interface Subnet Mask This field allows the entry of a subnet mask to be applied to this IP interface VLAN Name This field allows the entry of the VLAN Name for the VLAN the IP interface belongs to Secondary Use the pull down menu to set the IP interface as True or False True will set the interface as secondary and False will denote the interface as the pri...

Страница 123: ... be used in the OSPF menu below To configure an MD5 Key click Layer 3 Features MD5 Key Settings to open the following window Figure 8 5 MD5 Key Settings and Table window The following fields can be set Parameter Description Key ID 1 255 A number from 1 to 255 used to identify the MD5 Key Key A alphanumeric string of between 1 and 16 case sensitive characters used to generate the Message Digest whi...

Страница 124: ...e Type combination internal type_1 type_2 is functionally equivalent to all Entering the combination type_1 type_2 is functionally equivalent to external Entering the combination internal external is functionally equivalent to all Entering the metric 0 specifies transparency This window will redistribute routing information between the OSPF and RIP routing protocols to all routers on the network t...

Страница 125: ...eld may read OSPF RIP Static or Local Backup State Represents the Backup state that this IP interface is configured for This field may read Primary or Backup Delete Click the to delete this entry from the Static Default Route Settings table To enter an IP Interface into the Switch s Static Default Route Settings window click the Add button revealing the following window to configure Figure 8 8 Sta...

Страница 126: ...ble 0 Static 1 999 60 OSPF Intra 1 999 80 OSPF Inter 1 999 90 RIP 1 999 100 OSPF ExtT1 1 999 110 OSPF ExtT2 1 999 115 As shown above Local will always be the first choice for routing purposes and the next most reliable path is Static due to the fact that its has the next lowest value To set a higher reliability for a route change its value to a number less than the value of a route preference that...

Страница 127: ...rence for Static The lower the value the higher the chance the specified protocol will be chosen as the best path for routing packets The default value is 60 OSPF Inter 1 999 Enter a value between 1 and 999 to set the route preference for OSPF Inter The lower the value the higher the chance the specified protocol will be chosen as the best path for routing packets The default value is 90 OSPF ExtT...

Страница 128: ... addresses To open the Static ARP Table open the L3 Features folder and click on the Static ARP Settings link Figure 8 10 Static ARP Settings window To add a new entry click the Add button revealing the following window to configure Figure 8 11 Static ARP Table Add window The following fields can be set Parameter Description IP Address The IP address of the ARP entry MAC Address The MAC address of...

Страница 129: ...lementations include an authorization mechanism a password to prevent a router from learning erroneous routes from unauthorized routers To maximize stability the hop count RIP uses to measure distance must have a low maximum value Infinity that is the network is unreachable is defined as 16 hops In other words if a network is more than 16 routers from the source the local router will consider the ...

Страница 130: ...s the router s network can contain subnetted routes other interfaces cannot The router will then advertise only a single route to the network RIP Version 2 Extensions RIP version 2 includes an explicit subnet mask entry so RIP version 2 can be used to propagate variable length subnet addresses or CIDR classless addresses RIP version 2 also adds an explicit next hop entry which speeds convergence a...

Страница 131: ...RIP which will give access to the following menu Figure 8 14 RIP Interface Settings Edit window Refer to the table below for a description of the available parameters for RIP interface settings The following RIP settings can be applied to each IP interface Parameter Description Interface Name The name of the IP interface on which RIP is to be setup This interface must be previously configured on t...

Страница 132: ...entication Toggle between Disabled and Enabled to specify that routers on the network should us the Password above to authenticate router table exchanges Password A password to be used to authenticate communication between routers on the network State Toggle between Disabled and Enabled to disable or enable this RIP interface on the switch Interface Metric A read only field that denotes the Metric...

Страница 133: ...is a specially formatted packet that contains information about all the link states on the router This link state advertisement is flooded to all router in the area Each router that receives the link state advertisement will store the advertisement and then forward a copy to other routers When the link state database of each router is updated the individual routers will calculate a Shortest Path T...

Страница 134: ...ove shows the network from the viewpoint of Router A Router A can reach 192 213 11 0 through Router B with a cost of 10 5 15 Router A can reach 222 211 10 0 through Router C with a cost of 10 10 20 Router A can also reach 222 211 10 0 through Router B and Router D with a cost of 10 5 10 25 but the cost is higher than the route through Router C This higher cost route will not be included in the Rou...

Страница 135: ...re limited to the area that the router is connected to Routers that have connections to more than one area are called Border Routers BR The Border Routers have the responsibility of distributing necessary routing information and changes between areas Areas are specific to the router interface A router that has all of its interfaces in the same area is called an Internal Router A router that has in...

Страница 136: ...area basis Routers in the same area that participate in the routing domain must be configured with the same key This method is possibly vulnerable to passive attacks where a link analyzer is used to obtain the password Backbone and Area 0 OSPF limits the number of link state updates required between routers by defining areas within which a given router operates When more than one area is configure...

Страница 137: ... bandwidth required for link state database updates Designated Router Election The election of the DR and BDR is accomplished using the Hello protocol The router with the highest OSPF priority on a given multi access segment will become the DR for that segment In case of a tie the router with the highest Router ID wins The default OSPF priority is 1 A priority of zero indicates a router that canno...

Страница 138: ...ing router to determine if the packet should be accepted for further processing The format of the OSPP packet header is shown below OSPF Packet Header Type Packet Length Router ID Area ID Checksum Authentication Type Authentication Authentication Version No Figure 8 18 OSPF Packet Header Format Field Description Version No The OSPF version number Type The OSPF packet type The OSPF packet types are...

Страница 139: ...tication Network Mask Hello Interval Options Router Priority Router Dead Interval Designated Router Backup Designated Router Neighbor Figure 8 19 Hello Packet Field Description Network Mask The network mask associated with this interface Options The optional capabilities supported by the router Hello Interval The number of seconds between this router s Hello packets Router Priority This router s R...

Страница 140: ...ptions DD Sequence No Reserved Reserved Link State Advertisement Header I MMS Figure 8 20 Database Description Packet Field Description Options The optional capabilities supported by the router I bit The Initial bit When set to 1 this packet is the first in the sequence of Database Description packets M bit The More bit When set to 1 this indicates that more Database Description packets will follo...

Страница 141: ... Advertising Router Figure 8 21 Link State Request Packet Each advertisement requested is specified by its Link State Type Link State ID and Advertising Router This uniquely identifies the advertisement but not its instance Link State Request packets are understood to be requests for the most recent instance Link State Update Packet Link State Update packets are OSPF packet type 4 These packets im...

Страница 142: ...pe Authentication Authentication Checksum Link State Acknowledgment Packet 5 Link State Advertisement Header Figure 8 23 Link State Acknowledge Packet Each acknowledged link state advertisement is described by its link state advertisement header It contains all the information required to uniquely identify both the advertisement and the advertisement s current instance Link State Advertisement For...

Страница 143: ... Options The optional capabilities supported by the described portion of the routing domain Link State Type The type of the link state advertisement Each link state type has a separate advertisement format The link state type are as follows Router Links Network Links Summary Link IP Network Summary Link ASBR AS External Link Link State ID This field identifies the portion of the internet environme...

Страница 144: ...ts the Link State ID field is set to the router s OSPF Router ID The T bit is set in the advertisement s Option field if and only if the router is able to calculate a separate set of routes for each IP Type of Service TOS Router links advertisements are flooded throughout a single area only Field Description V bit When set the router is an endpoint of an active virtual link that is using the descr...

Страница 145: ...tents again depend on the link s Type field For connections to stub networks it specifies the network s IP address mask For unnumbered point to point connection it specifies the interface s MIB II ifIndex value For other link types it specifies the router s associated IP interface address This latter piece of information is needed during the routing table build process when calculating the IP addr...

Страница 146: ...ts the IP interface address of the Designated Router The distance form the network to all attached routers is zero for all TOS This is why the TOS and metric fields need not be specified in the network links advertisement The format of the Network Links Advertisement is shown below Link State Age Options Link State ID Advertising Router Link State Sequence Number Link State Checksum Length Network...

Страница 147: ...y Link Advertisements For stub area Type 3 summary link advertisements can also be used to describe a default route on a per area basis Default summary routes are used in stub area instead of flooding a complete set of external routes When describing a default summary route the advertisement s Link State ID is always set to the Default Destination 0 0 0 0 and the Network Mask is set to 0 0 0 0 Sep...

Страница 148: ...dvertising Router Link State Sequence Number Link State Checksum Length Network Mask TOS Metric AS External Link Advertisements 5 Forwarding Address External Route Tag E Figure 8 28 AS External Link Advertisements Field Description Network Mask The IP address mask for the advertised destination E bit The type of external metric If the E bit is set the metric specified is a Type 2 external metric T...

Страница 149: ...n use by the Switch This Route ID is displayed as a convenience to the user when changing the Switch s OSPF Route ID State Allows OSPF to be enabled or disabled globally on the Switch without changing the OSPF configuration OSPF Area Setting This menu allows the configuration of OSPF Area IDs and to designate these areas as either Normal or Stub Normal OSPF areas allow Link State Database LSDB adv...

Страница 150: ...lows Parameter Description Area ID A 32 bit number in the form of an IP address xxx xxx xxx xxx that uniquely identifies the OSPF area in the OSPF domain Type This field can be toggled between Normal and Stub using the space bar When it is toggled to Stub additional fields appear Stub Import Summary LSA and the Stub Default Cost Stub Import Summary LSA Displays whether or not the selected Area wil...

Страница 151: ...e interface to see the configuration menu for that interface Figure 8 32 OSPF Interface Settings window Figure 8 33 OSPF Interface Settings Edit window Configure each IP interface individually using the OSPF Interface Settings Edit menu Click the Apply button when you have entered the settings The new configuration appears listed in the OSPF Interface Settings table To return to the OSPF Interface...

Страница 152: ... the entry of an 8 character password that must be the same as a password configured on a neighbor OSPF router MD5 uses a cryptographic key entered in the MD5 Key Table Configuration menu When MD5 is selected the Auth Key ID field allows the specification of the Key ID as defined in the MD5 configuration above This must be the same MD5 Key as used by the neighboring router Password Auth Key ID Ent...

Страница 153: ...k the Add button A new menu appears see below To change an existing configuration click on the hyperlinked Transit Area ID for the set you want to change The menu to modify an existing set is the same as the menu used to add a new one To eliminate an existing configuration click the in the Delete column Figure 8 34 OSPF Virtual Interface Settings The status of the virtual interface appears Up or D...

Страница 154: ...This field is fixed at 1 second RetransInterval The number of seconds between link state advertisement retransmissions for adjacencies belonging to this virtual link This field is fixed at 5 seconds Click Apply to implement changes made NOTE For OSPF to function properly some settings should be identical on all participating OSPF devices These settings include the Hello Interval and Dead Interval ...

Страница 155: ...on which is set at Summary Advertisement Select Enabled or Disabled to determine whether the selected OSPF Area will advertise it s summary LSDB Network Number and Network Mask Click Apply to implement changes made OSPF Host Route Settings OSPF host routes work in a way analogous to RIP only this is used to share OSPF information with other OSPF routers This is used to work around problems that mi...

Страница 156: ...ted in the OSPF Host Route Settings list To view the previous window click the Show All OSPF Host Route Entries link to return to the previous window The following fields are configured for OSPF host route Parameter Description Host Address The IP address of the OSPF host Metric A value between 1 and 65535 that will be advertised for the route Area ID A 32 bit number in the form of an IP address x...

Страница 157: ...ocess the value in the seconds field of the BOOTP or DHCP packet If a non zero value is entered the Switch will use that value along with the hop count to determine whether to forward a given BOOTP or DHCP packet DHCP Agent Information Option 82 State This field can be toggled between Enabled and Disabled using the pull down menu It is used to enable or disable the DHCP Agent Information Option 82...

Страница 158: ... be retained if the option 82 field already exists in the packet received from the DHCP client Click Apply to implement any changes that have been made NOTE If the Switch receives a packet that contains the option 82 field from a DHCP client and the information checking feature is enabled the Switch drops the packet because it is invalid However in some instances users may configure a client with ...

Страница 159: ...ed Switch Remote ID sub option format 1 2 3 4 5 2 8 0 6 MAC address 1 byte 1 byte 1 byte 1 byte 6 bytes 1 Sub option type 2 Length 3 Remote ID type 4 Length 5 MAC address The Switch s system MAC address Figure 8 43 Circuit ID and Remote ID Sub option Format 144 ...

Страница 160: ...window once the user clicks the Add button under the Apply heading The user may add up to four server IPs per IP interface on the Switch Entries may be deleted by clicking it s corresponding To enable and configure DHCP BOOTP Relay Global Settings on the Switch click L3 Features DHCP BOOTP Relay DHCP BOOTP Relay Interface Settings Figure 8 44 DHCP BOOTP Relay Interface Settings and DHCP BOOTP Rela...

Страница 161: ...pecifying whether the domain name system should do the entire name translation or simply return the address of the next DNS server if the server receiving the query cannot resolve the name When a DNS server receives a query it checks to see if the name is in its sub domain If it is the server translates the name and appends the answer to the query and sends it back to the client If the DNS server ...

Страница 162: ...een Disabled and Enabled This determines if the static DNS table will be used or not Click Apply to implement changes made DNS Relay Static Settings To view the DNS Relay Static Settings click L3 Features DNS Relay DNS Relay Static Settings which will open the DNS Relay Static Settings window as seen below Figure 8 46 DNS Relay Static Settings To add an entry into the DNS Relay Static Table simply...

Страница 163: ... and the connection is kept alive regardless of the point of failure To configure VRRP for virtual routers on the Switch an IP interface must be present on the system and it must be a part of a VLAN VRRP IP interfaces may be assigned to every VLAN and therefore IP interface on the Switch VRRP routers within the same VRRP group must be consistent in configuration settings for this protocol to funct...

Страница 164: ...VRRP entry Delete Click the to delete this VRRP entry Click the Add button to display the following window to configure a VRRP interface Figure 8 49 VRRP Virtual Router Settings Add Or the user may click the hyperlinked Interface Name to view the same window The following parameters may be set to configure an existing or new VRRP interface Parameter Description Interface Name Enter the name of a p...

Страница 165: ...ter router A True entry along with having the backup router s priority set higher than the masters priority will set the backup router as the Master router A False entry will disable the backup router from becoming the Master router This setting must be consistent with all routers participating within the same VRRP group The default setting is True Critical IP Address Enter the IP address of the p...

Страница 166: ... states include Initialize Master and Backup Admin State Displays the current state of the router Up will be displayed if the virtual router is enabled and Down if the virtual router is disabled Priority Displays the priority of the virtual router A higher priority will increase the probability that this router will become the Master router of the group A lower priority will increase the probabili...

Страница 167: ...pe Specifies the type of authentication used The Authentication Type must be consistent with all routers participating within the VRRP group The choices are None Selecting this parameter indicates that VRRP protocol exchanges will not be authenticated Simple Selecting this parameter will require the user to set a simple password in the Auth Data field for comparing VRRP message packets received by...

Страница 168: ...work IGMP Versions 1 and 2 Multicast groups allow members to join or leave at any time IGMP provides the method for members and multicast routers to communicate when joining or leaving a multicast group IGMP version 1 is defined in RFC 1112 It has a fixed packet size and no optional data The format of an IGMP packet is shown below Figure 8 53 IGMP Message Format The IGMP Type codes are shown below...

Страница 169: ...s is done through the implementation of include and exclude filters used to accept or deny traffic from these specific sources In IGMP v2 Membership reports could contain only one multicast group whereas in v3 these reports can contain multiple multicast groups and multiple sources within the multicast group Leaving a multicast group could only be accomplished using a specific leave message in v2 ...

Страница 170: ...s received and the filter mode is include the Switch presumes that traffic from the source is no longer wanted on the attached network and the source record list is then deleted after all source timers expire If there is no source list record in the multicast group the multicast group will be deleted from the Switch Timers are also used for IGMP version 1 and 2 members which are a part of a multic...

Страница 171: ...onfigured IP interface IP Address Displays the IP address corresponding to the IP interface name above Version Enter the IGMP version 1 2 or 3 that will be used to interpret IGMP queries on the interface Query Interval Allows the entry of a value between 1 and 31744 seconds with a default of 125 seconds This specifies the length of time between sending IGMP queries Max Response Time Sets the maxim...

Страница 172: ...multicast was received over the shortest path then the adjacent router enters the information into its tables and forwards the message If the message is not received on the shortest path back to the source the message is dropped Route cost is a relative number that is used by DVMRP to calculate which branches of a multicast delivery tree should be pruned The cost is relative to other costs assigne...

Страница 173: ...oison route messages The default is 35 seconds Probe Interval 1 65535 This field allows an entry between 1 and 65 535 seconds and defines the interval between probes The default is 10 Metric 1 31 This field allows an entry between 1 and 31 and defines the route cost for the IP interface The DVMRP route cost is a relative number that represents the real cost of using this route in the construction ...

Страница 174: ...nly join or be pruned from a multicast group through the use of Join Prune Messages exchanged between the DR and RP Join Prune Messages are packets relayed between routers that effectively state which interfaces are or are not to be receiving multicast data These messages can be configured for their frequency to be sent out on the network and are only valid to routers if a Hello packet has first b...

Страница 175: ...o all interfaces and then either waiting for a timer to expire the Join Prune Interval or for the downstream routers to transmit explicit prune messages indicating that there are no multicast members on their respective branches PIM DM then removes these branches prunes them from the multicast delivery tree Because a member of a pruned branch of a multicast delivery tree may want to join a multica...

Страница 176: ...ty as the Designated Router DR on the PIM enabled network The user may state an interval time between 1 18724 seconds with a default interval time of 30 seconds Join Prune Interval This field will set the interval time between the sending of Join Prune packets stating which multicast groups are to join the PIM enabled network and which are to be removed or pruned from that group The user may state...

Страница 177: ...escription Hash Mask Len Enter a hash mask length which will be used with the IP address of the candidate RP and the multicast group address to calculate the hash algorithm used by the router to determine which C RP on the PIM SM enabled network will be the RP The user may select a length between 0 32 with a default setting of 30 Bootstrap Period Enter a time period between 1 255 to determine the ...

Страница 178: ...op router from entering the SPT The default setting is 0 RP SPT Threshold This field is to be configured for the RP of the distribution tree When the amount of register packets per second reaches the configured threshold it will trigger the RP to switch to an SPT between the RP and the first hop router The user may enter a value between 0 256 packets per second 0 will denote that the RP will immed...

Страница 179: ...e immediately removed from CRP status on the PIM SM network Priority Enter a priority value to determine which CRP will become the RP for the distribution tree This priority value will be included in the router s CRP advertisements A lower value means a higher priority yet if there is a tie for the highest priority the router having the higher IP address will become the RP The user may set a prior...

Страница 180: ... This window is used to set a first hop router to create checksums to be included with the data in Registered packets To view this window click Configuration Layer 3 IP Networking IP Multicast Routing Protocol PIM Protocol PIM Register Checksum Settings Figure 8 69 PIM Register Checksum Include Data RP List Settings window To configure the settings for this window click the Add button which will r...

Страница 181: ...ttings for this window and set this router as the Static RP click the Add button which will reveal the following window for the administrator to configure Figure 8 72 PIM Static RP Settings Add window The following fields can be set Parameter Description Group Address Enter the multicast group IP address to identify who is the RP This address must be a class D address Group Mask Enter the mask for...

Страница 182: ...ndard that allows network administrators a method of reserving bandwidth for important functions that require a large bandwidth or have a high priority such as VoIP voice over Internet Protocol web browsing applications file server applications or video conferencing Not only can a larger bandwidth be created but other less critical traffic can be limited so excessive bandwidth can be saved The Swi...

Страница 183: ...priority tags as follows Priority 0 is assigned to the Switch s Q2 queue Priority 1 is assigned to the Switch s Q0 queue Priority 2 is assigned to the Switch s Q1 queue Priority 3 is assigned to the Switch s Q3 queue Priority 4 is assigned to the Switch s Q4 queue Priority 5 is assigned to the Switch s Q5 queue Priority 6 is assigned to the Switch s Q6 queue Priority 7 is assigned to the Switch s ...

Страница 184: ...nd transmitting packets No Limit This drop down menu allows you to specify that the selected port will have no bandwidth limit Enabled disables the limit Rate This field allows you to enter the data rate in Kbits per second that will be the limit for the selected port The value must be a multiple of 64 between 64 and 1000000 Click Apply to set the bandwidth control for the selected ports Results o...

Страница 185: ...ak demand as bottlenecks can quickly develop if the QoS settings are not suitable In the QoS folder click QoS Scheduling Mechanism to view the window shown below Figure 9 3 QoS Output Scheduling window The Scheduling Mechanism has the following parameters Parameter Description Strict The highest class of service is the first to process traffic That is the highest class of service will finish befor...

Страница 186: ...ustomize this setting it is important to monitor network performance especially during peak demand as bottlenecks can quickly develop if the QoS settings are not suitable In the QoS folder click QoS Output Scheduling to view the screen shown below Figure 9 4 QoS Output Scheduling window The following values may be assigned to the QoS classes to set the scheduling Parameter Description Max Packets ...

Страница 187: ...ort on the Switch In the QoS folder click 802 1p Default Priority to view the window shown below Figure 9 5 802 1p Default Priority Settings window This window allows you to assign a default 802 1p priority to any given port on the Switch The priority queues are numbered from 0 the lowest priority to 7 the highest priority Click Apply to implement your settings 172 ...

Страница 188: ...re will be an overflow of packets entering the QoS queues and consequentially minimize the packet flow into these queues by dropping random packets WRED employs two methods of avoiding congestion within the QoS queue 1 Every QoS queue has a minimum and a maximum level for acceptance of packets Once the maximum threshold has been reached for this queue the switch will begin discarding all ingress p...

Страница 189: ...eue or port The user may choose All Parameters which will allow the user to configure Drop Start Drop Slope and Average Time simultaneously for a desired CoS queue or select a specific parameter only to be configured These parameters can be configured in the following three fields Drop Start Select a percentage between 0 and 100 to initialize the discarding of random packets This percentage is bas...

Страница 190: ...ring the criteria the Switch will use to determine what to do with the frame The entire process is described below in two parts To display the currently configured Access Profiles on the Switch open the ACL folder and click the Access Profile Table link This will open the Access Profile Table page as shown below Figure 10 1 Access Profile Table To add an entry to the Access Profile Table click the...

Страница 191: ... Select IP to instruct the Switch to examine the IP address in each frame s header Select Packet Content Mask to specify a mask to hide the content of the packet header VLAN Selecting this option instructs the Switch to examine the VLAN identifier of each packet header and use this as the full or partial criterion for forwarding Source MAC Source MAC Mask Enter a MAC address mask for the source MA...

Страница 192: ...for the type of profile Select Ethernet to instruct the Switch to examine the layer 2 part of each packet header Select IP to instruct the Switch to examine the IP address in each frame s header Select Packet Content Mask to specify a mask to hide the content of the packet header VLAN Selecting this option instructs the Switch to examine the VLAN part of each packet header and use this as the or p...

Страница 193: ...r may also identify which flag bits to filter Flag bits are parts of a packet that determine what to do with the packet The user may filter packets by filtering certain flag bits within the packets by checking the boxes corresponding to the flag bits of the TCP field The user may choose between urg urgent ack acknowledgement psh push rst reset syn synchronize fin finish src port mask Specify a TCP...

Страница 194: ...ording to the requirements for the type of profile Select Ethernet to instruct the Switch to examine the layer 2 part of each packet header Select IP to instruct the Switch to examine the IP address in each frame s header Select Packet Content Mask to specify a mask to hide the content of the packet header Offset This field will instruct the Switch to mask the packet header beginning with the offs...

Страница 195: ...ess Profile Table window To create a new rule set for an access profile click the Add button To remove a previously created rule click the corresponding button Figure 10 6 Access Rule Table Click Add Rule to add a new Rule for an existing profile The Access Rule Configuration window will appear To remove a previously created rule select it and click the button To add a new Access Rule click the Ad...

Страница 196: ...tomatically assign an Access ID for the rule being created Type Selected profile based on Ethernet MAC Address IP address Packet Content Mask Ethernet instructs the Switch to examine the layer 2 part of each packet header IP instructs the Switch to examine the IP address in each frame s header Packet Content Mask instructs the Switch to examine the packet header Priority 0 7 This parameter is spec...

Страница 197: ...r may choose any combination of letters and numbers ranging from a f and from 0 9999 Port The Access Rule may be configured on a per port basis by entering the port number of the switch in the switch stack into this field When a range of ports is to be configured the Auto Assign check box MUST be clicked in the Access ID field of this window If not the user will be presented with an error message ...

Страница 198: ...ield will instruct the Switch to automatically assign an Access ID for the rule being created Type Selected profile based on Ethernet MAC Address IP address or Packet Content Mask Ethernet instructs the Switch to examine the layer 2 part of each packet header IP instructs the Switch to examine the IP address in each frame s header Packet Content Mask instructs the Switch to examine the packet head...

Страница 199: ...ws the user to modify the protocol used to configure the Access Rule Table depending on which protocol the user has chosen in the Access Profile Table Port The Access Rule may be configured on a per port basis by entering the port or range of ports When a range of ports is to be configured the Auto Assign check box MUST be clicked in the Access ID field of this window If not the user will be prese...

Страница 200: ...nt Mask adjust the following parameters and click Apply Parameter Description Profile ID This is the identifier number for this profile set Mode Select Permit to specify that the packets that match the access profile are forwarded by the Switch according to any additional rule added see below Select Deny to specify that packets that match the access profile are not forwarded by the Switch and will...

Страница 201: ...therwise a packet will have its incoming 802 1p user priority re written to its original value before being forwarded by the Switch For more information on priority queues CoS queues and mapping for 802 1p see the QoS section of this manual Offset This field will instruct the Switch to mask the packet header beginning with the offset value specified value 0 15 Enter a value in hex form to mask the...

Страница 202: ...xStack DES 3800 Series Layer 3 Stackable Fast Ethernet Managed Switch Figure 10 14 Access Rule Display window Packet Content Mask 187 ...

Страница 203: ... destination address The second part is entering the criteria the Switch will use to determine what to do with the frame The entire process is described below CPU Interface Filtering Profile Table Click ACL CPU Interface Filtering CPU Interface Filtering Table to display the CPU Access Profile Table entries created on the Switch To view the configurations for an entry click the hyperlinked Profile...

Страница 204: ...ne the IP address in each frame s header Select Packet Content Mask to specify a mask to hide the content of the packet header VLAN Selecting this option instructs the Switch to examine the VLAN identifier of each packet header and use this as the full or partial criterion for forwarding Source MAC Source MAC Mask Enter a MAC address mask for the source MAC address Destination MAC Destination MAC ...

Страница 205: ...ess in each frame s header Select Packet Content Mask to specify a mask to hide the content of the packet header VLAN Selecting this option instructs the Switch to examine the VLAN part of each packet header and use this as the or part of the criterion for forwarding Source IP Mask Enter an IP address mask for the source IP address Destination IP Mask Enter an IP address mask for the destination I...

Страница 206: ...ing certain flag bits within the packets by checking the boxes corresponding to the flag bits of the TCP field The user may choose between urg urgent ack acknowledgement psh push rst reset syn synchronize fin finish src port mask Specify a TCP port mask for the source port in hex form hex 0x0 0xffff which you wish to filter dest port mask Specify a TCP port mask for the destination port in hex for...

Страница 207: ... the menu according to the requirements for the type of profile Select Ethernet to instruct the Switch to examine the layer 2 part of each packet header Select IP to instruct the Switch to examine the IP address in each frame s header Select Packet Content Mask to specify a mask to hide the content of the packet header Offset This field will instruct the Switch to mask the packet header beginning ...

Страница 208: ...ding Modify button of the entry to configure Ethernet IP or Packet Content Mask Figure 10 20 CPU Interface Filtering Rule Table Click the Add Rule button to continue on to the CPU Interface Filtering Rule Table window A new and unique window for Ethernet IP and Packet Content will open as shown in the examples below To change a rule for a previously created CPU Access Profile Rule In this window t...

Страница 209: ... examine the layer 2 part of each packet header IP instructs the Switch to examine the IP address in each frame s header Packet Content Mask instructs the Switch to examine the packet header VLAN Name Allows the entry of a name for a previously configured VLAN Source MAC Source MAC Address Enter a MAC Address for the source MAC address Destination MAC Destination MAC Address Enter a MAC Address ma...

Страница 210: ...wing window is the CPU Interface Filtering Rule Table for IP Figure 10 23 CPU Interface Filtering Rule Table IP To create a new rule set for an access profile click the Add button A new window is displayed To remove a previously created rule click the corresponding button The following window is used for the CPU IP Rule configuration 195 ...

Страница 211: ...rt of each packet header IP instructs the Switch to examine the IP address in each frame s header Packet Content Mask instructs the Switch to examine the packet header VLAN Name Allows the entry of a name for a previously configured VLAN Source IP Source IP Address Enter an IP Address mask for the source IP address Destination IP Destination IP Address Enter an IP Address mask for the destination ...

Страница 212: ...ace Filtering Rule Display IP The following window is the CPU Interface Filtering Rule Table for Packet Content Figure 10 26 CPU Interface Filtering Rule Table Packet Content To remove a previously created rule select it and click the button To add a new CPU Access Rule click the Add button 197 ...

Страница 213: ... be set from 1 65535 Type Selected profile based on Ethernet MAC Address IP address or Packet Content Ethernet instructs the Switch to examine the layer 2 part of each packet header IP instructs the Switch to examine the IP address in each frame s header Packet Content Mask instructs the Switch to examine the packet header Offset This field will instruct the Switch to mask the packet header beginn...

Страница 214: ...3 Stackable Fast Ethernet Managed Switch To view the settings of a previously correctly configured rule click in the Access Rule Table to view the following screen Figure 6 52 CPU Interface Filtering Rule Display Packet Content 199 ...

Страница 215: ...drop packets coming into the Switch until the storm has subsided This method can be utilized by selecting the Drop option of the Action field in the window below The Switch will also scan and monitor packets coming into the Switch by monitoring the Switch s chip counter This method is only viable for Broadcast and Multicast storms because the chip only has counters for these two types of packets O...

Страница 216: ...om the Switch s chip to determine if a Packet Storm is occurring Port List Select the ports to be manually recovered from the Shutdown state Threshold Specifies the maximum number of packets per second that will trigger the Traffic Control function to commence The configurable threshold range is from 0 255000 with a default setting of 128000 Time Interval The Interval will set the time between Mul...

Страница 217: ...are set for Link Aggregation Port Trunking NOTE Ports that are in the Shutdown forever mode will be seen as Discarding in Spanning Tree windows and implementations though these ports will still be forwarding BPDUs to the Switch s CPU NOTE Ports that are in Shutdown Forever mode will be seen as link down in all windows and screens until the user recovers these ports 202 ...

Страница 218: ...igure 11 1 Port Security Settings window The following parameters can be set Parameter Description From To A consecutive group of ports may be configured starting with the selected port Admin State This pull down menu allows you to enable or disable Port Security locked MAC address table for the selected ports Max Learning Addr 0 16 The number of MAC addresses that will be in the MAC address forwa...

Страница 219: ...te heading of the corresponding MAC address to be deleted Click the Next button to view the next page of entries listed in this table This window displays the following information Parameter Description VID The VLAN ID of the entry in the forwarding database table that has been permanently learned by the Switch VLAN NAME The VLAN Name of the entry in the forwarding database table that has been per...

Страница 220: ... Protocol over LAN EAPOL packets between the Client and the Server The following figure represents a basic EAPOL packet Figure 11 3 The EAPOL Packet Utilizing this method unauthorized devices are restricted from connecting to a LAN through a port to which the user is connected EAPOL packets are the only traffic that can be transmitted through the specific port until authorization is granted The 80...

Страница 221: ...rvices Figure 11 5 The Authentication Server Authenticator The Authenticator the Switch is an intermediary between the Authentication Server and the Client The Authenticator servers two purposes when utilizing 802 1x The first purpose is to request certification information from the Client through EAPOL packets which is the only information allowed to pass through the Authenticator before access i...

Страница 222: ...on is made This port is locked until the point when a Client with the correct username and password and MAC address if 802 1x is enabled by MAC address is granted access and therefore successfully unlocks the port Once unlocked normal traffic is allowed to pass through the port The following figure displays a more detailed explanation of how the authentication process is completed between the thre...

Страница 223: ...the Port Based Network Access Control Port Based Network Access Control 802 1X Client 802 1X Client 802 1X Client 802 1X Client 802 1X Client 802 1X Client 802 1X Client 802 1X Client 802 1X Client Network access controlled port Network access uncontrolled port RADIUS Server Ethernet Switch Figure 11 9 Example of Typical Port Based Configuration Once the connected device has successfully been auth...

Страница 224: ... order to successfully make use of 802 1X in a shared media LAN segment it would be necessary to create logical Ports one for each attached device that required access to the LAN The Switch would regard the single physical Port connecting it to the shared media segment as consisting of a number of distinct logical Ports each logical Port being independently controlled from the point of view of EAP...

Страница 225: ...eter To configure the 802 1X Authenticator Settings click Security Configure 802 1X Authenticator Parameter Figure 11 11 802 1X Authenticator Settings window To configure the settings by port click on the hyperlinked port number under the Port heading which will display the following table to configure 210 ...

Страница 226: ...f forceUnauthorized is selected the port will remain in the unauthorized state ignoring all attempts by the client to authenticate The Switch cannot provide authentication services to the client through the interface If Auto is selected it will enable 802 1X and cause the port to begin in the unauthorized state allowing only EAPOL frames to be sent and received through the port The authentication ...

Страница 227: ...ermines whether regular reauthentication will take place on this port The default setting is Disabled Capability This allows the 802 1x Authenticator settings to be applied on a per port basis Select Authenticator to apply the settings to the port When the setting is activated A user must pass the authentication process to gain access to the network Select None disable 802 1x functions on the port...

Страница 228: ...horized Unauthorized or N A Initializing Ports for MAC Based 802 1x To initialize ports for the MAC side of 802 1x the user must first enable 802 1x by MAC address in the Advanced Settings window Click Security 802 1X Initialize Port s to open the following window Figure 11 14 Initialize Ports MAC based 802 1x To initialize ports first choose the switch in the switch stack by using the Unit pull d...

Страница 229: ...t resides Auth PAE State The Authenticator State will display one of the following Initialize Disconnected Connecting Authenticating Authenticated Aborting Held ForceAuth ForceUnauth and N A BackendState The Backend State will display one of the following Request Response Success Fail Timeout Idle Initialize and N A PortStatus The status of the controlled port can be Authorized Unauthorized or N A...

Страница 230: ...Authentic RADIUS Server window This window displays the following information Parameter Description Succession Choose the desired RADIUS server to configure First Second or Third RADIUS Server Set the RADIUS server IP Authentic Port Set the RADIUS authentic server s UDP port The default port is 1812 Accounting Port Set the RADIUS account server s UDP port The default port is 1813 Key Set the key t...

Страница 231: ...ng services on the Switch will need to be authenticated by a remote RADIUS Server or local authentication on the Switch to be placed in a fully operational VLAN If authenticated and the authenticator posseses the VLAN placement information that client will be accepted into the fully operational target VLAN and normal switch functions will be open to the client If the authenticator does not have ta...

Страница 232: ... and click on the Trusted Host link the following window will appear Figure 11 20 Security IP Management window Use the Security IP Management to permit remote stations to manage the Switch If you choose to define one or more designated management stations only the chosen stations as defined by IP address will be allowed management privilege through the web manager or Telnet session To define a ma...

Страница 233: ...n the Switch The server will not accept the username and password and the user is denied access to the Switch The server doesn t respond to the verification query At this point the Switch receives the timeout from the server and then moves to the next method of verification configured in the method list The Switch has four built in Authentication Server Groups one for each of the TACACS XTACACS TA...

Страница 234: ...r user authentication upon login To access the following window click Security Access Authentication Control Authentication Policy and Parameter Settings This window is used to configure switch configuration applications console Telnet SSH web for login at the user level and at the administration level Enable Admin utilizing a previously configured method list To view the following window click Se...

Страница 235: ... To add an Authentication Server Host to the list enter its IP address in the IP Address field choose the protocol associated with the IP address of the Authentication Server Host and click Add to Group to add this Authentication Server Host to the group Figure 11 Add a Server Host to Server Group RADIUS window 24 To add a user defined group to the list click the Add button in the Authentication S...

Страница 236: ...ssage to the Switch More than one authentication protocol can be run on the same physical server host but remember that TACACS XTACACS TACACS RADIUS are separate entities and are not compatible with each other The maximum supported number of server hosts is 16 To view the following window click Security Access Authentication Control Authentication Server Host Figure 11 2 Authentication Server Host...

Страница 237: ...ol can be run on the same physical server host but remember that TACACS XTACACS TACACS are separate entities and are not compatible with each other Login Method Lists This command will configure a user defined or default Login Method List of authentication techniques for users logging on to the Switch The sequence of techniques implemented in this command will affect the authentication result For ...

Страница 238: ... The user may add one or a combination of up to four of the following authentication methods to this method list tacacs Adding this parameter will require the user to be authenticated using the TACACS protocol from a remote TACACS server xtacacs Adding this parameter will require the user to be authenticated using the XTACACS protocol from a remote XTACACS server tacacs Adding this parameter will ...

Страница 239: ...irst TACACS host in the server group If no verification is found the Switch will send an authentication request to the second TACACS host in the server group and so on until the list is exhausted At that point the Switch will restart the same sequence with the following protocol listed XTACACS If no authentication takes place using the XTACACS list the Local Enable password set in the Switch is us...

Страница 240: ...l Enable Password must set the local enable password none Adding this parameter will require an authentication to access the Switch radius Adding this parameter will require the user to be authenticated using the RADIUS protocol from a remote RADIUS server tacacs Adding this parameter will require the user to be authenticated using the TACACS protocol from a remote TACACS server xtacacs Adding thi...

Страница 241: ...ew Local Enabled field will result in a fail message Enable Admin Figure 11 36 Enable Admin Screen The Enable Admin window is for users who have logged on to the Switch on the normal user level and wish to be promoted to the administrator level After logging on to the Switch users will have only user level privileges To gain access to administrator level privileges the user will open this window a...

Страница 242: ...n enabled the Switch will send informational packets to a remote RADIUS server when a user either logs in logs out or times out on the Switch using the console Telnet or SSH System When enabled the Switch will send informational packets to a remote RADIUS server when system events occur on the Switch such as a system reset or system boot Remember this feature will not work properly unless a RADIUS...

Страница 243: ...ch port on a given switch will be allowed to forward packets to other ports on that switch Select a port number from the drop down menu and click View display the forwarding ports To configure new forwarding ports for a particular port select a port from the drop down menu and click Setup The window shown below will appear Figure 11 4 Setup Forwarding Ports window 0 The user may set the following ...

Страница 244: ... uniquely assembled in four choices on the Switch to create a three layered encryption code for secure communication between the server and the host The user may implement any one or combination of the ciphersuites available yet different ciphersuites will affect the security level and the performance of the secured connection The information included in the ciphersuites is not included with the S...

Страница 245: ... file to download This file must have a der extension Ex c pkey der To set up the SSL function on the Switch configure the following parameters and click Apply Parameter Description Configuration SSL Status Use the pull down menu to enable or disable the SSL status on the switch The default is Disabled Cache Timeout 60 86400 This field will set the time between a new key exchange between a client ...

Страница 246: ...ombines the RSA Export key exchange and stream cipher RC4 encryption with 40 bit keys Use the pull down menu to enable or disable this ciphersuite This field is Enabled by default NOTE Certain implementations concerning the function and configuration of SSL are not available on the web based management of this Switch and need to be configured using the command line interface For more information o...

Страница 247: ...ified authorization method to identify users that are allowed to establish SSH connections with the Switch using the SSH User Authentication window There are three choices as to the method SSH will use to authorize the user which are Host Based Password and Public Key 3 Configure the encryption algorithm that SSH will use to encrypt and decrypt messages sent between the SSH client and the SSH serv...

Страница 248: ... Settings Password This parameter may be enabled if the administrator wishes to use a locally configured password for authentication on the Switch The default is Enabled Public Key This parameter may be enabled if the administrator wishes to use a public key configuration set on a SSH server for authentication on the Switch The default is Enabled Host based This parameter may be enabled if the adm...

Страница 249: ...Enabled Twofish256 Use the pull down to enable or disable the twofish256 encryption algorithm The default is Enabled Data Integrity Algorithm HMAC SHA1 Use the pull down to enable or disable the HMAC Hash for Message Authentication Code mechanism utilizing the Secure Hash algorithm The default is Enabled Use the pull down to enable or disable the HMAC Hash for Message Authentication Code mechanism...

Страница 250: ...he Switch will prompt the administrator for a password and then to re type the password for confirmation Public Key This parameter should be chosen if the administrator wishes to use the publickey on a SSH server for authentication Host Name Enter an alphanumeric string of no more than 32 characters to identify the remote SSH user This parameter is only used in conjunction with the Host Based choi...

Страница 251: ...s can be manually configured by CLI or Web The function is port based meaning a user can enable or disable the function on the individual port ACL Mode Due to some special cases that have arisen with the IP MAC binding this Switch has been equipped with a special ACL Mode for IP MAC Binding which should alleviate this problem for users When enabled in the IP MAC Binding Port window the Switch will...

Страница 252: ...and clicking Find Figure 11 4 Access Rule Table for IP MAC Binding rule 8 NOTE When configuring the ACL mode function of the IP MAC binding function please pay close attention to previously set ACL entries Since the ACL mode entries will fill the first two available access profiles and access profile IDs denote the ACL priority the ACL mode entries may take precedence over other configured ACL ent...

Страница 253: ...hanges Figure 11 4 IP MAC Binding Ports window 9 The following fields can be set or modified Parameter Description ACL Mode This field will enable and disable the ACL mode for IP MAC binding on the Switch without altering previously set configurations When enabled the Switch will automatically create two ACL packet content mask entries which will aid the user in processing certain IP MAC binding e...

Страница 254: ...ameter Description IP Address Enter the IP address to bind to the MAC address set below MAC Address Enter the MAC address to bind to the IP Address set above All Ports Click this check box to configure this IP MAC binding entry IP Address MAC Address for all ports on the Switch Ports Specify the switch ports for which to configure this IP MAC binding entry IP Address MAC Address Click the All chec...

Страница 255: ...the IP MAC Blocked folder on the Configuration menu to open the IP MAC Binding Blocked window Figure 11 5 IP MAC Binding Blocked window 1 To find an unauthorized device that has been blocked by the IP MAC binding restrictions enter the VLAN name and MAC Address in the appropriate fields and click Find To delete an entry click the delete button next to the entry s MAC address To delete all the entr...

Страница 256: ... Multicast Range 2 To configure Limited IP Multicast Range 1 Choose the port or sequential range of ports using the From To port pull down menus 2 Use the remaining pull down menus to configure the parameters described below Parameter Description State Toggle the State field to either Enabled or Disabled for a given port or group of ports where access is to be either permitted or denied From Multi...

Страница 257: ...LAN and any other clients on that port will be automatically authenticated to access the specified Redirection Path URL as well as the authenticated client To the right there is an example of the basic six step process all parties of the authentication go through for a successful Web based Access Control process Conditions and Limitations 1 The subnet of the authentication VLAN s IP interface must...

Страница 258: ...uthenticating method for users trying to access the network via the switch This is in fact the username and password to access the Switch configured using the User Account Creation screen seen below radius Choose this parameter to use a remote RADIUS server as the authenticating method for users trying to access the network via the switch This RADIUS server must have already been pre assigned by t...

Страница 259: ...e stated web page If the client does not reach this web page yet does not receive a Fail message the client will already be authenticated and therefore should refresh the current browser window or attempt to open a different web page To view Web based Access Control status of individual ports click the Show port state link to open the window seen below Figure 11 54 Web based Access Control Port St...

Страница 260: ... Click the Link button to map the user name and VLAN stated in the previous 2 fields Users will be linked directly to the VLAN upon successful authentication User List This section displays users and their associated VLAN configured for Web based Access Control Click the corresponding to delete the user The following window displays the Authentication Login screens that guest users will be prompte...

Страница 261: ...ed Switch NOTE The previous logout screen may have some usage problems when using Netscape 7 0 If the port where Web Access Control is preset to be moved to a VLAN without an IPIF interface the previous logout screen may also not be presented when logging in 246 ...

Страница 262: ...as been discovered by the Switch through ARP or DHCP packets the Switch will then query the remote RADIUS server with this potential MAC address using a RADIUS Access Request packet If a match is made with this MAC address the RADIUS server will return a notification stating that the MAC address has been accepted and is to be placed in the target VLAN If the VID for the target VLAN is not found by...

Страница 263: ...onfigured on the Switch Password Enter the password for the RADIUS server which is to be used for packets being sent requesting authentication The default password is default Guest VLAN Name Displays the name of the previously configured Guest VLAN being used for this function Clicking the hyperlinked name will send the web manager to Guest VLAN configuration screen for MAC Based Authentication Gu...

Страница 264: ...Security folder then the MAC Based Access Control folder and click the MAC Based Access Control Port Setting link Figure 11 6 MAC Based Access Control Port Setting and State Table 0 To configure a port or range of ports for the MAC Based Access Control feature use the From and To pull down menus to choose the ports and then use the State pull down menu to enable them To view the MAC address authen...

Страница 265: ...figured here To view this window open the Security folder then the MAC Based Access Control folder and click the MAC Based Access Control Local Database Settings link Figure 11 62 MAC Based Access Control Local Database Settings To add a MAC address to the local authentication list enter the MAC address and the target VLAN name into their appropriate fields and click Add To change a MAC address or...

Страница 266: ...the checking shows that there continues to be too many packets flooding the Switch it will stop accepting all ARP and IP broadcast packets for double the time of the previous stop period This doubling of time for stopping ingress ARP and IP broadcast packets will continue until the maximum time has been reached which is 320 seconds and every stop from this point until a return to normal ingress fl...

Страница 267: ... Toggle the State field to either Enabled or Disabled for the Safeguard Engine of the Switch Rising Threshold Used to configure the acceptable level of CPU utilization before the Safeguard Engine mechanism is enabled Once the CPU utilization reaches this percentage level the Switch will move into the Exhausted state Falling Threshold Used to configure the acceptable level of CPU utilization as a p...

Страница 268: ...Control MAC Address Table IP Address Table Browse Routing Table Browse ARP Table Browse IP Multicast Forwarding Table IGMP Snooping Group IGMP Snooping Forwarding Browse IGMP Group Table DVMRP Monitor OSPF Monitor Browse PoE Status Browse WRED Settings Switch Log Device Status The Device Status window displays status information for Internal Power External Power Side Fan and Back Fan Figure 12 1 D...

Страница 269: ...Utilization link Figure 12 2 CPU Utilization window Click Apply to implement the configured settings The window will automatically refresh with new updated statistics The information is described as follows Parameter Description Time Interval Select the desired setting between 1s and 60s where s stands for seconds The default value is one second Record Number Select number of times the Switch will...

Страница 270: ...nning status of the Safeguard Engine whether engaged or in normal mode Displays the time interval between the checking of the rising and falling threshold of packets entering the Switch The default setting is 5 seconds Displays the set percentage of the rising threshold of packets determinant of the Safeguard Engine Displays the set percentage of the falling threshold of packets determinant of the...

Страница 271: ...Port Utilization window Select a port number from the drop down menu and click apply to display the Port Utilization for a particular port The following fields can be set Parameter Description Time Interval Select the desired setting between 1s and 60s where s stands for seconds The default value is one second Record Number Select number of times the Switch will be polled between 20 and 200 The de...

Страница 272: ...the Received RX link in the Packets folder of the Monitoring menu to view the following graph of packets received on the Switch Figure 12 5 Rx Packets Analysis window line graph for Bytes and Packets Select a Port number from the drop down menu and click Apply to display the Rx Packet analysis for a particular port To view the Received Packets Table click the link View Table which will show the fo...

Страница 273: ...r Select number of times the Switch will be polled between 20 and 200 The default value is 20 Bytes Counts the number of bytes received on the port Packets Counts the number of packets received on the port Show Hide Check whether to display Bytes and Packets Clear Clicking this button clears all statistics counters on this window View Table Clicking this button instructs the Switch to display a ta...

Страница 274: ...ink in the Packets folder of the Monitoring menu to view the following graph of UMB cast packets received on the Switch Figure 12 7 Rx Packets Analysis window line graph for Unicast Multicast and Broadcast Packets To view the UMB Cast Table click the View Table link which will show the following table 259 ...

Страница 275: ...lue is 20 Unicast Counts the total number of good packets that were received by a unicast address Multicast Counts the total number of good packets that were received by a multicast address Broadcast Counts the total number of good packets that were received by a broadcast address Show Hide Check whether or not to display Multicast Broadcast and Unicast Packets Clear Clicking this button clears al...

Страница 276: ...nsmitted TX link in the Packets folder of the Monitoring menu to view the following graph of packets transmitted from the Switch Figure 12 9 Tx Packets Analysis window line graph for Bytes and Packets To view the Transmitted TX Table click the link View Table which will show the following table 261 ...

Страница 277: ...er of times the Switch will be polled between 20 and 200 The default value is 20 Bytes Counts the number of bytes successfully sent from the port Packets Counts the number of packets successfully sent on the port Show Hide Check whether or not to display Bytes and Packets Clicking this button clears all statistics counters on this window Clicking this button instructs the Switch to display a table...

Страница 278: ...viewed as either a line graph or a table Four windows are offered Received RX Click the Received RX link in the Errors folder of the Monitoring menu to view the following graph of error packets received on the Switch Figure 12 11 Rx Error Analysis window line graph To view the Received Error Packets Table click the link View Table which will show the following table 263 ...

Страница 279: ...Over Size Counts packets received that were longer than 1518 octets or if a VLAN frame is 1522 octets and less than the MAX_PKT_LEN Internally MAX_PKT_LEN is equal to 1522 Fragment The number of packets less than 64 bytes with either bad framing or an invalid CRC These are normally the result of collisions Jabber The number of packets with lengths more than the MAX_PKT_LEN bytes Internally MAX_PKT...

Страница 280: ...the Transmitted TX link in the Error folder of the Monitoring menu to view the following graph of error packets received on the Switch Figure 12 12 Tx Error Analysis window line graph To view the Transmitted Error Packets Table click the link View Table which will show the following table 265 ...

Страница 281: ...es that a collision is detected later than 512 bit times into the transmission of a packet ExColl Excessive Collisions The number of packets for which transmission failed due to excessive collisions SingColl Single Collision Frames The number of successfully transmitted packets for which transmission is inhibited by more than one collision Coll An estimate of the total number of collisions on this...

Страница 282: ...ows packets received by the Switch arranged in six groups and classed by size to be viewed as either a line graph or a table Two windows are offered Figure 12 1 Rx Size Analysis window line graph 4 To view the Packet Size Analysis Table click the link View Table which will show the following table 267 ...

Страница 283: ... between 128 and 255 octets in length inclusive excluding framing bits but including FCS octets 256 511 The total number of packets including bad packets received that were between 256 and 511 octets in length inclusive excluding framing bits but including FCS octets 512 1023 The total number of packets including bad packets received that were between 512 and 1023 octets in length inclusive exclud...

Страница 284: ...s router ports A router port configured by a user using the console or Web based management interfaces is displayed as a static router port designated by S D designates a router port that is dynamically configured by the Switch To view the following window open the Monitoring folder and click the Browse Router Port link Figure 12 1 Router Port window 6 269 ...

Страница 285: ...er of RADIUS Access Response packets received from unknown addresses Identifier The NAS Identifier of the RADIUS authentication client This is not necessarily the same as sysName in MIB II AuthServerAddr The conceptual table listing the RADIUS authentication servers with which the client shares a secret ServerPortNumber The UDP port the client is using to send requests to this server RoundTripTime...

Страница 286: ...rver that the client shares a secret with To view the RADIUS Accounting click Monitoring Port Access Control RADIUS Accounting Figure 12 1 RADIUS Accounting window 8 The user may also select the desired time interval to update the statistics between 1s and 60s where s stands for seconds The default value is one second To clear the current statistics shown click the Clear button in the top left han...

Страница 287: ...t UnknownTypes The number of RADIUS packets of unknown type which were received from this server on the accounting port PacketsDropped The number of RADIUS packets which were received from this server on the accounting port and dropped for some other reason Authenticator State The following section describes the 802 1X Status on the Switch To view the Authenticator State click Monitoring Port Acce...

Страница 288: ...overed the MAC address The possible entries are Dynamic Self and Static Next Click this button to view the next page of the address table Clear Dynamic Entry Clicking this button will clear Dynamic entries learned by the Switch This may be accomplished by VLAN Name or by Port View All Entry Clicking this button will allow the user to view all entries of the address table Clear All Entry Clicking t...

Страница 289: ...be found in the Monitoring menu The IP Address Table is a read only screen where the user may view IP addresses discovered by the Switch To search a specific IP address enter it into the field labeled IP Address at the top of the screen and click Find to begin your search Figure 12 2 IP Address Table window 0 274 ...

Страница 290: ...nto the Destination Address field along with a proper subnet mask into the Mask field and click Find Figure 12 2 Browse Routing Table window 1 Browse ARP Table The Browse ARP Table window may be found in the Monitoring menu This window will show current ARP entries on the Switch To search a specific ARP entry enter an interface name into the Interface Name or an IP address and click Find To clear ...

Страница 291: ...MP packets that pass through the Switch The number of IGMP reports that were snooped is displayed in the Reports field To view the IGMP Snooping Group Table click IGMP Snooping Group in the Monitoring menu Figure 12 2 IGMP Snooping Group Table 4 The user may search the IGMP Snooping Table by entering the VLAN Name in the top left hand corner and clicking Search NOTE The Switch supports up to 256 I...

Страница 292: ...d clicking the Search button The following field can be viewed Parameter Description VLAN Name The VLAN Name of the multicast group Source IP The IP address of the multicast Source Multicast Group The IP MAC address of the multicast group Port Member These are the ports where the IGMP packets that were snooped are displayed Browse IGMP Group Table The Browse IGMP Group Table window may be found in...

Страница 293: ...ies Layer 3 Stackable Fast Ethernet Managed Switch To view the details about a particular IGMP Group entry click the corresponding button which will display the following window 7 Figure 12 2 IGMP Group Detail window 278 ...

Страница 294: ...d in the Monitoring menu under DVMRP Monitor Browse DVMRP Neighbor Table contains information about DVMRP neighbors of the Switch To search this table enter either an Interface Name or Neighbor Address into the respective field and click the Find button DVMRP neighbors of that entry will appear in the DVMRP Neighbor Table below Figure 12 2 DVMRP Routing Table Browse DVMRP Neighbor Table Figure 12 ...

Страница 295: ...rmation regarding each of a router s PIM neighbors This screen may be found by clicking Monitoring PIM Monitor Browse PIM Neighbor Table To search this table enter either an Interface Name or Neighbor Address into the respective field and click the Find button PIM neighbors of that entry will appear in the PIM Neighbor Table below Figure 12 3 PIM Neighbor Table 1 PIM IP MRoute Table The PIM IP MRo...

Страница 296: ...reen may be found by clicking Monitoring Layer 3 Feature PIM Monitor Browse PIM RP Set Table Figure 12 3 PIM RP Set Table 3 Browse PIM Active RP Table The following window is used to view information regarding active Rendezvous Points on the PIM SM enabled network This screen may be found by clicking Monitoring Layer 3 Feature PIM Monitor Browse PIM Active RP Table Figure 12 3 PIM Active RP Table ...

Страница 297: ...d you must enter the IP address in the Adv Router ID field and then click Find If LSDB is selected you must select the type of link state RtrLink NetLink Summary ASSummary and ASExtLink in the LSDB Type field and then click Find The following fields are displayed in the OSPF LSDB Table Parameter Description Area ID Allows the entry of an OSPF Area ID This Area ID will then be used to search the ta...

Страница 298: ...earch for OSPF neighbors enter an IP address and click Find Valid OSPF neighbors will appear in the OSPF Neighbor Table below Browse OSPF Virtual Neighbor Table This table can be found in the Monitoring folder by clicking on the Browse OSPF Virtual Neighbor Table link in the OSPF Monitoring folder This table displays a list of Virtual OSPF Neighbors of the Switch The user may choose specifically s...

Страница 299: ...t Managed Switch Browse PoE Status for DES 3828P only This table can be found in the Monitoring folder by clicking on the Browse PoE Status folder This table displays the current PoE System and PoE Port settings Figure 12 3 Browse PoE Status window 8 284 ...

Страница 300: ...g parameters are displayed above Parameter Description Search Port Select a port using the pull down menu by which to display the WRED settings Class ID Displays the Class IDs on the port currently being viewed Drop Start Displays the Drop Start set as a percentage from 1 100 Drop Slope Displays the Drop Slope set as a degree between 0 and 90 Average Time Displays the average time the WRED mechani...

Страница 301: ...anager Click Next to go to the next page of the Switch History Log Clicking Clear will allow the user to clear the Switch History Log NOTE For detailed information regarding Log entries that will appear in this window please refer to Appendix C at the back of this manual The information is described as follows Parameter Description Sequence A counter incremented whenever an entry to the Switch s h...

Страница 302: ...ult parameters into the Switch s non volatile RAM and then restart the Switch All other options enter the factory defaults into the current configuration but do not save this configuration Reset System will return the Switch s configuration to the state it was when it left the factory Reset gives the option of retaining the Switch s User Accounts and History Log while resetting all other configura...

Страница 303: ...anaged Switch Reboot System The following window is used to restart the Switch All of the configuration information entered from the last time Save Changes was executed will be lost Click the Reboot button to restart the Switch Figure 13 2 Reboot window 288 ...

Страница 304: ...iguration changes permanently click the Save Changes link The following window will appear Figure 13 3 Save Configuration window The Switch contains two places to save configuration settings in its internal memory Using the pull down menu the user may select a place to put the save configurations marked as 1 or 2 Also the user may select the current settings to be the current active configurations...

Страница 305: ...E 802 3af Power over Ethernet Protocols CSMA CD Data Transfer Rates Ethernet Fast Ethernet Gigabit Ethernet Fiber Optic Half duplex Full duplex 10 Mbps 20Mbps 100Mbps 200Mbps n a 2000Mbps SFP Mini GBIC Support IEEE 802 3z 1000BASE LX DEM 310GT transceiver IEEE 802 3z 1000BASE SX DEM 311GT transceiver IEEE 802 3z 1000BASE LH DEM 314GT transceiver IEEE 802 3z 1000BASE ZX DEM 315GT transceiver Topolo...

Страница 306: ...3828P DES 3852 two 8 3cm fans for the DES 3852 one additional 27cm blower for DES 3828P Operating Temperature 0 40 C Storage Temperature 40 70 C Humidity 5 95 non condensing Dimensions DES 3828 DES3828DC DES 3852 441 mm x 310 mm x 44 mm DES 3828P 441mm x 369mm x 44mm Weight DES 3828 DES 3828DC 4 24kg 9 35lbs DES 3828P 6 02kg 13 27lbs DES 3852 4 25kg 9 83lbs EMI CE class A FCC Class A C Tick Safety...

Страница 307: ...nt Power failed Critical Redundant Power is working Redundant Power is working Critical Fan fail FAN id 1 back fan 2 side fan failed Critical DES3828 series only Fan recovered FAN id 1 back fan 2 side fan is recovered Informational DES3828 series only Fan fail FAN id 1 left side fan 2 right side fan failed Critical DES3852 series only system Fan recovered FAN id 1 left side fan 2 right side fan is...

Страница 308: ...by console and IP ipaddr MAC macaddr are XOR shown in log string which means if user login by console will no IP and MAC information for logging Log message successfully uploaded Log message successfully uploaded by console Username username IP ipaddr MAC macaddr Informational by console and IP ipaddr MAC macaddr are XOR shown in log string which means if user login by console will no IP and MAC i...

Страница 309: ...rmational Login failed through Telnet Login failed through Telnet Username username IP ipaddr MAC macaddr Warning Logout through Telnet Logout through Telnet Username username IP ipaddr MAC macaddr Informational Telnet Telnet session timed out Telnet session timed out Username username IP ipaddr MAC macaddr Informational SNMP SNMP request received with invalid community string SNMP request receive...

Страница 310: ...hrough Web SSL authenticated by AAA local method Successful login through Web SSL from userIP authenticated by AAA local method Username username MAC macaddr Informational Login failed through Web SSL authenticated by AAA local method Login failed through Web SSL from userIP authenticated by AAA local method Username username MAC macaddr Warning Successful login through Telnet authenticated by AAA...

Страница 311: ...r timeout or improper configuration Login failed through Console due to AAA server timeout or improper configuration Username username Warning Successful login through Web authenticated by AAA server Successful login through Web from userIP authenticated by AAA server serverIP Username username MAC macaddr Informational Login failed through Web authenticated by AAA server Login failed through Web ...

Страница 312: ...ed through Console authenticated by AAA local_enable method Enable Admin failed through Console authenticated by AAA local_enable method Username username Warning Successful Enable Admin through Web authenticated by AAA local_enable method Successful Enable Admin through Web from userIP authenticated by AAA local_enable method Username username MAC macaddr Informational Enable Admin failed through...

Страница 313: ... AAA none method Username username MAC macaddr Informational Successful Enable Admin through SSH from userIP authenticated by AAA none method Username username MAC macaddr Informational Successful Enable Admin through Console authenticated by AAA server Successful Enable Admin through Console authenticated by AAA server serverIP Username username Informational Enable Admin failed through Console a...

Страница 314: ... Enable Admin failed through Telnet from userIP due to AAA server timeout or improper configuration Username username MAC macaddr Warning Successful Enable Admin through SSH authenticated by AAA server Successful Enable Admin through SSH from userIP authenticated by AAA server serverIP Username username MAC macaddr Informational Enable Admin failed through SSH authenticated by AAA server Enable Ad...

Страница 315: ...e an authentication fail packet Interface string VRID id receives a VRRP authentication fail packet Warning string is interface name Invalid virtual ip packet is received Interface string VRID id receives an invalid VRRP virtual ip packet Warning string is interface name Receive an authentication type mismatch packet Interface string VRID id receives a VRRP authentication type mismatch packet Warn...

Страница 316: ...net Managed Switch port shut down due to a storm Port id is currently shut down due to a storm Warning DOS Attack 1 source ip is the same as the switch s ip in ARP packet 2 detect self IP packet Possible spoofing attack from macaddr port id Critical 301 ...

Страница 317: ...assignment The following diagrams and tables show the standard RJ 45 receptacle connector and their pin assignments Figure B 1 The standard RJ 45 port and connector RJ 45 Pin Assignments Contact MDI X Port MDI II Port 1 RD receive TD transmit 2 RD receive TD transmit 3 TD transmit RD receive 4 Not used Not used 5 Not used Not used 6 TD transmit RD receive 7 Not used Not used 8 Not used Not used Ta...

Страница 318: ...es Layer 3 Stackable Fast Ethernet Managed Switch Appendix D Console Cable Pin Assignment The following picture describes the pin assignment for the null modem straight through RS 232 cable with a female DB 9 connector 303 ...

Страница 319: ...rd Media Type Maximum Distance Mini GBIC 1000BASE LX Single mode fiber module 1000BASE SX Multi mode fiber module 1000BASE LHX Single mode fiber module 1000BASE ZX Single mode fiber module 10km 550m 40km 80km 1000BASE T Category 5e UTP Cable Category 5 UTP Cable 1000 Mbps 100m 100BASE TX Category 5 UTP Cable 100 Mbps 100m 10BASE T Category 3 UTP Cable 10 Mbps 100m 304 ...

Страница 320: ...st A message sent to all destination devices on the network broadcast storm Multiple simultaneous broadcasts that typically absorb available network bandwidth and can cause network failure console port The port on the Switch accepting a terminal or modem connector It changes the parallel arrangement of data within computers to the serial form used on data transmission links This port is most often...

Страница 321: ...nagement Protocol A protocol originally designed to be used in managing TCP IP internets SNMP is presently implemented on a wide range of computers and networking equipment and may be used to manage many aspects of network and end station operation Spanning Tree Protocol STP A bridge based system for providing fault tolerance on networks STP works by allowing you to implement parallel paths for ne...

Страница 322: ...tic environment this product may cause radio interference in which case the user may be required to take adequate measures Warnung Dies ist ein Produkt der Klasse A Im Wohnbereich kann dieses Produkt Funkstoerungen verursachen In diesem Fall kann vom Benutzer verlangt werden angemessene Massnahmen zu ergreifen Precaución Este es un producto de Clase A En un entorno doméstico puede causar interfere...

Страница 323: ... the original licensee and is subject to the terms and conditions of the license granted by D Link for the Software The Warranty Period shall extend for an additional ninety 90 days after any replacement Software is delivered If a material non conformance is incapable of correction or if D Link determines in its sole discretion that it is not practical to replace the non conforming Software the pr...

Страница 324: ... limited warranty provides specific legal rights and the product owner may also have other rights which vary from state to state Trademarks Copyright 2006 D Link Corporation Contents subject to change without prior notice D Link is a registered trademark of D Link Corporation D Link Systems Inc All other trademarks belong to their respective proprietors Copyright Statement No part of this publicat...

Страница 325: ...ming Software will be refunded by D Link provided that the non conforming Software and all copies thereof is first returned to D Link The license granted respecting any Software for which a refund is given automatically terminates Non Applicability of Warranty The Limited Warranty provided hereunder for Hardware and Software portions of D Link s products will not be applied to and does not cover a...

Страница 326: ... This Limited Warranty shall be governed by the laws of the State of California Some states do not allow exclusion or limitation of incidental or consequential damages or limitations on how long an implied warranty lasts so the foregoing limitations and exclusions may not apply This Limited Warranty provides specific legal rights and you may also have other rights which vary from state to state Tr...

Страница 327: ...Registration Register your D Link product online at http support dlink com register Product registration is entirely voluntary and failure to complete or return this form will not diminish your warranty rights ...

Страница 328: ...ifetime hardware warranty Warranty beneficiary The warranty beneficiary is the original end user The original end user is defined as the person that purchases the product as the first owner Duration of Limited Lifetime Warranty As long as the original end user continues to own or use the product with the following conditions fan and power supplies are limited to a five 5 year warranty only in the ...

Страница 329: ... or by other circumstances of which D Link is not responsible Disclaimer of warranty Please note some countries do not allow the disclaimer of implied terms in contracts with consumers and the disclaimer below may not apply to you To the extend allowed by local law the above warranties are exclusive and no other warranty condition or other term whether written or oral is expressed or implied D Lin...

Страница 330: ...nday to Friday 8 00am to 8 00pm EST Saturday 9 00am to 1 00pm EST D Link Technical Support over the Internet http www dlink com au email support dlink com au Tech Support for customers within New Zealand D Link Technical Support over the Telephone 0800 900 900 Monday to Friday 8 30am to 8 30pm Saturday 9 00am to 5 00pm D Link Technical Support over the Internet http www dlink co nz email support d...

Страница 331: ...k website Tech Support for customers within Southeast Asia and Korea D Link Southeast Asia and Korea Technical Support over the Telephone 65 6895 5355 Monday to Friday 9 00am to 12 30pm 2 00pm 6 00pm Singapore Time D Link Technical Support over the Internet email support dlink com sg ...

Страница 332: ... customers within India D Link Technical Support over the Telephone 91 22 26526741 91 22 26526696 ext 161 to 167 Monday to Friday 9 30AM to 7 00PM D Link Technical Support over the Internet http ww dlink co in http www dlink co in dlink drivers support asp ftp support dlink co in email techsupport dlink co in ...

Страница 333: ... the duration of the warranty period on this product Customers can contact D Link technical support through our web site or by phone Tech Support for customers within Russia D Link Technical Support over the Telephone 495 744 00 99 Monday to Friday 10 00am to 6 30pm D Link Technical Support over the Internet http www dlink ru email support dlink ru ...

Страница 334: ... Link Technical Support over the Telephone 972 971 5701 Sunday to Thursday 9 00am to 5 00pm D Link Technical Support over the Internet http www dlink co il forum e mail support dlink co il Tech Support for customers within Turkey D Link Technical Support over the Telephone 0090 312 473 40 55 Monday to Friday 9 00am to 6 00pm D Link Technical Support over the Internet http www dlink com tr e mail t...

Страница 335: ...omers within South Africa and the Sub Sahara Region D Link South Africa and Sub Sahara Technical Support over the Telephone 27 12 665 2165 08600 DLINK for South Africa only Monday to Friday 8 30am to 9 00pm South Africa Time D Link Technical Support over the Internet http www d link co za email support d link co za ...

Страница 336: ...vador 800 6137 Monday to Friday 06 00am to 19 00pm Guatemala 1800 300 0017 Monday to Friday 06 00am to 19 00pm Panama 00 800 052 54 65 Monday to Friday 07 00am to 20 00pm Peru 0800 00 968 Monday to Friday 07 00am to 20 00pm Venezuela 0 800 100 5767 Monday to Friday 08 00am to 21 00pm D Link Technical Support over the Internet www dlinkla com www dlinklatinamerica com email support dlink cl Tech Su...

Страница 337: ...Link D Link предоставляет бесплатную поддержку для клиентов в течение гарантийного срока Клиенты могут обратиться в группу технической поддержки D Link по телефону или через Интернет Техническая поддержка D Link 495 744 00 99 Техническая поддержка через Интернет http www dlink ru email support dlink ru ...

Страница 338: ...o Help Desk Chile Teléfono 800 8 35465 Lunes a Viernes 08 00 am a 21 00 pm Soporte Técnico Help Desk Colombia Teléfono 01 800 952 54 65 Lunes a Viernes 07 00 am a 20 00 pm Soporte Técnico Help Desk Ecuador Teléfono 1800 035465 Lunes a Viernes 07 00 am a 20 00 pm Soporte Técnico Help Desk El Salvador Teléfono 800 6137 Lunes a Viernes 06 00 am a 19 00 pm Soporte Técnico Help Desk Guatemala Teléfono ...

Страница 339: ...kbrasil com br A D Link fornece suporte técnico gratuito para clientes no Brasil durante o período de vigência da garantia deste produto Suporte Técnico para clientes no Brasil Telefone São Paulo 11 2185 9301 Segunda à sexta Das 8h30 às 18h30 Demais Regiões do Brasil 0800 70 24 104 E mail email suporte dlinkbrasil com br ...

Страница 340: ......

Страница 341: ...support through our website or by phone Tech Support for customers within the United States D Link Technical Support over the Telephone 888 843 6100 Hours of Operation 8 00AM to 6 00PM PST D Link Technical Support over the Internet http support dlink com email support dlink com Tech Support for customers within Canada D Link Technical Support over the Telephone 800 361 5265 Monday to Friday 7 30am...

Страница 342: ... D Link UK Ireland Technical Support over the Telephone 08456 12 0003 United Kingdom 1890 886 899 Ireland Lines Open Monday to Friday 8 00 am to 10 00 pm GMT Sat Sun 10 00 am to 7 00 pm GMT D Link UK Ireland Technical Support over the Internet http www dlink co uk ftp ftp dlink co uk For Customers within Canada D Link Canada Technical Support over the Telephone 1 800 361 5265 Canada Monday to Frid...

Страница 343: ...upport dlink de Telefon 49 1805 2787 0 12 Min aus dem Festnetz der Deutschen Telekom Telefonische technische Unterstützung erhalten Sie Montags bis Freitags von 09 00 bis 17 30 Uhr Unterstützung erhalten Sie auch bei der Premiumhotline für D Link Produkte unter der Rufnummer 09001 475767 Montag bis Freitag von 6 22 Uhr und am Wochenende von 11 18 Uhr 1 75 Min aus dem Festnetz der Deutschen Telekom...

Страница 344: ...ort technique destiné aux clients établis en France Assistance technique D Link par téléphone 0 820 0803 03 Assistance technique D Link sur internet http www dlink fr e mail support dlink fr Support technique destiné aux clients établis au Canada Assistance technique D Link par téléphone 800 361 5265 Lun Ven 7h30 à 21h00 HNE Assistance technique D Link sur internet http support dlink ca e mail sup...

Страница 345: ...l periodo de garantía del producto Los clientes españoles pueden ponerse en contacto con la asistencia técnica de D Link a través de nuestro sitio web o por teléfono Asistencia Técnica de D Link por teléfono 34 902 30 45 45 de lunes a viernes desde las 9 00 hasta las14 00 y de las 15 00 hasta las 18 00 Asistencia Técnica de D Link a través de Internet http www dlink es support email soporte dlink ...

Страница 346: ...ito D Link Supporto tecnico per i clienti residenti in Italia D Link Mediterraneo S r L Via N Bonnet 6 B 20154 Milano Supporto Tecnico dal lunedì al venerdì dalle ore 9 00 alle ore 19 00 con orario continuato Telefono 02 39607160 URL http www dlink it supporto html Email tech dlink it ...

Страница 347: ...herlands D Link Technical Support over the Telephone 0900 501 2007 Monday to Friday 8 00 am to 10 00 pm D Link Technical Support over the Internet www dlink nl Tech Support for customers within Belgium D Link Technical Support over the Telephone 070 66 06 40 Monday to Friday 9 00 am to 10 00 pm D Link Technical Support over the Internet www dlink be Tech Support for customers within Luxemburg D Li...

Страница 348: ...ą pomoc techniczną klientom w Polsce w okresie gwarancyjnym produktu Klienci z Polski mogą się kontaktować z działem pomocy technicznej firmy D Link za pośrednictwem Internetu lub telefonicznie Telefoniczna pomoc techniczna firmy D Link 48 12 25 44 0000 Pomoc techniczna firmy D Link świadczona przez Internet URL http www dlink pl e mail dlink fixit pl ...

Страница 349: ...irmy D Link D Link poskytuje svým zákazníkům bezplatnou technickou podporu Zákazníci mohou kontaktovat oddělení technické podpory přes webové stránky mailem nebo telefonicky Web http www dlink cz support E Mail info dlink cz Telefon 224 247 503 Telefonická podpora je v provozu PO PÁ od 09 00 do 17 00 ...

Страница 350: ...t munkanapokon hétfőtől csütörtökig 9 00 16 00 óráig és pénteken 9 00 14 00 óráig kérhet a 1 461 3001 telefonszámon vagy a support dlink hu emailcímen Magyarországi technikai támogatás D Link Magyarország 1074 Budapest Alsóerdősor u 6 R70 Irodaház 1 em Tel 06 1 461 3001 Fax 06 1 461 3004 email support dlink hu URL http www dlink hu ...

Страница 351: ...sider D Link tilbyr sine kunder gratis teknisk support under produktets garantitid Kunder kan kontakte D Links teknisk support via våre hjemmesider eller på tlf Teknisk Support D Link Teknisk telefon Support 800 10 610 Hverdager 08 00 20 00 D Link Teknisk Support over Internett http www dlink no ...

Страница 352: ...yder gratis teknisk support til kunder i Danmark i hele produktets garantiperiode Danske kunder kan kontakte D Link s tekniske support via vores hjemmeside eller telefonisk D Link teknisk support over telefonen Tlf 7026 9040 Åbningstider kl 08 00 20 00 D Link teknisk support på Internettet http www dlink dk ...

Страница 353: ...a teknistä tukea asiakkailleen Tuotteen takuun voimassaoloajan Tekninen tuki palvelee seuraavasti Arkisin klo 9 21 numerosta 0800 114 677 Internetin kautta Ajurit ja lisätietoja tuotteista http www dlink fi Sähköpostin kautta voit myös tehdä kyselyitä ...

Страница 354: ... annan användarinformation D Link tillhandahåller teknisk support till kunder i Sverige under hela garantitiden för denna produkt Teknisk Support för kunder i Sverige D Link Teknisk Support via telefon 0770 33 00 35 Vardagar 08 00 20 00 D Link Teknisk Support via Internet http www dlink se ...

Страница 355: ... site de D Link Portugal http www dlink pt A D Link fornece suporte técnico gratuito para clientes no Portugal durante o período de vigência de garantia deste produto Suporte Técnico para clientes no Portugal Assistência Técnica Email soporte dlink es http www dlink pt support ftp ftp dlink es ...

Страница 356: ...φέρει στους πελάτες της δωρεάν υποστήριξη στον Ελλαδικό χώρο Μπορείτε να επικοινωνείτε µε το τµήµα τεχνικής υποστήριξης µέσω της ιστοσελίδας ή µέσω τηλεφώνου Για πελάτες εντός του Ελλαδικού χώρου Τηλεφωνική υποστήριξη D Link Τηλ 210 86 11 114 Φαξ 210 86 53 172 ευτέρα Παρασκευή 09 00 17 00 Τεχνική υποστήριξη D Link µέσω Internet http www dlink gr ftp ftp dlink it ...

Страница 357: ......

Страница 358: ...ntrum Postfach 2 OG Switzerland TEL 41 0 1 832 11 00 FAX 41 0 1 832 11 01 URL www dlink ch Greece 101 Panagoulis Str 163 43 Heliopolis Athens Greece TEL 30 210 9914512 FAX 30 210 9916902 URL www dlink gr Luxembourg Rue des Colonies 11 B 1000 Brussels Belgium TEL 32 0 2 517 7111 FAX 32 0 2 517 6500 URL www dlink be Poland Budynek Aurum ul Walic w11 PL 00 851 Warszawa Poland TEL 48 0 22 583 92 75 FA...

Страница 359: ...______________________________________________________________________________________ Telephone _______________________________________ Fax ____________________________________________________________________ ________________________________________________________________________________________________________________________ _____________________________________________________________________...

Страница 360: ......

Отзывы:

Нет отзывов

Похожие инструкции для xStack DES-3800 Series

Бренд: Cambium Networks Страницы: 68

Бренд: Cambium Networks Страницы: 110

Бренд: Paradyne Страницы: 20

Compshere 3000 Series

Бренд: Paradyne Страницы: 2

Бренд: Pantech Страницы: 17

Бренд: Raritan Страницы: 4

Бренд: Clavister Страницы: 89

Бренд: Toto Link Страницы: 55

Anybus Communicator ABC4021

Бренд: HMS Networks Страницы: 60

Бренд: Grundig Страницы: 24

Бренд: CyberTAN Страницы: 67

Бренд: Patton electronics Страницы: 2

Бренд: AIC Страницы: 88

DUAL Nx56/64 1200142L1#

Бренд: ADTRAN Страницы: 48

Бренд: Alcatel Страницы: 4

Бренд: Hypercom Страницы: 2

Бренд: Planet Страницы: 2

EdgeSafe M40G1AC

Бренд: Garland Страницы: 159

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды