manualshive.com logo in svg

D-Link xStack DXS-3350SR, Инструкция по установке и эксплуатации

D-Link xStack DXS-3350SR - усовершенствованный коммутатор сети с продвинутыми характеристиками. Скачайте бесплатное руководство пользователя с подробными техническими характеристиками с manualshive.com. Легкое понимание спецификаций и настроек для оптимальной работы вашей сети.

Поделиться
Скачать
background image

DXS-3350SR Gigabit Layer 3 Switch 

Access Authentication Control 

The TACACS / XTACACS / / RADIUS commands let you secure access to the Switch using the TACACS / 
XTACACS /  / RADIUS protocols. When a user logs in to the Switch or tries to access the administrator level 
privilege, he or she is prompted for a password. If TACACS / XTACACS / / RADIUS authentication is enabled 
on the Switch, it will contact a TACACS / XTACACS /  / RADIUS server to verify the user. If the user is 
verified, he or she is granted access to the Switch. 

There are currently three versions of the TACACS security protocol, each a separate entity. The Switch's software supports 
the following versions of TACACS: 

TACACS 

(Terminal Access Controller Access Control System) - Provides password checking and authentication, and 

notification of user actions for security purposes utilizing via one or more centralized TACACS servers, utilizing the UDP 
protocol for packet transmission. 

Extended TACACS (XTACACS)

 - An extension of the TACACS protocol with the ability to provide more types of 

authentication requests and more types of response codes than TACACS. This protocol also uses UDP to transmit packets. 

 

(Terminal Access Controller Access Control System plus

) - Provides detailed access control for 

authentication for network devices. is facilitated through Authentication commands via one or more centralized 
servers. The  protocol encrypts all traffic between the Switch and the  daemon, using the TCP 
protocol to ensure reliable delivery 

In order for the TACACS / XTACACS / / RADIUS security function to work properly, a TACACS / 
XTACACS /  / RADIUS server must be configured on a device other than the Switch, called an Authentication 
Server Host and it must include usernames and passwords for authentication. When the user is prompted by the Switch to 
enter usernames and passwords for authentication, the Switch contacts the TACACS / XTACACS / / RADIUS 
server to verify, and the server will respond with one of three messages: 

The server verifies the username and password, and the user is granted normal user privileges on the Switch.  

The server will not accept the username and password and the user is denied access to the Switch. 

The server doesn't respond to the verification query. At this point, the Switch receives the timeout from the server and then 
moves to the next method of verification configured in the method list. 

The Switch has four built-in 

Authentication Server Groups

, one for each of the TACACS, XTACACS, and 

RADIUS protocols. These built-in Authentication Server Groups are used to authenticate users trying to access the Switch. 
The users will set 

Authentication Server Hosts

 in a preferable order in the built-in Authentication Server Groups and when 

a user tries to gain access to the Switch, the Switch will ask the first Authentication Server Hosts for authentication. If no 
authentication is made, the second server host in the list will be queried, and so on. The built-in Authentication Server 
Groups can only have hosts that are running the specified protocol. For example, the TACACS Authentication Server 
Groups can only have TACACS Authentication Server Hosts. 

The administrator for the Switch may set up 6 different authentication techniques per user-defined method list (TACACS / 
XTACACS / / RADIUS / local / none) for authentication. These techniques will be listed in an order preferable, 
and defined by the user for normal user authentication on the Switch, and may contain up to eight authentication techniques. 
When a user attempts to access the Switch, the Switch will select the first technique listed for authentication. If the first 
technique goes through its Authentication Server Hosts and no authentication is returned, the Switch will then go to the next 
technique listed in the server group for authentication, until the authentication has been verified or denied, or the list is 
exhausted. 

Please note that users granted access to the Switch will be granted normal user privileges on the Switch. To gain access to 
administrator level privileges, the user must access the 

Enable Admin

 window and then enter a password, which was 

previously configured by the administrator of the Switch. 

 

NOTE:

 TACACS, XTACACS and  are separate entities and are 

not compatible. The Switch and the server must be configured exactly the 
same, using the same protocol. (For example, if the Switch is set up for 
TACACS authentication, so must be the host server.) 

 

183

Содержание xStack DXS-3350SR

Страница 1: ...D Link DXS 3350SR Managed 10 100 1000Mbps 48 port and 4 SFP Combo Ports with optional 2 Port 10 Gigabit Layer 3 Stackable Ethernet Switch Installation Guide and User Manual ...

Страница 2: ... D Link Computer Corporation is strictly forbidden Trademarks used in this text D Link and the D LINK logo are trademarks of D Link Computer Corporation Microsoft and Windows are registered trademarks of Microsoft Corporation Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products D Link Computer Corporation discl...

Страница 3: ...iption 11 Side Panel Description 11 Installation 12 Package Contents 13 Before You Connect to the Network 13 Installing the Switch Without the Rack 14 Installing the Switch in a Rack 14 Mounting the Switch in a Standard 19 Rack 15 Power On 15 Power Failure 15 The Optional Module 15 External Redundant Power System 17 Connecting The Switch 19 Switch To End Node 20 Switch to Hub or Switch 21 Connecti...

Страница 4: ...ased User Interface 39 Areas of the User Interface 39 Web Pages 40 Configuring The Switch 41 Switch Information 42 IP Address 43 Setting the Switch s IP Address using the Console Interface 45 Advanced Settings 45 Box InformationConfiguration 47 Port Configurations 48 Port Description 50 Port Mirroring 51 Link Aggregation 52 LACP Port Setting 55 MAC Notification 56 MAC Notification Global Settings ...

Страница 5: ...Q VLAN Tags 76 Port VLAN ID 77 Tagging and Untagging 78 Ingress Filtering 78 Default VLANs 78 Port based VLANs 79 VLAN Segmentation 79 VLAN and Trunk Groups 79 Static VLAN Entry 80 GVRP Setting 82 Traffic Control 84 Port Security 85 Port Lock Entries 86 QoS 88 Port Bandwidth Settings 90 QoS Scheduling Mechanism 91 QoS Output Scheduling 92 Configuring The Combination Queue 93 802 1p Default Priorit...

Страница 6: ...e 136 Static ARP Table 137 RIP 138 RIP Version 1 Message Format 139 RIP Command Codes 139 RIP 1 Message 139 RIP 1 Route Interpretation 139 RIP Version 2 Extensions 139 RIP2 Message Format 139 RIP Configuration 140 Setting Up RIP 140 OSPF 142 Global OSPF Settings 158 OSPF Area Setting 159 OSPF Interface Configuration 160 OSPF Virtual Interface Settings 162 Area Aggregation Configuration 163 OSPF Ho...

Страница 7: ...nable Method Lists 190 Local Enable Password 192 Enable Admin 193 Secure Socket Layer SSL 194 Download Certificate 195 Ciphersuite 195 Secure Shell SSH 197 SSH Configuration 197 SSH Algorithm 199 SSH User Authentication 201 SNMP Manager 202 Traps 202 MIBs 202 SNMP User Table 203 SNMP View Table 205 SNMP Group Table 207 SNMP Community Table Configuration 209 SNMP Host Table 210 SNMP Engine ID 211 M...

Страница 8: ...Browse IP Multicast Forwarding Table 237 Browse IGMP Group Table 237 OSPF Monitoring 237 DVMRP Monitoring 240 PIM Monitoring 241 Maintenance 242 TFTP Services 243 Download Firmware 243 Download Configuration File 244 Upload Configuration 244 Upload Log 244 Multiple Image Services 244 Firmware Information 245 Config Firmware Image 246 Ping Test 246 Save Changes 247 Reset 248 Reboot Device 249 Logou...

Страница 9: ...nder Switch Icon 257 Menu Bar 260 Device 261 View 261 Firmware Upgrade SIM 262 Configuration File Backup Restore SIM 262 Technical Specifications 263 Cables and Connectors 265 Cable Lengths 266 Glossary 267 ...

Страница 10: ...ns of the Switch including accessing the Switch information using the Switch s utilities and setting up network switching and Layer 3 functions Section 7 Management A discussion of the security features of the Switch including Security IP User Accounts Access Authentication Control and SNMP Section 8 Monitoring Features graphs and screens used in monitoring features and packets on the Switch Secti...

Страница 11: ...and Boldface Typewriter Font Indicates commands and responses to prompts that must be typed exactly as printed in the manual Initial capital letter Indicates a window name Names of keys on the keyboard have initial capitals For example Click Enter Italics Indicates a window name or a field Also can indicate a variables or parameter that is replaced with an appropriate word or string For example ty...

Страница 12: ...ystem Doing so can cause fire or electric shock by shorting out interior components Use the product only with approved equipment Allow the product to cool before removing covers or touching internal components Operate the product only from the type of external power source indicated on the electrical ratings label If you are not sure of the type of power source required consult your service provid...

Страница 13: ...efers to any system as well as to various peripherals or supporting hardware CAUTION Installing systems in a rack without the front and side stabilizers installed could cause the rack to tip over potentially resulting in bodily injury under certain circumstances Therefore always install the stabilizers before installing components in the rack After installing system components in a rack never pull...

Страница 14: ...arm delicate components inside your system To prevent static damage discharge static electricity from your body before you touch any of the electronic components such as the microprocessor You can do so by periodically touching an unpainted metal surface on the chassis You can also take the following steps to prevent damage from electrostatic discharge ESD 1 When unpacking a static sensitive compo...

Страница 15: ...XS 3350SR Gigabit Layer 3 Switch Section 1 Introduction Gigabit Ethernet Switch Description Ports Front Panel Components LED Indicators Side Panel Description Rear Panel Description Gigabit Combo Ports 6 ...

Страница 16: ...S 3350SR is equipped with 48 10 100 1000 ports which are to be used with a straight or crossover cable in order to uplink various other networking devices These 48 UTP ports support half or full duplex transmissions and have auto negotiation In addition the Switch has 4 SFP Small Form Factor Portable combo ports which are to be used with fibre optical transceiver cabling in order to uplink various...

Страница 17: ...n full duplex compliant IEEE 802 3u compliant IEEE 802 3ab compliant IEEE 802 3ae compliant for optional XFP module IEEE 802 1p Priority Queues IEEE 802 3ad Link Aggregation Control Protocol support IEEE 802 1x Port based and MAC based Access Control IEEE 802 1Q VLAN IEEE 802 1D Spanning Tree IEEE 802 1W Rapid Spanning Tree and IEEE 802 1s Multiple Spanning Tree support Stacking support in either ...

Страница 18: ...and managing the Switch via a connection to a console terminal or PC using a terminal emulation program NOTE For customers interested in D View D Link Corporation s proprietary SNMP management software go to the D Link Website www dlink com cn and download the software and manual Installing the SFP ports The Switch is equipped with 4 SFP Small Form Factor Portable ports which are to be used with f...

Страница 19: ...ack Console This LED should blink during the Power On Self Test POST When the POST is finished successfully the LED goes dark This indicator will light solid green when the Switch is being logged into via out of band local console management through the RS 232 console port in the front of the Switch using a straight through serial cable This LED will light solid amber if the Power On Self Test has...

Страница 20: ...ts power setting to any supply voltage in the range from 100 240 VAC at 50 60 Hz The rear panel also includes an outlet for an optional external power supply When power fails the optional external RPS will take over all the power immediately and automatically Side Panel Description The right hand side panel of the Switch contains 3 system fans while the left hand panel includes 2 heat vents The sy...

Страница 21: ...it Layer 3 Switch SECTION 2 Installation Package Contents Before You Connect to the Network Installing the Switch Without the Rack Installing the Switch In a Rack The Optional Module External Redundant Power System 12 ...

Страница 22: ...he Switch Install the Switch on a sturdy level surface that can support at least 6 6 lb 3 kg of weight Do not place heavy objects on the Switch The power outlet should be within 1 82 meters 6 feet of the Switch Visually inspect the power cord and see that it is fully secured to the AC power port Make sure that there is proper heat dissipation from and adequate ventilation around the Switch Leave a...

Страница 23: ...ace between the Switch and any other objects in the vicinity Figure 2 1 Prepare Switch for installation on a desktop or shelf Installing the Switch in a Rack The Switch can be mounted in a standard 19 rack Use the following diagrams to guide you Figure 2 2 Fasten mounting brackets to Switch Fasten the mounting brackets to the Switch using the screws provided With the brackets attached securely you...

Страница 24: ... of the DXS 3350SR resides an optional module slot This slot may be equipped with a 2 port 10GE XFP Uplink Module sold separately Adding the DEM 420X optional module will allow the administrator to add 2 fibre optic ports which will transmit information at a rate of 10 gigabits a second These two ports are compliant with standard IEEE 802 3ae support full duplex transmissions only and can be used ...

Страница 25: ... following figure Figure 2 5 Front Panel of the DEM 420X Take the module and gently slide it in to the available slot at the rear of the Switch until it reaches the back as shown in the following figure At the back of the slot are two sets of plugs that must be connected to the module Gently but firmly push in on the module to secure it to the Switch The module should fit snugly into the correspon...

Страница 26: ...he DPS 500 documentation for more information The Switch supports using the DPS 500 external redundant power system Figure 2 8 The DXS 3350SR with the DPS 500 Redundant External Power Supply CAUTION Do not use the Switch with any redundant power system other than the DPS 500 17 ...

Страница 27: ...DXS 3350SR Gigabit Layer 3 Switch Figure 2 9 The DXS 3350SR with the DPS 900 chassis and DPS 500 Redundant Power Supply 18 ...

Страница 28: ...DXS 3350SR Gigabit Layer 3 Switch Section 3 Connecting The Switch Switch To End Node Switch To Hub or Switch Connecting To Network Backbone or Server Stacking and the DXS 3350SR 19 ...

Страница 29: ...onnected to the Switch via a twisted pair UTP STP cable The end node should be connected to any of the 48 1000BASE T ports of the Switch Figure 3 1 Switch connected to an end node The Link Act LEDs for each UTP port will light green when the link is valid A blinking LED indicates packet activity on that port NOTE All 48 high performance NWay Ethernet ports can support both MDI II and MDI X connect...

Страница 30: ...TX hub or Switch can be connected to the Switch via a twisted pair Category 5 UTP STP cable A 1000BASE T Switch can be connected to the Switch via a twisted pair Category 5e UTP STP cable A Switch supporting a fiber optic uplink can be connected to the Switch s SFP ports via fibre optic cabling Figure 3 2 Switch connected to a port on a Switch using either a straight or crossover cable Figure 3 3 ...

Страница 31: ... ports operate at a speed of 1000 100 or 10Mbps in full or half duplex mode The fiber optic ports can operate at 1000Mbps in full duplex mode only Connections to the Gigabit Ethernet ports are made using fiber optic cable or Category 5e copper cable depending on the type of port A valid connection is indicated when the Link LED is lit Figure 3 4 Uplink Connection to a server PC or Switch stack 22 ...

Страница 32: ...ssible These two stacking ports have corresponding LEDs at the front of the Switch labeled SIO 1 and SIO 2 and will light solid green whenever the port is in use The seven segment LED Stack ID to the left of the SIO LEDs on the front of the Switch will display the Stack ID number of the Switch in a Switch stack Figure 3 6 Stacking LEDs at the front of the DXS 3350SR The Switch can be stacked in a ...

Страница 33: ...acking the in a ring architecture both SIO ports will be in use as shown in the following diagram Up to eight DXS 3350SR Switches may be stacked together in the ring architecture Switch stack though there are limitations on stacking which will be discussed in the following section 24 ...

Страница 34: ... Figure 3 8 Stacking in a Ring Architecture NOTICE Do not connect the stacked Switch group to the network until you have properly configured all Switches for stacking An improperly configured Switch stack can cause a broadcast storm 25 ...

Страница 35: ...t while others are 4 and the 10G uplink ports have a Token Cost of 2 The maximum accumulated Token Cost in a given stack must be less than 32 There is an additional limitation in that a maximum of 12 Switch boxes can be included in a given Switch stack using a ring topology In order to make the task of determining if a given set of Switches from the table below can be successfully stacked use the ...

Страница 36: ...ation above using a Token Cost of 6 for each DXS 3350SR Switch To calculate the maximum number of DXS 3350SR Switches with a 10G uplink port in the ring stack use the following formula Token Cost Number of Switches 32 6 Number of Switches 32 Number of Switches 32 6 Number of Switches 5 In this case a maximum of five DXS 3350SR Switches where all of these Switches have a 10G uplink can be ring stac...

Страница 37: ... 12 and our token cost becomes 32 2 2 2 2 24 32 32 Success Stacking In a Star Topology In this case the DGS 3324SRi is the Master Switch in a star topology And up to 6 slave Switches can be stacked with Master Stackable Switch Check the following examples as a reference guide For examples we can Make a star stack consisting of 1 DGS 3324SRi Master 6 DXS 3350SRs no modules Our Switch count would eq...

Страница 38: ... Web based Management Interface SNMP Based Management Managing User Accounts Command Line Console Interface Through The Serial Port Connecting the Console Port RS 232 DCE First Time Connecting to The Switch Password Protection SNMP Settings IP Address Assignment Connecting Devices to the Switch 29 ...

Страница 39: ... a data terminal equipment DTE connection To use the console port you need the following equipment A terminal or a computer with both a serial port and the ability to emulate a terminal A null modem or crossover RS 232 cable with a female DB 9 connector for the console port on the Switch To connect a terminal to the console port 1 Connect the female connector of the RS 232 cable directly to the co...

Страница 40: ...r close the emulator program Make sure the terminal or PC you are using to make this connection is configured to match these settings If you are having problems making this connection on a PC make sure the emulation is set to VT 100 You will be able to set the emulation by clicking on the File menu in you HyperTerminal window clicking on Properties in the drop down menu and then clicking the Setti...

Страница 41: ...resented with the first login screen pictured above NOTE Press Ctrl R to refresh the screen This command can be used at any time to force the console program in the Switch to refresh the console screen Press Enter in both the Username and Password fields You will be given access to the command prompt DXS 3350SR 4 shown below There is no initial username or password Leave the Username and Password ...

Страница 42: ...tor account being created and press the Enter key You will be prompted to enter the same password again to verify it Type the same password and press the Enter key Successful creation of the new administrator account will be verified by a Success message NOTE Passwords are case sensitive User names and passwords can be up to 15 characters in length The sample below illustrates a successful creatio...

Страница 43: ...nto two parts The first part is to maintain a list of users and their attributes that are allowed to act as SNMP managers The second part describes what each user on that list can do as an SNMP manager The Switch allows groups of users to be listed and configured with a shared set of privileges The SNMP version may also be set for a listed group of SNMP managers Thus you may create a group of SNMP...

Страница 44: ...efore it can be managed with the Web based manager The Switch IP address can be automatically set using BOOTP or DHCP protocols in which case the actual address assigned to the Switch must be known The IP address may be set using the Command Line Interface CLI over the console serial port as follows Starting at the command line prompt enter the commands config ipif System ipaddress xxx xxx xxx xxx...

Страница 45: ...he Web based management Connecting Devices to the Switch After you assign IP addresses to the Switch you can connect devices to the Switch To connect a device to an SFP transceiver port Use your cabling requirements to select an appropriate SFP transceiver type Insert the SFP transceiver sold separately into the SFP transceiver slot Use the appropriate network cabling to connect a device to the co...

Страница 46: ... 3 Switch Section 5 Web based Switch Configuration Introduction Login To Web manager Web Based User Interface Basic Setup Reboot Basic Switch Setup Network Management Switch Utilities Network Monitoring IGMP Snooping Status 37 ...

Страница 47: ...anagement are the same as those found in the console program Login to Web Manager To begin managing your Switch simply run the browser you have installed on your computer and point it to the IP address you have defined for the device The URL in the address bar should read something like http 123 123 123 123 where the numbers 123 represent the IP address of the Switch NOTE The Factory default IP ad...

Страница 48: ...and management screens allows you to view performance statistics and permits you to graphically monitor the system status Areas of the User Interface The figure below shows the user interface The user interface is divided into 3 distinct areas as described in the table Area 2 Area 1 Area 3 Figure 5 3 Main Web Manager Screen 39 ...

Страница 49: ...n of the main folders available in the web interface Configurations Contains screens concerning configurations for IP Address Switch Information Advanced Settings Port Configuration IGMP Spanning Tree Forwarding Filtering VLANs Port Bandwidth SNTP Settings Port Security QoS MAC Notification LACP Access Profile Table System Log Servers PAE Access Entity and Layer 3 IP Networking Security Management...

Страница 50: ...P Address Advanced Settings Port Configuration Port Description Port Mirroring Link Aggregation LACP Port Setting MAC Notification IGMP Spanning Tree Forward Filtering VLANs Port Security QoS System Log Servers SNTP Settings Access Profile Table PAE Access Entity Layer 3 IP Networking 41 ...

Страница 51: ... the Configuration menu Figure 6 1 Switch Information Basic Settings menu The Switch Information window shows the Switch s MAC Address assigned by the factory and unchangeable the Boot PROM Firmware Version and Hardware Version This information is helpful to keep track of PROM and firmware updates and to obtain the Switch s MAC address for entry into another network device s address table if neces...

Страница 52: ...sk 3 If you want to access the Switch from a different subnet from the one it is installed on enter the IP address of the Default Gateway If you will manage the Switch from the subnet on which it is installed you can leave the default address 0 0 0 0 in this field 4 If no VLANs have been previously configured on the Switch you can use the default VLAN Name The default VLAN contains all of the Swit...

Страница 53: ... a Class A network 255 255 0 0 for a Class B network and 255 255 255 0 for a Class C network but custom subnet masks are allowed Default Gateway IP address that determines where packets with a destination address outside the current subnet should be sent This is usually the address of a router or a host acting as an IP gateway If your network is not part of an intranet or you do not want the Switc...

Страница 54: ...P address to be assigned to the IP interface named System and the y s represent the corresponding subnet mask Alternatively you can enter config ipif System ipaddress xxx xxx xxx xxx z Where the x s represent the IP address to be assigned to the IP interface named System and the z represents the corresponding number of subnets in CIDR notation The IP interface named System on the Switch can be ass...

Страница 55: ...CP ports are numbered between 1 and 65535 The well known TCP port for the Telnet protocol is 23 Web Status Web based management is Enabled by default If you choose to disable this by select ing Disabled you will lose the ability to configure the system through the web interface as soon as these settings are applied Web TCP Port Number The TCP port number currently being utilized by the Switch to c...

Страница 56: ...x Information Configuration Parameter Description Current Box ID The current Box ID of the Master Switch in the stack New Box ID The new box ID of the Master Switch in the stack Box Type The user may choose the model name of the Master Switch in a stack to be the main configuring Switch of that stack Priority Displays the priority ID of the Switch The lower the number the higher the priority The b...

Страница 57: ...and flow control Clicking on Port Configurations in the Configuration menu will display the following window for the user Figure 6 5 Port Configuration and The Port Information Table NOTE The example menus that appear in this user manual may be cropped for space considerations For example the Port Configuration menu that above displays 37 ports while the actual menu lists all 50 ports 48 ...

Страница 58: ...tomatically determine the fastest settings the device the port is connected to can handle and then to use those settings The other options are Auto 10M Half 10M Full 100M Half and 100M Full There is no automatic adjustment of port settings with any option other than Auto Flow Control Displays the flow control scheme used for the various port configurations Ports configured for full duplex use 802 ...

Страница 59: ...ous ports 1 Click the Port Description on the Configuration menu 2 Select the Unit in the stack you want to configure 3 Use the From and To pull down menu to choose a port or range of ports to describe and then enter a description of the port s 4 Click Apply to set the descriptions in the Port Description Table Figure 6 6 Port Description Setting and Port Description Table 50 ...

Страница 60: ...he stack you want to configure 2 Select the Source Port from where you want to copy frames and the Target Port which receives the copies from the source port 3 Select the Source Direction Ingress Egress or Both and change the Status drop down menu to Enabled 4 Click Apply to let the changes take effect NOTE You cannot mirror a fast port onto a slower port For example if you try to mirror the traff...

Страница 61: ...p default priority configurations must be identical Port locking port mirroring and 802 1X must not be enabled on the trunk group Further the aggregated links must all be of the same speed and should be configured as full duplex The Master Port of the group is to be configured by the user and all configuration options including the VLAN configuration that can be applied to the Master Port are appl...

Страница 62: ...DXS 3350SR Gigabit Layer 3 Switch Figure 6 9 Link Aggregation Settings window Add Figure 6 10 Link Aggregation Group Configuration window Modify 53 ...

Страница 63: ...ull down menu Unit Select the unit in the stack you want to configure Member Ports Choose the members of a trunked group Up to 8 ports per group can be assigned to a group Flooding Port A trunking group must designate one port to allow transmission of broadcasts and unknown unicasts Active Port Shows the port that is currently forwarding packets Type This pull down menu allows you to select betwee...

Страница 64: ...pable of processing and sending LACP control frames This allows LACP compliant devices to negotiate the aggregated link so the group may be changed dynamically as needs require In order to utilize the ability to change an aggregated port group that is to add or subtract ports from the group at least one of the participating devices must designate LACP ports as active Both devices must support LACP...

Страница 65: ... by opening the MAC Notification folder and clicking the MAC Notification Global Settings link Figure 6 12 MAC Notification Global Setting window The following parameters may be modified Parameter Description State Enable or disable MAC notification globally on the Switch Interval sec The time in seconds between notifications History size The maximum number of entries listed in the history log use...

Страница 66: ... the following screen Figure 6 13 MAC Notification Port Settings and Port State Table The following parameters may be set Parameter Description Unit Select the unit in the stack you want to configure From To Select a port or group of ports to enable for MAC notification using the pull down menus State Enable MAC Notification for the ports selected using the pull down menu Click Apply to implement ...

Страница 67: ...oping link in the Configuration folder When enabled for IGMP snooping the Switch can open or close a port to a specific multicast group member based on IGMP messages sent from the device to the IGMP host or vice versa The Switch monitors IGMP messages and discontinues forwarding multicast packets when there are no longer hosts requesting that they continue IGMP Snooping Use the Current IGMP Snoopi...

Страница 68: ...ds a route is kept in the forwarding table without receiving a membership report Default 260 Leave Timer This specifies the maximum amount of time in seconds between the Switch receiving a leave group message from a host and the Switch issuing a group membership query If no response to the membership query is received before the Leave Timer expires the multicast forwarding entry for that host is d...

Страница 69: ...e To modify an entry click the Modify button This will open the Static Router Ports Settings page as shown below Figure 6 17 Static Router Ports Settings window The following parameters can be set Parameter Description VID VLAN ID This is the VLAN ID that along with the VLAN Name identifies the VLAN where the multicast router is attached VLAN Name This is the name of the VLAN where the multicast r...

Страница 70: ...STP on a network will have a single MSTP configuration that will have the following three attributes 1 A configuration name defined by an alphanumeric string of up to 32 characters defined in the STP Bridge Global Settings window in the Configuration Name field 2 A configuration revision number named here as a Revision Level and found in the STP Bridge Global Settings window and 3 A 4096 element t...

Страница 71: ... of a more rapid transition to a forwarding state it no longer relies on timer configurations RSTP compliant bridges are sensitive to feedback from other RSTP compliant bridge links Ports do not need to wait for the topology to stabilize before transitioning to a forwarding state In order to allow this rapid transition the protocol introduces two new variables the edge port and the point to point ...

Страница 72: ...figuration menu and click the STP Bridge Global Settings link Figure 6 18 STP Bridge Global Settings NOTE The Hello Time cannot be longer than the Max Age Otherwise a configuration error will occur Observe the following formulas when setting the above parameters Max Age 2 x Forward Delay 1 second Max Age 2 x Hello Time 1 second 63 ...

Страница 73: ...w information Set by the Root Bridge this value will aid in determining that the Switch has spanning tree configuration values consistent with other devices on the bridged LAN If the value ages out and a BPDU has still not been received from the Root Bridge the Switch will start sending its own BPDU to all other Switches for permission to become the Root Bridge If it turns out that your Switch has...

Страница 74: ...ltiple Spanning Tree Instance If a configuration name is not set this field will show the MAC address to the device running MSTP This field can be set in the STP Bridge Global Settings window Revision Level This value along with the Configuration Name will identify the MSTP region con figured on the Switch This field can also be set in the STP Bridge Global Settings window MSTI ID This field shows...

Страница 75: ... for the CIST click on its hyperlinked name in the Current MST Configuration Identification window which will reveal the following window to configure Figure 6 21 Instance ID Settings modify CIST The user may configure the following parameters to configure the CIST on the Switch Parameter Description MSTI ID The MSTI ID of the CIST is 0 and cannot be altered Type The type of configuration about to...

Страница 76: ...d Select this parameter to add VIDs to the MSTI ID in conjunction with the VID List parameter Remove Select this parameter to remove VIDs from the MSTI ID in conjunction with the VID List parameter Delete Select this parameter to delete this MSTI ID Set Priority Only Select this parameter to set the priority for the MSTI ID This field is used in conjunction with the Priority field VID List 1 4094 ...

Страница 77: ...r a particular MSTI Instance click on its hyperlinked MSTI ID which will reveal the following window Figure 6 24 MSTI Settings window Parameter Description Instance ID 0 Displays the MSTI ID of the instance being configured An entry of 0 in this field denotes the CIST default MSTI Internal cost 0 Auto 200000 This parameter is set to represent the relative cost of forwarding packets to specified po...

Страница 78: ...y to the desired value 0 61440 and click Apply to implement changes made Parameter Description Instance Type A MSTI ID classifies each instance type CIST refers to the default MSTI configuration set on the Switch Click the hyperlink to change the Priority setting for a listed Instance Type Instance Status The current status of the corresponding MSTI ID is listed in the STP Intance Table Instance P...

Страница 79: ...use the Switch level parameters entered above with the addition of Port Priority and Port Cost An STP Group spanning tree works in the same way as the Switch level spanning tree but the root bridge concept is replaced with a root port concept A root port is a port of the group that is elected based on port priority and port cost to be the connection to the network for the group Redundant links wil...

Страница 80: ...d for MSTP the port is capable of migrating from 802 1d STP to 802 1s MSTP RSTP and MSTP can coexist with standard STP however the benefits of RSTP and MSTP are not realized on a port where an 802 1d network connects to an 802 1w or 802 1s enabled network Migration should be set as yes on ports connected to network stations or segments that are capable of being upgraded to 802 1w RSTP or 802 1s MS...

Страница 81: ...D number of the VLAN on which the above Unicast MAC address resides MAC Address The MAC address associated with packets that are statically forwarded Any packets from this MAC address that are not received on the selected port are forwarded to the selected port This must be a unicast MAC address Unit Select the unit in the stack containing the port to which packets associated with the MAC address ...

Страница 82: ...ticast Forwarding Table The following parameters can be set Parameter Description Unit Select the unit in the stack you want to configure VID The VLAN ID of the VLAN the corresponding MAC address belongs to Multicast MAC Address The MAC address of the static source of multicast packets This must be a multicast MAC address Port Settings Allows the selection of ports that will be members of the stat...

Страница 83: ...und robin system is employed on the Switch to determine the rate at which the queues are emptied of packets The ratio used for clearing the queues is 4 1 This means that the highest priority queue Queue 1 will clear 4 packets for every 1 packet cleared from Queue 0 Remember the priority queue settings on the Switch are for all ports and all devices connected to the Switch will be affected This pri...

Страница 84: ...can also provide a level of security to your network IEEE 802 1Q VLANs will only deliver packets between stations that are members of the VLAN Any port can be configured as either tagging or untagging The untagging feature of IEEE 802 1Q VLANs allows VLANs to work with legacy Switches that don t recognize VLAN tags in packet headers The tagging feature allows VLANs to span multiple 802 1Q complian...

Страница 85: ...d in the following two octets and consists of 3 bits of user priority 1 bit of Canonical Format Identifier CFI used for encapsulating Token Ring packets so they can be carried across Ethernet backbones and 12 bits of VLAN ID VID The 3 bits of user priority are used by 802 1p The VID is the VLAN identifier and is used by the 802 1Q standard Because the VID is 12 bits long 4094 unique VLANs can be i...

Страница 86: ...N identification based upon the PVIDs cannot create VLANs that extend outside a given Switch or Switch stack Every physical port on a Switch has a PVID 802 1Q ports are also assigned a PVID for use within the Switch If no VLANs are defined on the Switch all ports are then assigned to a default VLAN with a PVID equal to 1 Untagged packets are assigned the PVID of the port on which they were receive...

Страница 87: ...nation port is a member of the 802 1Q VLAN If it is not the packet is dropped If the destination port is a member of the 802 1Q VLAN the packet is forwarded and the destination port transmits it to its attached network segment If the packet is not tagged with VLAN information the ingress port will tag the packet with its own PVID as a VID if the port is a tagging port The Switch then determines if...

Страница 88: ...e packet will be dropped by the Switch and will not reach its destination If Port 10 is a member of VLAN 2 the packet will go through This selective forwarding feature based on VLAN criteria is how VLANs segment networks The key point being that Port 1 will only transmit on VLAN 2 Network resources such as printers and servers however can be shared across VLANs This is achieved by setting up overl...

Страница 89: ...the 802 1Q Static VLANs menu A new menu will appear as shown below to configure the port settings and to assign a unique name and number to the new VLAN See the table below for a description of the parameters in the new menu Figure 6 35 802 1Q Static VLANs Add To return to the Current 802 1Q Static VLANs Entries window click the Show All Static VLAN Entries link To change an existing 802 1Q VLAN e...

Страница 90: ...will allow the Switch to send out GVRP packets to outside sources notifying that they may join the existing VLAN Port Settings Allows an individual port to be specified as member of a VLAN Tag Specifies the port as either 802 1Q tagging or 802 1Q untagged Checking the box will designate the port as Tagged None Allows an individual port to be specified as a non VLAN member Egress Select this to spe...

Страница 91: ...ther the Switch will share its VLAN configuration information with other GARP VLAN Registration Protocol GVRP enabled Switches In addition Ingress Checking can be used to limit traffic by filtering incoming packets whose PVID does not match the PVID of the port Results can be seen in the table under the configuration settings as seen below Figure 6 37 GVRP Settings configuration and table 82 ...

Страница 92: ...cket arrives at its destination the receiving device will use the PVID to make VLAN forwarding decisions If a packet is received by the port and Ingress filtering is enabled the port will compare the VID of the incoming packet to its PVID If the two are unequal the port will drop the packet If the two are equal the port will receive the packet GVRP The Group VLAN Registration Protocol GVRP enables...

Страница 93: ...e or disable the traffic controls Broadcast Storm Multicast Storm and Destination Lookup Failure DLF may be Enabled or Disabled for any port When a traffic control is enabled on a port a counter tracks the number of Broadcast Multicast or DLF packets forwarded each second through the port If the number of packets exceeds the threshold value Multicast Braodcast or DLF packets will be dropped until ...

Страница 94: ...meters can be set Parameter Description From To A consecutive group of ports may be configured starting with the selected port Admin State This pull down menu allows you to enable or disable Port Security locked MAC address table for the selected ports Max Learning Addr 0 64 The number of MAC addresses that will be in the MAC address forwarding table for the selected Switch and group of ports Lock...

Страница 95: ...s Figure 6 40 Port Lock Entries Table This function is only operable if the Mode in the Port Security window is selected as Permanent or in other words only addresses that are permanently learned by the Switch can be deleted Once the entry has been defined by entering the correct information into the window above click the under the Delete heading of the corresponding MAC address to be deleted Cli...

Страница 96: ...he Switch MAC Address The MAC address of the entry in the forwarding database table that has been permanaently learned by the Switch Unit The ID number of the Switch in the switch stack that has permanaently learned the MAC address Port The ID number of the port that has permanaently learned the MAC address Type The type of MAC address in the forwarding database table Only entries marked Secured_P...

Страница 97: ...icture above shows the default priority setting for the Switch Class 6 has the highest priority of the eight priority queues on the Switch In order to implement QoS the user is required to instruct the Switch to examine the header of a packet to see if it has the proper identifying tag tagged Then the user may forward these tagged packets to designated queues on the Switch where they will be empti...

Страница 98: ...y transmitted For weighted round robin queuing the number of packets sent from each priority queue depends upon the assigned weight For a configuration of eight CoS queues A H with their respective weight value 8 1 the packets are sent in the following sequence A1 B1 C1 D1 E1 F1 G1 H1 A2 B2 C2 D2 E2 F2 G2 A3 B3 C3 D3 E3 F3 A4 B4 C4 D4 E4 A5 B5 C5 D5 A6 B6 C6 A7 B7 A8 A1 B1 C1 D1 E1 F1 G1 H1 For we...

Страница 99: ...red starting with the selected port Type This drop down menu allows you to select between RX receive TX transmit and Both This setting will determine whether the bandwidth ceiling is applied to receiving transmitting or both receiving and transmitting packets no_limit This drop down menu allows you to specify that the selected port will have no bandwidth limit Enabled disables the limit Rate This ...

Страница 100: ...echanism to view the window shown below Figure 6 43 Scheduling Mechanism Configuration window The Scheduling Mechanism has the following parameters Parameter Description Strict The highest queue is the first to process traffic That is the highest queue will finish before other queues empty Weight fair Use the weighted round robin WRR algorithm to handle packets in an even distribution in priority ...

Страница 101: ...le In the Configuration folder open the QoS folder and click QoS Output Scheduling to view the screen shown below Figure 6 44 QoS Output Scheduling Configuration window You may assign the following values to the QoS classes to set the scheduling Parameter Description Max Packets Specifies the maximum number of packets the above specified hardware priority queue will be allowed to transmit before a...

Страница 102: ...ll automatically begin forwarding packets until it is empty Once a priority queue with a 0 in its Max Packet field is empty the remaining priority queues will reset the weighted round robin WRR cycle of forwarding packets starting with the highest available priority queue Priority queues with an equal level of priority and equal entries in their Max Packet field will empty their fields based on ha...

Страница 103: ...guration folder open the QoS folder and click 802 1p Default Priority to view the screen shown below Figure 6 46 802 1p Default Priority window This page allows you to assign a default 802 1p priority to any given port on the Switch The priority queues are numbered from 0 the lowest priority to 7 the highest priority Click Apply to implement your settings 94 ...

Страница 104: ...iorities In the Configuration folder open the QoS folder and click 802 1p User Priority to view the screen shown below Figure 6 47 QoS Class of Traffic window Once you have assigned a priority to the port groups on the Switch you can then assign this Class to each of the 8 levels of 802 1p priorities Click Apply to set your changes 95 ...

Страница 105: ...ictive Any port can be configured to forward traffic to only the selected ports In the Configuration folder open the QoS folder and click Traffic Segmentation to view the menu shown below Figure 6 48 Traffic Segmentation Setting and Traffic Segmentation Table Select the Unit and Port on which you will configure traffic segmentation and click the Setup button The Setup Forwarding Ports menu appears...

Страница 106: ... receive packets from the port specified above Clicking the Apply button will enter the combination of transmitting port and allowed receiving ports into the Switch s Traffic Segmentation Table System Log Server The Switch can send Syslog messages to up to four designated servers using the System Log Server In the Configuration folder click System Log Server to view the screen shown below Figure 6...

Страница 107: ... kernel messages 1 user level messages 2 mail system 3 system daemons 4 security authorization messages 5 messages generated internally by syslog line printer subsystem 7 network news subsystem 8 UUCP subsystem 9 clock daemon 10 security authorization messages 11 FTP daemon 12 NTP subsystem 13 log audit 14 log alert 15 clock daemon 16 local use 0 local0 17 local use 1 local1 18 local use 2 local2 ...

Страница 108: ...urrent Time Settings To configure the time settings for the Switch open the Configuration folder then the SNTP folder and click on the Current Time Setting link revealing the following screen for the user to configure Figure 6 52 Time Settings Page 99 ...

Страница 109: ...ary server the SNTP information will be taken from SNTP Secondary Server This is the IP address of the secondary server the SNTP information will be taken from SNTP Poll Interval in Seconds 30 99999 This is the interval in seconds between requests for updated SNTP information Current Time Set Current Time Year Enter the current year if you want to update the system clock Month Enter the current mo...

Страница 110: ...lowing are screens used to configure time zones and Daylight Savings time settings for SNTP Open the Configuration folder then the SNTP folder and click on the Time Zone and DST link revealing the following screen Figure 6 53 Time Zone and DST Settings Page 101 ...

Страница 111: ...ll start From Day of Week Enter the day of the week that DST will start on From Month Enter the month DST will start on From time in HH MM Enter the time of day that DST will start on To Which Day Enter the week of the month the DST will end To Day of Week Enter the day of the week that DST will end To Month Enter the month that DST will end To time in HH MM Enter the time DST will end DST Annual ...

Страница 112: ... process is described below in two parts To display the currently configured Access Profiles on the Switch open the Configuration folder and click on the Access Profile Table link This will open the Access Profile Table page as shown below Figure 6 54 Access Profile Table To add an entry to the Access Profile Table click the Add button This will open the Access Profile Configuration page as shown ...

Страница 113: ...LAN Selecting this option instructs the Switch to examine the VLAN identifier of each packet header and use this as the full or partial criterion for forwarding Source Mac Source MAC Mask Enter a MAC address mask for the source MAC address Destination Mac Destination MAC Mask Enter a MAC address mask for the destination MAC address 802 1p Selecting this option instructs the Switch to examine the 8...

Страница 114: ...DXS 3350SR Gigabit Layer 3 Switch Figure 6 56 Access Profile Configuration IP 105 ...

Страница 115: ...witch to examine the Internet Group Management Protocol IGMP field in each frame s header Select Type to further specify that the access profile will apply an IGMP type value Select TCP to use the TCP port number contained in an incoming packet as the forwarding criterion Selecting TCP requires that you specify a source port mask and or a destination port mask The user may also identify which flag...

Страница 116: ...DXS 3350SR Gigabit Layer 3 Switch The page shown below is the Packet Content Mask configuration window Figure 6 57 Access Profile Configuration menu Packet Content Mask 107 ...

Страница 117: ...t to the 16th byte value 16 31 Enter a value in hex form to mask the packet from byte 16 to byte 31 value 32 47 Enter a value in hex form to mask the packet from byte 32 to byte 47 value 48 63 Enter a value in hex form to mask the packet from byte 48 to byte 63 value 64 79 Enter a value in hex form to mask the packet from byte 64 to byte 79 Port The user may set the Access Profile Table on a per p...

Страница 118: ...DXS 3350SR Gigabit Layer 3 Switch Figure 6 59 Access Rule Configuration window IP window 109 ...

Страница 119: ...criteria applies in the Switch only to the specified value Otherwise a packet will have its incoming 802 1p user priority re written to its original value before being transmitted Replace Dscp 0 63 Select this option to instruct the Switch to replace the DSCP value in a packet that meets the selected criteria with the value entered in the adjacent field Vlan Name Allows the entry of a name for a p...

Страница 120: ... open the Access Profile Table figure 6 52 and click Modify for an Ethernet entry This will open the following screen Figure 6 61 Access Rule Table To remove a previously created rule select it and click the button To add a new Access Rule click the Add button Figure 6 62 Access Rule Configuration window Ethernet 111 ...

Страница 121: ...ing 802 1p user priority re written to its original value before being transmitted Replace Priority with Check this option if you want to change the 802 1p user priority of a packet that meets the specified criteria will apply in the switch and over write the value in the 802 1p field of the packet if present with the specifed value Otherwise a packet will have its incoming 802 1p user priority re...

Страница 122: ...ss Rule for Packet Content Mask open the Access Profile Table figure 6 52 and click Modify for a Packet Content Mask entry This will open the following screen Figure 6 64 Access Rule Table To remove a previously created rule select it and click the button To add a new Access Rule click the Add button 113 ...

Страница 123: ...DXS 3350SR Gigabit Layer 3 Switch Figure 6 65 Access Rule Configuration Packet Content Mask 114 ...

Страница 124: ...eing transmitted Replace Priority Check this option if you want to change the 802 1p user priority of a packet that meets the specified criteria will apply in the switch and over write the value in the 802 1p field of the packet if present with the specifed value Otherwise a packet will have its incoming 802 1p user priority re written to its original value before being transmitted from the Switch...

Страница 125: ...DXS 3350SR Gigabit Layer 3 Switch Figure 6 66 Access Rule Display Packet Content 116 ...

Страница 126: ...Based Network Access Control 802 1X Client 802 1X Client 802 1X Client 802 1X Client 802 1X Client 802 1X Client 802 1X Client 802 1X Client 802 1X Client Network access controlled port Network access uncontrolled port RADIUS Server Ethernet Switch Figure 6 67 Example of Typical Port Based Configuration Once the connected device has successfully been authenticated the Port then becomes Authorized ...

Страница 127: ...lly make use of 802 1X in a shared media LAN segment it would be necessary to create logical Ports one for each attached device that required access to the LAN The Switch would regard the single physical Port connecting it to the shared media segment as consisting of a number of distinct logical Ports each logical Port being independently controlled from the point of view of EAPOL exchanges and au...

Страница 128: ... 1X Authenticator Settings click Port Access Entity Configure Authenticator Figure 6 69 first 802 1X Authenticator Settings window To configure the settings by port click on the hyperlinked port number under the Port heading which will display the following table to configure 119 ...

Страница 129: ...DXS 3350SR Gigabit Layer 3 Switch Figure 6 70 Second 802 1X Authenticator Settings menu 120 ...

Страница 130: ...s received The Switch then requests the identity of the client and begins relaying authentication messages between the client and the authentication server The default setting is Auto TxPeriod 30 This sets the TxPeriod of time for the authenticator PAE state machine This value determines the period of an EAP Request Identity packet transmitted to the client The default setting is 30 seconds QuietP...

Страница 131: ...sers This window will allow the user to set different local users on the Switch Figure 6 71 802 1X Local User Table Configuration window Enter a User Name Password and confirmation of that password Properly configured local users will be displayed in the 802 1x Local User Table in the lower half of the window 122 ...

Страница 132: ...ch 802 1x to either PortBase or MAC Base Port Capability Settings Click Port Access Entity PAE System Control Port Capability Settings to view the following window Figure 6 72 802 1x Capability Settings window To set up the Switch s 802 1x port based authentication select which unit and ports are to be configured in the Unit and From To fields Next enable the ports by selecting Authenticator from ...

Страница 133: ...role choices can be selected Authenticator A user must pass the authentication process to gain access to the network None The port is not controlled by the 802 1x functions Initialize Ports Existing 802 1x port settings are displayed and can be configured using the windows below Click Port Access Entity PAE System Control Initialize Port s to open the Initialize Port window Figure 6 73 Initialize ...

Страница 134: ...he Switch connected to the corresponding port if any Auth PAE State The Authenticator PAE State will display one of the following Initialize Discon nected Connecting Authenticating Authenticated Aborting Held ForceAuth ForceUnauth and N A Backend State The Backend Authentication State will display one of the following Request Response Success Fail Timeout Idle Initialize and N A Port Status The st...

Страница 135: ...te Port MAC Based window These windows display the following information Parameter Description Unit The unit where the reauthenticated port resides Port The port number of the reauthenticated port MAC Address Displays the physical address of the Switch where the port resides Auth State The Authenticator State will display one of the following Initialize Disconnected Connecting Authenticating Authe...

Страница 136: ...formation Parameter Description Succession RADIUS server settings index Radius Server Type in the IP address of the RADIUS server Authentic Port This is the UDP port on the RADIUS server that will be used to authenticate users The default is 1812 Accounting Port This is the UDP port on the RADIUS server that will be used to log authentication events The default is 1813 Key Type the shared secret k...

Страница 137: ...ng Parameter Description DVMRP State The user may globally enable or disable the Distance Vector Multicast Routing Protocol DVMRP function by using the pull down menu PIM DM State The user may globally enable or disable the Protocol Independent Multicast Dense Mode PIM DM function by using the pull down menu RIP State The user may globally enable or disable the Routing Information Protocol RIP fun...

Страница 138: ...resses and 6 subnets Any IP address from the allowed range of IP addresses for each subnet can be chosen as an IP address for an IP interface on the Switch For this example we have chosen the next IP address above the network address for the IP interface s IP Address VLAN Name VID Network Number IP Address System default 1 10 32 0 0 10 32 0 1 Engineer 2 10 64 0 0 10 64 0 1 Marketing 3 10 96 0 0 10...

Страница 139: ...r Description Interface Name This field displays the name for the IP interface The default IP interface is named System IP Address This field allows the entry of an IP address to be assigned to this IP interface Subnet Mask This field allows the entry of a subnet mask to be applied to this IP interface VLAN Name This field allows the entry of the VLAN Name for the VLAN the IP interface belongs to ...

Страница 140: ...tion menu below To configure an MD5 Key click the MD5 Key link to open the following dialog box Figure 6 81 MD5 Key Table Configuration window The following fields can be set Parameter Description Key ID A number from 1 to 255 used to identify the MD5 Key Key A alphanumeric string of between 1 and 16 case sensitive characters used to generate the Message Digest which is in turn used to authenticat...

Страница 141: ...e following table lists the allowed values for the routing metrics and the types or forms of the routing information that will be redistributed Route Source Metric Type OSPF 0 to 16 All Internal External ExtType1 ExtType2 Inter E1 Inter E2 RIP 0 to 16777214 Type 1 Type 2 Static 0 to 16777214 Type 1 Type 2 Local 0 to 16777214 Type 1 Type 2 Route Redistribution Source table Entering the Type combina...

Страница 142: ...tion of one of six methods of calculating the metric value The user may choose between All Internal External ExtType1 ExtType2 Inter E1 Inter E2 See the table above for available metric value types for each source protocol Metric Allows the entry of an OSPF interface cost This is analogous to a Hop Count in the RIP routing protocol Click Apply to enter the new settings To delete an entry click the...

Страница 143: ...purposes and the next most reliable path is Static due to the fact that its has the next lowest value To set a higher reliability for a route change its value to a number less than the value of a route preference that has a greater reliability value using the New Route Preference Settings window command For example if the user wishes to make RIP the most reliable route the user can change its valu...

Страница 144: ... value between 1 and 999 to set the route preference for Static The lower the value the higher the chance the specified protocol will be chosen as the best path for routing packets The default value is 60 OSPF Inter 1 999 Enter a value between 1 and 999 to set the route preference for OSPF Inter The lower the value the higher the chance the specified protocol will be chosen as the best path for ro...

Страница 145: ...the IP address entered into the table Hops Represents the metric value of the IP interface entered into the table This field may read a number between 1 65535 for an OSPF setting and 1 16 for a RIP setting Protocol Represents the protocol used for the Routing Table entry of the IP interface This field may read OSPF RIP Static or Local Backup State Represents the Backup state that this IP interface...

Страница 146: ...e Primary and Backup entries cannot have the same Gateway Click Apply to implement the settings Click the Show All Static Default Route Entries link to return to the Static Default Routes Settings window Static ARP Table The Address Resolution Protocol ARP is a TCP IP protocol that converts IP addresses into physical addresses This table allows network managers to view define modify and delete ARP...

Страница 147: ...nce and stability A router will not replace a route with a newly learned one if the new route has the same hop count sometimes referred to as cost So learned routes are retained until a new route with a lower hop count is learned When learned routes are entered into the routing table a timer is started This timer is restarted every time this route is advertised If the route is not advertised for a...

Страница 148: ...d in router hops are entered in the Distance to Source Network and Distance to Destination Network fields RIP 1 Route Interpretation RIP was designed to be used with classed address schemes and does not include an explicit subnet mask An extension to version 1 does allow routers to exchange subnetted addresses but only if the subnet mask used by the network is the same as the subnet mask used by t...

Страница 149: ...etting window To enable RIP simply use the pull down menu select Enabled and click Apply Setting Up RIP RIP settings are configured for each IP interface on the Switch Click the RIP Interface Settings link in the RIP folder The menu appears in table form listing settings for IP interfaces currently on the Switch To configure RIP settings for an individual interface click on the hyperlinked Interfa...

Страница 150: ...nsmission of RIP packets RX Mode Disabled Toggle among Disabled v1 Only v2 Only and v1 or v2 This entry specifies which version of the RIP protocol will be used to interpret received RIP packets Disabled prevents the reception of RIP packets Authentication Toggle between Disabled and Enabled to specify that routers on the network should us the Password above to authenticate router table exchanges ...

Страница 151: ...formation changes the router generates a link state advertisement This advertisement is a specially formatted packet that contains information about all the link states on the router This link state advertisement is flooded to all router in the area Each router that receives the link state advertisement will store the advertisement and then forward a copy to other routers When the link state datab...

Страница 152: ...0 0 0 10 10 5 5 10 10 Figure 23 2 Constructing a Shortest Path Tree The diagram above shows the network from the viewpoint of Router A Router A can reach 192 213 11 0 through Router B with a cost of 10 5 15 Router A can reach 222 211 10 0 through Router C with a cost of 10 10 20 Router A can also reach 222 211 10 0 through Router B and Router D with a cost of 10 5 10 25 but the cost is higher than...

Страница 153: ...e of link state updates and the calculation of the shortest path tree are limited to the area that the router is connected to Routers that have connections to more than one area are called Border Routers BR The Border Routers have the responsibility of distributing necessary routing information and changes between areas Areas are specific to the router interface A router that has all of its interf...

Страница 154: ... Authentication A password or key can be configured on a per area basis Routers in the same area that participate in the routing domain must be configured with the same key This method is possibly vulnerable to passive attacks where a link analyzer is used to obtain the password The Backbone and Area 0 OSPF limits the number of link state updates required between routers by defining areas within w...

Страница 155: ...d for link state database updates Designated Router Election The election of the DR and BDR is accomplished using the Hello protocol The router with the highest OSPF priority on a given multi access segment will be com the DR for that segment In case of a tie the router with the highest Router ID wins The default OSPF priority is 1 A priority of zero indicates a router that can not be elected as t...

Страница 156: ...forward link state advertisements Link State Update packets for example flood advertisements throughout the OSPF routing domain OSPF packet header Hello packet Database Description packet Link State Request packet The Link State Update packet Link State Acknowledgment packet OSPF Packet Header Every OSPF packet is preceded by a common 24 byte header This header contains the information necessary f...

Страница 157: ...the 24 byte header Router ID The Router ID of the packet s source Area ID A 32 bit number identifying the area that this packet belongs to All OSPF packets are associated with a single area Packets traversing a virtual link are assigned the backbone Area ID of 0 0 0 0 Checksum A standard IP checksum that includes all of the packet s contents except for the 64 bit authentication field Authenticatio...

Страница 158: ...etwork Mask Hello Interval Options Router Priority Router Dead Interval Designated Router Backup Designated Router Neighbor Field Description Network Mask The network mask associated with this interface Options The optional capabilities supported by the router Hello Interval The number of seconds between this router s Hello packets Router Priority This router s Router Priority The Router Priority ...

Страница 159: ... set to 1 this indicates that the router is the master during the Database Exchange process A zero indicates the opposite DD Sequence Number User to sequence the collection of Database Description Packets The initial value indicated by the Initial bit being set should be unique The DD sequence number then increments until the complete database description has been sent The rest of the packet consi...

Страница 160: ...rom its origin Several link state advertisements may be included in a single packet Link State Update packets are multicast on those physical networks that support multicast broadcast In order to make the flooding procedure reliable flooded advertisements are acknowledged in Link State Acknowledgment packets If retransmission of certain advertisements is necessary the retransmitted advertisements ...

Страница 161: ...ate advertisement is described by its link state advertisement header It contains all the information required to uniquely identify both the advertisement and the advertisement s current instance Link State Advertisement Formats There are five distinct types of link state advertisements Each link state advertisement begins with a standard 20 byte link state advertisement header Succeeding sections...

Страница 162: ... the described portion of the routing domain Link State Type The type of the link state advertisement Each link state type has a separate advertisement format The link state type are as follows Type Description 1 Router Links Network Links Summary Link IP Network Summary Link ASBR AS External Link Link State ID This field identifies the portion of the internet environment that is being described b...

Страница 163: ...OS TOS 0 Metric TOS Metric TOS Metric Link ID Link Data 0 0 V B E In router links advertisements the Link State ID field is set to the router s OSPF Router ID The T bit is set in the advertisement s Option field if and only if the router is able to calculate a separate set of routes for each IP Type of Service TOS Router links advertisements are flooded throughout a single area only Field Descript...

Страница 164: ...ection it specifies the interface s MIB II ifIndex value For other link types it specifies the router s associated IP interface address This latter piece of information is needed during the routing table build process when calculating the IP address of the next hop No of TOS The number of different Type of Service TOS metrics given for this link not counting the required metric for TOS 0 If no add...

Страница 165: ... 3 link state advertisements are used when the destination is an IP network In this case the advertisement s Link State ID field is an IP network number When the destination is an AS boundary router a Type 4 advertisement is used and the Link State ID field is the AS boundary router s OSPF Router ID Other that the difference in the Link State ID field the format of Type 3 and 4 link state advertis...

Страница 166: ...ute exists to the destination When describing a default route the Link Stat ID is always set the Default Destination address 0 0 0 0 and the Network Mask is set to 0 0 0 0 The format of the AS External Link Advertisement is shown below Link State Age Options Link State ID Advertising Router Link State Sequence Number Link State Checksum Length Network Mask TOS Metric AS External Link Advertisement...

Страница 167: ...mat as an IP address xxx xxx xxx xxx that uniquely identifies the Switch in the OSPF domain It is common to assign the highest IP address assigned to the Switch router In this case it would be 10 255 255 255 but any unique 32 bit number will do If 0 0 0 0 is entered the highest IP address assigned to the Switch will become the OSPF Route ID Current Route ID Displays the OSPF Route ID currently in ...

Страница 168: ... 6 92 OSPF Area Settings window To add an OSPF Area to the table type a unique Area ID see below select the Type from the drop down menu For a Stub type choose Enabled or Disabled from the Stub Import Summary LSA drop down menu and determine the Stub Default Cost Click the Add Modify button to add the Area ID set to the table To remove an Area ID configuration set simply click the in the Delete co...

Страница 169: ...nto the area from other areas Stub Default Cost Displays the default cost for the route to the stub of between 0 and 65 535 The default is 0 OSPF Interface Configuration To set up OSPF interfaces click the OSPF Interface Settings link to view OSPF settings for existing IP interfaces If there are no IP interfaces configured besides the default System interface only the System interface settings wil...

Страница 170: ... Interval State Allows the OSPF interface to be disabled for the selected area without changing the configuration for that area Auth Type This field can be toggled between None Simple and MD5 using the space bar This allows a choice of authorization schemes for OSPF packets that may be exchanged over the OSPF routing domain None specifies no authorization Simple uses a simple password to determine...

Страница 171: ...ace configuration set to the table click the Add button A new menu appears see below To change an existing configuration click on the hyperlinked Transit Area ID for the set you want to change The menu to modify an existing set is the same as the menu used to add a new one To eliminate an existing configuration click the in the Delete column Figure 6 96 OSPF Virtual Interface Settings window The s...

Страница 172: ...it delay takes into account transmission and propagation delays This field is fixed at 1 second RetransInterval The number of seconds between link state advertisement retransmissions for adjacencies belonging to this virtual link This field is fixed at 5 seconds To return to the OSPF Virtual Interface Settings window click the Show All OSPF Virtual Link Entries link NOTE For OSPF to function prope...

Страница 173: ...OSPF Area ID for which the routing information will be aggregated This Area ID must be previously defined on the Switch Network Number Sometimes called the Network Address The 32 bit number in the form of an IP address that uniquely identifies the network that corresponds to the OSPF Area above Network Mask Enter the subnet Mask of the Network Number entered above Each address range is defined as ...

Страница 174: ...configuration you want to change and proceed to change the metric or area ID To eliminate an existing configuration click the in the Delete column for the configuration to be removed FFigure 6 100 OSPF Host Route Settings table Use the menu below to set up OSPF host routes Figure 6 101 Add Modify OSPF Host Route Settings Specify the host route settings and click the Apply button to add or change t...

Страница 175: ...on folder and then click on the DHCP BOOTP Relay Information link Figure 6 102 BOOTP DHCP Global Settings menu The following fields can be set Parameter Description BOOTP Relay Status Disabled This field can be toggled between Enabled and Disabled using the pull down menu It is used to enable or disable the BOOTP DHCP Relay service on the Switch The default is Disabled BOOTP Hops Count Limit 1 16 ...

Страница 176: ...ress The Domain Name System DNS servers are organized in a somewhat hierarchical fashion A single server often holds names for a single network which is connected to a root DNS server usually maintained by an ISP Domain Name Resolution The domain name system can be used by contacting the name servers one at a time or by asking the domain name system to do the complete name translation The client m...

Страница 177: ...ary domain name server DNS DNSR Cache Status Disabled This can be toggled between Disabled and Enabled This determines if a DNS cache will be enabled on the Switch DNS Static Table Status Disabled This field can be toggled using the pull down menu between Disabled and Enabled This determines if the static DNS table will be used or not Click Apply to implement the new settings DNS Relay Static Tabl...

Страница 178: ... the connection is kept alive regardless of the point of failure To configure VRRP for virtual routers on the Switch an IP interface must be present on the system and it must be a part of a VLAN VRRP IP interfaces may be assigned to every VLAN and therefore IP interface on the Switch VRRP routers within the same VRRP group must be consistent in configuration settings for this protocol to function ...

Страница 179: ... selected to compare VRRP packets received by a virtual router for authentication IP Authentication Header An MD5 message digest algorithm has been selected to compare VRRP packets received by a virtual router for authentication VRID Displays the virtual router ID set by the user This will uniquely identify the VRRP Interface on the network Display Click the button to display the settings for this...

Страница 180: ...riority set higher than the masters priority will set the backup router as the Master router A False entry will disable the backup router from becoming the Master router This setting must be consistent with all routers participating within the same VRRP group The default setting is True Critical IP Address Enter the IP address of the physical device that will provide the most direct route to the I...

Страница 181: ...t Layer 3 Switch To view the settings for a particular VRRP setting click the corresponding in the VRRP Interface Table of the entry which will display the following Figure 6 109 VRRP Interface Entry Display window 172 ...

Страница 182: ...ssible states include Initialize Master and Backup Admin State Displays the current state of the router Up will be displayed if the virtual router is enabled and Down if the virtual router is disabled Priority Displays the priority of the virtual router A higher priority will increase the probability that this router will become the Master router of the group A lower priority will increase the pro...

Страница 183: ...ponding hyperlink for that IP interface This will open another IGMP Interface Configuration window Figure 6 110 IGMP Interface Configuration Table Figure 6 111 IGMP Interface Configuration window This window allows the configuration of IGMP for each IP interface configured on the Switch IGMP can be configured as Version 1 or 2 by toggling the Version field using the pull down menu The length of ti...

Страница 184: ...ore sending an IGMP response report A value between 1 and 25 seconds can be entered with a default of 10 seconds Robustness Variable 1 255 2 A tuning variable to allow for subnetworks that are expected to lose a large number of packets A value between 1 and 255 can be entered with larger values being specified for subnetworks that are expected to lose larger numbers of packets Although a value of ...

Страница 185: ...enters the information into its tables and forwards the message If the message is not received on the shortest path back to the source the message is dropped Route cost is a relative number that is used by DVMRP to calculate which branches of a multicast delivery tree should be pruned The cost is relative to other costs assigned to other DVMRP routes throughout the network The higher the route cos...

Страница 186: ...lt is 35 seconds Probe Interval 1 65535 sec 10 This field allows an entry between 1 and 65 535 seconds and defines the interval between probes The default is 10 Metric 1 31 1 This field allows an entry between 1 and 31 and defines the route cost for the IP interface The DVMRP route cost is a relative number that represents the real cost of using this route in the construction of a multicast delive...

Страница 187: ...e may want to join a multicast delivery group at some point in the future the protocol periodically removes the prune information from its database and floods multicast messages to all interfaces on that branch The interval for removing prune information is the Join Prune Interval PIM DM Configuration To enable PIM DM globally on the Switch go to Configuration Layer 3 IP Networking IP Multicast Ro...

Страница 188: ...routers on the network The default is 30 seconds Join Prune Interval 1 18724 sec 60 This field allows an entry of between 1 and 18724 seconds This interval also determines the time interval the router uses to automatically remove prune information from a branch of a multicast delivery tree and begin to flood multicast messages to all branches of that delivery tree These two actions are equivalent ...

Страница 189: ...ntrol TACACS Secure Sockets Layer SSL Secure Shell SSH SNMP Manager The following section will aid the user in configuring security functions for the Switch The Switch includes various functions for security including TACACS Security IPs SSL SSH and SNMP all discussed in detail in the following section 180 ...

Страница 190: ...type in the IP address and click the Apply button User Accounts Use the User Accounts Management window to control user privileges To view existing User Accounts open the Security Management folder and click on the User Accounts link This will open the User Account Management page as shown below Figure 7 2 User Accounts Management Table To add a new user click on the Add button To modify or delete...

Страница 191: ...sers with Admin privileges may not be available to those with User privileges The following table summarizes the Admin and User privileges Management Admin User Configuration Yes Read Only Network Monitoring Yes Read Only Community Strings and Trap Stations Yes Read Only Update Firmware and Configuration Files Yes No System Utilities Yes No Factory Reset Yes No User Account Management Add Update D...

Страница 192: ...ver will not accept the username and password and the user is denied access to the Switch The server doesn t respond to the verification query At this point the Switch receives the timeout from the server and then moves to the next method of verification configured in the method list The Switch has four built in Authentication Server Groups one for each of the TACACS XTACACS TACACS and RADIUS prot...

Страница 193: ... on the Switch Response Timeout 0 255 This field will set the time the Switch will wait for a response of authentication from the user The user may set a time between 0 and 255 seconds The default set ting is 30 seconds User Attempts 1 255 This command will configure the maximum number of times the Switch will accept authentication attempts Users failing to be authenticated after the set amount of...

Страница 194: ...and Enable Method List for authentication for users utilizing the Console Command Line Interface application the Telnet application SSH and the WEB HTTP application Login Method List Using the pull down menu configure an application for normal login on the user level utilizing a previously configured method list The user may use the default Method List or other Method List configured by the user S...

Страница 195: ...n the Switch The Switch has three built in Authentication Server Groups that cannot be removed but can be modified To modify a particular group click its hyperlinked Group Name which will then display the following window Figure 7 8 Add a Server Host to Server Group tacacs window To add an Authentication Server Host to the list enter its IP address in the IP Address field choose the protocol assoc...

Страница 196: ...hen verify or deny the request and return the appropriate message to the Switch More than one authentication protocol can be run on the same physical server host but remember that TACACS XTACACS TACACS RADIUS are separate entities and are not compatible with each other The maximum supported number of server hosts is 16 To view the following window click Security Management Access Authentication Co...

Страница 197: ...the authentication protocol on a server host The default port number is 49 for TACACS XTACACS TACACS servers and 1813 for RADIUS servers but the user may set a unique port number for higher security Timeout 1 255 Enter the time in seconds the Switch will wait for the server host to reply to an authentication request The default value is 5 seconds Retransmit 1 255 Enter the value in the retransmit ...

Страница 198: ... the privilege level will be dependant on the local account privilege configured on the Switch Successful login using any of these techniques will give the user a User privilege only If the user wishes to upgrade his or her status to the administrator level the user must use the Enable Admin window in which the user must enter a previously configured password set by the administrator See the Enabl...

Страница 199: ...authentication to access the Switch Enable Method Lists The Enable Method Lists window is used to set up Method Lists to promote users with user level privileges to Administrator Admin level privileges using authentication methods on the Switch Once a user acquires normal user level privileges on the Switch he or she must be authenticated by a method on the Switch to gain administrator privileges ...

Страница 200: ...4 Enable Method List Settings window To delete an Enable Method List defined by the user click the under the Delete heading corresponding to the entry desired to be deleted To modify an Enable Method List click on its hyperlinked Method List Name To configure a Method List click the Add button Both actions will result in the same screen to configure Figure 7 15 Enable Method List Edit window Figur...

Страница 201: ...d using the TACACS protocol from a remote TACACS server server_group Adding a previously configured server group will require the user to be authenticated using a user defined server group previously configured on the Switch Local Enable Password This window will configure the locally enabled password for the Enable Admin command When a user chooses the local_enable method to promote user level pr...

Страница 202: ...itch or no authentication none Because XTACACS and TACACS do not support the enable function the user must create a special account on the server host which has the username enable and a password configured by the administrator that will support the enable function This function becomes inoperable when the authentication policy is disabled To view the following window click Security Management Acc...

Страница 203: ...een client and host for optimal use CBC Block Ciphers CBC refers to Cipher Block Chaining which means that a portion of the previously encrypted block of encrypted text is used in the encryption of the current block The Switch supports the 3DES EDE encryption code defined by the Data Encryption Standard DES to create the encrypted text 3 Hash Algorithm This part of the ciphersuite allows the user ...

Страница 204: ... Enter the path and the filename of the certificate file to download This file must have a der extension Ex c cert der Key File Name Enter the path and the filename of the key file to download This file must have a der extension Ex c pkey der Ciphersuite This screen will allow the user to enable SSL on the Switch and implement any one or combination of listed ciphersuites on the Switch A ciphersui...

Страница 205: ...D5 This ciphersuite combines the RSA key exchange stream cipher RC4 encryption with 128 bit keys and the MD5 Hash Algorithm Use the pull down menu to enable or disable this ciphersuite This field is Enabled by default RSA with 3DES EDE CBC SHA This ciphersuite combines the RSA key exchange CBC Block Cipher 3DES_EDE encryption and the SHA Hash Algorithm Use the pull down menu to enable or disable t...

Страница 206: ...in level User Account on the Switch including specifying a password This password is used to logon to the Switch once a secure communication path has been established using the SSH protocol 2 Configure the User Account to use a specified authorization method to identify users that are allowed to establish SSH connections with the Switch using the SSH User Authentication window There are three choi...

Страница 207: ...20 and 600 seconds The default setting is 300 seconds Auth Fail 2 20 Allows the Administrator to set the maximum number of attempts that a user may try to log on to the SSH Server utilizing the SSH authentication After the maximum number of attempts has been exceeded the Switch will be disconnected and the user must reconnect to the Switch to attempt another login The number of maximum attempts ma...

Страница 208: ... for authentication encryption There are four categories of algorithms listed and specific algorithms of each may be enabled or disabled by using their corresponding pull down menus All algorithms are enabled by default To open the following window click Security Management Secure Shell SSH SSH Algorithm Figure 7 23 SSH Algorithms window 199 ...

Страница 209: ... Twofish256 Use the pull down to enable or disable the twofish256 encryption algorithm The default is Enabled Data Integrity Algorithm HMAC SHA1 Use the pull down to enable or disable the HMAC Hash for Message Authentication Code mechanism utilizing the Secure Hash algorithm The default is Enabled HMAC MD5 Use the pull down to enable or disable the HMAC Hash for Message Authentication Code mechani...

Страница 210: ...ly configured user account on the Switch Auth Mode The administrator may choose one of the following to set the authorization for users attempting to access the Switch Host Based This parameter should be chosen if the administrator wishes to use a remote SSH server for authentication purposes Choosing this parameter requires the user to input the following information to identify the SSH user Host...

Страница 211: ... shared set of privileges The SNMP version may also be set for a listed group of SNMP managers Thus you may create a group of SNMP managers that are allowed to view read only information or receive traps using SNMPv1 while assigning a higher level of security to another group granting read write privileges using SNMPv3 Using SNMPv3 individual users or groups of SNMP managers can be allowed to perf...

Страница 212: ...plays all of the SNMP User s currently configured on the Switch In the SNMP Manager folder click on the SNMP User Table link This will open the SNMP User Table as shown below Figure 7 26 SNMP User Table To delete an existing SNMP User Table entry click the below the Delete heading corresponding to the entry you wish to delete To display the detailed entry for a given user click on the hyperlinked ...

Страница 213: ...cates that no authorization protocol is in use MD5 Indicates that the HMAC MD5 96 authentication level will be used SHA Indicates that the HMAC SHA authentication protocol will be used Priv Protocol None Indicates that no authorization protocol is in use DES Indicates that DES 56 bit encryption is in use based on the CBC DES DES 56 standard To return to the SNMP User Table click the Show All SNMP ...

Страница 214: ...ion field and the Encryption field has been checked This field will require the user to enter a password Priv Protocol None Specifies that no authorization protocol is in use DES Specifies that DES 56 bit encryption is in use based on the CBC DES DES 56 standard This field is only operable when V3 is selected in the SNMP Version field and the Encryption field has been checked This field will requi...

Страница 215: ...arameter Description View Name Type an alphanumeric string of up to 32 characters This is used to identify the new SNMP view being created Subtree OID Type the Object Identifier OID Subtree for the view The OID identifies an object tree MIB tree that will be included or excluded from access by an SNMP manager View Type Select Included to include this object in the list of objects that an SNMP mana...

Страница 216: ...uld appear Figure 7 31 SNMP Group Table To delete an existing SNMP Group Table entry click the corresponding under the Delete heading To display the current settings for an existing SNMP Group Table entry click the hyperlink for the entry under the Group Name Figure 7 32 SNMP Group Table Display To add a new entry to the Switch s SNMP Group Table click the Add button in the upper left hand corner ...

Страница 217: ...nd distributed network management strategies It includes improvements in the Structure of Management Information SMI and adds some security features SNMPv3 Specifies that the SNMP version 3 will be used SNMPv3 provides secure access to devices through a combination of authentication and encrypting packets over the network Security Level The Security Level settings only apply to SNMPv3 NoAuthNoPriv...

Страница 218: ...e 7 34 SNMP Community Table Configuration and Table The following parameters can set Parameter Description Community Name Type an alphanumeric string of up to 33 characters that is used to identify members of an SNMP community This string is used like a password to give remote SNMP managers access to MIB objects in the Switch s SNMP agent View Name Type an alphanumeric string of up to 32 character...

Страница 219: ...s shown below Figure 7 36 SNMP Host Table Configuration The following parameters can set Parameter Description Host IP Address Type the IP address of the remote management station that will serve as the SNMP host for the Switch SNMP Version V1 To specifies that SNMP version 1 will be used V2 To specify that SNMP version 2 will be used V3 NoAuth NoPriv To specify that the SNMP version 3 will be use...

Страница 220: ...to identify the SNMP engine on the Switch To display the Switch s SNMP Engine ID open the SNMP Manger folder and click on the SNMP Engine ID link This will open the SNMP Engine ID Configuration window as shown below Figure 7 37 SNMP Engine ID Configuration To change the Engine ID type the new Engine ID in the space provided and click the Apply button 211 ...

Страница 221: ...r 3 Switch Section 8 Monitoring Port Utilization CPU Utilization Packets Errors Size MAC Address Switch History Log IGMP Snooping Group IGMP Snooping Forwarding VLAN Status Router Port Port Access Control Layer 3 Feature 212 ...

Страница 222: ...h display Select the Unit and Port number and click the Apply button above the display to view the specified port utilization graph The following field can be set Parameter Description Time Interval Select the desired setting between 1s and 60s where s stands for seconds The default value is one second Record Number Select number of times the Switch will be polled between 20 and 200 The default va...

Страница 223: ...Figure 8 2 CPU Utilization graph Click Apply to implement the configured settings The window will automatically refresh with new updated statistics The information is described as follows Parameter Description Time Interval 1s Select the desired setting between 1s and 60s where s stands for seconds The default value is one second Record Number 200 Select number of times the Switch will be polled b...

Страница 224: ...elect the Unit and Port number and click the Apply button above the display to view the statistics for the specified port Received RX Click the Received RX link in the Packets folder of the Monitoring menu to view the following graph of packets received on the Switch Figure 8 4 Rx Packets Analysis window line graph for Bytes and Packets To view the Received Packets Table click the link View Table ...

Страница 225: ...of times the Switch will be polled between 20 and 200 The default value is 200 Bytes Counts the number of bytes received on the port Packets Counts the number of packets received on the port Show Hide Check whether to display Bytes and Packets Clear Clicking this button clears all statistics counters on this window View Table Clicking this button instructs the Switch to display a table rather than...

Страница 226: ...following graph of UMB cast packets received on the Switch Figure 8 6 Rx Packets Analysis window line graph for Unicast Multicast and Broadcast Packets To view the UMB Cast Table click the View Table link which will show the following table Figure 8 7 Rx Packets Analysis window table for Unicast Multicast and Broadcast Packets 217 ...

Страница 227: ...multicast address Broadcast Counts the total number of good packets that were received by a broadcast address Show Hide Check whether or not to display Multicast Broadcast and Unicast Packets Clear Clicking this button clears all statistics counters on this window Clicking this button instructs the Switch to display a table rather than a line graph View Line Chart Clicking this button instructs th...

Страница 228: ...d Record Number 200 Select number of times the Switch will be polled between 20 and 200 The default value is 200 Bytes Counts the number of bytes successfully sent from the port Packets Counts the number of packets successfully sent on the port Show Hide Check whether or not to display Bytes and Packets Clear Clicking this button clears all statistics counters on this window View Table Clicking th...

Страница 229: ...e Four windows are offered Received RX Click the Received RX link in the Error folder of the Monitoring menu to view the following graph of error packets received on the Switch Figure 8 10 Rx Error Analysis window line graph To view the Received Error Packets Table click the link View Table which will show the following table Figure 8 11 Rx Error Analysis window table 220 ...

Страница 230: ...ally MAX_PKT_LEN is equal to 1522 Fragment The number of packets less than 64 bytes with either bad framing or an invalid CRC These are normally the result of collisions Jabber The number of packets with lengths more than the MAX_PKT_LEN bytes Internally MAX_PKT_LEN is equal to 1522 Drop The number of packets that are dropped by this port since the last Switch reboot Show Hide Check whether or not...

Страница 231: ...busy LateColl Counts the number of times that a collision is detected later than 512 bit times into the transmission of a packet ExColl Excessive Collisions The number of packets for which transmission failed due to excessive collisions SingColl Single Collision Frames The number of successfully transmitted packets for which transmission is inhibited by more than one collision Coll An estimate of ...

Страница 232: ...ed in six groups and classed by size to be viewed as either a line graph or a table Two windows are offered Figure 8 14 Rx Size Analysis window line graph To view the Packet Size Analysis Table click the link View Table which will show the following table Figure 8 15 Rx Size Analysis window table 223 ...

Страница 233: ...lusive excluding framing bits but including FCS octets 256 511 The total number of packets including bad packets received that were between 256 and 511 octets in length inclusive excluding framing bits but including FCS octets 512 1023 The total number of packets including bad packets received that were between 512 and 1023 octets in length inclusive excluding framing bits but including FCS octets...

Страница 234: ...your web browser The icons are in the same order as their respective Unit numbers with the Unit 1 switch corresponding to the icon in the upper left most corner of the icon group When the switches are properly interconnected through their optional Stacking Modules information about the resulting switch stack is displayed under the Stack Information link To view the stacking information click on th...

Страница 235: ... stack denotes the Master switch The DXS 3350SR will always be the master switch in a Star topology Prom Version Shows the PROM in use for the Switch This may be different from the values shown in the illustration Runtime Version Shows the firmware version in use for the Switch This may be different from the values shown in the illustrations H W Version Shows the hardware version in use for the Sw...

Страница 236: ...rnal Power A read only field denoting the current status of the internal power supply Active will suggest the mechanism is functioning correctly while Fail will show the mechanism is not functioning correctly External Power A read only field denoting the current status of the external power supply Active will suggest the mechanism is functioning correctly while Fail will show the mechanism is not ...

Страница 237: ...be viewed When the Switch learns an association between a MAC address and a port number it makes an entry into its forwarding table These entries are then used to forward packets through the Switch To view the MAC Address forwarding table from the Monitoring menu click the MAC Address link Figure 8 18 MAC Address Table 228 ...

Страница 238: ...rt is a member of MAC Address The MAC address entered into the address table Unit The Switch from which the MAC address was entered into the table Port The port on the selected Switch that the MAC address above corresponds to Type How the Switch discovered the MAC address The possible entries are Dynamic Self and Static Next Click this button to view the next page of the address table View All Ent...

Страница 239: ...eiving stations and to the PC connected to the console manager Click Next to go to the next page of the Switch History Log Clicking Clear will allow the user to clear the Switch History Log The information is described as follows Parameter Description Sequence A counter incremented whenever an entry to the Switch s history log is made The table displays the last entry highest sequence number first...

Страница 240: ...p left hand corner and clicking Search The following field can be viewed Parameter Description VLAN Name The VLAN Name of the multicast group Multicast Group The IP address of the multicast group MAC Address The MAC address of the multicast group Queries A read only field showing the status of the Querier State Disabled implies that the Switch is not transmitting IGMP Snooping Query packets while ...

Страница 241: ...g Forwarding link Figure 8 21 IGMP Snooping Forwarding Table To search the IGMP Snooping Forwarding Table by VLAN Name type the VLAN name in the field prvided and click Search The following field can be viewed Parameter Description VLAN Name The VLAN Name of the multicast group Source IP The Source IP address of the multicast group Multicast Group The IP address of the multicast group Port Member ...

Страница 242: ...s Link Figure 8 22 VLAN Status table Browse Router Port This displays which of the Switch s ports are currently configured as router ports A router port configured by a user using the console or Web based management interfaces is displayed as a static router port designated by S A router port that is dynamically configured by the Switch is designated by D To view the following window open the Moni...

Страница 243: ...an be set using the drop down menu at the top of the window and clicking OK The information on this window is described as follows Parameter Description Auth PAE State The Authenticator PAE State value can be Initialize Disconnected Connecting Authenticating Authenticated Aborting Held Force_Auth Force_Unauth or N A N A Not Available indicates that the port s authenticator capability is disabled B...

Страница 244: ...ribed in Section 4 of this manual under Layer 3 IP Networking Browse IP Address The Browse IP Address window may be found in the Monitoring menu in the Layer 3 Feature folder The Browse IP Address window is a read only screen where the user may view IP addresses discovered by the Switch To search a specific IP address enter it into the field labeled IP Address at the top of the screen and click Fi...

Страница 245: ...ation Address field along with a proper subnet mask into the Mask field and click Find Figure 8 2 Browse Routing Table window 6 Browse ARP Table The Browse ARP Table window may be found in the Monitoring menu in the Layer 3 Feature folder This window will show current ARP entries on the Switch To search a specific ARP entry enter an interface name into the Interface Name or an IP address and click...

Страница 246: ...This window will show current IGMP group entries on the Switch To search a specific IGMP group entry enter an interface name into the Interface Name field or a Multicast Group IP address and click Find Figure 8 2 Browse IGMP Group Table 9 OSPF Monitoring This section offers windows regarding OSPF Open Shortest Path First information on the Switch including the OSPF LSDB Table OSPF Neighbor Table a...

Страница 247: ...ws the entry of an OSPF Area ID This Area ID will then be used to search the table and display an entry if there is one LSDB Type Displays which one of eight types of link advertisements by which the current link was discovered by the Switch All Router link RTRLink Network link NETLink Summary link Summary Autonomous System link ASSummary Autonomous System external link ASExternal MCGLink Multicas...

Страница 248: ... 1 To search for OSPF neighbors enter an IP address and click Find Valid OSPF neighbors will appear in the OSPF Neighbor Table below OSPF Virtual Neighbor This table can be found in the OSPF Monitoring folder by clicking on the Browse OSPF Virtual Neighbor link This table displays a list of Virtual OSPF Neighbors of the Switch The user may choose specifically search a virtual neighbor by using one...

Страница 249: ...n the Monitoring folder under Browse DVMRP Monitoring contains one row for each port in a DVMRP mode Each routing entry contains information about the source and multicast group and incoming and outgoing interfaces You may define your search by entering a Source IP Address and its subnet mask into the fields at the top of the page Figure 8 3 DVMRP Routing Table 3 DVMRP Neighbor Address Table This ...

Страница 250: ...ppear in the DVMRP Routing Next Hop Table below 5 PIM Neighbor Address Table Figure 8 3 DVMRP Routing Next Hop Table PIM Monitoring Multicast routers use Protocol Independent Multicast PIM to determine which other multicast routers should receive multicast packets To find out more information concerning PIM and its configuration on the Switch see the IP Multicasting chapter of Section 4 Configurat...

Страница 251: ... Section 9 Maintenance TFTP Services Download Firmware Download Configuration File Firmware Information Upload Configuration Upload Log Multiple Image Services Config Firmware Image Ping Test Save Changes Reset Reboot Device Logout 242 ...

Страница 252: ...rly interconnected the switches All indicates all switches in a switch stack will download the same firmware Enter the IP address of the TFTP server in the Server IP Address field Select the Image ID of the firmware The DXS 3350SR can hold two firmware images in its memory Image ID 1 will always be the boot up firmware for the Switch unless specified by the user Information on configuring Section ...

Страница 253: ... server and the path and filename for the Switch settings on the TFTP server Click Start to record the IP address of the TFTP server and to initiate the file transfer Upload Log To upload the Switch history log file to a TFTP server open the TFTP Services folder in the Maintenance folder and then click the Upload Log link Figure 9 4 Upload Log to TFTP Server window Enter the IP address of the TFTP...

Страница 254: ...ID 1 will be the default boot up firmware for the Switch unless otherwise configured by the user Version States the firmware version Size States the size of the corresponding firmware in bytes Update Time States the specific time the firmware version was downloaded to the Switch From States the IP address of the origin of the firmware There are four ways firmware may be downloaded to the Switch R ...

Страница 255: ...ware for the Switch This firmware will be set as the boot up firmware after a switch reboot has been performed The default setting has firmware image ID 1 as the boot up firmware image for the Switch unless specified here Click Apply to implement changes made Ping Test Ping is a small program that sends ICMP Echo packets to the IP address you specify The destination node then responds to or echoes...

Страница 256: ... the Save button in the Save Settings window as shown below Figure 9 6 Save Settings window The Switch has three levels of save which are as follows Parameter Description Save Only save config Clicking the radio button for this entry will save only the current switch configuration to NV RAM Save Log Only save log Clicking the radio button for this entry will save only the current log file to NV RA...

Страница 257: ...the Switch Some of the current configuration parameters can be retained while resetting all other configuration parameters to their factory defaults NOTE Only the Reset System option will enter the factory default parameters into the Switch s non volatile RAM and then restart the Switch All other options enter the factory defaults into the current configuration but do not save this configuration R...

Страница 258: ...re restarting the Switch Clicking the No click box instructs the Switch not to save the current configuration before restarting the Switch All of the configuration information entered from the last time Save Changes was executed will be lost Click the Restart button to restart the Switch Logout Use the Logout page to logout of the Switch s Web based management agent by clicking on the Log Out butt...

Страница 259: ...asily be enabled or disabled through the Command Line Interface or Web Interface SIM grouping has no effect on the normal operation of the Switch in the user s network There are three classifications for Switches using SIM The Commander Switch CS which is the master Switch of the group Member Switch MS which is a Switch that is recognized by the CS a member of a SIM group and a Candidate Switch Ca...

Страница 260: ...matic method or by manually configuring the Switch to be a MS The CS will then serve as the in band entry point for access to the MS The CS s IP address will become the path to all MS s of the group and the CS s Administrator s password and or authentication will control access to all MS s of the SIM group With SIM enabled the applications in the CS will redirect the packet instead of executing th...

Страница 261: ...al in seconds that the Switch will send out discovery packets Returning information to a Commander Switch will include information about other Switches connected to it Ex MS CaS The user may set the Discovery Interval from 30 to 90 seconds Holdtime This parameter may be set for the time in seconds the Switch will hold information sent to it from other Switches utilizing the Discovery Interval The ...

Страница 262: ...t six digits of the MAC Address to identify it Local Port Displays the number of the physical port on the CS that the MS or CaS is connected to The CS will have no entry in this field Speed Displays the connection speed between the CS and the MS or CaS Remote Port Displays the number of the physical port on the MS or CaS that the CS is connected to The CS will have no entry in this field MAC Addre...

Страница 263: ...connected to other groups and devices Possible icons in this screen are as follows Icon Description Group Layer 2 commander Switch Layer 3 commander Switch Commander Switch of other group Layer 2 member Switch Layer 3 member Switch Member Switch of other group Layer 2 candidate Switch Layer 3 candidate Switch Unknown device Non SIM devices 254 ...

Страница 264: ...mouse cursor over a specific device in the topology window tool tip will display the same information about a specific device as the Tree view does See the window below for an example Figure 10 6 Device Information Utilizing the Tool Tip Setting the mouse cursor over a line between two devices will display the connection speed between the two devices as shown below 255 ...

Страница 265: ...pending on the role of the Switch in the SIM group and the icon associated with it Group Icon Figure 10 8 Right Clicking a Group Icon The following options may appear for the user to configure Collapse to collapse the group that will be represented by a single icon Expand to expand the SIM group in detail Property to pop up a window to display the group information 256 ...

Страница 266: ... Figure 10 1 Right Clicking a Commander Icon 0 The following options may appear for the user to configure Collapse to collapse the group that will be represented by a single icon Expand to expand the SIM group in detail Property to pop up a window to display the group information 257 ...

Страница 267: ...wing options may appear for the user to configure Collapse to collapse the group that will be represented by a single icon Expand to expand the SIM group in detail Remove from group remove a member from a group Configure launch the web management to configure the Switch Property to pop up a window to display the device information 258 ...

Страница 268: ...ed by a single icon Expand to expand the SIM group in detail Add to group add a candidate to a group Clicking this option will reveal the following screen for the user to enter a password for authentication from the Candidate Switch before being added to the SIM group Click OK to enter the password or Cancel to exit the window Figure 10 1 Input password window 5 Property to pop up a window to disp...

Страница 269: ... the number of the physical port on the MS or CaS that the CS is connected to The CS will have no entry in this field Local Port No Displays the number of the physical port on the CS that the MS or CaS is connected to The CS will have no entry in this field Port Speed Displays the connection speed between the CS and the MS or CaS Click Close to close the Property window Menu Bar The Single IP Mana...

Страница 270: ...ut password window Remove from Group remove an MS from the group Device Configure will open the web manager for the specific device View Refresh update the views with the latest status Topology display the Topology view Help About Will display the SIM information including the current SIM version NOTE Upon this firmware release some functions of the SIM can only be configured through the Command L...

Страница 271: ...ick Download to initiate the file transfer Figure 10 1 Firmware Upgrade window 9 Configuration File Backup Restore SIM This screen is used to upgrade configuration files from the Commander Switch to the Member Switch Member Switches will be listed in the table and will be specified by Port port on the CS where the MS resides MAC Address Model Name and Version To specify a certain Switch for upgrad...

Страница 272: ...ing 5 to 95 RH non condensing Storage 0 to 95 RH non condensing Dimensions 445 mm x 430 mm x 45 mm Weight 6 5 kg EMC FCC Part 15 Class A IECES 003 Class Canada EN55022 Class A EN55024 Safety CSA International Performance Transmission Method Store and forward 2 MB per device Filtering Address Table 16K MAC address per device Packet Filtering Forwarding Rate Full wire speed for all connections 148 8...

Страница 273: ... Half duplex Full duplex 10 Mbps 20Mbps 100Mbps 200Mbps n a 2000Mbps SFP Mini GBIC Support IEEE 802 3z 1000BASE LH DEM 314GT transceiver IEEE 802 3z 1000BASE LX DEM 310GT transceiver IEEE 802 3z 1000BASE SX DEM 311GT transceiver IEEE 802 3z 1000BASE ZX DEM 315GT transceiver Network Cables 10BASE T 100BASE TX UTP Cat 5 Cat 5 Enhanced for 1000Mbps UTP Cat 5 for 100Mbps UTP Cat 3 4 5 for 10Mbps EIA T...

Страница 274: ...ing diagrams and tables show the standard RJ 45 receptacle connector and their pin assignments Appendix 1 1 The standard RJ 45 port and connector RJ 45 Pin Assignments Contact MDI X Port MDI II Port 1 RD receive TD transmit 2 RD receive TD transmit 3 TD transmit RD receive 4 Not used Not used 5 Not used Not used 6 TD transmit RD receive 7 Not used Not used 8 Not used Not used Appendix 1 2 The stan...

Страница 275: ...mum Distance Mini GBIC 1000BASE LX Single mode fiber module 1000BASE SX Multi mode fiber module 1000BASE LHX Single mode fiber module 1000BASE ZX Single mode fiber module 10km 550m 40km 80km 1000BASE T Category 5e UTP Cable Category 5 UTP Cable 1000 Mbps 100m 100BASE TX Category 5 UTP Cable 100 Mbps 100m 10BASE T Category 3 UTP Cable 10 Mbps 100m 266 ...

Страница 276: ... addition the protocol can assign the subnet mask and default gateway to a device bridge A device that interconnects local or remote networks no matter what higher level protocols are involved Bridges form a single logical network centralizing network administration broadcast A message sent to all destination devices on the network broadcast storm Multiple simultaneous broadcasts that typically ab...

Страница 277: ...al device TCP IP A layered set of communications protocols providing Telnet terminal emulation FTP file transfer and other services for communication among a wide range of computer equipment resilient link A pair of ports that can be configured so that one will take over data transmission should the other fail See also main port and standby port RJ 45 Standard 8 wire connectors for IEEE 802 3 10BA...

Страница 278: ... application program on another device VLAN Virtual LAN A group of location and topology independent devices that communicate as if they are on a common physical LAN VLT Virtual LAN Trunk A Switch to Switch link which carries traffic for all the VLANs on each Switch VT100 A type of terminal that uses ASCII characters VT100 screens have a text based appearance 269 ...

Страница 279: ... 65 6774 6233 FAX 65 6774 6322 URL www dlink intl com Australia 1 Giffnock Avenue North Ryde NSW 2113 Australia TEL 61 2 8899 1800 FAX 61 2 8899 1868 URL www dlink com au India D Link House Kurla Bandra Complex Road Off CST Road Santacruz East Mumbai 400098 India TEL 91 022 26526696 56902210 FAX 91 022 26528914 URL www dlink co in Middle East Dubai P O Box 500376 Office No 103 Building 3 Dubai Int...

Страница 280: ... s functional specifications for the Software or to refund at D Link s sole discretion Except as otherwise agreed by D Link in writing the replacement Software is provided only to the original licensee and is subject to the terms and conditions of the license granted by D Link for the Software Software will be warranted for the remainder of the original Warranty Period from the date or original re...

Страница 281: ...TORED ON OR INTEGRATED WITH ANY PRODUCT RETURNED TO D LINK FOR WARRANTY SERVICE RESULTING FROM THE USE OF THE PRODUCT RELATING TO WARRANTY SERVICE OR ARISING OUT OF ANY BREACH OF THIS LIMITED WARRANTY EVEN IF D LINK HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES THE SOLE REMEDY FOR A BREACH OF THE FOREGOING LIMITED WARRANTY IS REPAIR REPLACEMENT OR REFUND OF THE DEFECTIVE OR NON CONFORMING PR...

Страница 282: ...S 3350SR Gigabit Layer 3 Switch For detailed warranty outside the United States please contact corresponding local D Link office Register online your D Link product at http support dlink com register 273 ...

Страница 283: ... the following questions help us to support your product 1 Where and how will the product primarily be used Home Office Travel Company Business Home Business Personal Use 2 How many employees work at installation site 1 employee 2 9 10 49 50 99 100 499 500 999 1000 or more 3 What network protocol s does your organization use XNS IPX TCP IP DECnet Others_____________________________ 4 What network ...

Страница 284: ......

Отзывы:

Нет отзывов

Похожие инструкции для xStack DXS-3350SR

Sagem 2604 Quick Installation Manual preview
2604
Бренд: Sagem Страницы: 19
X-Micro WLAN 11g User Manual preview
WLAN 11g
Бренд: X-Micro Страницы: 74
National Instruments Fieldpoint cFP-RTD-124 Operating Instructions Manual preview
Fieldpoint cFP-RTD-124
Бренд: National Instruments Страницы: 15
Buffalo LinkStation Quick Setup Manual preview
LinkStation
Бренд: Buffalo Страницы: 2
TVT Digital TD-3316B4-16P-A1 Quick Start Manual preview
TD-3316B4-16P-A1
Бренд: TVT Digital Страницы: 2
3Com 3C433279A Release Note preview
3C433279A
Бренд: 3Com Страницы: 12
IBM Nways 2216 Service And Maintenance Manual preview
Nways 2216
Бренд: IBM Страницы: 168
Clas Ohlson AE222X1 Quick Start Manual preview
AE222X1
Бренд: Clas Ohlson Страницы: 4
Ubiquiti airCube Configuring And Installing preview
airCube
Бренд: Ubiquiti Страницы: 2
Draytek Vigor 3200 Series User Manual preview
Vigor 3200 Series
Бренд: Draytek Страницы: 356
GRASS VALLEY BDS-1602CP Installation Manual preview
BDS-1602CP
Бренд: GRASS VALLEY Страницы: 22
Crestron CNXLIR Operation Manual preview
CNXLIR
Бренд: Crestron Страницы: 16
AVM FRITZ!Box 7560 Quick Manual preview
FRITZ!Box 7560
Бренд: AVM Страницы: 2
Thecus N4100PRO Quick Installation Manual preview
N4100PRO
Бренд: Thecus Страницы: 6
Thecus N299 User Manual preview
N299
Бренд: Thecus Страницы: 94
Riverstone Networks RS 3000 Getting Started Manual preview
RS 3000
Бренд: Riverstone Networks Страницы: 103
NetCommWireless 3G29WN2 Quick Start Manual preview
3G29WN2
Бренд: NetCommWireless Страницы: 4
NetComm V100 Quick Start Manual preview
V100
Бренд: NetComm Страницы: 40

Бренды по названию

Популярные бренды

Загрузить еще бренды