manualshive.com logo in svg

D-Link xStack DGS-3600 Series, Руководство пользователя

Поделиться
Скачать
D-Link xStack DGS-3600 Series Скачать руководство пользователя страница 335

xStack

®

 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch 

function on the Switch. 

Method 

Use the pull-down menu to choose the type of authentication to be used when 
authentication MAC addresses on a given port. The user may choose between the 
following methods: 

Local

 – Use this method to utilize the locally set MAC address database as the 

authenticator for MAC-based Access Control. This MAC address list can be 
configured in the MAC-based Access Control Local Database Settings window. 

RADIUS

 – Use this method to utilize a remote RADIUS server as the authenticator for 

MAC-based Access Control. Remember, the MAC list must be previously set on the 
RADIUS server and the settings for the server must be first configured on the Switch. 

Password 

Enter the password for the RADIUS server, which is to be used for packets being sent 
requesting authentication. The default password is “default”. 

Guest VLAN Name/Guest 
VLAN ID 

Select the method of identification, either Guest VLAN name or guest VLAN ID before 
entering the name or ID of the Guest VLAN being used for this function.  

Guest VLAN Member Ports 

Enter the list of ports that you wish to configure for the Guest VLAN. 

MAC Based Access Control Port Settings 

Unit 

Enter the unit you wish to configure. 

From…To 

Enter the Port range. 

State 

Use the pull-down menu to 

Enable

 or 

Disable

 the MAC-based Access Control function 

on individual ports. 

Mode 

Port Based

: In this mode, if one of the attached hosts is successfully authorized, all 

hosts on the same port will be granted access to the network. If the port authorization 
fails, this port will continue authenticating. 

Host Based

: In this mode, every user can individually authenticate and access the 

network. 

Aging Time(1-1440 min) 

A time period (configurable per port) between 1-1440 minutes, during which an 
authenticated host will stay in an authenticated state. When the aging time has 
expired, the host will be moved back to an unauthenticated state.  

When aging time is set to infinite, it will disable the aging time. 

Hold Time(1-300 sec) 

If a host fails to pass the authentication it will be blocked for a period of time referred 
to as hold time (per port configurable). During this time, this host can't proceed to the 
authenticating process (unless the user clears the database manually). As a result, 
this hold mechanism can prevent the switch from frequent authentication which 
consumes too much computing power. 

Click 

Apply

 to implement settings.  

MAC-based Access Control Local MAC Settings 

The following window is used to set a list of MAC addresses, along with their corresponding target VLAN, which will be 
authenticated for the Switch. Once a queried MAC address is matched in this table, it will be placed in the VLAN associated with 
it here. The switch administrator may enter up to 128 MAC addresses to be authenticated using the local method configured here.  

To enable these Settings, click 

Security > MAC Based Access Control > MAC Based Access Control Local MAC Settings

, as 

shown below.

 

 

317

Содержание xStack DGS-3600 Series

Страница 1: ... User Manual Product Model xStack DGS 3600 Series Layer 3 Gigabit Ethernet Managed Switch Release 2 5 Copyright 2009 All rights reserved ...

Страница 2: ...ritten permission of D Link Corporation is strictly forbidden Trademarks used in this text D Link and the D LINK logo are trademarks of D Link Corporation Microsoft and Windows are registered trademarks of Microsoft Corporation Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products D Link Corporation disclaims an...

Страница 3: ... a Class A product In a domestic environment this product may cause radio interference in which case the user may be required to take adequate measures Warnung Dies ist ein Produkt der Klasse A Im Wohnbereich kann dieses Produkt Funkstoerungen verursachen In diesem Fall kann vom Benutzer verlangt werden angemessene Massnahmen zu ergreifen Precaución Este es un producto de Clase A En un entorno dom...

Страница 4: ...el Description 5 10GE Uplink Modules 7 Installing the SFP ports 8 Installation 9 Package Contents 9 Before You Connect to the Network 9 Installing the Switch without the Rack 10 Installing the Switch in a Rack 10 Mounting the Switch in a Standard 19 Rack 11 RPS Installation 12 Connecting the Switch 16 Switch to End Node 16 Switch to Hub or Switch 17 Connecting To Network Backbone or Server 18 Intr...

Страница 5: ...nts 41 Port Mirroring 43 System Log 44 System Log Host 44 System Log Save Mode Settings 45 System Severity Settings 46 SNTP Settings 47 Time Settings 47 Time Zone and DST 48 MAC Notification Settings 50 TFTP Services 50 File System Services 52 System Boot Information 52 FS Information 52 Directory 53 Rename 54 Copy 55 Ping Test 56 IPv4 Ping Test 56 IPv6 Ping Test 57 IPv6 Neighbor 58 IPv6 Neighbor ...

Страница 6: ... Static VLAN Entries 94 GVRP Settings 96 Double VLAN 98 PVID Auto Assign 102 MAC based VLAN Settings 102 Protocol VLAN 103 Protocol VLAN Group Settings 104 Protocol VLAN Port Settings 105 Trunking 106 Link Aggregation 107 LACP Port Settings 109 IGMP Snooping 109 IGMP Snooping Settings 109 Router Port Settings 112 ISM VLAN Settings window 114 IP Multicast Address Range Settings 116 Limited Multicas...

Страница 7: ... Settings 147 VLAN Translation Settings 148 L3 Features 149 Interface Settings 155 IPv4 Interface Settings 155 IPv6 Interface Settings 156 MD5 Key Settings 160 Route Redistribution Settings 160 Multicast Static Route Settings 162 Static Default Route Settings 163 IPv4 Static Default Route Settings 163 IPv6 Static Default Route Settings 164 Route Preference Settings 166 Static ARP Settings 168 Grat...

Страница 8: ...5 VRRP Global Settings 215 VRRP Virtual Router Settings 215 VRRP Authentication Settings 221 IP Multicast Routing Protocol 222 IGMP Interface Settings 224 DVMRP Global Settings 226 DVMRP Interface Settings 226 PIM Global Settings 229 PIM Parameter Settings 229 PIM Interface Settings 230 PIM Candidate BSR Settings 231 PIM Candidate RP Settings 232 PIM Static RP Settings 233 PIM Register Checksum Se...

Страница 9: ... and Limitations 301 Web Authentication Control 302 User Account Management 303 Trust Host 305 Access Authentication Control 306 Authentication Policy and Parameter Settings 307 Application Authentication Settings 307 Authentication Server Group 308 Authentication Server Host 309 Login Method Lists 311 Enable Method Lists 312 Configure Local Enable Password 314 Enable Admin 314 MAC Based Access Co...

Страница 10: ...51 Authenticator Session Statistics 352 Authenticator Diagnostics 353 RADIUS Authentication 355 RADIUS Account Client 357 MAC Address Table 359 IGMP Snooping Group 360 MLD Snooping Group 361 Trace Route 362 IGMP Snooping Forwarding 363 MLD Snooping Forwarding 364 IP Forwarding Table 364 Browse Routing Table 365 Browse IP Multicast Forwarding Table 365 Browse IP Multicast Interface Table 365 Browse...

Страница 11: ...hbor Table 370 Switch Logs 371 Browse ARP Table 371 MAC Based Access Control Authentication 372 Switch Maintenance 373 Reset 373 Reboot System 373 Save Services 374 Save Changes 374 Current Configuration Settings 375 Logout 375 Technical Specifications 376 Cables and Connectors 379 System Log Entries 380 Cable Lengths 392 Glossary 393 Warranty and Support 395 xi ...

Страница 12: ...lt Route Settings Route Preference Settings Static ARP Settings Gratuitous ARP Settings Policy Route Settings RIP OSPF DCHP BOOTP Relay DNS Relay VRRP and IP Multicast Routing Protocol Section 9 QoS Features information on QoS including Bandwidth Control QoS Scheduling Mechanism QoS Output Scheduling 802 1p Default Priority and 802 1p User Priority Section 10 ACL Discussion on the ACL function of ...

Страница 13: ...program names and commands For example use the copy command Boldface Typewriter Font Indicates commands and responses to prompts that must be typed exactly as printed in the manual Initial capital letter Indicates a window name Names of keys on the keyboard have initial capitals For example Click Enter Italics Indicates a window name or a field Also can indicate a variables or parameter that is re...

Страница 14: ...t only with approved equipment Allow the product to cool before removing covers or touching internal components Operate the product only from the type of external power source indicated on the electrical ratings label If you are not sure of the type of power source required consult your service provider or local power company To help avoid damaging your system be sure the voltage on the power supp...

Страница 15: ...Thus component refers to any system as well as to various peripherals or supporting hardware Before working on the rack make sure that the stabilizers are secured to the rack extended to the floor and that the full weight of the rack rests on the floor Install front and side stabilizers on a single rack or front stabilizers for joined multiple racks before working on the rack Always load the rack ...

Страница 16: ...components inside your system To prevent static damage discharge static electricity from your body before you touch any of the electronic components such as the microprocessor You can do so by periodically touching an unpainted metal surface on the chassis You can also take the following steps to prevent damage from electrostatic discharge ESD 1 When unpacking a static sensitive component from its...

Страница 17: ...wasting a company s existing investment in hardware software and trained personnel The increased speed and extra bandwidth offered by Gigabit Ethernet are essential to coping with the network bottlenecks that frequently develop as computers and their busses get faster and more users using applications that generate more traffic Upgrading key components such as your backbone and servers to Gigabit ...

Страница 18: ...10GE modules Two available slots reside within the DGS 3650 while the DGS 3627 and DGS 3627G both contain three slots These modules the DEM 410CX CX4 and the DEM 410X XFP are IEEE 802 3ae and IEEE 802 3ak compliant and support full duplex mode only More information will be provided on these modules later in this manual This Switch enables the network to use some of the most demanding multimedia an...

Страница 19: ...ur 1000BASE T Combo Ports One female DCE RS 232 DB 9 console port Twenty four 10 100 1000BASE T Four SFP Combo Ports Three open slots used to add single port 10GE modules One female DCE RS 232 DB 9 console port Twenty four 1000Mbps SFP Ports Four 1000BASE T Combo Ports Three open slots used to add single port 10GE modules One female DCE RS 232 DB 9 console port Forty eight 10 100 1000BASE T Four S...

Страница 20: ...and Link Act Speed for each port Figure 1 1 Front Panel of the DGS 3612 DGS 3612G Twelve SFP 100 1000Mbps ports Four Combo 1000BASE T ports located to the right One female DCE RS 232 DB 9 console port LEDs for Power Console RPS and Link Act Speed for each port Figure 1 2 Front Panel of the DGS 3612G DGS 3627 Twenty four 10 100 1000BASE T ports Four Combo SFP ports located to the right One female D...

Страница 21: ...1 12 Box ID of the Switch in the switch stack This field will read 1 for a switch in standalone mode When the switch in question is a master of a switch stack the number of the switch in the stack will be displayed and the letter H will flash alternatively with this number Solid Denotes an active connection at 1000Mbps Green Blinking Denotes data transfer at 1000Mbps Solid Denotes an active connec...

Страница 22: ...DGS 3650 LEDs Figure 1 10 DGS 3612 LEDs Rear Panel Description The rear panels of the DGS 3612 DGS 3612G DGS 3627 DGS 3627G and the DGS 3650 are described below DGS 3612 and DGS 3612G The rear panel of the DGS 3612 and the DGS 3612G contains an AC power connector and an outlet for an optional external RPS Figure 1 11 Rear panel view of the DGS 3612 4 ...

Страница 23: ...and automatically The AC power connector is a standard three pronged connector that supports the power cord Plug in the female connector of the provided power cord into this socket and the male side of the cord into a power outlet The Switch automatically adjusts its power setting to any supply voltage in the range from 100 240 VAC at 50 60 Hz Side Panel Description The right hand side panel of th...

Страница 24: ...xStack DGS 3600 Series Layer 3 Gigabit Ethernet Managed Switch Figure 1 17 Side Panels of the DGS 3627 Figure 1 18 Side Panels of the DGS 3627G Figure 1 19 Side Panels of the DGS 3650 6 ...

Страница 25: ...changeable To install these modules follow the simple steps listed below CAUTION Before adding the optional module make sure to disconnect all power sources connected to the Switch Failure to do so may result in an electrical shock which may cause damage not only to the individual but to the Switch as well At the back of the Switch to the left is the slot for the optional module as shown in Figure...

Страница 26: ...l Form Factor Portable ports which are to be used with fiber optical transceiver cabling in order to uplink various other networking devices for a gigabit link that may span great distances These SFP ports support full duplex transmissions have auto negotiation and can be used with the DEM 210 100FX LC DEM 211 100FX LC DEM 310GT 1000BASE LX DEM 311GT 1000BASE SX DEM 312GT2 1000BASE LX DEM 314GT 10...

Страница 27: ...turdy level surface that can support at least 4 24kg 9 35lbs of weight for the DGS 3612 DGS 3612G DGS 3627 DGS 3627G or 6 02kg 13 27lbs for DGS 3650 Do not place heavy objects on the Switch The power outlet should be within 1 82 meters 6 feet of the Switch Visually inspect the power cord and see that it is fully secured to the AC DC power port Make sure that there is proper heat dissipation from a...

Страница 28: ... enough ventilation space between the Switch and any other objects in the vicinity Figure 2 1 Prepare Switch for installation on a desktop or shelf Installing the Switch in a Rack The Switch can be mounted in a standard 19 rack Use the following diagrams to guide you Figure 2 2 Fasten mounting brackets to Switch Fasten the mounting brackets to the Switch using the screws provided With the brackets...

Страница 29: ...onent out of the rack on its slide assemblies at one time The weight of more than one extended component could cause the rack to tip over and may result in injury Figure 2 3 Installing Switch in a rack Power on AC Power Plug one end of the AC power cord into the power connector of the Switch and the other end into the local power source outlet After the Switch is powered on the LED indicators will...

Страница 30: ... 800 CAUTION The AC power cord for the Switch should be disconnected before proceeding with installation of the DPS 500 Figure 2 4 Installing the DPS 500 CAUTION Installing systems in a rack without the front and side stabilizers installed could cause the rack to tip over potentially resulting in bodily injury under certain circumstances Therefore always install the stabilizers before installing c...

Страница 31: ...he switch and the other end into the redundant power supply 2 Using a standard AC power cable connect the redundant power supply to the main AC power source A green LED on the front of the DPS 500 will glow to indicate a successful connection 3 Re connect the switch to the AC power source A LED indicator will show that a redundant power supply is now in operation 4 No change in switch configuratio...

Страница 32: ...ck mount 5 standard units in height designed to hold up to eight DPS 200 redundant power supplies Figure 2 6 Installing the DPS 200 into the DPS 900 The RPS can be mounted in a standard 19 rack Use the following diagram to guide you Figure 2 7 Installing the DPS 900 into the equipment rack CAUTION Installing systems in a rack without the front and side stabilizers installed could cause the rack to...

Страница 33: ... a standard size rack mount 1 standard unit in height designed to hold up to two DPS 200 redundant power supplies Figure 2 8 Install DPS 200 in DPS 800 The RPS can be mounted in a standard 19 rack Use the following diagram to guide you Figure 2 9 Install DPS 800 in an Equipment Rack 15 ...

Страница 34: ...d Node End nodes include PCs outfitted with a 10 100 or 1000 Mbps RJ 45 Ethernet Fast Ethernet Network Interface Card NIC and most routers An end node can be connected to the Switch via a twisted pair Category 3 4 or 5 UTP STP cable The end node should be connected to any of the ports of the Switch Figure 3 1 Switch connected to an end node The Link Act LEDs for each UTP port will light green or a...

Страница 35: ...can be connected to the Switch via a twisted pair Category 5 UTP STP cable A 1000BASE T switch can be connected to the Switch via a twisted pair Category 5e UTP STP cable A switch supporting a fiber optic uplink can be connected to the Switch s SFP ports via fiber optic cabling Figure 3 2 Switch connected to a normal non Uplink port on a hub or switch using a straight or crossover cable NOTICE Whe...

Страница 36: ...e copper ports operate at a speed of 1000 100 or 10Mbps in full duplex mode The fiber optic ports can operate at 1000Mbps in full duplex mode Connections to the Gigabit Ethernet ports are made using fiber optic cable or Category 5 copper cable depending on the type of port A valid connection is indicated when the Link LED is lit Figure 3 3 Uplink Connection to a server PC or switch stack 18 ...

Страница 37: ...agent decodes the incoming SNMP messages and responds to requests with MIB objects stored in the database The SNMP agent updates the MIB objects to generate statistics and counters Connecting the Console Port RS 232 DCE The Switch provides an RS 232 serial port that enables a connection to a computer or terminal for monitoring and configuring the Switch This port is a female DB 9 connector impleme...

Страница 38: ...ges Read the next section for more information on setting up user accounts See the xStack DGS 3600 Series CLI Manual on the documentation CD for a list of all commands and additional information on using the CLI 13 When you have completed your tasks exit the session with the logout command or close the emulator program 14 Make sure the terminal or PC you are using to make this connection is config...

Страница 39: ...and Password fields blank DGS 3627G Gigabit Ethernet Switch Command Line Interface Firmware Build 2 50 B15 Copyright C 2009 D Link Corporation All rights reserved UserName PassWord DGS 3627G 5 _ Figure 4 2 Command Prompt NOTE The first user automatically gets Administrator level privileges It is recommended to create at least one Admin level user account for the Switch Password Protection The Swit...

Страница 40: ...gement stations to read and modify the settings of gateways routers switches and other network devices Use SNMP to configure system features for proper operation monitor performance and detect potential problems in the Switch switch group or network Managed devices that support SNMP include software referred to as an agent which runs locally on the device A defined set of variables managed objects...

Страница 41: ...nds them to the trap recipient or network manager Typical traps include trap messages for Authentication Failure Topology Change and Broadcast Multicast Storm MIBs The Switch in the Management Information Base MIB stores management and counter information The Switch uses the standard MIB II Management Information Base module Consequently values for MIB objects can be retrieved from any SNMP based ...

Страница 42: ...ent the IP address to be assigned to the IP interface named System and the y s represent the corresponding subnet mask Alternatively you can enter config ipif System ipaddress xxx xxx xxx xxx z Where the x s represent the IP address to be assigned to the IP interface named System and the z represents the corresponding number of subnets in CIDR notation The IP interface named System on the Switch c...

Страница 43: ...nt ways to access the same internal switching software and configure it Thus all settings encountered in web based management are the same as those found in the console program Login to Web Manager To begin managing the Switch simply run the browser you have installed on your computer and point it to the IP address you have defined for the device The URL in the address bar should read something li...

Страница 44: ...splay the hyper linked window buttons and subfolders contained within them Click the D Link logo to go to the D Link website Area 2 Presents a graphical near real time image of the front panel of the Switch This area displays the Switch s ports and expansion modules showing port activity duplex mode or flow control depending on the specified mode Various areas of the graphic can be selected for pe...

Страница 45: ...tuitous ARP Settings Policy Route Settings ECMP Algorithm Settings RIP OSPF DCHP BOOTP Relay DHCP Server Filter DHCP Server DNS Relay VRRP and IP Multicast Routing Protocol QoS Contains windows concerning Bandwidth Control QoS Scheduling Mechanism QoS Output Scheduling 802 1p Default Priority and 802 1p User Priority ACL Contains windows for Time Range Access Profile Table ACL Flow Meter and CPU I...

Страница 46: ...l IP Address IP MTU Settings Stacking Port Configuration User Accounts Port Mirroring System Log System Severity Settings SNTP Settings MAC Notification Settings TFTP Services File System Services Ping Test IPv6 Neighbor DHCP Auto Configuration Settings BPDU Tunneling Settings RSPAN SNMP Manager sFlow Single IP Management Settings 28 ...

Страница 47: ... may also enter a System Name System Location and System Contact to aid in defining the Switch In addition this window displays the status of functions on the Switch to quickly assess their current global status Some functions are hyper linked to their configuration window for easy access from the Device Information window NOTE DGS 3612 DGS 3612G DGS 3627 DGS 3627G DGS 3650 Switch series will disp...

Страница 48: ...folder MLD Multicast Router Only This field specifies that the Switch should only forward all multicast traffic to a multicast enabled router if enabled Otherwise the Switch will forward all multicast traffic to any IP router The default is Disabled GVRP Status Use this pull down menu to enable or disable GVRP on the Switch Telnet Status Telnet configuration is Enabled by default If you do not wan...

Страница 49: ...st Routing Protocol DVMRP function by using the pull down menu PIM State The user may globally enable or disable the Protocol Independent Multicast Dense Mode PIM DM function by using the pull down menu RIP State The user may globally enable or disable the Routing Information Protocol RIP function by using the pull down menu OSPF State The user may globally enable or disable the Open Shortest Path...

Страница 50: ...for the Switch These fields should be of the form xxx xxx xxx xxx where each xxx is a number represented in decimal form between 0 and 255 This address should be a unique address on the network assigned for use by the network administrator Subnet Mask A Bitmask that determines the extent of the subnet that the Switch is on Should be of the form xxx xxx xxx xxx where each xxx is a number represente...

Страница 51: ...ect to the Switch IP MTU Settings The IP MTU Settings window is used to configure the IP layer MTU settings on the Switch The MTU is the largest size of IP datagram which may be transferred using a specific data link connection The MTU value is a design parameter of a LAN and is a mutually agreed value i e both ends of a link agree to use the same specific value for most WAN links The size of MTU ...

Страница 52: ...format Using this method data transfer is only possible in one direction and if there is a break in the chain then data transfer will obviously be affected Duplex Ring As shown in Figure 6 3 the Duplex Ring stacks switches in a ring or circle format where data can be transferred in two directions This topology is very resilient due to the fact that if there is a break in the ring data can still be...

Страница 53: ...Stacking Unit IDs to switches in the stack synchronize configurations for all switches and then transmit commands to the rest of the switches based on the users configurations of the Primary Master Once these steps have been completed the switch stack will enter a normal operating mode Stack Switch Swapping The stacking feature of the xStack DGS 3600 supports hot swapping of switches in and out of...

Страница 54: ...gs window Use the pull down menu choose Enabled and click Apply to allow stacking of this Switch Box Information This window is used to configure stacking parameters associated with all switches in the xStack DGS 3600 Series The user may configure parameters such as box ID box priority and pre assigning model names to switches to be entered into the switch stack To view this window click Administr...

Страница 55: ...r 255 224 0 0 decimal Using a 10 xxx xxx xxx IP address notation the above example would give six network addresses and six subnets Any IP address from the allowed range of IP addresses for each subnet can be chosen as an IP address for an IP interface on the switch For this example we have chosen the next IP address above the network address for the IP interface s IP Address VLAN Name VID Network...

Страница 56: ... and flow control Port Configuration To display the following window click Administration Port Configuration Port Configuration as shown below To configure switch ports 1 Choose the port or sequential range of ports using the From To port pull down menus 2 Use the remaining pull down menus to configure the parameters described below Figure 6 8 Port Configuration window The following parameters can...

Страница 57: ...layer by a local source The slave setting 1000M Full_S uses loop timing where the timing comes form a data stream received from the master If one connection is set for 1000M Full_M the other side of the connection must be set for 1000M Full_S Any other configuration will result in a link down status for both ports Flow Control Displays the flow control scheme used for the various port configuratio...

Страница 58: ...Combo ports If configuring the Combo ports this defines the type of transport medium used SFP ports should be nominated Fiber and the Combo 1000BASE T ports should be nominated Copper The result will be displayed in the appropriate switch port number slot C for copper ports and F for fiber ports To assign names to various ports click Administration Port Configuration Port Description as shown Figu...

Страница 59: ... Account Management window to control user privileges Any existing User Accounts will be displayed in the table below To view this window click Administration User Accounts as shown below Figure 6 12 User Accounts window To add a new user click on the Add button To modify or delete an existing user click on the Modify button for that user 41 ...

Страница 60: ...privilege Admin Operator or User from the Access Right drop down menu Figure 6 14 User Account Modify Table window Modify or delete an existing user account in the User Account Modify Table window To delete the user account click on the Delete button To change the password type in the New Password and retype it in the Confirm New Password entry field The level of privilege Admin Operator or User c...

Страница 61: ...ce port 2 Select the Source Direction Ingress Egress or Both and change the Status drop down menu to Enabled 3 Click Apply to let the changes take effect NOTE You cannot mirror a fast port onto a slower port For example if you try to mirror the traffic from a 100 Mbps port onto a 10 Mbps port this can cause throughput problems The port you are copying frames from should always support an equal or ...

Страница 62: ...System Log Host window The parameters configured for adding and editing System Log Server settings are the same See the table below for a description Figure 6 17 Configure System Log Server Add window To set the System Log Server configuration click Apply To delete an entry from the System Log Host window click the corresponding under the Delete heading of the entry to delete To return to the Syst...

Страница 63: ...g alert clock daemon local use 0 local0 local use 1 local1 local use 2 local2 local use 3 local3 local use 4 local4 local use 5 local5 local use 6 local6 local use 7 local7 UDP Port 514 or 6000 65535 Type the UDP port number used for sending Syslog messages The default is 514 Status Choose Enabled or Disabled to activate or deactivate System Log Save Mode Settings The System Log Save Mode Settings...

Страница 64: ...he Settings menu To view this window click Administration System Severity Settings as shown below Figure 6 19 System Severity Settings window Use the drop down menus to configure the parameters described below Parameter Description System Severity Choose how the alerts are used from the drop down menu Select Log to send the alert of the Severity Type configured to the Switch s log for analysis Cho...

Страница 65: ...splays the Current Time set on the Switch Time Source Displays the time source for the system SNTP Settings SNTP State Use this pull down menu to Enabled or Disabled SNTP SNTP Primary Server This is the IP address of the primary server the SNTP information will be taken from SNTP Secondary Server This is the IP address of the secondary server the SNTP information will be taken from SNTP Poll Inter...

Страница 66: ...To view this window click Administration SNTP Settings Time Zone and DST as shown below Figure 6 21 Time Zone and DST window The following parameters can be set Parameter Description Time Zone and DST Daylight Saving Time State Use this pull down menu to enable or disable the DST Settings Daylight Saving Time Offset in Minutes Use this pull down menu to specify the amount of time that will constit...

Страница 67: ... week of the month the DST will end To Day of Week Enter the day of the week that DST will end To Month Enter the month that DST will end To Time in HH MM Enter the time of day that DST will end DST Annual Settings Using annual mode will enable DST seasonal time adjustment Annual mode requires that the DST beginning and ending date be specified concisely For example specify to begin DST on April 3...

Страница 68: ...ion Click Apply to implement changes made Figure 6 22 MAC Notification Settings window TFTP Services Trivial File Transfer Protocol TFTP services allow the Switch s firmware to be upgraded by transferring a new firmware file from a TFTP server to the Switch A configuration file can also be loaded into the Switch from a TFTP server Switch settings can be saved to the TFTP server and a history log c...

Страница 69: ...tart to record the IP address of the TFTP server and to initiate the file transfer Upload Firmware Enter the IP address of the TFTP server and the path and filename for the place to put this firmware on the TFTP server Click Start to record the IP address of the TFTP server and to initiate the file transfer Server IPv4 Address Enter the IPv4 address of the server from which to upload or download f...

Страница 70: ... FAT 16 re building function which will format the Flash as FAT 16 and enter the Z modem download mode where the user will download firmware saved as RUN HAD and then boot from this firmware image To configure the files located on the Flash memory use the following windows to guide you System Boot Information This window is used to view and configure boot up firmware images and configuration files...

Страница 71: ...in the Switch File System Version Use the drop down menu to select the File System version you wish to use on the Switch Directory The Directory window allows users to view files stored in the flash memory of the Switch In future releases more than one drive may be located in the Flash drive but for this release the only drive located on the Flash memory of the Switch is C Therefore to view files ...

Страница 72: ...h Boot up An in this field denotes that the corresponding file is a boot up configuration file or firmware image Delete Click the in this field corresponding to the file to be deleted from the Flash memory Remember once deleted it cannot be restored by the switch unless downloaded again from an outside source Rename The following window is used to rename files that are presently located in the Fla...

Страница 73: ...ers the following fields to aid the user in copying files located in the Flash memory of the Switch Parameter Description Unit Use the drop down menu to select the unit you wish to configure Source File Full Path Enter the full path and file name of the directory to be copied This entry cannot exceed 64 characters in length Target File Full Path Enter the file name of the directory and the path to...

Страница 74: ...wn below Figure 6 29 IPv4 Ping Test window This window allows the following parameters to be configured to ping an IPv4 address Parameter Description Target IP Address Enter an IPv4 address to be pinged Repeat Pinging for Either click the Infinite times radio button or enter the number of times desired to attempt to ping the IPv4 address configured in this window Users may enter a number of times ...

Страница 75: ...pecific interface for a link local IPv6 address For Global IPv6 addresses this field may be omitted Repeat Times 0 255 Enter the number of times desired to attempt to ping the IPv6 address configured in this window Users may enter a number of times between 0 and 255 Size 1 6000 Use this field to set the datagram size of the packet or in essence the number of bytes in each ping packet Users may set...

Страница 76: ... Name Enter the Interface Name of the device for which to search IPv6 neighbors Click Find to begin the search Neighbor IPv6 Address Enter the IPv6 address of the neighbor of the IPv6 device to be searched Click Find to begin the search State Users may also search by running state of the IPv6 neighbor Tick the State check box and choose to search for Static IPv6 neighbors or Dynamic IPv6 neighbors...

Страница 77: ...acket The TFTP server must be up and running and hold the necessary configuration file stored in its base directory when the request is received from the Switch For more information about loading a configuration file for use by a client see the DHCP server and or TFTP server software instructions The user may also consult the Upload screen description located in the Maintenance section of this man...

Страница 78: ...o the tunnel port in the same VLAN None When selected an encapsulated PDU is received on a port and the forwarding behavior follows the forwarding of general multicast addresses None is the default STP GVRP Select the type of tunnel multicast address to be applied to the ports either STP or GVRP An STP enabled port can not be configured as an STP tunnel port A GVRP enabled port can not be configur...

Страница 79: ...PAN VLAN tags from the mirrored packets when the destination port is an untagged port in the RSPAN VLAN If the destination port is a tagged port the tags will be reserved RSPAN State Settings This window allows the user to enable or disable the RSPAN settings on the Switch The purpose of the RSPAN function is to mirror the packets to the remote switch The packet travels from the switch where the m...

Страница 80: ...ndow to configure Figure 6 37 RSPAN Settings Edit window The following fields can be configured Parameter Description VLAN Name This is the VLAN Name that along with the VLAN ID identifies the VLAN which will modify the RSPAN Entries VID 1 4094 This is the VLAN ID that along with the VLAN Name identifies the VLAN which will to modify the RSPAN Entries Source Ports Action Use the drop down menu to ...

Страница 81: ...set for a listed group of SNMP managers Thus you may create a group of SNMP managers that are allowed to view read only information or receive traps using SNMPv1 while assigning a higher level of security to another group granting read write privi leges using SNMPv3 Using SNMPv3 individual users or groups of SNMP managers can be allowed to perform or be restricted from performing specific SNMP man...

Страница 82: ...ttings for the SNMP function on the Switch To view this window for configuration click Administration SNMP Manager SNMP Trap Settings as shown below Figure 6 38 SNMP Trap Settings window To enable or disable the Traps State Authenticate Trap State and or Linkchange Trap State use the corresponding pull down menu to change and click Apply 64 ...

Страница 83: ...0 SNMP User Table Display window The following parameters are displayed Parameter Description User Name An alphanumeric string of up to 32 characters This is used to identify the SNMP users Group Name This name is used to specify the SNMP group created can request SNMP messages SNMP Version V3 Indicates that SNMP version 3 is in use Auth Protocol None Indicates that no authentication protocol is i...

Страница 84: ...el will be used This is only operable when V3 is selected in the SNMP Version field and the Encrypted check box has been ticked This field will require the user to enter a password SHA Specifies that the HMAC SHA authentication protocol will be used This is only operable when V3 is selected in the SNMP Version field and the Encrypted check box has been ticked This field will require the user to en...

Страница 85: ...w Table Configuration window The SNMP View created with this table maps SNMP users identified in the SNMP User Table to the views created in the previous window The following parameters can set Parameter Description View Name Type an alphanumeric string of up to 32 characters This is used to identify the new SNMP view being created Subtree OID Type the Object Identifier OID Subtree for the view Th...

Страница 86: ...ion SNMP Manager SNMP Group Table as shown below Figure 6 44 SNMP Group Table window To delete an existing SNMP Group Table entry click the corresponding under the Delete heading To display the current settings for an existing SNMP Group Table entry click the View button located under the Display heading which will show the following window Figure 6 45 SNMP Group Table Display window To add a new ...

Страница 87: ...ckets over the network Security Level The Security Level settings only apply to SNMPv3 NoAuthNoPriv Specifies that there will be no authorization and no encryption of packets sent between the Switch and a remote SNMP manager AuthNoPriv Specifies that authorization will be required but there will be no encryption of packets sent between the Switch and a remote SNMP manager AuthPriv Specifies that a...

Страница 88: ...bers using the community string created can only read the contents of the MIBs on the Switch Read Write Specifies that SNMP community members using the community string created can read from and write to the contents of the MIBs on the Switch To implement the new settings click Apply To delete an entry from the SNMP Community Table click the corresponding button under the Delete heading SNMP Host ...

Страница 89: ...or SNMP V3 User Name Type in the community string or SNMP V3 user name as appropriate To add a new IPv6 entry to the Switch s SNMP Host Table click the Add IPv6 Host button in the upper left hand corner of the window This will open the SNMP Host Table Configuration window as shown below Figure 6 50 SNMP Host Table Configuration window for IPv6 The following parameters can set Parameter Description...

Страница 90: ... counter information of the Switch The Switch itself is the sFlow agent where packet data is retrieved and sent to an sFlow Analyzer where it can be scrutinized and utilized to resolve the problem The Switch can configure the settings for the sFlow Analyzer but the remote sFlow Analyzer device must have an sFlow utility running on it to retrieve and analyze the data it receives from the sFlow agen...

Страница 91: ... collector that will be used to gather and analyze sFlow Datagrams that originate from the Switch Users must have the proper sFlow software set on the Analyzer in order to receive datagrams from the switch to be analyzed and to analyze these datagrams Users may specify up to four unique analyzers to receive datagrams yet the virtual port used must be unique to each entry To configure the settings ...

Страница 92: ...Parameter Description Analyzer Server 1 4 Enter an integer from 1 to 4 to denote the sFlow Analyzer to be added Up to four entries can be added Owner Users may enter an alphanumeric string of up to 16 characters to define the owner of this entry Users are encouraged to give this field a name that will help them identify this entry When an entry is made in this field the following Timeout field is ...

Страница 93: ... configured rate of packet sampling for this port based on a multiple of 256 For example if a figure of 20 is in this field the switch will sample one out of every 5120 packets 20 x 256 5120 that pass through the individual port Configured Rate Displays the current rate op packet sampling being performed by the Switch for this port based on a multiple of 256 For example if a figure of 20 is in thi...

Страница 94: ...individual port Users may enter a value between 1 and 65535 An entry of 0 disables the packet sampling Since this is the default setting users are reminded to configure a rate here otherwise this function will not function Max Header Size 18 256 This field will set the number of leading bytes of the sampled packet header This sampled header will be encapsulated with the datagram to be forwarded to...

Страница 95: ...ear All button To add a new sFlow Counter Poller setting click the Add button which will display the following window to be configured Figure 6 59 sFlow Counter Poller Add window The following fields may be set Parameter Description Unit Select the unit you wish to configure From To Choose the beginning and ending range of ports to be configured for counter polling Analyzer Server ID 1 4 Enter the...

Страница 96: ...S The SIM group is a group of switches that are managed as a single entity SIM switches may take on three different roles 1 Commander Switch CS This is a switch that has been manually configured as the controlling device for a group and takes on the following characteristics It has an IP Address It is not a commander switch or member switch of another Single IP group It is connected to the member ...

Страница 97: ...s for connections that are a member of a port trunking group It will display the speed and number of Ethernet connections creating this port trunk group as shown in the adjacent picture NOTE For more details regarding improvements made in SIMv1 61 please refer to the D Link Single IP Management White Paper located on the D Link website 3 This version will support switch upload and downloads for fi...

Страница 98: ...ches to this Switch over Ethernet to be part of its SIM group Choosing this option will also enable the Switch to be configured for SIM Group Name Enter a group name in this field Discovery Interval The user may set the discovery protocol interval in seconds that the Switch will send out discovery packets Returning information to a Commander Switch will include information about other switches con...

Страница 99: ...ice Name of the switches in the SIM group configured by the user If no Device Name is configured by the name it will be given the name default and tagged with the last six digits of the MAC Address to identify it Local Port Displays the number of the physical port on the CS that the MS or CaS is connected to The CS will have no entry in this field Speed Displays the connection speed between the CS...

Страница 100: ...fault Figure 6 63 Topology View window This window will display how the devices within the Single IP Management Group are connected to other groups and devices Possible icons in this window are as follows Icon Description Group Layer 2 commander switch Layer 3 commander switch Commander switch of other group Layer 2 member switch Layer 3 member switch Member switch of other group Layer 2 candidate...

Страница 101: ...me information about a specific device as the Tree view does See the window below for an example Figure 6 64 Device Information Utilizing the Tool Tip Setting the mouse cursor over a line between two devices will display the connection speed between the two devices as shown below Figure 6 65 Port Speed Utilizing the Tool Tip Right Click Right clicking on a device will allow the user to perform var...

Страница 102: ...M group configured by the user If no Device Name is configured by the name it will be given the name default and tagged with the last six digits of the MAC Address to identify it Module Name Displays the full module name of the switch that was right clicked MAC Address Displays the MAC Address of the corresponding Switch Remote Port No Displays the number of the physical port on the MS or CaS that...

Страница 103: ...icking a Member icon The following options may appear for the user to configure Collapse To collapse the group that will be represented by a single icon Expand To expand the SIM group in detail Remove from group Remove a member from a group Configure Launch the web management to configure the Switch Property To pop up a window to display the device information Candidate Switch Icon Figure 6 70 Rig...

Страница 104: ...r are as follows File Print Setup Will view the image to be printed Print Topology Will print the topology map Preference Will set display properties such as polling interval and the views to open at SIM startup Group Add to group Add a candidate to a group Clicking this option will reveal the following screen for the user to enter a password for authentication from the Candidate Switch before bei...

Страница 105: ...Path Filename of the firmware Click Download to initiate the file transfer To view this window click Administration Single IP Management Settings Firmware Upgrade as shown below Figure 6 74 Firmware Upgrade window Configuration File Backup Restore This screen is used to upgrade configuration files from the Commander Switch to the Member Switch using a TFTP server Member Switches will be listed in ...

Страница 106: ...load Log File The following window is used to upload log files from SIM member switches to a specified PC To upload a log file enter the IP address of the SIM member switch and then enter a path on your PC where you wish to save this file Click Upload to initiate the file transfer Figure 6 76 Upload Log File window 88 ...

Страница 107: ...sers to specify its relative priority to suit the needs of your network There may be circumstances where it would be advantageous to group two or more differently tagged packets into the same queue Generally however it is recommended that the highest priority queue Queue 7 be reserved for data packets with a priority value of 7 Packets that have not been given any priority value are placed in Queu...

Страница 108: ... reduce the size of broadcast domains All packets entering a VLAN will only be forwarded to the stations over IEEE 802 1Q enabled switches that are members of that VLAN and this includes broadcast multicast and unicast packets from unknown sources VLANs can also provide a level of security to your network IEEE 802 1Q VLANs will only deliver packets between stations that are members of the VLAN Any...

Страница 109: ...094 unique VLANs can be identified The tag is inserted into the packet header making the entire packet longer by 4 octets All of the information originally contained in the packet is retained Figure 7 2 IEEE 802 1Q Tag The EtherType and VLAN ID are inserted after the MAC source address but before the original EtherType Length or Logical Link Control Because the packet is now a bit longer than it w...

Страница 110: ...n into the header of all packets that flow into and out of it If a packet has previously been tagged the port will not alter the packet thus keeping the VLAN information intact Other 802 1Q compliant devices on the network to make packet forwarding decisions can then use the VLAN information in the tag Ports with untagging enabled will strip the 802 1Q tag from all packets that flow into and out o...

Страница 111: ...o through This selective forwarding feature based on VLAN criteria is how VLANs segment networks The key point being that Port 1 will only transmit on VLAN 2 Network resources such as printers and servers can be shared across VLANs This is achieved by setting up overlapping VLANs That is ports can belong to more than one VLAN group For example setting VLAN 1 members to ports 1 2 3 and 4 and VLAN 2...

Страница 112: ...ing button under the Delete heading To create a new 802 1Q VLAN click the Add button a new window will appear as shown below To configure the port settings and to assign a unique name and number to the new VLAN see the table below Figure 7 6 Static VLAN window Add To return to the Current Static VLAN Entries window click the Show All Static VLAN Entries link To change an existing 802 1Q VLAN entry...

Страница 113: ...displays the VLAN name in the Modify window Advertisement Enabling this function will allow the Switch to send out GVRP packets to outside sources notifying that they may join the existing VLAN Port Settings Allows an individual port to be specified as member of a VLAN Tag Specifies the port as either 802 1Q tagging or 802 1Q untagged Checking the box will desig nate the port as Tagged None Allows...

Страница 114: ...led switches In addition Ingress Checking can be used to limit traffic by filtering incoming packets whose VID does not match the PVID of the port Results can be seen in the table under the configuration settings as seen below To view this window click L2 Features VLAN GVRP Settings as shown below Figure 7 7 GVRP Settings window The following parameters may be configured Parameter Description Unit...

Страница 115: ...ake VLAN forwarding decisions If the port receives a packet and Ingress filtering is enabled the port will compare the VID of the incoming packet to its PVID If the two are unequal the port will drop the packet If the two are equal the port will receive the packet GVRP The GARP VLAN Registration Protocol GVRP enables the port to dynamically become a member of a VLAN GVRP is Disabled by default Ing...

Страница 116: ... form to be encapsulated within the VLAN tag of the packet This identifies the packet as double tagged and segregates it from other VLANs on the network therefore creating a hierarchy of VLANs within a single packet Here is an example Double VLAN tagged packet Destination Address Source Address SPVLAN TPID Service Provider VLAN Tag 802 1Q CEVLAN Tag TPID Customer VLAN Tag Ether Type Payload Consid...

Страница 117: ...ve both double and normal VLANs co existing Once the change of VLAN is made all Access Control lists are cleared and must be reconfigured 6 Once Double VLANs are enabled GVRP must be disabled 7 All packets sent from the CPU to the Access ports must be untagged 8 The following functions will not operate when the switch is in Double VLAN mode Guest VLANs Web based Access Control IP Multicast Routing...

Страница 118: ...LAN that will be used in identification of this potential Double VLAN written in hex form The user may view configurations for a Double VLAN by clicking its corresponding button which will display the following read only window Figure 7 11 Double VLAN Information window Parameters shown in the previous window are explained below Parameter Description SPVID The VLAN ID number of this potential Serv...

Страница 119: ...e Service Provider VLAN with an integer between 1 and 4094 TPID Enter the TPID in hex form to aid in packet identification of the Service Provider VLAN Click Apply to implement changes made To configure the parameters for a previously created Service Provider VLAN click the button of the corresponding SPVID in the Double VLAN Table The following window will appear for the user to configure Figure ...

Страница 120: ...ced in or removed from the Service Provider VLAN The beginning and end of the port list range are separated by a dash PVID Auto Assign This enables the PVID Auto Assign features on the switch To view this table click L2 Features VLAN PVID Auto Assign as shown below Figure 7 14 PVID Auto Assign Settings window When Enabled PVID will be automatically assigned when adding a port to a VLAN as an untag...

Страница 121: ...00 IPX 802 3 0xFFFF IPX 802 2 0xE0E0 IPX SNAP 0x8137 IPX over Ethernet2 0x8137 decLAT 0x6004 SNA 802 2 0x0404 netBios 0xF0F0 XNS 0x0600 VINES 0x0BAD IPV6 0x86DD AppleTalk 0x809B RARP 0x8035 SNA over Ethernet2 0x80D5 Table 7 1 Protocol VLAN and the corresponding protocol value The following windows are used to create Protocol VLAN groups on the switch The purpose of these Protocol VLAN groups is to...

Страница 122: ...er has three choices for frame type Ethernet II Choose this parameter if you wish this protocol group to employ the Ethernet II frame type In this frame type the protocol is identified by the 16 bit 2 octet IEEE802 3 type field in the packet header which is to be stated using the following Protocol Value IEEE802 3 SNAP Choose this parameter if you wish this protocol group to employ the Sub Network...

Страница 123: ...o add or delete the following Group ID to or from the ports selected in the previous field Group ID 1 16 Enter the ID number of the Protocol VLAN Group for which to add or remove from the selected ports Ticking the Select All Groups check box will apply all Protocol VLAN groups to the ports listed in the Port List field VLAN ID VLAN Name Use this field to add a VLAN to be associated with this conf...

Страница 124: ...Mbps can be achieved when using the 10 100 1000Mbps Ethernet ports The 10G interfaces also support port trunk groups with 2 interfaces in each group Figure 7 19 Example of Port Trunk Group The Switch treats all ports in a trunk group as a single port Data transmitted to a specific host destination address will always be transmitted over the same port in a trunk group This allows packets in a data ...

Страница 125: ...n be applied to the Master Port are applied to the entire link aggregation group Load balancing is automatically applied to the ports in the aggregated group and a link failure within the group causes the network traffic to be directed to the remaining links in the group The Spanning Tree Protocol will treat a link aggregation group as a single link on the switch level On the port level the STP wi...

Страница 126: ...port trunking group on or off This is useful for diagnostics to quickly isolate a bandwidth intensive network device or to have an absolute backup aggregation group that is not under automatic control Master Port Choose the Master Port for the trunk group using the pull down menu Unit Select the unit you wish to configure Member Ports Choose the members of a trunked group Up to eight ports per gro...

Страница 127: ... LACP control frames In order to allow the linked port group to negotiate adjustments and make changes dynamically one end of the connection must have active LACP ports see above After setting the previous parameters click Apply to allow your changes to be implemented IGMP Snooping Internet Group Management Protocol IGMP snooping allows the Switch to recognize IGMP queries and reports sent between...

Страница 128: ...hat along with the VLAN ID identifies the VLAN for which to modify the IGMP Snooping Settings Query Interval 1 65535 The Query Interval field is used to set the time in seconds between transmitting IGMP queries Entries between 1 and 65535 seconds are allowed Default 125 Max Response Time 1 25 sec This determines the maximum amount of time in seconds allowed before sending an IGMP response report T...

Страница 129: ...p query If no response to the membership query is received before the Leave Timer expires the multicast forwarding entry for that host is deleted The default setting is 2 seconds Querier State Choose Enabled to enable transmitting IGMP Query packets or Disabled to disable The default is Disabled Querier Router Behavior This read only field describes the behavior of the router for sending query pac...

Страница 130: ... devices are members of a particular multicast group the devices will respond to the query and inform the querier of its membership status RIPv2 multicast Routing Information Protocol Version 2 can be used for small networks or on the perifory of larger networks where VLSM is required RIPv2 is used to support route authentication and multicasting of route updates RIPv2 sends updates every 30 secon...

Страница 131: ...set these ports as router ports Static Click this option to designate a range of ports as being connected to a multicast enabled router This command will ensure that all packets with this router as its destination will reach the multicast enabled router Forbidden Click this option to designate a port or range of ports as being forbidden from being connected to multicast enabled routers This ensure...

Страница 132: ...rt in a specific ISM VLAN 3 The Multicast VLAN is exclusive with normal 802 1q VLANs which means that VLAN IDs VIDs and VLAN Names of 802 1q VLANs and ISM VLANs cannot be the same Once a VID or VLAN Name is chosen for any VLAN it cannot be used for any other VLAN 4 The normal display of configured VLANs will not display configured Multicast VLANs 5 Once an ISM VLAN is enabled the corresponding IGM...

Страница 133: ...Multicast VLAN Member Port Enter a port or list of ports to be added to the Multicast VLAN Member ports will become the untagged members of the multicast VLAN Source Port Enter a port or list of ports to be added to the Multicast VLAN Source ports will become the tagged members of the multicast VLAN Replace Source IP This field is used to replace the source IP address of incoming packets sent by t...

Страница 134: ...mation will be displayed on the IP Multicast Address Range Table To create a new range click the Add button which will display the following window Figure 7 32 IP Multicast Address Range Setting Add window The following parameters can be set Parameter Description Range Name Enter an alphanumeric name of no more than 32 characters to define the Multicast Address range This name will be used to defi...

Страница 135: ... range of ports to be granted access or denied access from receiving multicast information From To Toggle the Access field to either Permit or Deny to limit or grant access to a specified range of Multicast addresses on a particular port or range of ports Access Limited IP Multicast Address Range Settings Figure 7 33 Limited IP Multicast Address Range Port Settings window Select a port or range of...

Страница 136: ... data There are two types of MLD query messages emitted by the router The General Query is used to advertise all multicast addresses that are ready to send multicast data to all listening ports and the Multicast Specific query which advertises a specific multicast address that is also ready These two types of messages are distinguished by a multicast destination address located in the IPv6 header ...

Страница 137: ... tuning to allow for expected packet loss on a subnet The user may choose a value between 1 and 255 with a default setting of 2 If a subnet is expected to be lossy the user may wish to increase this interval Last Listener Query Interval 1 25 sec The maximum amount of time to be set between group specific query messages This interval may be reduced to lower the amount of time it takes a router to d...

Страница 138: ...f a group on a network Calculated as robustness variable query interval 1 query response interval Querier Present Interval The amount of time that must pass before a multicast router decides that there are no other querier devices present Calculated as robustness variable query interval 0 5 query response interval Last Listener Query Count The amount of group specific queries sent before the route...

Страница 139: ...ck this option to not set these ports as router ports Static Click this option to designate a range of ports as being connected to a multicast enabled router This command will ensure that all packets with this router as its destination will reach the multicast enabled router Forbidden Click this option to designate a port or range of ports as being forbidden from being connected to multicast enabl...

Страница 140: ...s CTP packets are received from a port it signifies a loop on the network The Switch will automatically block the port and send an alert to the administrator The Loopback Detection port will restart change to discarding state when the Loopback Detection Recover Time times out The Loopback Detection function can be implemented on a range of ports at a time The user may enable or disable this functi...

Страница 141: ...nds Entering 0 will disable the Loopdetect Recover Time The default is 60 seconds Mode Select the mode you wish to use either Port Based or VLAN Based Port Based This mode can detect loopback based on the Port If the Switch detects loopback on the Port the loopback detection will only block the traffic which belongs to this Port Other VLAN traffic should not be affected by this VLAN Based This mod...

Страница 142: ... VLANs supported by the Switch for a given instance To utilize the MSTP function on the Switch three steps need to be taken 1 The Switch must be set to the MSTP setting found in the STP Bridge Global Settings window in the STP Version field 2 The correct spanning tree priority for the MSTP instance must be entered defined here as a Priority in the STP Instance Settings window when configuring an M...

Страница 143: ...equipment on a segment is updated to use RSTP or MSTP The Spanning Tree Protocol STP operates on two levels 1 On the switch level the settings are globally implemented 2 On the port level the settings are implemented on a per user defined group of ports basis STP Loopback Detection When connected to other switches STP is an important configuration in consistency for delivering packets to ports and...

Страница 144: ...nabled for the switch yet the port by port default setting is disabled The default setting for the Loopback timer is 60 seconds This setting will only be operational if the interface is STP enabled The Loopback Detection feature can only prevent BPDU loops on the Switch designated ports It can detect a loop condition occurring on the user s side connected to the edge port but it cannot detect the ...

Страница 145: ...AN If the value ages out and a BPDU has still not been received from the Root Bridge the Switch will start sending its own BPDU to all other switches for permission to become the Root Bridge If it turns out that your switch has the lowest Bridge Identifier it will become the Root Bridge The user may choose a time between 6 and 40 seconds The default value is 20 Forward Delay 4 30 Sec The Forward D...

Страница 146: ...lobal Settings window and on the STP Port Settings window Enabling this feature through only one of these windows will not fully enable the Loopback Detection function Click Apply to implement changes made MST Configuration Identification The MST Configuration Identification window allows the user to configure a MSTI instance on the Switch These settings will uniquely identify a multiple spanning ...

Страница 147: ...15 to set a new MSTI on the Switch Type Create is selected to create a new MSTI No other choices are available for this field when creating a new MSTI VID List 1 4094 This field is used to specify the VID range from configured VLANs set on the Switch Supported VIDs on the Switch range from ID number 1 to 4094 Click Apply to implement changes made To configure the settings for the CIST click on its...

Страница 148: ...junction with the VID List parameter Remove VID Select this parameter to remove VIDs from the MSTI ID in con junction with the VID List parameter VID List 1 4094 This field is used to specify the VID range from configured VLANs set on the Switch that the user wishes to add to this MSTI ID Supported VIDs on the Switch range from ID number 1 to 4094 This parameter can only be utilized if the Type ch...

Страница 149: ...s when an interface is selected within a STP instance The default setting is 0 auto There are two options 0 auto Selecting this parameter for the internalCost will set quickest route automatically and optimally for an interface The default value is derived from the media speed of the interface value 1 200000000 Selecting this parameter with a value in the range of 1 200000000 will set the quickest...

Страница 150: ...ser may set a priority value between 0 and 61440 Click Apply to implement the new priority setting STP Port Settings STP can be set up on a port per port basis In addition to setting Spanning Tree parameters for use on the switch level the Switch allows for the configuration of groups of ports each port group of which will have its own spanning tree and will require some of its own configuration s...

Страница 151: ...utomatically or as a metric value The default value is 0 auto 0 auto Setting 0 for the external cost will automatically set the speed for forwarding packets to the specified port s in the list for optimal efficiency Default port cost 100Mbps port 200000 Gigabit port 20000 value 1 200000000 Define a value between 1 and 200000000 to determine the external cost The lower the number the greater the pr...

Страница 152: ...lf duplex operation the P2P status changes to operate as if the P2P value were False The default setting for this parameter is True State This drop down menu allows you to enable or disable STP for the selected group of ports The default is Enabled LBD Use the pull down menu to enable or disable the Loopback Detection function on the Switch for the ports configured above For more information on th...

Страница 153: ... VLAN ID number of the VLAN on which the above Unicast MAC address resides MAC Address The MAC address to which packets will be statically forwarded This must be a unicast MAC address Unit Enter the unit you wish to configure Port Allows the selection of the port number on which the MAC address entered above resides To delete an entry in the Unicast Forwarding Table click the corresponding under t...

Страница 154: ...D The VLAN ID of the VLAN to which the corresponding MAC address belongs Multicast MAC Address The MAC address of the static source of multicast packets This must be a multicast MAC address Port Settings Allows the selection of ports that will be members of the static multicast group and ports that are either forbidden from joining dynamically or that can join the multicast group dynamically using...

Страница 155: ...tion the Switch will take when it receives a multicast packet that requires forwarding to a port in the specified VLAN Forward All Groups This will instruct the Switch to forward a multicast packet to all multicast groups residing within the range of ports specified above Forward Unregistered Groups This will instruct the Switch to forward a multicast packet whose destination is an unregistered mu...

Страница 156: ...r malfunctions that can result in impaired communication at higher layers 3 Provide information to assist network management in making resource changes and or reconfigurations that correct configuration inconsistencies or malfunctions identified above LLDP is a one way protocol transmit and receive are separated An LLDP agent can transmit information about the capabilities and current status of th...

Страница 157: ...efault value is 30 seconds Message TX Hold Multiplier 2 10 This parameter is a multiplier that determines the actual TTL value used in an LLDPDU The default value is 4 ReInit Delay 1 10 This parameter indicates the amount of delay from when adminStatus becomes disabled until re initialization will be attempted The default value is 2 seconds TX Delay 1 8192 This parameter indicates the delay betwee...

Страница 158: ...ble each port for sending change notification to configured SNMP trap receiver s if an LLDP data change is detected in an advertisement received on the port from an LLDP neighbor The definition of change includes new available information information timeout and information update In addition the changed type includes any data update insert remove Admin Status Use the drop down menu to choose TX_O...

Страница 159: ...p down menu to toggle System Capabilities between Enabled and Disabled Click Apply to implement changes made 802 1 Extension LLDP Port Settings The following window is used to set up 802 1 Extension LLDP on individual port s on the Switch To view this window click L2 Features LLDP 802 1 Extension LLDP Port Settings as shown below Figure 7 57 802 1 Extension LLDP Port Settings Table window 141 ...

Страница 160: ...to toggle between Enabled and Disabled VLAN Name Use the drop down menu to toggle among VLAN ID VLAN Name and All Use the drop down menu to toggle between Enabled and Disabled Protocol Identity Use the drop down menu to toggle among EAPOL LACP GVRP STP and All Use the drop down menu to toggle between Enabled and Disabled Click Apply to implement changes made 802 3 Extension LLDP Port Settings The ...

Страница 161: ...d and Disabled Link Aggregation Use the drop down menu to toggle Link Aggregation between Enabled and Disabled Maximum Frame Size Use the drop down menu to toggle Maximum Frame Size between Enabled and Disabled Click Apply to implement changes made LLDP Management Address Settings The following window is used to set up LLDP management address settings on the Switch To view this window click L2 Fea...

Страница 162: ...down menu to toggle between IPV4 Address and IPV6 Address Address Enter the LLDP management address in this field Port State Use the drop down menu to toggle the Port State between Enabled and Disabled Click Apply to implement changes made LLDP Statistics The following window is used to display LLDP statistics To view this window click L2 Features LLDP LLDP Statistics as shown below Figure 7 60 LL...

Страница 163: ...nagement Address Table window Use the drop down menu to select the type of Management Address enter an IP address in the field provided and then click the Find button LLDP Local Port Table The following window is used to display the LLDP Local Port Brief Table To view this window click L2 Features LLDP LLDP Local Port Table as shown below Figure 7 62 LLDP Local Port Brief Table window Click the Vi...

Страница 164: ...er s network and then removing the tags when the frames leave the network Customers of a service provider may have different or specific requirements regarding their internal VLAN IDs and the number of VLANs that can be supported Therefore customers in the same service provider network may have VLAN ranges that overlap which might cause traffic to become mixed up So assigning a unique range of VLA...

Страница 165: ...ynamically registered VLAN entries will be cleared GVRP will be disabled According 802 1ad the address 01 80 c2 00 00 08 will be used for STP in the provider s network So the user shall disable STP first and then use the new address for STP state machine The default setting is Disabled From To A consecutive group of ports that are part of the VLAN configuration starting with the selected port Role...

Страница 166: ...t receives from private networks into those used in the Service Providers network To view this window click L2 Features QinQ VLAN Translation Settings as shown below Figure 7 65 VLAN Translation Settings window The following fields can be set Parameter Description Unit Select the unit you wish to configure From To A consecutive group of ports that are part of the VLAN configuration starting with t...

Страница 167: ...llowing section IPv6 The Switch has the capability to support the following IPv6 unicast multicast and anycast addresses Allow for IPv6 packet forwarding IPv6 fragmentation and re assembly Processing of IPv6 packet and extension headers Static IPv6 route configuration IPv6 Neighbor Discovery Link Layer Address resolution Neighbor Unreachability Detection and Duplicate Address Detection over broadc...

Страница 168: ...be streamlined into certain traffic flows if labeled by the sender In this way services such as real time services or non default quality of service can receive special attention for improved flow quality Packet Format As in IPv4 the IPv6 packet consists of the packet header and the payload but the difference occurs in the packet header that has been amended and improved for better packet flow and...

Страница 169: ...sulating Security Payload These extension headers are placed between the IPv6 packet header and the payload and are linked together by the aforementioned Next Header as shown below IPv6 header Next Header TCP TCP header data IPv6 header Next Header Routing Routing Header Next Header TCP TCP header data IPv6 header Next Header Destination Options Destination Options Header Next Header Routing Routi...

Страница 170: ...192 168 1 1 is represented in IPv6 format x x x x d d d d where the x s are a string of zeros and the d s represent the normal IPv4 address ex 0 0 0 0 192 168 1 1 or condensed 192 168 1 1 or hex form C0A8 1 1 Types IPv6 addresses are classified into three main categories unicast multicast and anycast Unicast This address represents a single interface on an IPv6 node Any packet with a unicast addre...

Страница 171: ...m size of data packets that can be allowed to be transferred and Neighbor Discovery messages which discover routers that can forward packets on the network Neighbor discovery will be discussed in greater detail later in the next section Neighbor Discovery Neighbor discovery is a new feature incorporated in IPv6 In IPv4 no means were available to tell if a neighbor could be reached Now combining IC...

Страница 172: ...on these interfaces This is dependent on these unicast addresses having a scope smaller than the link local address if these unicast addresses are not the source or destination address for IPv6 packets to or from address that are not IPv6 neighbors of the interface in question IP Multinetting IP Multinetting is a function that allows multiple IP interfaces to be assigned to the same VLAN This is b...

Страница 173: ...for which to setup IP interfaces on the switch one for IPv4 addresses named IPv4 Interface Settings and one for IPv6 addresses named IPv6 Interface Settings NOTE After properly configuring an IP interface on the Switch each VLAN can be routed without any additional steps IPv4 Interface Settings To view this window click L3 Features Interface Settings IPv4 Interface Settings as shown below Figure 8...

Страница 174: ...ed to this IP interface Subnet Mask This field allows the entry of a subnet mask to be applied to this IP interface VLAN Name This field states the VLAN Name directly associated with this interface Interface Admin State Use the pull down menu to enable or disable configuration on this interface Secondary Use the pull down menu to set the IP interface as True or False True will set the interface as...

Страница 175: ...the following window Figure 8 5 IPv6 Interface Settings Add window To add an Interface enter an Interface Name in the field provided along with a corresponding VLAN Name set the Interface Admin State to Enabled and click Apply Newly created interfaces will appear in the IPv6 Interface Settings window To change the settings for a configured Interface click the corresponding Modify button which will...

Страница 176: ...ld Link local Address This field displays the IPv6 address created automatically by the Switch based on the MAC Address of the Switch This is a site local address used only for local routing Global Unicast Address This field is the unicast address that will be used by the Switch for packets coming from outside the site local address or the public IPv6 address when connected directly to the Interne...

Страница 177: ...wn menu to enable or disable the switch as being capable of accepting solicitation from a neighbor and thus becoming an IPv6 neighbor Once enabled this Switch is now capable of producing Router Advertisement messages to be returned to querying neighbors RA Router Life Time s This time represents the validity of this interface to be the default router for the link local network A value of 0 represe...

Страница 178: ...D5 Key Settings window The following fields can be set Parameter Description Key ID 1 255 A number from 1 to 255 used to identify the MD5 Key Key A alphanumeric string of between 1 and 16 case sensitive characters used to generate the Message Digest which is in turn used to authenticate OSPF packets within the OSPF routing domain Click Apply to enter the new Key ID settings To delete a Key ID entr...

Страница 179: ...the source device Choose between RIP OSPF Static and Local Type Allows for the selection of one of six methods of calculating the metric value The user may choose between All Internal External ExtType1 ExtType2 Inter E1 Inter E2 Metric 0 16 Allows the entry of an OSPF interface cost This is analogous to a Hop Count in the RIP routing protocol The user may specify a cost between 0 and 16 Click Add ...

Страница 180: ...on To add a new entry click Add the following window will be displayed for the user to configure Figure 8 10 Multicast Static Route Settings Add window The following parameters may be configured Parameter Description IP Address Enter the IP address of the entry you wish to add If the source IP address of the received IP multicast packet matches this address the RPF address is used to complete the ...

Страница 181: ...he entry of an IP address into the Switch s Static IP Routing Table To view the following window click L3 Features Static Default Route Settings IPv4 Static Default Route Settings as shown below Figure 8 11 IPv4 Static Default Route Settings window This window shows the following values Parameter Description IP Address The IP address of the Static Default Route Subnet Mask The corresponding Subnet...

Страница 182: ... Backup State The user may choose among Primary Backup and Weight If the Primary Static Default Route fails the Backup Route will support the entry Please take note that the Primary and Backup entries cannot have the same Gateway If Weight is selected use the text box on the right to enter your own weight setting Click Apply to implement changes made IPv6 Static Default Route Settings A static ent...

Страница 183: ...default IPv6 route Choosing this option will allow the user to configure the default gateway for the next hop router only The following fields can be set Parameter Description Interface Name The IP Interface where the static IPv6 route is to be created IPv6 Address Prefix Length Specify the address and mask information using the format as IPv6 address prefix length IPv6 address is hexadecimal numb...

Страница 184: ...99 90 RIP 1 999 100 OSPF ExtT1 1 999 110 OSPF ExtT2 1 999 115 As shown above Local will always be the first choice for routing purposes and the next most reliable path is Static due to the fact that its has the next lowest value To set a higher reliability for a route change its value to a number less than the value of a route preference that has a greater reliability value using the New Route Pre...

Страница 185: ...ce for Static The lower the value the higher the chance the specified protocol will be chosen as the best path for routing packets The default value is 60 OSPF Inter 1 999 Enter a value between 1 and 999 to set the route preference for OSPF Inter The lower the value the higher the chance the specified protocol will be chosen as the best path for routing packets The default value is 90 OSPF ExtT1 1...

Страница 186: ... Figure 8 16 Static ARP Settings window To add a new entry click the Add button revealing the following screen to configure Figure 8 17 Static ARP Settings Add window To modify a current entry click the corresponding Modify button of the entry to be modified revealing the following window to configure Figure 8 18 Static ARP Settings Edit window The following fields can be set or viewed Parameter D...

Страница 187: ...tton of the entry which will reveal the following window to be configured Figure 8 20 Gratuitous ARP Table Edit window The following fields can be set or viewed Parameter Description Send on IPIF status up This is used to enable disable the sending of gratuitous ARP request packets while an IPIF interface comes up This is used to automatically announce the interface s IP address to other nodes By ...

Страница 188: ...nt log is also disabled Gratuitous ARP Periodical Send Interval This is used to configure the interval for the periodical sending of gratuitous ARP request packets By default the interval is 0 After making the desired changes click Apply to implement the new Gratuitous ARP Table entry 170 ...

Страница 189: ... learned through routing protocols along with other pertinent information Next the administrator must configure the Policy Route window to be enabled for this Access Profile and its associated rule and the Next Hop Router s IP address 10 2 2 2 must be set Finally this Policy Route entry must be enabled Once completed the Switch will identify the IP address using the Access Profile function recogni...

Страница 190: ...r of the Access Profile previously created which will be used to identify packets as following this Policy Route This access profile along with the access rule must first be constructed before this policy route can be created Access ID 1 128 Enter the Access ID number of the Access Rule previously created which will be used to identify packets as following this Policy Route This access rule along ...

Страница 191: ...To configure these settings click L3 Features ECMP Algorithm Settings as shown below Figure 8 24 ECMP Algorithm Settings window The following settings can be configured Parameter Description ECMP OSPF State Use the drop down menu to Enable or Disable the ECMP OSPF State Destination IP Check this box to include the Destination IP in the ECMP Algorithm Source IP CRC Low CRC High Source IP If set ECM...

Страница 192: ...ntations include an authorization mechanism a password to prevent a router from learning erroneous routes from unauthorized routers To maximize stability the hop count RIP uses to measure distance must have a low maximum value Infinity that is the network is unreachable is defined as 16 hops In other words if a network is more than 16 routers from the source the local router will consider the netw...

Страница 193: ...at use the same subnet mask as the router s network can contain subnetted routes other interfaces cannot The router will then advertise only a single route to the network RIP Version 2 Extensions RIP version 2 includes an explicit subnet mask entry so RIP version 2 can be used to propagate variable length subnet addresses or CIDR classless addresses RIP version 2 also adds an explicit next hop ent...

Страница 194: ...ter Description Interface Name The name of the IP interface on which RIP is to be setup This interface must be previously configured on the Switch IP Address The IP address corresponding to the Interface Name showing in the field above TX Mode Toggle among Disabled V1 Only V1 Compatible and V2 Only This entry specifies which version of the RIP protocol will be used to transmit RIP packets Disabled...

Страница 195: ...the router generates a link state advertisement This advertisement is a specially formatted packet that contains information about all the link states on the router This link state advertisement is flooded to all routers in the area Each router that receives the link state advertisement will store the advertisement and then forward a copy to other routers When the link state database of each route...

Страница 196: ...r A Router A can reach 192 213 11 0 through Router B with a cost of 10 5 15 Router A can reach 222 211 10 0 through Router C with a cost of 10 10 20 Router A can also reach 222 211 10 0 through Router B and Router D with a cost of 10 5 10 25 but the cost is higher than the route through Router C This higher cost route will not be included in the Router A s shortest path tree The resulting tree wil...

Страница 197: ...rs BR The Border Routers have the responsibility of distributing necessary routing information and changes between areas Areas are specific to the router interface A router that has all of its interfaces in the same area is called an Internal Router A router that has interfaces in multiple areas is called a Border Router Routers that act as gateways to other networks possibly using other routing p...

Страница 198: ...ter of all other areas all areas of the network have a physical or virtual connection to the backbone through a router OSPF allows routing information to be distributed by forwarding it into area 0 from which the information can be forwarded to all other areas and all other routers on the network In situations where an area is required but is not possible to provide a physical connection to the ba...

Страница 199: ...tempt On non broadcast multi access networks such as Frame Relay or X 25 this state indicates that no recent information has been received from the neighbor An effort should be made to contact the neighbor by sending Hello packets at the reduced rate set by the Poll Interval Init The interface has detected a Hello packet coming from a neighbor but bi directional communication has not yet been esta...

Страница 200: ... this packet belongs to All OSPF packets are associated with a single area Packets traversing a virtual link are assigned the backbone Area ID of 0 0 0 0 Checksum A standard IP checksum that includes all of the packet s contents except for the 64 bit authentication field Authentication Type The type of authentication to be used for the packet Authentication A 64 bit field used by the authenticatio...

Страница 201: ... for this network in the view of the advertising router The DR is identified here by its IP interface address on the network Backup Designated Router The identity of the Backup Designated Router BDR for this network The BDR is identified here by its IP interface address on the network This field is set to 0 0 0 0 if there is no BDR Field Description Neighbor The Router IDs of each router from whom...

Страница 202: ...sequence number then increments until the complete database description has been sent The rest of the packet consists of a list of the topological database s pieces Each link state advertisement in the database is described by its link state advertisement header Link State Request Packet Link State Request packets are OSPF packet type 3 After exchanging Database Description packets with a neighbor...

Страница 203: ...dure reliable flooded advertisements are acknowledged in Link State Acknowledgment packets If retransmission of certain advertisements is necessary the retransmitted advertisements are always carried by unicast Link State Update packets The format of the Link State Update packet is shown below Version No Packet Length Router ID Area ID Authentication Type Authentication Authentication Checksum Lin...

Страница 204: ...ement describes a piece of the OSPF routing domain Every router originates a router links advertisement In addition whenever the router is elected as the Designated Router it originates a network links advertisement Other types of link state advertisements may also be originated The flooding algorithm is reliable ensuring that all routers have the same collection of link state advertisements The c...

Страница 205: ...Type Advertising Router The Router ID of the router that originated the Link State Advertisement For example in network links advertisements this field is set to the Router ID of the network s Designated Router Link State Sequence Number Detects old or duplicate link state advertisements Successive instances of a link state advertisement are given successive Link State Sequence numbers Link State ...

Страница 206: ... link endpoint E bit When set the router is an Autonomous System AS boundary router E is for External B bit When set the router is an area border router B is for Border Number of Links The number of router links described by this advertisement This must be the total collection of router links to the area The following fields are used to describe each router link Each router link is typed The Type ...

Страница 207: ... Service ToS The metric for ToS 0 must always be included and was discussed above Metrics for non zero TOS are described below Note that the cost for non zero ToS values that are not specified defaults to the ToS 0 cost Metrics must be listed in order of increasing TOS encoding For example the metric for ToS 16 must always follow the metric for ToS 8 when both are specified Field Description ToS I...

Страница 208: ...mmary routes are used in stub area instead of flooding a complete set of external routes When describing a default summary route the advertisement s Link State ID is always set to the Default Destination 0 0 0 0 and the Network Mask is set to 0 0 0 0 Separate costs may be advertised for each IP Type of Service Note that the cost for ToS 0 must be included and is always listed first If the T bit is...

Страница 209: ...nk state path If the E bit is zero the specified metric is a Type 1 external metric This means that is comparable directly to the link state metric Forwarding Address Data traffic for the advertised destination will be forwarded to this address If the Forwarding Address is set to 0 0 0 0 data traffic will be forwarded instead to the advertisement s originator TOS The Type of Service that the follo...

Страница 210: ...tes will be determined To alleviate any problems with OSPF summary routing due to new routes and packets all NSSA area border routers ABR must support optional importing of LSA type 3 summary packets into the NSSA Type 7 LSA Packets Type 7 LSA Link State Advertisement packets are used to import external routes into the NSSA These packets can originate from NSSA ASBRs or NSSA ABRs and are defined b...

Страница 211: ...e OSPF protocol itself The N Bit Contained in the options field of the Link State Packet header the N Bit is used to ensure that all members of an NSSA agree on the area configurations Used in conjunction with the E Bit these two bits represent the flooding capability of an external LSA Because type 5 LSAs cannot be flooded into the NSSA the N Bit will contain information for sending and receiving...

Страница 212: ...e OSPF Route ID Current Router ID Displays the OSPF Route ID currently in use by the Switch This Route ID is displayed as a convenience to the user when changing the Switch s OSPF Route ID State Allows OSPF to be enabled or disabled globally on the Switch without changing the OSPF configuration OSPF Area Settings This menu allows the configuration of OSPF Area IDs and to designate these areas as N...

Страница 213: ...he additional field Stub Summary will then be capable to be configured Choosing NSSA allows the NSSA Summary field and the Translate field to be configured Stub Summary Displays whether or not the selected Area will allow Summary Link State Advertisements Summary LSAs to be imported into the area from other areas NSSA Summary Use the pull down menu to enable or disable the importing of OSPF summar...

Страница 214: ...ace Settings window Figure 8 48 OSPF Interface Settings Edit window Configure each IP interface individually using the OSPF Interface Settings Edit window Click the Apply button when you have entered the settings The new configuration appears listed in the OSPF Interface Settings window To return to the OSPF Interface Settings window click the Show All OSPF Interface Entries link OSPF interface se...

Страница 215: ...er MD5 uses a cryptographic key entered in the MD5 Key Settings window When MD5 is selected the Auth Key ID field allows the specification of the Key ID as defined in the MD5 configuration above This must be the same MD5 Key as used by the neighboring router Password Auth Key ID Enter a Key ID of up to 5 characters to set the Auth Key ID for either the Simple Auth Type or the MD5 Auth Type as spec...

Страница 216: ...he following parameters if you are adding or changing an OSPF Virtual Interface Parameter Description Transit Area ID Allows the entry of an OSPF Area ID previously defined on the Switch that allows a remote area to communicate with the backbone area 0 A Transit Area cannot be a Stub Area or a Backbone Area Neighbor Router ID The OSPF router ID for the remote router This is a 32 bit number in the ...

Страница 217: ...aggregated into a summary LSDB advertisement of just the network address and subnet mask This allows for a reduction in the volume of LSDB advertisement traffic as well as a reduction in the memory overhead in the Switch used to maintain routing tables There are no aggregation settings configured by default so there will not be any listed the first accessing the window To add a new OSPF Area Aggre...

Страница 218: ...OSPF host routes work in a way analogous to RIP only this is used to share OSPF information with other OSPF routers This is used to work around problems that might prevent OSPF information sharing between routers To add a new OSPF Route click the Add button Configure the setting in the window that appears The Add and Modify windows for OSPF host route settings are nearly identical The difference b...

Страница 219: ...gure DHCP BOOTP Relay global settings on the Switch To view this window click L3 Features DHCP BOOTP Relay DHCP BOOTP Relay Global Settings as shown below Figure 8 55 DHCP BOOTP Relay Global Settings window The following fields can be set Parameter Description Relay State This field can be toggled between Enabled and Disabled using the pull down menu It is used to enable or disable the DHCP BOOTP ...

Страница 220: ...contains the option 82 field from a DHCP client the switch drops the packet because it is invalid In packets received from DHCP servers the relay agent will drop invalid messages Disabled When the field is toggled to Disabled the relay agent will not check the validity of the packet s option 82 field DHCP Agent Information Option 82 Policy This field can be toggled between Replace Drop and Keep by...

Страница 221: ...The Switch s system MAC address Figure 8 56 Circuit ID and Remote ID Sub option Format DHCP BOOTP Relay Interface Settings This window allows the user to set up a server by IP address for relaying DHCP BOOTP information to the Switch The user may enter a previously configured IP interface on the Switch that will be connected directly to the DHCP BOOTP client using the following window Properly con...

Страница 222: ...rnet Managed Switch Parameter Description Interface The IP interface on the Switch that will be connected directly to the Client Server IP Enter the IP address of the DHCP BOOTP server Up to four server IPs can be configured per IP Interface 204 ...

Страница 223: ...he default route to another device on the network Users also have the ability to bind IP addresses within the DHCP pool to specific MAC addresses in order to keep consistent the IP addresses of devices that may be important to the upkeep of the network that require a static IP address To begin configuring the Switch as a DHCP Server open the L3 Features folder then the DHCP Server folder which wil...

Страница 224: ...es DHCP Server DHCP Server Exclude Address Settings as shown below Figure 8 59 Create DHCP Excluded Address window DHCP Server Pool Settings The following windows will allow users to create and then set the parameters for the DHCP Pool of the switch s DHCP server Users must first create the pool by entering a name of up to 12 alphanumeric characters into the Pool Name field and clicking Apply Once...

Страница 225: ... 10 10 2 Netmask Enter the corresponding Netmask of the IP address assigned above Domain Name Enter the domain name for the DHCP client This domain name represents a general group of networks that collectively make up the domain The Domain Name may be an alphanumeric string of up to 64 characters DNS Server Address Enter the IP address of a DNS server that is available to the DHCP client The DNS S...

Страница 226: ...ss is valid on the local network Users may set the time by entering the days into the open field and then use the pull down menus to precisely set the time by hours and minutes Users may also use the Infinite check box to set the allotted IP address to never be timed out of its lease The default setting is 1 day Boot File This field is used to specify the Boot File that will be used as the boot im...

Страница 227: ... denote the Pool Name of the displayed dynamically bound DHCP entry IP Address This field will display the IP address allotted to this device by the DHCP Server feature of this Switch Hardware Address This field will display the MAC address of the device that is bound to the corresponding IP address Type This field will display the type of node server being used for the previously configured Net B...

Страница 228: ...me Enter the name of the DHCP pool within which will be created a manual DHCP binding entry IP Address Enter the IP address to be statically bound to a device within the local network that will be specified by entering the Hardware Address in the following field Hardware Address Enter the MAC address of the client to be statically bound to the IP address entered in the previous field Type This fie...

Страница 229: ...to service a specified DHCP client This is useful when there are two or more DHCP servers present on a network Filter DHCP Server Global Settings This window is used to enable the settings for the Filter DHCP Server Global Settings on the Switch To view this table click L3 Features Filter DHCP Server Filter DHCP Server Global Settings as shown below Figure 8 66 DHCP Server Filter Global Settings w...

Страница 230: ...ts that will enable filter DHCP server Filter DHCP Server Port Settings Action Select Add or Delete to add or delete a filter DHCP server entry Server IP Address The IP address of the DHCP server that specifies an allotted server ipaddress to the client Client MAC Address Specifies the MAC address of the client which allowed the requested IP address from the DHCP server PortList Enter the list of ...

Страница 231: ...he entire name translation or simply return the address of the next DNS server if the server receiving the query cannot resolve the name When a DNS server receives a query it checks to see if the name is in its sub domain If it is the server translates the name and appends the answer to the query and sends it back to the client If the DNS server cannot translate the name it determines what type of...

Страница 232: ...c DNS table will be used or not Click Apply to implement changes made DNS Relay Static Settings This window is used to set the DNS Relay Static Settings on the Switch To view this window click L3 Features DNS Relay DNS Relay Static Settings as shown below Figure 8 69 DNS Relay Static Settings window To add an entry into the DNS Relay Static Table simply enter a Domain Name with its corresponding I...

Страница 233: ...ters on the Switch an IP interface must be present on the system and it must be a part of a VLAN VRRP IP interfaces may be assigned to every VLAN and therefore IP interface on the Switch VRRP routers within the same VRRP group must be consistent in configuration settings for this protocol to function optimally VRRP Global Settings This window is used to enable VRRP globally on the Switch To view t...

Страница 234: ...ow to configure a VRRP interface Figure 8 72 VRRP Virtual Router Settings Add window Or the user may click the hyperlinked Interface Name to view the same window The following parameters may be set to configure an existing or new VRRP interface Parameter Description Interface Name Enter the name of a previously configured IP interface for which to create a VRRP entry This IP interface must be assi...

Страница 235: ...entry along with having the backup router s priority set higher than the masters priority will set the backup router as the Master router A False entry will disable the backup router from becoming the Master router This setting must be consistent with all routers participating within the same VRRP group The default setting is True Critical IP Address Enter the IP address of the physical device tha...

Страница 236: ... states include Initialize Master and Backup State Displays the current state of the router Priority Displays the priority of the virtual router A higher priority will increase the probability that this router will become the Master router of the group A lower priority will increase the probability that this router will become the backup router The lower the number the higher the priority Master I...

Страница 237: ... that will be statically assigned to end hosts and must be set for all routers that participate in this group State Used to enable and disable the VRRP IP interface on the Switch Priority 1 254 Enter a value between 1 and 254 to indicate the router priority The VRRP Priority value may determine if a higher priority VRRP router overrides a lower priority VRRP router A higher priority will increase ...

Страница 238: ...True Critical IP Address Enter the IP address of the physical device that will provide the most direct route to the Internet or other critical network connections from this virtual router This must be a real IP address of a real device on the network If the connection from the virtual router to this IP address fails the virtual router will automatically disabled A new Master will be elected from t...

Страница 239: ...e type of authentication used The Authentication Type must be consistent with all routers participating within the VRRP group The choices are None Selecting this parameter indicates that VRRP protocol exchanges will not be authenticated Simple Selecting this parameter will require the user to set a simple password in the Auth Data field for comparing VRRP message packets received by a router If th...

Страница 240: ...method for members and multicast routers to communicate when joining or leaving a multicast group IGMP version 1 is defined in RFC 1112 It has a fixed packet size and no optional data The format of an IGMP packet is shown below Figure 8 78 IGMP Message Format The IGMP Type codes are shown below Type Meaning 0x11 Membership Query if Group Address is 0 0 0 0 0x11 Specific Group Membership Query if G...

Страница 241: ...se specific sources In IGMP v2 Membership reports could contain only one multicast group whereas in v3 these reports can contain multiple multicast groups and multiple sources within the multicast group Leaving a multicast group could only be accomplished using a specific leave message in v2 In v3 leaving a multicast group is done through a Membership report which includes a block message in the g...

Страница 242: ...rom the source If no group report packet is received and the filter mode is include the Switch presumes that traffic from the source is no longer wanted on the attached network and the source record list is then deleted after all source timers expire If there is no source list record in the multicast group the multicast group will be deleted from the Switch Timers are also used for IGMP version 1 ...

Страница 243: ...dress Displays the IP address corresponding to the IP interface name above Version Enter the IGMP version 1 2 or 3 that will be used to interpret IGMP queries on the interface Query Interval 1 31744 Allows the entry of a value between 1 and 31744 seconds with a default of 125 seconds This specifies the length of time between sending IGMP queries Max Response Time 1 25 Sets the maximum amount of ti...

Страница 244: ...to the source If the multicast was received over the shortest path then the adjacent router enters the information into its tables and forwards the message If the message is not received on the shortest path back to the source the message is dropped Route cost is a relative number that is used by DVMRP to calculate which branches of a multicast delivery tree should be pruned The cost is relative t...

Страница 245: ...e existing unicast routing protocol such as RIP or OSPF set on routers within a multicast network The Switch supports three types of PIM Dense Mode PIM DM Sparse Mode PIM SM and Sparse Dense Mode PIM DM SM PIM SM PIM SM or Protocol Independent Multicast Sparse Mode is a method of forwarding multicast traffic over the network only to multicast routers who actually request this information Unlike mo...

Страница 246: ...rst hop router DR can send multicast data without being the member of a group or having a designated source which essentially means it has no information about how to relay this information to the RP distribution tree This problem is alleviated through Register and Register Stop messages The first multicast packet received by the DR is encapsulated and sent on to the RP which in turn removes the e...

Страница 247: ...d or set Parameter Description Last Hop SPT Switchover This field is used by the last hop router to decide whether to receive multicast data from the shared tree or switch over to the shortest path tree When the switchover mode is set to never the last hope router will always receive multicast data from the shared tree When the mode is set to immediately the last hop router will always receive dat...

Страница 248: ...Settings Edit window The following fields can be set Parameter Description Interface Name This read only field denotes the IP interface selected to be configured for PIM IP Address This read only field denotes the IP address of the IP interface selected to be configured for PIM Designated Router This read only field denotes the IP address of the Designated Router of the distribution tree to which ...

Страница 249: ...terface to become the Boot Strap Router BSR for the PIM enabled network The Boot Strap Router holds the information which determines which router on the network is to be elected as the RP for the multicast group and then to gather and distribute RP information to other PIM SM enabled routers To view this window click L3 Features IP Multicast Routing Protocol PIM PIM Candidate BSR Settings as shown...

Страница 250: ...and 0 to 255 An entry of 1 states that the interface will be disabled to be the BSR Click Apply to set the priority for this IP Interface PIM Candidate RP Settings The following window is used to set the Parameters for this Switch to become a candidate RP To view this window click L3 Features IP Multicast Routing Protocol PIM PIM Candidate RP Settings as shown below Figure 8 91 PIM Candidate RP Se...

Страница 251: ... value between 0 and 1 with a default setting of 0 Click Apply to implement changes made To add a PIM Candidate RP click the Add button in the previous window which will display the following window for the user to configure Figure 8 92 PIM Candidate RP Settings Add window The following fields can be set Parameter Description IP Address Enter the IP address of the device to be added as a Candidate...

Страница 252: ...window is used to configure RP addresses The data part is included when calculating the checksum for a PIM register message to the RP on the first hop router To view this window click L3 Features IP Multicast Routing Protocol PIM PIM Register Checksum Settings as shown below Figure 8 94 PIM Register Checksum Settings window The following fields can be set Parameter Description RP Address Enter the...

Страница 253: ... be limited so excessive bandwidth can be saved The Switch has separate hardware queues on every physical port to which packets from various applications can be mapped to and in turn prioritized View the following map to see how the Switch implements 802 1p priority queuing Figure 9 1 Mapping QoS on the Switch The previous picture shows the default priority setting for the Switch Class 6 has the h...

Страница 254: ...ueues are transmitted first Multiple strict priority queues empty based on their priority tags Only when these queues are empty are packets of lower priority transmitted For weighted round robin queuing the number of packets sent from each priority queue depends upon the assigned weight For a configuration of 8 CoS queues A H with their respective weight value 8 1 the packets are sent in the follo...

Страница 255: ... To view the Bandwidth Control window click QoS Bandwidth Control as shown below Figure 9 2 Bandwidth Settings window The following parameters can be set or are displayed Parameter Description Unit Select the unit you wish to configure From To A consecutive group of ports may be configured starting with the selected port Type This drop down menu allows you to select between RX receive TX transmit ...

Страница 256: ... setting it is important to monitor network performance especially during peak demand as bottlenecks can quickly develop if the QoS settings are not suitable To view this window click QoS QoS Scheduling Mechanism as shown below Figure 9 3 QoS Scheduling Mechanism window The Scheduling Mechanism has the following parameters Parameter Description Strict The highest class of service is the first to p...

Страница 257: ...Max Packet field will follow a weighted round robin WRR method of forwarding packets as long as the priority classes of service with a 0 in their Max Packet field are empty When a packet arrives in a priority class with a 0 in its Max Packet field this class of service will automatically begin forwarding packets until it is empty Once a priority class of service with a 0 in its Max Packet field is...

Страница 258: ...xStack DGS 3600 Series Layer 3 Gigabit Ethernet Managed Switch Figure 9 5 QoS Output Scheduling window Combination queue example 240 ...

Страница 259: ... 802 1p Default Priority as shown NOTE The settings users assign to the queues numbers 0 7 represent the IEEE 802 1p priority tag number Do not confuse these settings with port numbers Figure 9 6 802 1p Default Priority window 802 1p User Priority The Switchs allows the assignment of a user priority to each of the 802 1p priorities To view this window click QoS 802 1p User Priority as shown below ...

Страница 260: ...indow click ACL Time Range as shown below Figure 10 1 Time Range Settings window The user may adjust the following parameters to configure a time range on the Switch Parameter Description Range Name Enter a name of no more than 32 alphanumeric characters that will be used to identify this time range on the Switch This range name will be used in the Access Profile table to identify the access profi...

Страница 261: ...e Table as shown below Figure 10 2 Access Profile Table window To add an entry to the Access Profile Table click the Add Profile button This will open the Access Profile Configuration window as shown below There are four Access Profile Configuration windows one for Ethernet or MAC address based profile configuration one for IP address based profile configuration one for Packet Content and one for ...

Страница 262: ...his as the full or partial criterion for forwarding Source MAC Source MAC Mask Enter a MAC address mask for the source MAC address Destination MAC Destination MAC Mask Enter a MAC address mask for the destination MAC address 802 1p Selecting this option instructs the Switch to examine the 802 1p priority value of each packet header and use this as the or part of the criterion for forwarding Ethern...

Страница 263: ...ruct the Switch to examine the Internet Control Message Protocol ICMP field in each frame s header Select Type to further specify that the access profile will apply an ICMP type value or specify Code to further specify that the access profile will apply an ICMP code value Select IGMP to instruct the Switch to examine the Internet Group Management Protocol IGMP field in each frame s header Select T...

Страница 264: ...ange the menu according to the requirements for the type of profile Select Ethernet to instruct the Switch to examine the layer 2 part of each packet header Select IP to instruct the Switch to examine the IP address in each frame s header Select Packet Content Mask to specify a mask to hide the content of the packet header Select IPv6 to instruct the Switch to examine the IPv6 part of each packet ...

Страница 265: ...tch to examine the IPv6 address in each frame s header Class Ticking this check box will instruct the Switch to examine the class field of the IPv6 header This class field is a part of the packet header that is similar to the Type of Service ToS or Precedence bits field in IPv4 Flow Label Ticking this check box will instruct the Switch to examine the flow label field of the IPv6 header This flow l...

Страница 266: ...le Table as shown below Figure 10 8 Access Profile Table window To create a new rule set for an access profile click the Modify button located under the Access Rule heading The window shown below Access Profile Rule will be displayed To remove a previously created rule click the corresponding button Figure 10 9 Access Rule Table window Click Add Rule to add a new Rule for an existing profile The A...

Страница 267: ...ess profile are not forwarded by the Switch and will be filtered Select Mirror to specify that packets that match the access profile are mirrored to a port defined in the Port Mirroring window Port Mirroring must be enabled and a target port must be set Access ID 1 128 Type in a unique identifier number for this access This value can be set from 1 to 128 Auto Assign Ticking this check box will ins...

Страница 268: ...ype value hex 0x0 0xffff in the packet header The Ethernet type value may be set in the form hex 0x0 0xffff which means the user may choose any combination of letters and numbers ranging from a f and from 0 9 Port The Access Rule may be configured on a per port basis by entering the port number of the switch in the switch stack into this field When a range of ports is to be configured the Auto Ass...

Страница 269: ...xStack DGS 3600 Series Layer 3 Gigabit Ethernet Managed Switch Figure 10 11 Access Rule Display window Ethernet Figure 10 12 Access Rule Configuration window IP 251 ...

Страница 270: ...iority of a packet to the value entered in the Priority field which meets the criteria specified previously in this command before forwarding it on to the specified CoS queue Otherwise a packet will have its incoming 802 1p user priority re written to its original value before being forwarded by the Switch For more information on priority queues CoS queues and mapping for 802 1p see the QoS sectio...

Страница 271: ...plemented on the Switch Counter Tick the check box and use the pull down menu to employ the Counter that will count the packets identified with this rule Users must note that if the Counter is employed in the ACL Flow Meter function the Counter will automatically be disabled here regardless of this setting To view the settings of a previously correctly configured rule click in the Access Rule Tabl...

Страница 272: ...ile ID This is the identifier number for this profile set Mode Select Permit to specify that the packets that match the access profile are forwarded by the Switch according to any additional rule added see below Select Deny to specify that packets that match the access profile are not forwarded by the Switch and will be filtered Select Mirror to specify that packets that match the access profile a...

Страница 273: ...he packet to the first chunk Chunk 2 Enter a value in hex form to mask the packet from the end of the first chunk to the end of the second chunk Chunk 3 Enter a value in hex form to mask the packet from the end of the second chunk to the end of the third chunk Chunk 4 Enter a value in hex form to mask the packet from the end of the third chunk to the end of the fourth chunk Port The Access Rule ma...

Страница 274: ...t the Port Mirroring function is enabled and a target mirror port is set To configure the Access Rule for IPv6 open the Access Profile Table window and click Modify for an IPv6 entry This will open the following window Figure 10 18 Access Rule Table window IPv6 To remove a previously created rule click its corresponding button To add a new Access Rule click the Add Rule button 256 ...

Страница 275: ...ct the Switch to automatically assign an Access ID for the rule being created Type Selected profile based on Ethernet MAC Address IP address Packet Content or IPv6 address Ethernet instructs the Switch to examine the layer 2 part of each packet header IP instructs the Switch to examine the IP address in each frame s header Packet Content Mask instructs the Switch to examine the packet header IPv6 ...

Страница 276: ...stination IPv6 address by and entering the IP address mask in hex form Port The Access Rule may be configured on a per port basis by entering the port number of the Switch Rx Rate 1 156249 Use this to limit Rx bandwidth for the profile being configured This rate is implemented using the following equation 1 value 64kbit sec ex If the user selects an Rx rate of 10 then the ingress rate is 640kbit s...

Страница 277: ...BS and EBS A packet flow that does not reach the CBS is marked green if it exceeds the CBS but not the EBS its marked yellow and if it exceeds the EBS its marked red CBS Committed Burst Size Measured in bytes the CBS is associated with the CIR and is used to identify packets that exceed the normal boundaries of packet size The CBS should be configured to accept the biggest IP packet that is expect...

Страница 278: ...ring function To add an ACL Flow Meter configuration for an Access Profile and Rule click the Add button which will display the following window for users to configure Figure 10 22 ACL Flow Meter Configuration window The following fields may be configured Parameter Description Profile ID 1 14 Enter the pre configured Profile ID for which to configure the ACL Flow Metering parameters Access ID 1 12...

Страница 279: ...o accept the biggest IP packet that is expected in the IP flow Packet flows that are lower than this configured value are marked green Packet flows that exceed this value but are less than the EBS value are marked yellow EBS Excess Burst Size Measured in bytes the EBS is associated with the CIR and is used to identify packets that exceed the boundaries of the CBS packet size The EBS is to be confi...

Страница 280: ...he user to create various lists of rules without immediately enabling them Creating an access profile for the CPU is divided into two basic parts The first is to specify which part or parts of a frame the Switch will examine such as the MAC source address or the IP destination address The second part is entering the criteria the Switch will use to determine what to do with the frame The entire pro...

Страница 281: ...que identifier number for this profile set This value can be set from 1 to 5 Type Select profile based on Ethernet MAC Address IP address or Packet Content Mask or IPv6 address This will change the menu according to the requirements for the type of profile Select Ethernet to instruct the Switch to examine the layer 2 part of each packet header Select IP to instruct the Switch to examine the IP add...

Страница 282: ...le Select Ethernet to instruct the Switch to examine the layer 2 part of each packet header Select IP to instruct the Switch to examine the IP address in each frame s header Select Packet Content Mask to specify a mask to hide the content of the packet header Select IPv6 to instruct the Switch to examine the IPv6 address in each frame s header VLAN Selecting this option instructs the Switch to exa...

Страница 283: ...or a destination port mask The user may also identify which flag bits to filter Flag bits are parts of a packet that determine what to do with the packet The user may filter packets by filtering certain flag bits within the packets by checking the boxes corresponding to the flag bits of the TCP field The user may choose between urg urgent ack acknowledgement psh push rst reset syn synchronize fin ...

Страница 284: ...figure the Packet Content Mask Parameter Description Profile ID 1 5 Type in a unique identifier number for this profile set This value can be set from 1 to 5 Type Select profile based on Ethernet MAC Address IP address or Packet Content Mask or IPv6 address This will change the menu according to the requirements for the type of profile Select Ethernet to instruct the Switch to examine the layer 2 ...

Страница 285: ... fields are used to configure the Packet Content Mask Parameter Description Profile ID This is the identifier number for this profile set Up to five profile ID configurations can be created Type Selected profile based on Ethernet MAC Address IP address Packet Content Mask or IPv6 Ethernet instructs the Switch to examine the layer 2 part of each packet header IP instructs the Switch to examine the ...

Страница 286: ...g Table as shown below Figure 10 30 CPU Interface Filtering Table window Add In this window the user may add a rule to a previously created CPU access profile by clicking the corresponding Add Rule button of the entry to configure Ethernet IPv4 Packet Content Mask or IPv6 Figure 10 31 CPU Interface Filtering Rule Table window Click the Add Rule button to continue on to the CPU Interface Filtering ...

Страница 287: ...ernet instructs the Switch to examine the layer 2 part of each packet header IP instructs the Switch to examine the IP address in each frame s header Packet Content Mask instructs the Switch to examine the packet header IPv6 instructs the Switch to examine the IPv6 part of the packet header VLAN Name Allows the entry of a name for a previously configured VLAN Source MAC Source MAC Address Enter a ...

Страница 288: ...e will be implemented on the Switch To view the settings of a previously configured rule click in the Access Rule Table to view the following window Figure 10 33 CPU Interface Filtering Rule Display window Ethernet The following window is the CPU Interface Filtering Rule Table for IP Figure 10 34 CPU Interface Filtering Rule Table window IP To create a new rule set for an access profile click the ...

Страница 289: ...eader IP instructs the Switch to examine the IP address in each frame s header Packet Content Mask instructs the Switch to examine the packet header IPv6 instructs the Switch to examine the IPv6 part of the packet header VLAN Name Allows the entry of a name for a previously configured VLAN Source IP Source IP Address Enter an IP Address mask for the source IP address Destination IP Destination IP ...

Страница 290: ...the Access Rule Table to view the following window Figure 10 36 CPU Interface Filtering Rule Display window IP The following window is the CPU Interface Filtering Rule Table for Packet Content Figure 10 37 CPU Interface Filtering Rule Table window Packet Content To remove a previously created rule select it and click the button To add a new CPU Access Rule click the Add button 272 ...

Страница 291: ...wing parameters and click Apply Parameters Description Profile ID This is the identifier number for this profile set Mode Select Permit to specify that the packets that match the access profile are forwarded by the Switch according to any additional rule added see below Select Deny to specify that packets that do not match the access profile are not forwarded by the Switch and will be filtered 273...

Страница 292: ...from the beginning of the packet to the 15th byte value 16 31 Enter a value in hex form to mask the packet from byte 16 to byte 31 value 32 47 Enter a value in hex form to mask the packet from byte 32 to byte 47 value 48 63 Enter a value in hex form to mask the packet from byte 48 to byte 63 value 64 79 Enter a value in hex form to mask the packet from byte 64 to byte 79 Port The CPU Access Rule m...

Страница 293: ...ified Parameter Description Profile ID This is the identifier number for this profile set Mode Select Permit to specify that the packets that match the access profile are forwarded by the Switch according to any additional rule added see below Select Deny to specify that packets that match the access profile are not forwarded by the Switch and will be filtered Access ID 1 100 Type in a unique iden...

Страница 294: ...efault quality of service or real time service packets Source IPv6 Address The user may specify an IP address mask for the source IPv6 address by entering the IP address mask in hex form Destination IPv6 Address The user may specify an IP address mask for the destination IPv6 address by and entering the IP address mask in hex form Port The CPU Access Rule may be configured on a per port basis by e...

Страница 295: ... control the situation The packet storm is monitored to determine if too many packets are flooding the network based on the threshold level provided by the user Once a packet storm has been detected the Switch will drop packets coming into the Switch until the storm has subsided This method can be utilized by selecting the Drop option of the Action field in the window below The Switch will also sc...

Страница 296: ... sent to the Trap Receiver Once in Shutdown Forever mode the only method of recovering this port is to manually recoup it using the Port Configuration window in the Administration folder and selecting the disabled port and returning it to an Enabled status To utilize this method of Storm Control choose the Shutdown option of the Action field in the window below The user may set the following param...

Страница 297: ...affic to the port except STP BPDU packets which are essential in keeping the Spanning Tree operational on the Switch If the Countdown timer has expired and yet the Packet Storm continues the port will be placed in Shutdown Forever mode and is no longer operational until the user manually resets the port using the Storm Control Recover setting at the top of this window Choosing this option obligate...

Страница 298: ... Shutdown forever mode will be seen as Discarding in Spanning Tree windows and implementations though these ports will still be forwarding BPDUs to the Switch s CPU NOTE Ports that are in Shutdown Forever mode will be seen as link down in all windows until the user recovers these ports 280 ...

Страница 299: ...ged once the port lock is enabled Setting the Admin State pull down menu to Enabled and clicking Apply can lock the port Port Security is a security feature that prevents unauthorized computers with source MAC addresses unknown to the Switch from connecting to the Switch s ports and gaining access to the network To view this window click Security Port Security Port Security Settings as shown below...

Страница 300: ... as shown below Figure 11 3 Port Security Entries Table window This function is only operable if the Mode in the Port Security window is selected as Permanent or DeleteOnReset or in other words only addresses that are permanently learned by the Switch can be deleted on reset Once the entry has been defined by entering the correct information into the window above click the under the Delete heading...

Страница 301: ...his window is used to enable or disable the Trap Log State and DHCP Snoop state on the switch The Trap Log field will enable and disable the sending of trap log messages for IP MAC Port binding When enabled the Switch will send a trap message to the SNMP agent and the Switch log when the address binding module detects illegal IP and MAC addresses To view this window click Security IP MAC Port Bind...

Страница 302: ... Unit Enter the unit you wish to configure From To Select a port or range of ports to set for IP MAC Port Binding State Use the pull down menu to enable or disable these ports for IP MAC Port Binding Allow Zero IP Use the pull down menu to enable or disable this feature Allow zero IP configures the state which allows ARP packets with 0 0 0 0 source IP to bypass 284 ...

Страница 303: ...re ACL table if the ACL mode is disabled the ACL entries will be removed from the hardware ACL table Max Entry 1 50 Specifies the maximum number of IP MAC Port Binding dynamic entries By default per port max dynamic entry is No Limit The Max dynamic entry threshold is 1 50 Check the No Limit check box to allow no limit IMP Entry Settings This table is used to create Static IP MAC Port Binding entr...

Страница 304: ...Figure 11 7 DHCP Snooping Entries window MAC Block List This table is used to view unauthorized devices that have been blocked by IP MAC Port binding restrictions To find an unauthorized device that has been blocked by the IP MAC Port binding restrictions enter the VLAN Name and MAC Address in the appropriate fields and click Find To delete an entry click the delete button next to the entry s port...

Страница 305: ...orization is granted The 802 1X Access Control method holds three roles each of which are vital to creating and upkeeping a stable and working Access Control security method Figure 11 10 The three roles of 802 1X The following section will explain the three roles of Client Authenticator and Authentication Server in greater detail Authentication Server The Authentication Server is a remote device t...

Страница 306: ...ree steps must be implemented on the Switch to properly configure the Authenticator 1 The 802 1X State must be Enabled DGS 3600 Web Management Tool 2 The 802 1X settings must be implemented by port Security 802 1X Configure 802 1X Authenticator Parameter 3 A RADIUS server must be configured on the Switch Security 802 1X Authentic RADIUS Server Figure 11 12 The Authenticator Client The Client is si...

Страница 307: ... used on the Switch which are 1 Port Based Access Control This method requires only one user to be authenticated per port by a remote RADIUS server to allow the remaining users on the same port access to the network 2 MAC Based Access Control Using this method the Switch will automatically learn up to sixteen MAC addresses by port and set them in a list Each MAC address must be authenticated by th...

Страница 308: ...nfiguration Once the connected device has successfully been authenticated the Port then becomes Authorized and all subsequent traffic on the Port is not subject to access control restriction until an event occurs that causes the Port to become Unauthorized Hence if the Port is actually connected to a shared media LAN segment with more than one attached device successfully authenticating one of the...

Страница 309: ...er to successfully make use of 802 1X in a shared media LAN segment it would be necessary to create logical Ports one for each attached device that required access to the LAN The Switch would regard the single physical Port connecting it to the shared media segment as consisting of a number of distinct logical Ports each logical Port being independently controlled from the point of view of EAPOL e...

Страница 310: ...lient wishing services on the Switch will need to be authenticated by a remote RADIUS Server or local authentication on the Switch to be placed in a fully operational VLAN If authenticated and the authenticator possesses the VLAN placement information that client will be accepted into the fully operational target VLAN and normal switch functions will be open to the client If the authenticator does...

Страница 311: ...this option will enable ports listed in the Port List below as part of the Guest VLAN Be sure that these ports are configured for this VLAN or users will be prompted with an error message Disabled Ports Selecting this option will disable ports listed in the Port List below as part of the Guest VLAN Be sure that these ports are configured for this VLAN or users will be prompted with an error messag...

Страница 312: ...nfigure the 802 1X Authenticator Settings click Security 802 1X Configure 802 1X Authenticator Parameter as shown below Figure 11 19 Configure 802 1X Authenticator Parameter window To configure the settings by port click on its corresponding Modify button which will display the following table to configure 294 ...

Страница 313: ...on exchange required This means the port transmits and receives normal traffic without 802 1X based authentication of the client If forceUnauthorized is selected the port will remain in the unauthorized state ignoring all attempts by the client to authenticate The Switch cannot provide authentication services to the client through the interface If Auto is selected it will enable 802 1X and cause t...

Страница 314: ...conds MaxReq The maximum number of times that the Switch will retransmit an EAP Request to the client before it times out of the authentication sessions The default setting is 2 ReAuthPeriod A constant that defines a nonzero number of seconds between periodic reauthentication of the client The default setting is 3600 seconds ReAuth Determines whether regular reauthentication will take place on thi...

Страница 315: ...802 1X port and MAC settings are displayed and can be configured using the window below To view this window click Security 802 1X Initialize Port s as shown below Figure 11 22 Initialize Port window Port based 802 1X This window allows initialization of a port or group of ports The Initialize Port Table in the bottom half of the window displays the current status of the port s To initialize ports ...

Страница 316: ...Response Success Fail Timeout Idle Initialize and N A Port Status The status of the controlled port can be Authorized Unauthorized or N A NOTE The user must first globally enable 802 1X in the DGS 3600 Web Management Tool window before initializing ports Information in the Initialize Ports Table cannot be viewed before enabling 802 1X Reauthenticate Port s This window allows reauthentication of a ...

Страница 317: ...begin the reauthentication click Apply This window displays the following information Parameter Description Port The port number of the reauthenticated port MAC Address Displays the physical address of the Switch where the port resides Auth PAE State The Authenticator State will display one of the following Initialize Disconnected Connecting Authenticating Authenticated Aborting Held ForceAuth For...

Страница 318: ...US Server window This window displays the following information Parameter Description Succession Choose the desired RADIUS server to configure First Second or Third RADIUS Server Set the RADIUS server IP Authentic Port Set the RADIUS authentic server s UDP port The default port is 1812 Accounting Port Set the RADIUS account server s UDP port The default port is 1813 Key Set the key the same as tha...

Страница 319: ...ients on that port will be automatically authenticated to access the specified Redirection Path URL as well as the authenticated client To the right there is an example of the basic six step process all parties of the authentication go through for a successful Web based Access Control process Conditions and Limitations 1 The subnet of the authentication VLAN s IP interface must be the same as that...

Страница 320: ...ation method of the Switch as the authenticating method for users trying to access the network via the switch This is in fact the username and password to access the Switch configured using the User Account Creation screen seen below RADIUS Choose this parameter to use a remote RADIUS server as the authenticating method for users trying to access the network via the switch This RADIUS server must ...

Страница 321: ...l authentication should direct the client to the stated web page If the client does not reach this web page yet does not receive a Fail message the client will already be authenticated and therefore should refresh the current browser window or attempt to open a different web page To view Web based Access Control status of individual ports click the Show Port State link to open the window seen belo...

Страница 322: ...d in this field to confirm User VLAN Mapping User Name Enter the user name of a guest authenticated through this process to be mapped to a previously configured VLAN with limited rights VLAN Name Enter the VLAN name of a previously configured VLAN to which successfully authenticated web user will be mapped Link Click the Link button to map the user name and VLAN stated in the previous 2 fields Use...

Страница 323: ...set to be moved to a VLAN without an IPIF interface the previous logout screen may also not be presented when logging in Trust Host To view this window click Security Trust Host as shown below Figure 11 32 Security IP window Use the Security IP Management to permit remote stations to manage the Switch If you choose to define one or more designated management stations only the chosen stations as de...

Страница 324: ...he Switch The server will not accept the username and password and the user is denied access to the Switch The server doesn t respond to the verification query At this point the Switch receives the timeout from the server and then moves to the next method of verification configured in the method list The Switch has four built in Authentication Server Groups one for each of the TACACS XTACACS TACAC...

Страница 325: ...r of times the Switch will accept authentication attempts Users failing to be authenticated after the set amount of attempts will be denied access to the Switch and will be locked out of further authentication attempts Command line interface users will have to wait 60 seconds before another authentication attempt Telnet and Web users will be disconnected from the Switch The user may set the number...

Страница 326: ...to group TACACS XTACACS TACACS RADIUS server hosts into user defined categories for authentication using method lists The user may define the type of server group by protocol or by previously defined server group The Switch has four built in Authenti cation Server Groups that cannot be removed but can be modified Up to eight authentications server hosts may be added to any particular group To view...

Страница 327: ...me TACACS daemon TACACS XTACACS TACACS protocols are separate entities and are not compatible with each other Authentication Server Host This window will set user defined Authentication Server Hosts for the TACACS XTACACS TACACS RADIUS security protocols on the Switch When a user attempts to access the Switch with Authentication Policy enabled the Switch will send authentication packets to a remot...

Страница 328: ...35 Enter a number between 1 and 65535 to define the virtual port number of the authentication protocol on a server host The default port number is 49 for TACACS XTACACS TACACS servers and 1813 for RADIUS servers but the user may set a unique port number for higher security Timeout 1 255 Enter the time in seconds the Switch will wait for the server host to reply to an authentication request The def...

Страница 329: ...upgrade his or her status to the administrator level the user must use the Enable Admin window in which the user must enter a previously configured password set by the administrator See the Enable Admin part of this section for more detailed information concerning the Enable Admin command To view this window click Security Access Authentication Control Login Method Lists as shown below Figure 11 4...

Страница 330: ... can be implemented on the Switch one of which is a default Enable Method List This default Enable Method List cannot be deleted but can be configured The sequence of methods implemented in this command will affect the authentication result For example if a user enters a sequence of methods like TACACS XTACACS Local Enable the Switch will send an authentication request to the first TACACS host in ...

Страница 331: ...able Password must set the local enable password none Adding this parameter will require an authentication to access the Switch radius Adding this parameter will require the user to be authenticated using the RADIUS protocol from a remote RADIUS server tacacs Adding this parameter will require the user to be authenticated using the TACACS protocol from a remote TACACS server xtacacs Adding this pa...

Страница 332: ...e one set in the New Local Enabled field will result in a fail message Enable Admin Figure 11 45 Enable Admin window Figure 11 46 Enter Network Password dialog box The Enable Admin window is for users who have logged on to the Switch on the normal user level and wish to be promoted to the administrator level After logging on to the Switch users will have only user level privileges To gain access t...

Страница 333: ...atch is made with this MAC address the RADIUS server will return a notification stating that the MAC address has been accepted and is to be placed in the target VLAN If the VID for the target VLAN is not found the Switch will return the port containing the MAC address to the original VLAN If the MAC address is not found and if the port is in the Guest VLAN it will remain in the Guest VLAN with the...

Страница 334: ...et Managed Switch Figure 11 47 MAC Based Access Control Global Settings window The following parameters may be viewed or set Parameter Description Settings State Use the pull down menu to globally enable or disable the MAC based Access Control 316 ...

Страница 335: ...Mode Port Based In this mode if one of the attached hosts is successfully authorized all hosts on the same port will be granted access to the network If the port authorization fails this port will continue authenticating Host Based In this mode every user can individually authenticate and access the network Aging Time 1 1440 min A time period configurable per port between 1 1440 minutes during whi...

Страница 336: ...MAC If you want to add the entry to the MAC Based Access Control Local MAC Table click the Add button To delete an entry click the Delete By MAC button VLAN Name VID To search for a previously configured VLAN Name VLAN ID enter the information and click Find By VLAN If you want to add the entry to the MAC Based Access Control Local MAC Table click the Add button To delete an entry click the Delete...

Страница 337: ...he Switch will again begin accepting all packets Yet if the checking shows that there continues to be too many packets flooding the Switch it will stop accepting all ARP and IP broadcast packets for double the time of the previous stop period This doubling of time for stopping ingress ARP and IP broadcast packets will continue until the maximum time has been reached which is 320 seconds and every ...

Страница 338: ...guard Engine settings for the Switch Rising Threshold 20 100 Used to configure the acceptable level of CPU utilization before the Safeguard Engine mechanism is enabled Once the CPU utilization reaches this percentage level the Switch will move into Safeguard Engine state based on the parameters provided in this window Falling Threshold 20 100 Used to configure the acceptable level of CPU utilizati...

Страница 339: ...he Master switch CPU To view the Traffic Segmentation window click Security Traffic Segmentation as shown below Figure 11 52 Current Traffic Segmentation Table window This window allows you to view which port on a given switch will be allowed to forward packets to other ports on that switch Select the unit you wish to configure and a port number from the drop down menu and click View to display th...

Страница 340: ...ransmit packets Forward Port Tick the check boxes to select which of the ports on the Switch will be able to forward packets These ports will be allowed to receive packets from the port specified above Clicking the Apply button will enter the combination of transmitting port and allowed receiving ports into the Switch s Current Traffic Segmentation Table 322 ...

Страница 341: ... three layered encryption code for secure communication between the server and the host The user may implement any one or combination of the ciphersuites available yet different ciphersuites will affect the security level and the performance of the secured connection The information included in the ciphersuites is not included with the Switch and requires downloading from a third source in a file ...

Страница 342: ...n Ex c cert der Key File Name Enter the path and the filename of the key file to download This file must have a der extension Ex c pkey der To set up the SSL function on the Switch configure the following parameters and click Apply Parameter Description Configuration SSL Status Use the pull down menu to enable or disable the SSL status on the switch The default is Disabled Cache Timeout 60 86400 T...

Страница 343: ...menu to enable or disable this ciphersuite This field is Enabled by default RSA EXPORT with RC4 40 MD5 This ciphersuite combines the RSA Export key exchange and stream cipher RC4 encryption with 40 bit keys Use the pull down menu to enable or disable this ciphersuite This field is Enabled by default NOTE Certain implementations concerning the function and configuration of SSL are not available on ...

Страница 344: ...tch including specifying a password This password is used to logon to the Switch once a secure communication path has been established using the SSH protocol 2 Configure the User Account to use a specified authorization method to identify users that are allowed to establish SSH connections with the Switch using the SSH User Authentication window There are three choices as to the method SSH will us...

Страница 345: ...another login The number of maximum attempts may be set between 2 and 20 The default setting is 2 Session Rekeying Using the pull down menu uses this field to set the time period that the Switch will change the security shell encryptions The available options are Never 10 min 30 min and 60 min The default setting is Never Listened Port Number This displays the virtual port number to be used with t...

Страница 346: ...ption algorithm with Cipher Block Chaining The default is Enabled AES256 CBC Use the pull down to enable or disable the Advanced Encryption Standard AES 256 encryption algorithm with Cipher Block Chaining The default is Enabled ARC4 Use the pull down to enable or disable the Arcfour encryption algorithm with Cipher Block Chaining The default is Enabled Cast128 CBC Use the pull down to enable or di...

Страница 347: ...hosen to use a remote SSH server for authentication purposes Choosing this parameter requires the user to input the following information to identify the SSH user Host Name Displays an alphanumeric string of no more than 31 characters to identify the remote SSH user Host IP Displays the corresponding IP address of the SSH user Password This parameter should be chosen to use an administrator define...

Страница 348: ...owse MLD Router Port VLAN Status VLAN Status Port Port Access Control MAC Address Table IGMP Snooping Group MLD Snooping Group Trace Route IGMP Snooping Forwarding MLD Snooping Forwarding IP Forwarding Table Browse Routing Table Browse IP Multicast Forwarding Table Browse IP Multicast Interface Table Browse IGMP Group Table DVMRP Monitor PIM Monitor OSPF Monitor Switch Logs Browse ARP Table MAC Ba...

Страница 349: ...isplays all the Switches that are currently in the stack as well as configuration information about each Switch To view the Stacking Information window click Monitoring Stacking Information as shown below Figure 12 2 Stacking Information window Module Information This window displays module information of the Switch including the module name Revision Number Serial Number and description To view th...

Страница 350: ...h with new updated statistics The information is described as follows Parameter Description Time Interval Select the desired setting between 1s and 60s where s stands for seconds The default value is one second Record Number Select number of times the Switch will be polled between 20 and 200 The default value is 200 Show Hide These check boxes allow the user to choose the CPU utilization over incr...

Страница 351: ...ber from its drop down menu and click Apply to display the Port Utilization for a particular port The following fields can be set Parameter Description Time Interval Select the desired setting between 1s and 60s where s stands for seconds The default value is one second Record Number Select number of times the Switch will be polled between 20 and 200 The default value is 200 Show Hide Check whethe...

Страница 352: ...red Received RX To view the Received RX window click Monitoring Packets Received RX as shown below Figure 12 6 Rx Packets Analysis window line graph for Bytes and Packets Select a Port number from its pull down menu and click Apply to display the Rx Packet analysis for a particular port To view the Received Packets Table click the link View Table which will show the following table 334 ...

Страница 353: ...lect number of times the Switch will be polled between 20 and 200 The default value is 200 Bytes Counts the number of bytes received on the port Packets Counts the number of packets received on the port Show Hide Check whether to display Bytes and Packets Clear Clicking this button clears all statistics counters on this window View Table Clicking this button instructs the Switch to display a table...

Страница 354: ... RX To view the UMB_cast RX window click Monitoring Packets UMB_cast RX as shown below Figure 12 8 Rx Packets Analysis window line graph for Unicast Multicast and Broadcast Packets To view the UMB Cast Table click the View Table link which will show the following table 336 ...

Страница 355: ...is 200 Unicast Counts the total number of good packets that were received by a unicast address Multicast Counts the total number of good packets that were received by a multicast address Broadcast Counts the total number of good packets that were received by a broadcast address Show Hide Check whether or not to display Multicast Broadcast and Unicast Packets Clear Clicking this button clears all s...

Страница 356: ...h Transmitted TX To view this window click Monitoring Packets Transmitted TX as shown below Figure 12 10 Tx Packets Analysis window line graph for Bytes and Packets To view the Transmitted TX Table click the link View Table which will show the following table 338 ...

Страница 357: ...of times the Switch will be polled between 20 and 200 The default value is 200 Bytes Counts the number of bytes successfully sent on the port Packets Counts the number of packets successfully sent on the port Show Hide Check whether or not to display Bytes and Packets Clear Clicking this button clears all statistics counters on this window View Table Clicking this button instructs the Switch to di...

Страница 358: ...itch s management agent to be viewed as either a line graph or a table Four windows are offered Received RX To view this window click Monitoring Errors Received RX as shown below Figure 12 12 Rx Error Analysis window line graph To view the Received Error Packets Table click the link View Table which will show the following table 340 ...

Страница 359: ...ts packets received that were longer than the MAX_PKT_LEN Internally MAX_PKT_LEN is equal to 1536 octets or if a VLAN frame of 1540 octets was received Fragment The number of packets less than 64 bytes with either bad framing or an invalid CRC These are normally the result of collisions Jabber Counts the error packets that were received that exceeded 1518 bytes or for VLAN frames 1522 bytes and le...

Страница 360: ...all statistics counters on this window View Table Clicking this button instructs the Switch to display a table rather than a line graph View Line Chart Clicking this button instructs the Switch to display a line graph rather than a table Transmitted TX To view this window click Monitoring Errors Transmitted TX as shown below Figure 12 14 Tx Error Analysis window line graph To view the Transmitted ...

Страница 361: ...dary LateColl Counts the number of times that a collision is detected later than 512 bit times into the transmission of a packet ExColl Excessive Collisions The number of packets for which transmission failed due to excessive collisions SingColl Single Collision Frames The number of successfully transmitted packets for which transmission is inhibited by more than one collision Coll An estimate of ...

Страница 362: ... six groups and classed by size to be viewed as either a line graph or a table Two windows are offered To view this table click Monitoring Packet Size the following window will be displayed Figure 12 16 Rx Size Analysis window line graph To view the Packet Size Analysis Table click the link View Table which will show the following table 344 ...

Страница 363: ...ween 128 and 255 octets in length inclusive excluding framing bits but including FCS octets 256 511 The total number of packets including bad packets received that were between 256 and 511 octets in length inclusive excluding framing bits but including FCS octets 512 1023 The total number of packets including bad packets received that were between 512 and 1023 octets in length inclusive excluding ...

Страница 364: ...o view this window click Monitoring Browse Router Port as shown below Figure 12 18 Browse Router Port window Browse MLD Router Port This displays which of the Switch s ports are currently configured as router ports in IPv6 A router port configured by a user using the console or Web based management interfaces is displayed as a static router port designated by S A router port that is dynamically co...

Страница 365: ...rrently Egress E or Tag T ports To view the next VLAN in the list click the Next button To view this window click Monitoring VLAN Status as shown below Figure 12 20 VLAN Status window VLAN Status Port This read only window displays the current VLAN status for the port selected using the drop down menu To view this window click Monitoring VLAN Status Port as shown below Figure 12 21 VLAN Status Por...

Страница 366: ...1X is enabled by port or by MAC address To enable 802 1X go to the DGS 3600 Web Management Tool window Authenticator State The following section describes the 802 1X Status on the Switch This window displays the Authenticator State for individual ports on a selected device A polling interval between 1 and 60 seconds can be set using the drop down menu at the top of the window and clicking OK To vi...

Страница 367: ...ate The Authenticator PAE State value can be Initialize Disconnected Connecting Authenticating Authenticated Aborting Held Force_Auth Force_Unauth or N A N A Not Available indicates that the port s authenticator capability is disabled Backend State The Backend Authentication State can be Request Response Success Fail Timeout Idle Initialize or N A N A Not Available indicates that the port s authen...

Страница 368: ...xStack DGS 3600 Series Layer 3 Gigabit Ethernet Managed Switch Figure 12 23 Authenticator State window MAC Based 802 1X 350 ...

Страница 369: ...n Port The identification number assigned to the Port by the System in which the Port resides Frames Rx The number of valid EAPOL frames that have been received by this Authenticator Frames Tx The number of EAPOL frames that have been transmitted by this Authenticator Rx Start The number of EAPOL Start frames that have been received by this Authenticator TxReqId The number of EAP Req Id frames tha...

Страница 370: ...ame Authenticator Session Statistics This table contains the session statistics objects for the Authenticator PAE associated with each port An entry appears in this table for each port that supports the Authenticator function To view the Authenticator Session Statistics click Monitoring Port Access Control Authenticator Session Statistics as shown below Figure 12 25 Authenticator Session Statistic...

Страница 371: ...Authenticator s System 2 Local Authentic Server The Authentication Server is located within the Authenticator s System Time The duration of the session in seconds Terminate Cause The reason for the session termination There are eight possible reasons for termination 1 Supplicant Logoff 2 Port Failure 3 Supplicant Restart 4 Reauthentication Failure 5 AuthControlledPortControl set to ForceUnauthoriz...

Страница 372: ... an EAPOL Logoff message Auth Enter Counts the number of times that the state machine transitions from CONNECTING to AUTHENTICATING as a result of an EAP Response Identity message being received from the Supplicant Auth Success Counts the number of times that the state machine transitions from AUTHENTICATING to AUTHENTICATED as a result of the Backend Authentication state machine indicating succes...

Страница 373: ...tion server i e aReq becomes TRUE causing exit from the RESPONSE state Indicates that the Authentication Server has communication with the Authenticator OtherReqToSupp Counts the number of times that the state machine sends an EAP Request packet other than an Identity Notification Failure or Success message to the Supplicant i e executes txReq on entry to the REQUEST state Indicates that the Authe...

Страница 374: ...rver RoundTripTime The time interval in hundredths of a second between the most recent Access Reply Access Challenge and the Access Request that matched it from this RADIUS authentication server AccessRequests The number of RADIUS Access Request packets sent to this server This does not include retransmissions AccessRetrans The number of RADIUS Access Request packets retransmitted to this RADIUS a...

Страница 375: ...statistics associated with them It has one row for each RADIUS authentication server that the client shares a secret with To view the RADIUS Account Client window click Monitoring Port Access Control RADIUS Account Client as shown below Figure 12 28 RADIUS Account Client window The user may also select the desired time interval to update the statistics between 1s and 60s where s stands for seconds...

Страница 376: ...number of RADIUS Accounting Response packets which contained invalid authenticators received from this server PendingRequests The number of RADIUS Accounting Request packets sent to this server that have not yet timed out or received a response This variable is incremented when an Accounting Request is sent and decremented due to receipt of an Accounting Response a timeout or a retransmission Time...

Страница 377: ... To view the MAC Address forwarding table click Monitoring MAC Address Table as shown below Figure 12 29 MAC Address Table window The following fields can be viewed or set Parameter Description VLAN Name Enter a VLAN Name for which to browse the forwarding table VLAN ID 1 4094 Enter a VLAN ID between 1 and 4094 for which to browse the forwarding table MAC Address Enter a MAC address for which to b...

Страница 378: ...roup IP address and the corresponding MAC address from IGMP packets that pass through the Switch To view this window click Monitoring IGMP Snooping Group as shown below Figure 12 30 IGMP Snooping Group Table window The user may search the IGMP Snooping Table by entering the VLAN Name in the top left hand corner and clicking Find NOTE The Switch supports up to 4K IGMP Snooping groups The following ...

Страница 379: ...e VLAN ID of theVLAN VLAN Name The VLAN to which the member port belongs Source Displays the status of the source filtering which is the ability for a system to report the interest in receiving packets from specific source addresses or sent to a particular multicast address Group The IP address of the MLD multicast group Member Ports The ports that are members of the multicast group Filter Mode Th...

Страница 380: ... parameters located in this window and click Start Parameter Description Target IP Address Enter the IP address of the computer to be traced TTL The time to live value of the trace route request This is the maximum number of routers the traceroute command will cross while seeking the network path between two devices Port The virtual port number The port number must be above 1024 The value range is...

Страница 381: ... 12 33 IGMP Snooping Forwarding Table window The user may search the IGMP Snooping Forwarding Table by VLAN Name by entering a VLAN name and then clicking Search The following field can be viewed Parameter Description VLAN Name The VLAN Name where multicast packets are being received Source IP The Source IP address that is sending multicast packets Multicast Group The Multicast IP address located ...

Страница 382: ...can be viewed Parameter Description VLAN Name The VLAN Name where multicast packets are being received Source IP The Source IP address that is sending multicast packets Multicast Group The Multicast IP address located in the multicast packet Port Member These are the ports where the IP multicast packets are being forwarded IP Forwarding Table The IP Forwarding Table window is read only where the u...

Страница 383: ...To search a specific entry enter a multicast group IP address into the Multicast Group field a Source IP address or Source Netmask and click Find To view this window click Monitoring Browse IP Multicast Forwarding Table as shown below Figure 12 37 IP Multicast Forwarding Table window Browse IP Multicast Interface Table This window will show current IP multicasting interfaces located on the Switch ...

Страница 384: ...ng Table Multicast routing information is gathered and stored by DVMRP in the DVMRP Routing Table this window contains one row for each port in a DVMRP mode Each routing entry contains information about the source and multicast group and incoming and outgoing interfaces You may define your search by entering a Source IP Address and its subnet mask into the fields at the top of the window and click...

Страница 385: ...click Monitoring DVMRP Monitoring Browse DVMRP Routing Next Hop Table as shown below Figure 12 42 DVMRP Routing Next Hop Table window PIM Monitor Multicast routers use Protocol Independent Multicast PIM to determine which other multicast routers should receive multicast packets To find out more information concerning PIM and its configuration on the Switch see the IP Multicast Routing Protocol cha...

Страница 386: ...sess information regarding the Rendezvous Point RP Set on the Switch To view this window click Monitoring PIM Monitor Browse PIM RP Set Table as shown below Figure 12 45 PIM RP Set Table window OSPF Monitor This section offers windows regarding OSPF Open Shortest Path First information on the Switch including the OSPF LSDB Table OSPF Neighbor Table and the OSPF Virtual Neighbor Table To view these...

Страница 387: ...ink advertisements by which the current link was discovered by the Switch All Router link RTRLink Network link NETLink Summary link Summary Autonomous System link ASSummary Autonomous System external link ASExternal and NSSA_EXT Not So Stubby Area external Link State ID This field identifies the portion of the Internet environment that is being described by the advertisement The contents of this f...

Страница 388: ...table click Monitoring OSPF Monitor Browse OSPF Virtual Neighbor Table as shown below Figure 12 48 OSPF Virtual Neighbor Table window The user may choose specifically search a virtual neighbor by using one of the two search options at the top of the window which are Parameter Description Transit Area ID Allows the entry of an OSPF Area ID previously defined on the Switch that allows a remote area ...

Страница 389: ...ular Log Choose this option to view regular switch log entries such as logins or firmware transfers Attack Log Choose this option to view attack log files such as spoofing attacks Unit Enter the unit you wish to view Sequence A counter incremented whenever an entry to the Switch s history log is made The table displays the last entry highest sequence number first Time Displays the time in days hou...

Страница 390: ...s To view the Browse ARP table click Monitoring MAC Based Access Control Authentication as shown below Figure 12 51 ARP Table window The The following fields can be configured Parameter Description Ports e g 1 5 7 12 Enter the range of ports you wish to clear and click Clear to clear all ports check the All Ports check box before clicking Clear MAC Address Enter the MAC Address of the entry you wi...

Страница 391: ...the current configuration but do not save this configuration Reset System will return the Switch s configuration to the state it was when it left the factory Reset gives the option of retaining the Switch s User Accounts and History Log while resetting all other configuration parameters to their factory defaults If the Switch is reset using this window and Save Changes is not executed the Switch w...

Страница 392: ...lick the Save button in the Save Changes window The save options allow one alternative configuration image to be stored To view this window click Save Services Save Changes as shown beow Figure 13 3 Save Changes window The Save Changes options include Save Configuration Full path Users may save the configuration to the internal flash memory of the Switch To name the file click the check box and en...

Страница 393: ... drive to be altered Action This field has two options for configuration Boot Select this option to set the configuration file specified above as the boot up configuration for the Switch This saved configuration will be set as the boot up file after a switch reboot has been performed The default setting has configuration file C STARTUP CFG as the boot up configuration file for the Switch unless sp...

Страница 394: ...ansceiver IEEE 802 3z 1000BASE SX DEM 311GT transceiver IEEE 802 3z 1000BASE SX DEM 312GT2 transceiver IEEE 802 3z 1000BASE LH DEM 314GT transceiver IEEE 802 3z 1000BASE ZX DEM 315GT transceiver IEEE 802 3z WDM Transceiver DEM 330T transceiver IEEE 802 3z WDM Transceiver DEM 330R transceiver IEEE 802 3z WDM Transceiver DEM 331T transceiver IEEE 802 3z WDM Transceiver DEM 331R transceiver IEEE 802 ...

Страница 395: ...mm x 11mm DGS 3627G Four 40mm x 40mm x 20mm one 50mm x 50mm x 20mm fans DGS 3650 Two 40mm x 40mm x 20mm three 40mm x 40mm x 10mm one 75 7mm x 75 7mm x 30mm fans one 44mm x 44mm x 11mm DGS 3612G Three 40mm x 40mm x 20mm one 50mm x 50mm x 20mm fans DGS 3612 Two 40mm x 40mm x 20mm fans Operating Temperature 0 40 C Storage Temperature 40 70 C Humidity 5 95 non condensing Dimensions DGS 3627 DGS 3627G ...

Страница 396: ...ries Layer 3 Gigabit Ethernet Managed Switch MAC Address Learning Automatic update Supports 16K MAC address Priority Queues 8 Priority Queues per port Forwarding Table Age Time Max age 10 1000000 seconds Default 300 378 ...

Страница 397: ...gnment The following diagrams and tables show the standard RJ 45 receptacle connector and their pin assignments Figure B 1 The standard RJ 45 port and connector RJ 45 Pin Assignments Contact MDI X Port MDI II Port 1 RD receive TD transmit 2 RD receive TD transmit 3 TD transmit RD receive 4 Not used Not used 5 Not used Not used 6 TD transmit RD receive 7 Not used Not used 8 Not used Not used Table ...

Страница 398: ...ower is working Redundant Power is working Critical up down load Firmware successfully uploaded Firmware successfully uploaded by console Username username IP ipaddr MAC macaddr Informational by console and IP ipaddr MAC macaddr are XOR shown in log string which means if the user logs in by console there will be no IP and MAC information for logging Firmware upload was unsuccessful Firmware upload...

Страница 399: ...onsole and IP ipaddr MAC macaddr are XOR shown in log string which means if the user logs in through the console no IP or MAC address information will be included in the log Configuration upload was unsuccessful Configuration upload by console was unsuccessful Username username IP ipaddr MAC macaddr Warning by console and IP ipaddr MAC macaddr are XOR shown in log string which means if the user lo...

Страница 400: ...er logs in through the console no IP or MAC address information will be included in the log Web Successful login through Web Successful login through Web Username username IP ipaddr MAC macaddr Informational Login failed through Web Login failed through Web Username username IP ipaddr MAC macaddr Warning Logout through Web Logout through Web Username username IP ipaddr MAC macaddr Informational Su...

Страница 401: ...s enabled Informational Spanning Tree Protocol is disabled Spanning Tree Protocol is disabled Informational SSH Successful login through SSH Successful login through SSH Username username IP ipaddr MAC macaddr Informational Login failed through SSH Login failed through SSH Username username IP ipaddr MAC macaddr Warning Logout through SSH Logout through SSH Username username IP ipaddr MAC macaddr ...

Страница 402: ...sername username MAC macaddr Warning Successful login through Web SSL authenticated by AAA local method Successful login through Web SSL from userIP authenticated by AAA local method Username username MAC macaddr Informational Login failed through Web SSL authenticated by AAA local method Login failed through Web SSL from userIP authenticated by AAA local method Username username MAC macaddr Warni...

Страница 403: ...ful login through Telnet from userIP authenticated by AAA none method Username username MAC macaddr Informational Successful login through SSH authenticated by AAA none method Successful login through SSH from userIP authenticated by AAA none method Username username MAC macaddr Informational Successful login through Console authenticated by AAA server Successful login through Console authenticate...

Страница 404: ... SSL authenticated by AAA server Login failed through Web SSL from userIP authenticated by AAA server serverIP Username username MAC macaddr Warning Login failed through Web SSL due to AAA server timeout or improper configuration Login failed through Web SSL from userIP due to AAA server timeout or improper configuration Username username MAC macaddr Warning Successful login through Telnet authent...

Страница 405: ...sername username Informational Enable Admin failed through Console authenticated by AAA local_enable method Enable Admin failed through Console authenticated by AAA local_enable method Username username Warning Successful Enable Admin through Web authenticated by AAA local_enable method Successful Enable Admin through Web from userIP authenticated by AAA local_enable method Username username MAC m...

Страница 406: ...iled through SSH authenticated by AAA local_enable method Enable Admin failed through Telnet or Web or SSH from userIP authenticated by AAA local_enable method Username username MAC macaddr Warning Successful Enable Admin through Console authenticated by AAA none method Successful Enable Admin through Console authenticated by AAA none method Username username Informational Successful Enable Admin ...

Страница 407: ...figuration Username username Warning Successful Enable Admin through Web authenticated by AAA server Successful Enable Admin through Web from userIP authenticated by AAA server serverIP Username username MAC macaddr Informational Enable Admin failed through Web authenticated by AAA server Enable Admin failed through Web from userIP authenticated by AAA server serverIP Username username MAC macaddr...

Страница 408: ...e Admin failed through Telnet from userIP due to AAA server timeout or improper configuration Username username MAC macaddr Warning Successful Enable Admin through SSH authenticated by AAA server Successful Enable Admin through SSH from userIP authenticated by AAA server serverIP Username username MAC macaddr Informational Enable Admin failed through SSH authenticated by AAA server Enable Admin fa...

Страница 409: ...RMAL mode Informational Safeguard Engine is in filtering packet mode Safeguard Engine enters EXHAUSTED mode Warning Packet Storm Broadcast storm occurrence Broadcast storm is occurring port id Warning Broadcast storm has cleared Broadcast storm has cleared port id Informational Multicast storm occurrence Multicast storm is occurring port id Warning Multicast storm has cleared Multicast storm has c...

Страница 410: ...stance Mini GBIC 1000BASE LX Single mode fiber module 1000BASE SX Multi mode fiber module 1000BASE LHX Single mode fiber module 1000BASE ZX Single mode fiber module 10km 550m 40km 80km 100 BASE FX 100BASE FX Fiber Cable 100 Mbps 100m 1000BASE T Category 5e UTP Cable Category 5 UTP Cable 1000 Mbps 100m 100BASE TX Category 5 UTP Cable 100 Mbps 100m 10BASE T Category 3 UTP Cable 10 Mbps 100m ...

Страница 411: ...message sent to all destination devices on the network broadcast storm Multiple simultaneous broadcasts that typically absorb available network bandwidth and can cause network failure console port The port on the Switch accepting a terminal or modem connector It changes the parallel arrangement of data within computers to the serial form used on data transmission links This port is most often used...

Страница 412: ...nagement Protocol A protocol originally designed to be used in managing TCP IP internets SNMP is presently implemented on a wide range of computers and networking equipment and may be used to manage many aspects of network and end station operation Spanning Tree Protocol STP A bridge based system for providing fault tolerance on networks STP works by allowing you to implement parallel paths for ne...

Страница 413: ...ation pertaining to the product and in that case the product is being sold As Is without any warranty whatsoever including without limitation the Warranty as described herein notwithstanding anything stated herein to the contrary Submitting A Claim The customer shall return the product to the original purchase point based on its return policy In case the return policy period has expired and the pr...

Страница 414: ...ms Inc Other trademarks or registered trademarks are the property of their respective owners Copyright Statement No part of this publication or documentation accompanying this product may be reproduced in any form or by any means or used to make any derivative such as translation transformation or adaptation without permission from D Link Corporation D Link Systems Inc as stipulated by the United ...

Страница 415: ...Registration Register your D Link product online at http support dlink com register Product registration is entirely voluntary and failure to complete or return this form will not diminish your warranty rights ...

Страница 416: ... defective Hardware the price paid by the original purchaser for the defective Hardware will be refunded by D Link upon return to D Link of the defective Hardware All Hardware or part thereof that is replaced by D Link or for which the purchase price is refunded shall become the property of D Link upon replacement or refund Limited Software Warranty D Link warrants that the software portion of the...

Страница 417: ... not to be defective or non conforming What Is Not Covered This limited warranty provided by D Link does not cover Products that have been subjected to abuse accident alteration modification tampering negligence misuse faulty installation lack of reasonable care repair or service in any way that is not contemplated in the documentation for the product or if the model or serial number has been alte...

Страница 418: ...002 D Link Corporation Contents subject to change without prior notice D Link is a registered trademark of D Link Corporation D Link Systems Inc All other trademarks belong to their respective proprietors Copyright Statement No part of this publication may be reproduced in any form or by any means or used to make any derivative such as translation transformation or adaptation without permission fr...

Страница 419: ...e warranty period on this product U S and Canadian customers can contact D Link technical support through our website or by phone Tech Support for customers within the United States D Link Technical Support over the Telephone USA 877 DLINK 55 877 354 6555 D Link Technical Support over the Internet http support dlink com Tech Support for customers within Canada D Link Technical Support over the Tel...

Страница 420: ... uk ftp ftp dlink co uk Technische Unterstützung Deutschland Web http www dlink de E Mail support dlink de Telefon 49 0 1805 2787 0 14 pro Minute Zeiten Mo Fr 09 00 17 30 Uhr Österreich Web http www dlink at E Mail support dlink at Telefon 43 0 820 480084 0 116 pro Minute Zeiten Mo Fr 09 00 17 30 Uhr Schweiz Web http www dlink ch E Mail support dlink ch Telefon 41 0 848 331100 0 08 CHF pro Minute ...

Страница 421: ... www dlink nl 0 15ppm anytime Tech Support for customers within Belgium 070 66 06 40 www dlink be 0 175ppm peak 0 0875ppm off peak Tech Support for customers within Luxemburg 32 70 66 06 40 www dlink be Asistencia Técnica Asistencia Técnica Telefónica de D Link 34 902 30 45 45 0 067 min De Lunes a Viernes de 9 00 a 14 00 y de 15 00 a 18 00 http www dlink es Supporto tecnico Supporto Tecnico dal lu...

Страница 422: ... PO PÁ od 09 00 do 17 00 Land Line 1 78 CZK min Mobile 5 40 CZK min Technikai Támogatás Tel 06 1 461 3001 Fax 06 1 461 3004 Land Line 14 99 HUG min Mobile 49 99 HUF min email support dlink hu URL http www dlink hu Teknisk Support D Link Teknisk telefon Support 820 00 755 Hverdager 08 00 20 00 D Link Teknisk Support over Internett http www dlink no Teknisk Support D Link teknisk support over telefo...

Страница 423: ...εφαλληνίας 64 11251 Αθήνα Τηλ 210 86 11 114 Δευτέρα Παρασκευή 09 00 17 00 Φαξ 210 8611114 http www dlink gr support Assistência Técnica Assistência Técnica da D Link na Internet http www dlink pt e mail soporte dlink es Teknisk Support D Link Teknisk Support via telefon 0900 100 77 00 Vardagar 08 00 20 00 D Link Teknisk Support via Internet http www dlink se ...

Страница 424: ...k biz hr Tehnična podpora Zahvaljujemo se vam ker ste izbrali D Link proizvod Za vse nadaljnje informacije podporo ter navodila za uporabo prosimo obiščite D Link ovo spletno stran www dlink eu www dlink biz sl Suport tehnica Vă mulţumim pentru alegerea produselor D Link Pentru mai multe informaţii suport şi manuale ale produselor vă rugăm să vizitaţi site ul D Link www dlink eu www dlink ro ...

Страница 425: ...link co in support productsupport aspx Indonesia Malaysia Singapore and Thailand Tel 62 21 5731610 Indonesia Tel 1800 882 880 Malaysia Tel 65 6501 4200 Singapore Tel 66 2 719 8978 9 Thailand 24 7 for English Support Only http www dlink com sg support e mail support dlink com sg Korea Tel 82 2 2028 1815 Monday to Friday 9 00am to 6 00pm http www d link co kr e mail arthur d link co kr New Zealand T...

Страница 426: ... 92 21 4548158 or 92 21 4548310 Monday to Friday 10 00am to 6 00pm http support dlink me com E mail zkashif dlink me com South Africa and Sub Sahara Region Tel 27 12 665 2165 08600 DLINK for South Africa only Monday to Friday 8 30am to 9 00pm South Africa Time http www d link co za Turkey Tel 90 212 2895659 Monday to Friday 9 00am to 6 00pm http www dlink com tr e mail turkiye dlink me com e mail ...

Страница 427: ...ink D Link предоставляет бесплатную поддержку для клиентов в течение гарантийного срока Клиенты могут обратиться в группу технической поддержки D Link по телефону или через Интернет Техническая поддержка D Link 7 495 744 00 99 Техническая поддержка через Интернет http www dlink ru e mail support dlink ru ...

Страница 428: ...s 06 00am a 19 00pm Costa Rica 0800 0521478 Lunes a Viernes 05 00am a 18 00pm Ecuador 1800 035465 Lunes a Viernes 06 00am a 19 00pm El Salvador 800 6335 Lunes a Viernes 05 00am a 18 00pm Guatemala 1800 8350255 Lunes a Viernes 05 00am a 18 00pm México 01800 1233201 Lunes a Viernes 06 00am a 19 00pm Panamá 011 008000525465 Lunes a Viernes 05 00am a 18 00pm Perú 0800 00968 Lunes a Viernes 06 00am a 1...

Страница 429: ...il A D Link fornece suporte técnico gratuito para clientes no Brasil durante o período de vigência da garantia deste produto Suporte Técnico para clientes no Brasil Telefone São Paulo 11 2185 9301 Segunda à sexta Das 8h30 às 18h30 Demais Regiões do Brasil 0800 70 24 104 E mail e mail suporte dlinkbrasil com br ...

Страница 430: ...方式與D Link台灣 地區技術支援工程師聯絡 D Link 免付費技術諮詢專線 0800 002 615 服務時間 週一至週五 早上9 00到晚上9 00 不含周六 日及國定假日 網 站 http www dlink com tw 電子郵件 dssqa_service dlink com tw 如果您是台灣地區以外的用戶 請參考D Link網站全球各地 分公司的聯絡資訊以取得相關支援服務 產品保固期限 台灣區維修據點查詢 請參考以下網頁說明 http www dlink com tw 產品維修 使用者可直接送至全省聯強直營維修站或請洽您的原購買經銷商 ...

Страница 431: ...okumentasi pengguna dapat diperoleh pada situs web D Link Dukungan Teknis untuk pelanggan Dukungan Teknis D Link melalui telepon Tel 62 21 5731610 Dukungan Teknis D Link melalui Internet Email support dlink co id Website http support dlink co id ...

Страница 432: ...Technical Support この度は弊社製品をお買い上げいただき 誠にありがとうご ざいます 下記弊社 Web サイトからユーザ登録及び新製品登録を 行っていただくと ダウンロードサービスにて サポート情報 ファームウェア ユーザマニュアルを ダウンロードすることができます ディーリンクジャパン Web サイト URL http www dlink jp com ...

Страница 433: ...城区北三环东路 36 号 环球贸易中心 B 座 26F 02 05 室 邮编 100013 技术支持中心电话 8008296688 028 66052968 技术支持中心传真 028 85176948 维修中心地址 北京市东城区北三环东路 36 号 环球贸易中心 B 座 26F 02 05 室 邮编 100013 维修中心电话 010 58257789 维修中心传真 010 58257790 网址 http www dlink com cn 办公时间 周一到周五 早09 00到晚18 00 ...

Отзывы:

Нет отзывов

Бренды по названию

Популярные бренды

Загрузить еще бренды