- DL manuals
- D-Link
- Switch
- DES-3028
- User Manual
D-Link DES-3028 User Manual
Summary of DES-3028
Page 1
User manual product model : des-3028/des-3028p/des-3028g/des- 3052/des-3052p managed 10/100mbps fast ethernet switch release 2 ©copyright 2009. All rights reserved..
Page 2
©copyright 2009. All rights reserved. ________________________________________________________________________________________________________ information in this document is subject to change without notice. © 2009 d-link corporation. All rights reserved. Reproduction in any manner whatsoever witho...
Page 3: Table of Contents
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch table of contents preface........................................................................................................................................................... Viii intended readers ...............
Page 4
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch login to web manager ................................................................................................................................................................ 21 web-based user interface ........
Page 5
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch poe system configuration........................................................................................................................................................... 65 poe port configuration ............
Page 6
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch mst configuration identification.............................................................................................................................................. 125 stp instance settings..................
Page 7
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch dhcp snooping entries ............................................................................................................................................................ 190 mac block list.....................
Page 8
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch transmitted (tx) ....................................................................................................................................................................... 243 packet size .................
Page 9: Preface
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch preface the des-3028/des-3028p/des-3028g/des-3052/des-3052p user manual is divided into sections that describe the system installation and operating instructions with examples. Section 1, introduction - describes th...
Page 10: Intended Readers
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch ix intended readers the des-3028/des-3028p/des-3028g/des-3052/des-3052p user manual contains information for setup and management of the switch. The term, “the switch” will be used when referring to all five switche...
Page 11: Safety Instructions
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch safety instructions use the following safety guidelines to ensure your own personal safety and to help protect your system from potential damage. Throughout this document, the caution icon ( ) is used to indicate ca...
Page 12
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch to help protect your system from sudden, transient increases and decreases in electrical power, use a surge suppressor, line conditioner, or uninterruptible power supply (ups). Position system cables and power cable...
Page 13
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch caution: the system chassis must be positively grounded to the rack cabinet frame. Do not attempt to connect power to the system until grounding cables are connected. A qualified electrical inspector must inspect co...
Page 14: Section 1
Des-3028 des-3028p des-3052 des-3052p layer 2 fast ethernet managed switch section 1 introduction des-3028/28p/28g/52/52p switch description features ports led indicators front-panel description rear panel description side panel description installing sfp ports des-3028/28p/28g/52/52p the des-3028, ...
Page 15
Des-3028 des-3028p des-3052 des-3052p layer 2 fast ethernet managed switch rfc1493 bridge rfc2819 rmon rfc2665 ether-like mib rfc2863 interface mib private mib rfc2674 for 802.1p ieee 802.1x mib ieee 802.3x flow control in full duplex mode ieee 802.1p priority queues ieee 802.3u 100base-tx compliant...
Page 16: Ports
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch ports the following table lists the relative ports that are present within each switch: des-3028 and des-3028p des-3028g des-3052 and des-3052p twenty-four 10/100base-t two 1000base-t/sfp combo ports two 1000base-t ...
Page 17: Led Indicators
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch led indicators the switch supports led indicators for power, console, rps and port leds. The following shows the led indicators for the des-3028/28p/28g/52/52p series switches along with an explanation of each indic...
Page 18
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch solid green when there is a secure 100mbps fast ethernet connection (or link) at any of the ports. Blinking green when there is reception or transmission (i.E. Activity— act) of data occurring at a fast ethernet con...
Page 19: Front-Panel Description
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch front-panel description des-3028/des-3028p twenty-four 10/100mbps base-t ports two combo 1000base-t/sfp ports located to the right two 1000base-t ports located to the right one female dce rs-232 db-9 console...
Page 20: Rear Panel Description
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch rear panel description the rear panel of the switch contains an ac power connector. The ac power connector is a standard three-pronged connector that supports the power cord. Plug-in the female connector of the pr...
Page 21: Gigabit Combo Ports
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch figure 1- 13. Side panels of the des-3028p the left-hand side panel of the des-3052p switch contains a system fan and ventilation along the entire right side. The system fan is used to dissipate heat. Do not block t...
Page 22: Installing The Sfp Ports
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch figure 1- 16. Installing the mini-gbic module installing the sfp ports the des-3028/28p/28g/52/52p switches are equipped with sfp (small form factor portable) ports, which are to be used with fiber-optical transceiv...
Page 23: Section 2
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch section 2 installation package contents before you connect to the network installing the switch without the rack rack installation power on package contents open the shipping carton of the switch and carefully unpac...
Page 24
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch installing the switch without the rack when installing the switch on a desktop or shelf, the rubber feet included with the switch should first be attached. Attach these cushioning feet on the bottom at each corner o...
Page 25
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch mounting the switch in a standard 19" rack caution: installing systems in a rack without the front and side stabilizers installed could cause the rack to tip over, potentially resulting in bodily injury under certai...
Page 26: Section 3
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch section 3 connecting the switch switch to end node switch to hub or switch connecting to network backbone or server note: all 10/100/1000mbps nway ethernet ports can support both mdi- ii and mdi-x connections. Switc...
Page 27: Switch to Hub Or Switch
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch 13 switch to hub or switch these connections can be accomplished in a number of ways using a normal cable. A 10base-t hub or switch can be connected to the switch via a twisted-pair category 3, 4 or 5 utp/stp cable....
Page 28: Section 4
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch 14 section 4 introduction to switch management management options web-based management interface snmp-based management managing user accounts command line console interface through the serial port connecting the con...
Page 29
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch 15 7. Under properties, select vt100 for emulation mode. 8. Select terminal keys for function, arrow, and ctrl keys. Ensure that you select terminal keys (not windows keys). 9. After you have correctly set up the te...
Page 30: Password Protection
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch first time connecting to the switch the switch supports user-based security that can allow you to prevent unauthorized users from accessing the switch or changing its settings. This section tells how to log onto the...
Page 31: Snmp Settings
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch note: passwords are case sensitive. User names and passwords can be up to 15 characters in length. The sample below illustrates a successful creation of a new administrator-level account with the user name "newmanag...
Page 32: Ip Address Assignment
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch information or receive traps using snmp v.1 while assigning a higher level of security to another group, granting read/write privi- leges using snmp v.3. Using snmp v.3 individual users or groups of snmp managers ca...
Page 33
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch des-3028g:4#show switch command: show switch device type : des-3028g fast ethernet switch mac address : 00-21-91-98-60-77 ip address : 10.73.21.11 (manual) vlan name : default subnet mask : 255.0.0.0 default gateway...
Page 34
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch 20 des-3028g:4#config ipif system ipaddress 10.90.90.91/255.0.0.0 command: config ipif system ipaddress 10.90.90.91/8 success. Des-3028g:4# figure 4- 5. Assigning the switch an ip address in the above example, the s...
Page 35: Section 5
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch section 5 web-based switch configuration introduction login to web manager web-based user interface basic setup reboot basic switch setup network management switch utilities network monitoring igmp snooping status i...
Page 36: Web-Based User Interface
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch 22 figure 5- 1. Enter network password dialog enter “admin” in both the user name and passwordfields and click ok. This will open the web-based user interface. The switch management features available in the web-bas...
Page 37
Des-3028 des-302 8g des-3052 des-3052p layer 2 fast ethernet managed switch 8p des-302 area 1 area 2 figure 5- 2. Main web-manager page area function area 1 select the folder or window to be displayed. The folder icons can be opened to display the hyper- linked window buttons and subfolders containe...
Page 38: Web Pages
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch web pages when you connect to the management mode of the switch with a web browser, a login window is displayed. Enter a user name and password to access the switch's management mode. Below is a list and description...
Page 39: Section 6
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch 25 section 6 administration ip address port configuration dhcp/bootp relay user accounts cable diagnostics port mirroring system log settings log settings sntp settings mac notification settings tftp services multip...
Page 40: Device Information
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch device information thiswindow contains the main settings for all major functions of the switch and appears automatically when you log on. To return to the device information window, click the des-30xx web management...
Page 41
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch 27 the fields that can be configured are described below: parameter description system name enter a system name for the switch, if so desired. This name will identify it in the switch network. System location enter ...
Page 42: Ip Address
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch note: if you want to configure host-based 802.1x please select mac-based 802.1x instead. Auth protocol the 802.1x authentication protocol on the switch is set to radius eap and cannot be altered. Syslog status enabl...
Page 43
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch 29 2. Enter the appropriate ip address and subnet mask. 3. If you want to access the switch from a different subnet from the one it is installed on, enter the ip address of the default gateway. If you will manage th...
Page 44
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch configuration file present in switch memory will be loaded. Click apply to allow changes to take effect. Setting the swith’s ip address using the console interface each switch must be assigned its own ip address, wh...
Page 45: Port Configuration
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch port configuration this section contains information for configuring various attributes and properties for individual physical ports, including port speed and flow control. Port settings click administration > port ...
Page 46
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch the following parameters can be configured: parameter description from…. To use the pull-down menus to select the port or range of ports to be configured. State toggle this field to either enable or disable a given ...
Page 47: Port Description
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch port description the switch supports a port description feature where the user may name various ports on the switch. To assign names to various ports, click administration > port configuration > port description to ...
Page 48
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch parameter description 34 port displays the port that has been error disabled. State describes the current running state of the port, whether enabled or disabled. Connection this field will show if a port has been di...
Page 49: Dhcp/bootp Relay
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch dhcp/bootp relay to enable and configure dhcp/bootp relay global settings on the switch, click administration > dhcp/bootp relay > dhcp/bootp relay global settings: dhcp/bootp relay global settings figure 6- 6. Dhcp...
Page 50
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch check and policy settings will have no effect. Dhcp relay agent information option 82 check this field can be toggled between enabled and disabled using the pull-down menu. It is used to enable or disable the switch...
Page 51
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch the implementation of dhcp information option 82 in the des-3028/28p/28g/52/52p switches the config dhcp_relay option_82 command configures the dhcp relay agent information option 82 setting of the switch. The forma...
Page 52: Dhcp Local Relay Settings
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch 38 2. Length: the string length of the remote id suboption 3. Remote id type 4. Length: the string length of the user-defined string 5. User-defined string figure 6- 8. Circuit id and remote id sub-option format 2 d...
Page 53
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch figure 6- 10. Dhcp local relay settings window 39.
Page 54: User Accounts
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch the following parameters may be configured or viewed. Parameter description 40 dhcp/bootp local relay operation state used to enable or disable the dhcp/bootp local relay operation state. Vlan name this is the vlan ...
Page 55
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch figure 6- 13. User account modify table window modify or delete an existing user account in the user account modify table. To delete the user account, click on the delete button. To change the password, type in the ...
Page 56: Cable Diagnostics
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch cable diagnostics the following window is used to test the cables connecting to the switch. This feature is used to determine if there are any errors on the copper cables and the position where the errors may have o...
Page 57
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch 43 test results if there are no problems with the cable the test results will show that the cable is ok, if there are no cables connected to the port the results will show no cable. However there are three types of ...
Page 58: Port Mirroring
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch port mirroring the switch allows you to copy frames transmitted and received on a port and redirect the copies to another port. You can attach a monitoring device to the mirrored port, such as a sniffer or an rmon p...
Page 59: System Log Settings
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch 45 system log settings the switch can send syslog messages to up to four designated servers using the system log server. To view this window click administration > system log settings, to view the window shown below...
Page 60
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch 0 1 2 3 4 5 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 kernel messages user-level messages mail system system daemons security/authorization messages messages generated internally by syslog line printer subsyst...
Page 61: Log Settings
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch log settings the log settings can be changed by clicking the system log settings link to open the following window: figure 6- 19. Log settings window the following parameters can be set: parameter description log mo...
Page 62: Sntp Settings
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch sntp settings time settings this window is used to configure the time settings for the switch. To view this window click, administration > sntp settings > time settings. Figure 6- 20. Time settings window the follow...
Page 63: Time Zone and Dst
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch time in hh mm ss enter the current time in hours, minutes, and seconds. Click apply to implement changes made. Time zone and dst the following are windows used to configure time zones and daylight savings time setti...
Page 64
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch time zone offset from gmt in +/- hh:mm use these pull-down menus to specify your local time zone's offset from greenwich mean time (gmt.) dst repeating settings using repeating mode will enable dst seasonal time adj...
Page 65: Mac Notification Settings
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch mac notification settings mac notification is used to monitor mac addresses learned and entered into the forwarding database. To globally set mac notification on the switch, click administration > mac notification s...
Page 66: Tftp Services
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch 52 tftp services figure 6- 23. Tftp services window the user also has the option of transferring firmware and configuration files to and from the internal flash drive, located on the switch. Using this window, the u...
Page 67: Multiple Image Services
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch multiple image services to configure the files located on the flash memory, use the following windows to guide you. The multiple image services folder contains windows to allow the user to view firmware information ...
Page 68: Ping Test
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch ping test ping is a small program that sends icmp echo packets to the ip address you specify. The destination node then responds to or "echoes" the packets sent from the switch. This is very useful to verify connect...
Page 69
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch figure 6- 27. Safeguard engine example for every consecutive checking interval that reveals a packet flooding issue, the switch will double the time it will discard ingress arp and ip broadcast packets. In the examp...
Page 70
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch figure 6- 29. Safeguard engine settings window – cpu utilization settings to set the safeguard engine for the switch, complete the following fields: parameter description 56 state toggle this field to either enabled...
Page 71: Snmp Manager
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch snmp manager snmp settings simple network management protocol (snmp) is an osi layer 7 (application layer) designed specifically for managing and monitoring network devices. Snmp enables network management stations ...
Page 72: Snmp Traps Settings
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch snmp settings are configured using the menus located on the snmp v3 folder of the web manager. Workstations on the network that are allowed snmp privileged access to the switch can be restricted with the trusted hos...
Page 73
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch group name this name is used to specify the snmp group created can request snmp messages. Snmp version v1 - indicates that snmp version 1 is in use. V2 - indicates that snmp version 2 is in use. V3 - indicates that ...
Page 74: Snmp View Table
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch to implement changes made, click apply. To return to the snmp user table, click the show all snmp user table entries link. Snmp view table this window is used to assign views to community strings that define which m...
Page 75: Snmp Group Table
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch to implement your new settings, click apply. To return to the snmp view table, click the show all snmp view table entries link. Snmp group table an snmp group created with this table maps snmp users (identified in t...
Page 76
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch figure 6- 38. Snmp group table configuration window the following parameters can set: parameter description group name type an alphanumeric string of up to 32 characters. This is used to identify the new snmp group ...
Page 77: Snmp Host Table
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch figure 6- 39. Snmp community table configuration window the following parameters can set: parameter description community name type an alphanumeric string of up to 32 characters that is used to identify members of a...
Page 78: Snmp Engine Id
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch the following parameters can set: parameter description host ip address type the ip address of the remote management station that will serve as the snmp host for the switch. Snmp version v1 - to specifies that snmp ...
Page 79: Poe System
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch poe system the des-3028p and des-3052p support power over ethernet (poe) as defined by the ieee 802.3af specification. Ports 1-24/1- 48 can supply 48 vdc power to power devices (pds) over category 5 or category 3 ut...
Page 80: Poe Port Configuration
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch poe port configuration to configure poe port configuration for the switch, click administration > poe system > poe port configuration, which will reveal the following window for the user to configure: figure 6- 44. ...
Page 81
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch up is denied, regardless of its priority. Deny low priority port - after the power limit has been exceeded, the next port attempting to power up causes the port with the lowest priority to shut down to allow the hig...
Page 82: Single Ip Settings
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch single ip settings simply put, d-link single ip management is a concept that will stack switches together over ethernet instead of using stacking ports or modules. There are some advantages in implementing the "sing...
Page 83: Sim Settings
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch the upgrade to v1.6 to better improve sim management, the des-3028/28p/28g/52/52p switches have been upgraded to version 1.6 in this release. Many improvements have been made, including: 1. The commander switch (cs)...
Page 84
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch figure 6- 46. Sim settings window (enabled) if the switch administrator wishes to configure the switch as a commander switch (cs), select commander from the role state field and click apply. The window will change o...
Page 85: Topology
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch topology the topology window will be used to configure and manage the switch within the sim group and requires java script to function properly on your computer. The java runtime environment on your server should in...
Page 86
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch model name displays the full model name of the corresponding switch. To view the topology map, click the view menu in the toolbar and then topology, which will produce the following window. The topology view will re...
Page 87: Tool Tips
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch non-sim devices tool tips in the topology view window, the mouse plays an important role in configuration and in viewing device information. Setting the mouse cursor over a specific device in the topology window (to...
Page 88: Right-Click
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch right-click right-clicking on a device will allow the user to perform various functions, depending on the role of the switch in the sim group and the icon associated with it. Group icon figure 6- 52. Right-clicking ...
Page 89
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch commander switch icon figure 6- 54. Right-clicking a commander icon the following options may appear for the user to configure: collapse - to collapse the group that will be represented by a single icon. Expand - to...
Page 90: Menu Bar
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch add to group - add a candidate to a group. Clicking this option will reveal the following dialog for the user to enter a password for authentication from the candidate switch before being added to the sim group. Cli...
Page 91: Firmware Upgrade
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch help about - will display the sim information, including the current sim version. Figure 6- 60. About window firmware upgrade this screen is used to upgrade firmware from the commander switch to the member switch. M...
Page 92: Upload Log
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch figure 6- 62. Configuration file backup/restore window upload log the following window is used to upload log files from sim member switches to a specified pc. To upload a log file, enter the ip address of the pc and...
Page 93: Multicast Forwarding
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch figure 6- 64. Unicast forwarding window to add or edit an entry, define the following parameters and then click add/modify: parameter description vid the vlan id number of the vlan on which the above unicast mac add...
Page 94
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch figure 6- 66. Setup static multicast forwarding table window the following parameters can be set: parameter description vid the vlan id of the vlan to which the corresponding mac address belongs. Multicast mac addre...
Page 95: Multicast Filtering Mode
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch multicast filtering mode the following figure and table describe how to set up multicast forwarding on the switch. To view this window, click administration > forwarding & filtering > multicast filtering mode: figur...
Page 96: Smtp Service
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch smtp service smtp or simple mail transfer protocol is a function of the switch that will send switch events to mail recipients based on e-mail addresses entered using the commands below. The switch is to be configur...
Page 97: Smtp Server Settings
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch smtp server settings the following window is used to configure the fields to set up the smtp server for the switch, along with setting e-mail addresses to which switch log files can be sent when a problem arises on ...
Page 98
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch figure 6- 69. Smtp service window the following parameters can be set: parameter description subject enter the subject of the test e-mail. Content enter the content of the test e-mail. Once your message is ready, cl...
Page 99: Section 7
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch section 7 l2 features vlan qinq trunking igmp snooping mld snooping spanning tree loopback detection lldp vlans a virtual local area network (vlan) is a network topology configured according to a logical scheme rath...
Page 100
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch any port can be configured as either tagging or untagging. The untagging feature of ieee 802.1q vlans allows vlans to work with legacy switches that don't recognize vlan tags in packet headers. The tagging feature a...
Page 101
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch figure 7- 2. Ieee 802.1q tag the ethertype and vlan id are inserted after the mac source address, but before the original ethertype/length or logical link control. Because the packet is now a bit longer than it was ...
Page 102
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch if the packet is not tagged with vlan information, the ingress port will tag the packet with its own pvid as a vid. The switch then determines if the destination port is a member of the same vlan (has the same vid) ...
Page 103
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch asymmetric vlans the des-3028 switch series has the capability to create and utilize asymmetric vlans on the switch. Asymmetric vlans allow devices to transmit packets on one vlan and receive it on another vlan. Thi...
Page 104: Static Vlan Entry
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch vlan and trunk groups the members of a trunk group have the same vlan setting. Any vlan setting on the members of a trunk group will apply to the other member ports. Static vlan entry to view this window, click l2 f...
Page 105
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch parameter description vid allows the entry of a vlan id in the add dialog box, or displays the vlan id of an existing vlan in the modify dialog box. Vlans can be identified by either the vid or the vlan name. Vlan n...
Page 106: Gvrp Settings
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch vlan in the modify dialog box. Vlans can be identified by their vid. Action choose an action to create, configure or delete an 802.1q static vlan. Advertisement use the pull down menu to enable or disable the advert...
Page 107
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch figure 7- 8. Gvrp settings window the following fields can be set: parameter description from/to these two fields allow you to specify the range of ports that will be included in the port-based vlan that you are cre...
Page 108: Vlan Trunk Settings
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch check to compare the vid tag of an incoming packet with the pvid number assigned to the port. If the two are different, the port filters (drops) the packet. Disabled disables ingress filtering. Ingress checking is d...
Page 109
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch figure 7- 9. Vlan trunk port settings window 95.
Page 110: Qinq
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch qinq this function allows the user to enable or disable the qinq function. Qinq is designed for service providers to carry traffic from multiple users across a network. Qinq is used to maintain customer specific vla...
Page 111
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch role the user can choose between uni or nni role. Uni – to select a user-to-network interface which specifies that communication between the specified user and a specified network will occur. Nni – to select a netwo...
Page 112: Trunking
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch trunking port trunk groups are used to combine a number of ports together to make a single high-bandwidth data pipeline. The switch supports up to six port trunk groups with 2 to 8 ports in each group. A potential b...
Page 113: Link Aggregation
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch link aggregation to configure port trunking, click l2 features > trunking > link aggregation to bring up the following window: figure 7- 12. Link aggregation window to configure port trunk groups, click the add butt...
Page 114
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch figure 7- 14. Lacp port settings window to configure lacp port trunk settings, select a port range using the from and to drop-down menus, select either passive or active mode, and then click apply to let your change...
Page 115: Igmp Snooping
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch igmp snooping internet group management protocol (igmp) snooping allows the switch to recognize igmp queries and reports sent between network stations or devices and an igmp host. When enabled for igmp snooping, the...
Page 116
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch the igmp snooping settings. Vlan name this is the vlan name that, along with the vlan id, identifies the vlan for which to modify the igmp snooping settings. Query interval this field is used to set the time (in sec...
Page 117: Router Ports Settings
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch router ports settings a static router port is a port that has a multicast router attached to it. Generally, this router would have a connection to a wan or to the internet. Establishing a router port will allow mult...
Page 118
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch figure 7- 18. Router ports settings - edit window the following parameters can be viewed: parameter description vid (vlan id) this is the vlan id that, along with the vlan name, identifies the vlan where the multica...
Page 119: Igmp Authentication
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch igmp authentication igmp access authentication provides a client-server authentication protocol for specified ports on the switch. This function will secure access to an ip multicast group by using a user authentica...
Page 120
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch figure 7- 19. Igmp access control window select the range of ports you wish to enable or disable and click apply to implement changes made. 106.
Page 121
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch dynamic ip multicast learning to configure the dynamic ip multicast learning max entry settings on the switch, click l2 features > igmp snooping > dynamic ip multicast learning. Figure 7- 20. Dynamic ip multicast le...
Page 122: Ism Vlan Settings
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch ism vlan settings in a switching environment, multiple vlans may exist. Every time a multicast query passes through the switch, the switch must forward separate different copies of the data to each vlan on the syste...
Page 123
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch figure 7- 23. Igmp snooping multicast vlan settings – add window modified both the add and modify windows of the igmp multicast vlan settings have the following configurable fields. Parameter description vlan name e...
Page 124
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch figure 7- 24. Igmp snooping multicast vlan group list settings window enter a multicast group list for a particular entry and click add the new igmp snooping multicast vlan group list entry will be displayed on the ...
Page 125
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch figure 7- 27. Ip multicast address group list settings – group list window enter the multicast address list starting with the lowest in the range, and click apply. Limited multicast range settings the limited multic...
Page 126
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch figure 7- 28. Limited multicast range settings the following parameters can be set: parameter description from/to select a range of ports to be granted access or denied access from receiving multicast information. P...
Page 127: Max Multicast Group Settings
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch access this field is set to permit by default. Max multicast group settings the max multicast group settings enables the user to configure the ports on the switch that will be apart of the maximum filter group up to...
Page 128: Mld Snooping
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch mld snooping multicast listener discovery (mld) snooping is an ipv6 function used similarly to igmp snooping in ipv4. It is used to discover ports on a vlan that are requesting multicast data. Instead of flooding al...
Page 129
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch figure 7- 31. Mld snooping settings - edit window the following parameters may be viewed or modified: parameter description vlan id this is the vlan id that, along with the vlan name, identifies the vlan for which t...
Page 130
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch setting of 260 seconds. Done timer (1-16711450 sec) specifies the maximum amount of time a router can remain in the switch after receiving a done message from the group without receiving a node listener report. The ...
Page 131: Spanning Tree
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch figure 7- 33. Router port window (modify) the following parameters can be set: parameter description vid (vlan id) this is the vlan id that, along with the vlan name, identifies the vlan where the mld multicast rout...
Page 132
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch this protocol will also tag bpdu packets so receiving devices can distinguish spanning tree instances, spanning tree regions and the vlans associated with them. An msti id will classify these instances. Mstp will co...
Page 133
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch rstp is capable of a more rapid transition to a forwarding state - it no longer relies on timer configurations - rstp compliant bridges are sensitive to feedback from other rstp compliant bridge links. Ports do not ...
Page 134: Stp Bridge Global Settings
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch the loopback detection feature can only prevent bpdu loops on designated ports. It can detect a loop condition occurring on the user’s side connected to the edge port, but it cannot detect the loopback condition on ...
Page 135
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch figure 7- 36. Stp bridge global settings window – stp compatible the following parameters can be set: parameter description spanning tree protocol use the pull-down menu to enable or disable stp globally on the swit...
Page 136
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch on the switch. Mstp select this parameter to set the multiple spanning tree protocol (mstp) globally on the switch tx hold count (1-10) used to set the maximum number of hello packets transmitted per interval. The...
Page 137: Stp Port Settings
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch stp port settings stp can be set up on a port per port basis. To view the stp port settings window click l2 features > spanning tree > stp port settings: figure 7- 37. Stp port settings window in addition to setting...
Page 138
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch will be chosen to forward packets. Hello time this can be set from 1 to 2 seconds. This is the interval between two transmissions of bpdu packets sent by the root bridge to tell all other switches that it is indeed ...
Page 139
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch mst configuration identification the following windows in the mst configuration identification section allow the user to configure a msti instance on the switch. These settings will uniquely identify a multiple span...
Page 140
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch the user may configure the following parameters to create a msti in the switch. Parameter description msti id enter a number between 1 and 4 to set a new msti on the switch. Type create is selected to create a new m...
Page 141: Stp Instance Settings
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch figure 7- 41. Instance id settings window – modify the user may configure the following parameters for a msti on the switch. Parameter description msti id displays the msti id previously set by the user. Type this f...
Page 142: Mstp Port Information
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch click the modify button to change the priority of the msti. This will open the instance id settings window to configure. Figure 7- 43. Instance id settings - modify priority window the following parameters can be vi...
Page 143
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch figure 7- 45. Msti settings window the following parameters can be viewed or set: parameter description instance id displays the msti id of the instance being configured. An entry of 0 in this field denotes the cist...
Page 144: Loopback Detection Settings
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch loopback detection settings the loopback detection function is used to detect the loop created by a specific port. This feature is used to temporarily shutdown a port on the switch when a ctp (configuration testing ...
Page 145: Lldp
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch interval (1-32767) set a loopdetect interval between 1 and 32767 seconds. The default is 10 seconds. Recover time (0 or 60-1000000) time allowed (in seconds) for recovery when a loopback is detected. The loopdetect ...
Page 146
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch figure 7- 47. Lldp operation state settings window the following parameters can be set: parameter description lldp operation state when this function is enabled, the switch can start to transmit lldp packets and rec...
Page 147: Basic Lldp Port Settings
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch basic lldp port settings the following window is used to set up lldp on individual port(s) on the switch. To view this window click l2 features > lldp > basic lldp port settings. Figure 7- 48. Basic lldp port settin...
Page 148
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch parameter description from/to select a port or group of ports using the pull-down menus. Notification state update. In addition, the changed type includes any data update used to configure each port for sending noti...
Page 149
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch figure 7- 49. 802.1 extension lldp port settings table window 135.
Page 150
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch the following parameters can be set or displayed: parameter description from/to select a port or group of ports using the pull-down menus. Port vlan id use the drop-down menu to toggle port vlan id between enabled a...
Page 151
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch figure 7- 50. 802.3 extension lldp port settings table window the following parameters can be set or displayed: parameter description from/to select a port or group of ports using the pull-down menus. Mac/phy use th...
Page 152
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch configuration/status disabled. Link aggregation use the drop-down menu to toggle link aggregation between enabled and disabled. Maximum frame size use the drop-down menu to toggle maximum frame size between enabled ...
Page 153: Lldp Statistics
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch parameter description from/to select a port or group of ports using the pull-down menus. Address type displays the ipv4 address type. Address enter the lldp management address in this field. Port state use the drop-...
Page 154: Lldp Local Port Table
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch lldp management address table the following window is used to make entries to and display the lldp management address table. To view this window click l2 features > lldp > lldp management address table. Figure 7- 53...
Page 155
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch figure 7- 54. Lldp local port brief table window click the view button to display additional information about entries on the lldp local port brief table. 141.
Page 156: Lldp Remote Port Table
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch lldp remote port table the following window is used to display the lldp remote port brief table. To view this window click l2 features > lldp > lldp remote port table. Figure 7- 55. Lldp remote port brief table wind...
Page 157: Section 8
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch section 8 cos port bandwidth 802.1p default priority 802.1p user priority cos scheduling mechanism cos output scheduling priority settings tos priority settings dscp priority settings port mapping priority settings ...
Page 158
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch figure 8- 1. An example of the default cos mapping on the switch the picture above shows the default priority setting for the switch. Class-3 has the highest priority of the four priority classes of service on the s...
Page 159
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch for weighted round-robin queuing, the number of packets sent from each priority queue depends upon the assigned weight. For a configuration of eight cos queues, a~h with their respective weight value: 8~1, the packe...
Page 160: Port Bandwidth
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch port bandwidth the bandwidth control settings are used to place a ceiling on the transmitting and receiving data rates for any selected port. To view this window click cos > port bandwidth. Figure 8- 2. Port bandwid...
Page 161: 802.1P Default Priority
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch parameter description from/to a consecutive group of ports may be configured starting with the selected port. Type this drop-down menu allows you to select between rx (receive,) tx (transmit,) and both. This setting...
Page 162
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch figure 8- 3. 802.1p default priority window this window allows you to assign a default 802.1p priority to any given port on the switch. The priority tags are numbered from 0, the lowest priority, to 7, the highest p...
Page 163: 802.1P User Priority
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch 802.1p user priority when using 802.1p priority mechanism, the packet is examined for the presence of a valid 802.1p priority tag. If the tag is present, the packet is assigned to a programmable egress queue based o...
Page 164: Cos Output Scheduling
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch the scheduling mechanism has the following parameters. Parameter description strict denoting a strict scheduling will set the highest queue to be emptied first while the other queues will follow the weighted round-r...
Page 165: Priority Settings
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch priority settings the priority setting window will allow users to configure the cos priority settings on a port per port basis. When cos tagged packets arrive on the switch, they are mapped to the settings configure...
Page 166
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch figure 8- 7. Priority settings window 152.
Page 167: Tos Priority Settings
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch configure the following priority setting parameters: parameter description from/to users may select a port or group of ports to assign tos priority settings, based on the following main select field. Main select sel...
Page 168: Dscp Priority Settings
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch dscp priority settings when using the dscp/tos priority mechanism, the packet is classified based on the dscp/tos field in the ip header. If the tag is present, the packet is assigned to a programmable egress queue ...
Page 169
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch port mapping priority settings when using the port-based priority mechanism, the port-based priority (high or low) assigned to each ingress port determines the egress queue assigned to frames arriving via the given ...
Page 170: Mac Priority
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch mac priority when using the mac priority mechanism, the packet is classified based on the mac address field priority in the mac priority table entries. To configure a destination mac address for a cos queue, users m...
Page 171: Section 9
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch section 9 acl time range access profile table cpu interface filtering time range the des-3028/28p/28g/52/52p switches allow you to configure a time period when each access profile will be active. Use the window belo...
Page 172
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch to add an entry to the access profile table, click the add button. This will open the access profile configuration window, as shown below. There are three access profile configuration windows; one for ethernet (or m...
Page 173
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch ethernet type selecting this option instructs the switch to examine the ethernet type value in each frame's header. The window shown below is the access profile configuration window for ip. Figure 9- 4. Access profi...
Page 174
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch destination ip mask enter an ip address mask for the destination ip address. Dscp selecting this option instructs the switch to examine the diffserv code part of each packet header and use this as the, or part of th...
Page 175
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch figure 9- 5. Access profile configuration window (packet content mask) this screen will aid the user in switch to mask packet headers beginning with the offset value specified. The following fields are used to confi...
Page 176
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch like the common arp spoofing attack that is wide spread today. This is the reason why packet content acl is able to inspect any specified content of a packet in different protocol layers. Click apply to implement ch...
Page 177
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch parameter description profile id this is the identifier number for this profile set. Mode select permit to specify that the switch, according to any additional rule, forward the packets that match the access profile...
Page 178
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch figure 9- 8. Access rule display window (ip) to configure the access rule for ethernet, open the access profile table and click modify for an ethernet entry. If no entry exists only the add button will be displayed ...
Page 179
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch figure 9- 10. Access rule configuration window (ethernet) to set the access rule for ethernet, adjust the following parameters and click apply. Parameters description profile id this is the identifier number for thi...
Page 180
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch switch. The replace priority feature can only be used with dscp value and cannot be used with the ethernet rule. For more information on priority queues, cos queues and mapping for 802.1p, see the qos section of thi...
Page 181
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch figure 9- 12. Access rule table window (packet content mask) the user may search for the settings of a particular access id by entering that id into the access id field above and clicking find. The user may display ...
Page 182
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch switch and will be filtered. Rx rate (no limit:0) enter an rx rate in kbps. Access id (1- 65535) type in a unique identifier number between 1 and 65535 for this access or use auto assign. Auto assign – checking this...
Page 183: Cpu Interface Filtering
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch cpu interface filtering due to a chipset limitation and the need for extra switch security, the des-30xx switch series incorporates cpu interface filtering. This added feature increases the running security of the s...
Page 184
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch figure 9- 17. Cpu interface filtering configuration window – ethernet parameter description profile id (1-3) type in a unique identifier number for this profile set. This value can be set from 1 to 3. Type select pr...
Page 185
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch the following is the cpu interface filtering configuration window for ip. Figure 9- 18. Cpu interface filtering configuration window - ip the following parameters can be modified: parameter description profile id (1...
Page 186
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch select icmp to instruct the switch to examine the internet control message protocol (icmp) field in each frame's header. Select type to further specify that the access profile will apply an icmp type value, or speci...
Page 187
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch the following is the cpu interface filtering configuration window for the packet content mask. Figure 9- 19. Cpu interface filtering configuration window - packet content this window will aid the user in configuring...
Page 188
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch click apply to implement changes made. To establish the rule for a previously created cpu access profile: click acl > cpu interface filtering > cpu interface filtering profile table. Figure 9- 20. Cpu interface filt...
Page 189
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch figure 9- 22. Cpu interface filtering rule configuration window – ethernet to set the cpu access rule for ethernet, adjust the following parameters and click apply. Parameters description profile id this is the iden...
Page 190
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch port the cpu access rule may be configured on a per-port basis by entering the port number of the switch. Time range click the check box and enter the name of the time range settings that have been previously config...
Page 191
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch figure 9- 25. Cpu interface filtering rule configuration window – ip configure the following access rule configuration settings for ip: parameter description profile id this is the identifier number for this profile...
Page 192
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch to view the settings of a previously correctly configured rule, click in the access rule table to view the following window: window - ip the following window is the cpu interface filtering rule table for packet cont...
Page 193
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch figure 9- 28. Cpu interface filtering rule configuration window - packet content mask to set the access rule for ethernet, adjust the following parameters and click apply. Parameters description profile id this is t...
Page 194
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch the packet to the 15th byte. Value (16-31) - enter a value in hex form to mask the packet from byte 16 to byte 31. Value (32-47) - enter a value in hex form to mask the packet from byte 32 to byte 47. Value (48-63) ...
Page 195: Section 10
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch section 10 security traffic control port security port lock entries ip-mac-port binding ssl ssh 802.1x trusted host access authentication control traffic segmentation dos attack prevention traffic control on a compu...
Page 196
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch figure 10- 1. Traffic control settings window once the switch is in rest mode, the method of recovering this port is to manually recoup it using the port configuration window in the administration folder and selecti...
Page 197
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch the user may set the following parameters: parameter description traffic trap configuration traffic trap enable sending of storm trap messages when the type of action taken by the traffic control function in handlin...
Page 198
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch note: ports that are in the rest mode will be seen as discarding in spanning tree windows and implementations though these ports will still be forwarding bpdus to the switch’s cpu. Note: ports that are in rest mode ...
Page 199: Port Security
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch port security a given ports’ (or a range of ports') dynamic mac address learning can be locked such that the current source mac addresses entered into the mac address forwarding table can not be changed once the por...
Page 200: Port Lock Entries
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch port lock entries the port lock entries table window is used to remove an entry from the port security entries learned by the switch and entered into the forwarding database. To view the following window, click secu...
Page 201: Ip-Mac-Port Binding
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch ip-mac-port binding the ip network layer uses a four-byte address. The ethernet link layer uses a six-byte mac address. Binding these two address types together allows the transmission of data between the layers. Th...
Page 202
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch figure 10- 5. Imp port settings window the following fields can be set or modified: parameter description from port…to port select a port or range of ports to set for ip-mac binding. State use the pull-down menu to ...
Page 203: Imp Entry Settings
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch the entries for the ports. The port will check arp packets and ip packets by ip-mac-port binding entries. When the packet is found by the entry, the mac address will be set to dynamic. If the packet is not found by ...
Page 204: Dhcp Snooping Entries
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch dhcp snooping entries this table is used to view dynamic entries on specific ports. To view particular port settings, enter the port number and click find. To view all entries click view all, and to delete an entry,...
Page 205: Ssl
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch ssl secure sockets layer or ssl is a security feature that will provide a secure communication path between a host and client through the use of authentication, digital signatures and encryption. These security func...
Page 206
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch figure 10- 9. Download certificate and ciphersuite window to download certificates, set the following parameters and click apply. Parameter description certificate type enter the type of certificate to be downloaded...
Page 207
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch ciphersuite rsa with rc4 128 md5 this ciphersuite combines the rsa key exchange, stream cipher rc4 encryption with 128- bit keys and the md5 hash algorithm. Use the pull-down menu to enable or disable this ciphersui...
Page 208: Ssh
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch ssh ssh is an abbreviation of secure shell, which is a program allowing secure remote login and secure network services over an insecure network. It allows a secure login to remote host computers, a safe method of e...
Page 209
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch parameter description ssh server status use the pull-down menu to enable or disable ssh on the switch. The default is disabled. Max session (1-8) enter a value between 1 and 8 to set the number of users that may sim...
Page 210
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch the following algorithms may be set: parameter description ssh authentication mode and algorithm settings password this parameter may be enabled if the administrator wishes to use a locally configured password for a...
Page 211: Ssh User Authentication
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch ssh user authentication the following windows are used to configure parameters for users attempting to access the switch through ssh. To access the following window, click security > ssh > ssh user authentication mo...
Page 212: 802.1X
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch 802.1x 802.1x port-based and host-based access control the ieee 802.1x standard is a security measure for authorizing and authenticating users to gain access to various wired or wireless devices on a specified local...
Page 213
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch authentication server the authentication server is a remote device that is connected to the same network as the client and authenticator, must be running a radius server program and must be configured properly on th...
Page 214
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch client the client is simply the endstation that wishes to gain access to the lan or switch services. All endstations must be running software that is compliant with the 802.1x protocol. For users running windows xp,...
Page 215
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch detects events that indicate the attachment of an active device at the remote end of the link, or an active device becoming inactive. These events can be used to control the authorization state of the port and initi...
Page 216
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch 802.1x host-based access control radius server ethernet switch 802.1x client network access controlled port network access uncontrolled port 802.1x client 802.1x client 802.1x client 802.1x client 802.1x client 802....
Page 217
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch attribute-specific field used to assign the bandwidth of the port unit (kbits) required if the user has configured the bandwidth attribute of the radius server (for example, ingress bandwidth 1000kbps) and the 802.1...
Page 218
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch limitations using the guest vlan 1. Guest vlans are only supported for port-based. Host-based cannot undergo this procedure. 2. Ports supporting guest vlans cannot be gvrp enabled and vice versa. 3. A port cannot be...
Page 219
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch 802.1x authenticator settings to configure the 802.1x authenticator settings, click security > 802.1x > 802.1x authenticator settings: figure 10- 23. 802.1x authenticator settings window to configure the settings by...
Page 220
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch figure 10- 24. 802.1x authenticator settings window (modify) this window allows users to set the following features: parameter description from/to] enter the port or ports to be set. Admdir sets the administrative-c...
Page 221
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch supptimeout this value determines timeout conditions in the exchanges between the authenticator and the client. The default setting is 30 seconds. Servertimeout this value determines timeout conditions in the exchan...
Page 222: Local Users
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch local users this window will allow the user to set different local users on the switch. To view this window click security > 802.1x > 802.1x user. Figure 10- 25. Local users configuration window enter a user name, p...
Page 223: 802.1X Capability Settings
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch 802.1x capability settings this window will allow the user to set the capability settings for individual ports or range of ports on the switch. To view this window click security > 802.1x > 802.1x capability setting...
Page 224
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch figure 10- 27. Configure 802.1x guest vlan window the following fields may be modified to enable the guest 802.1x vlan: parameter description vlan name enter the pre-configured vlan name to create as a guest 802.1x ...
Page 225
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch parameter description from and to select ports to be initialized. Auth pae state the authenticator pae state will display one of the following: initialize, disconnected, connecting, authenticating, authenticated, ab...
Page 226
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch reauthenticate port(s) for port based 802.1x this window allows reauthentication of a port or group of ports by using the pull-down menus from and to and clicking apply. The reauthenticate port table displays the cu...
Page 227: Radius Server
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch reauthenticate port(s) for host-based 802.1x to reauthenticate ports for the host side of 802.1x, the user must first enable 802.1x by mac address in the des-30xx web management tool window. Click security > 802.1x ...
Page 228: Trusted Host
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch parameter description radius timeout (1- 255 sec) this field is used to set the time the switch will wait for a response from the radius server. The user may set a time between 0 and 255 seconds. The default setting...
Page 229
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch add trusted host ip submask enter a list of trusted host ip submasks that will be given permission to access the switch. Access authentication control the tacacs/xtacacs/tacacs+/radius commands allow users to secure...
Page 230
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch authentication policy and parameter settings this command will enable an administrator-defined authentication policy for users trying to access the switch. When enabled, the device will check the login method list a...
Page 231: Authentication Server Group
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch parameter description application lists the configuration applications on the switch. The user may configure the login method list and enable method list for authentication for users utilizing the console (command l...
Page 232: Authentication Server Host
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch figure 10- 37. Add a server host to server group (radius) window to add an authentication server host to the list, enter its ip address in the ip address field, choose the protocol associated with the ip address of ...
Page 233
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch figure 10- 39. Authentication server host settings window to add an authentication server host, click the add button, revealing the following window: figure 10- 40. Authentication server host settings – add window t...
Page 234
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch tacacs+ - enter this parameter if the server host utilizes the tacacs+ protocol. Radius - enter this parameter if the server host utilizes the radius protocol. Port (1-65535) enter a number between 1 and 65535 to de...
Page 235: Login Method Lists
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch login method lists this command will configure a user-defined or default login method list of authentication techniques for users logging on to the switch. The sequence of techniques implemented in this command will...
Page 236: Enable Method Lists
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch figure 10- 44. Login method list – add window to define a login method list, set the following parameters and click apply: parameter description method list name enter a method list name defined by the user of up to...
Page 237
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch to view the following table, click security > access authentication control > enable method lists: figure 10- 45. Enable method list settings window to delete an enable method list defined by the user, click the und...
Page 238
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch methods to this method list: local_enable - adding this parameter will require the user to be authenticated using the local enable password database on the switch. The user in the next section entitled local enable ...
Page 239: Enable Admin
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch configure local enable password this window will configure the locally enabled password for the enable admin command. When a user chooses the "local_enable" method to promote user level privileges to administrator p...
Page 240: Traffic Segmentation
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch traffic segmentation traffic segmentation is used to limit traffic flow from a single port to a group of ports on a single switch. This method of segmenting the flow of traffic is similar to using vlans to limit tra...
Page 241: Dos Attack Prevention
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch figure 10- 52. Setup forwarding ports window this window allows the user to determine which port on a given switch will be allowed to forward packets to other ports on that switch. To configure traffic segmentation,...
Page 242
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch figure 10- 53. Dos attack prevention window the following parameters may be set. Parameter description type select the type of attack from the list below or choose all to select all attack types. Land attack – a lan...
Page 243
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch tcp synfin – a tcp synfin works by using syn and fin bits set into the tcp packets. These packets will leave the victim unable to get normal syn packets and a large amount of these packets will result in the victim ...
Page 244
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch figure 10- 56. Dos smurf attack prevention window – summary window figure 10- 57. Dos tcp null scan prevention window – summary window figure 10- 58. Dos tcp xmascan prevention window – summary window 230
Page 245
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch figure 10- 59. Dos tcp synfin prevention window – summary window figure 10- 60. Dos tcp syn srcport less 1024 prevention window – summary window 231.
Page 246: Section 11
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch section 11 monitoring cpu utilization port utilization packets packet errors packet size mac address switch log igmp snooping group browse router port vlan status mld snooping group browse mld snooping router port s...
Page 247: Port Utilization
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch figure 11- 1. Cpu utilization graph the window will automatically refresh with new updated statistics. The information is described as follows: parameter description time interval select the desired setting between ...
Page 248: Packets
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch figure 11- 2. Port utilization window the user may use the real-time graphic of the switch at the top of the web page to view utilization statistics per port by clicking on a port. Click apply to implement changes m...
Page 249: Received (Rx)
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch received (rx) the following graph displays packets received by the switch. To select a port to view these statistics for, use the port pull-down menu. The user may also use the real-time graphic of the switch at the...
Page 250
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch figure 11- 4. Rx packets analysis table the following fields may be set or viewed: parameter description time interval select the desired setting between 1s and 60s, where "s" stands for seconds. The default value i...
Page 251: Umb Cast (Rx)
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch umb cast (rx) the following graph displays umb cast packets received by the switch. To select a port to view these statistics for, use the port pull-down menu. The user may also use the real-time graphic of the swit...
Page 252
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch figure 11- 6. Rx packets analysis window (table for unicast, multicast, and broadcast packets) the following fields may be set or viewed: parameter description time interval select the desired setting between 1s and...
Page 253: Transmitted (Tx)
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch transmitted (tx) the following graph displays the packets transmitted from the switch. To select a port to view these statistics for, use the port pull-down menu. The user may also use the real-time graphic of the s...
Page 254
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch figure 11- 8. Tx packets analysis window (table for bytes and packets) the following fields may be set or viewed: parameter description time interval select the desired setting between 1s and 60s, where "s" stands f...
Page 255: Packet Errors
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch packet errors the web manager allows port error statistics compiled by the switch's management agent to be viewed as either a line graph or a table. Four windows are offered. Received (rx) the following graph displa...
Page 256
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch figure 11- 10. Rx error analysis window (table) the following fields can be set: parameter description time interval select the desired setting between 1s and 60s, where "s" stands for seconds. The default value is ...
Page 257: Transmitted (Tx)
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch transmitted (tx) the following graph displays error packets received by the switch. To select a port to view these statistics for, select the port by using the port pull-down menu. The user may also use the real-tim...
Page 258
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch figure 11- 12. Tx error analysis window (table) the following fields may be set or viewed: parameter description time interval select the desired setting between 1s and 60s, where "s" stands for seconds. The default...
Page 259: Packet Size
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch packet size the web manager allows packets received by the switch, arranged in six groups and classed by size, to be viewed as either a line graph or a table. Two windows are offered. To select a port to view these ...
Page 260
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch figure 11- 14. Rx size analysis window (table) the following fields can be set or viewed: parameter description time interval select the desired setting between 1s and 60s, where "s" stands for seconds. The default ...
Page 261: Mac Address
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch mac address this allows the switch's dynamic mac address forwarding table to be viewed. When the switch learns an association between a mac address and a port number, it makes an entry into its forwarding table. The...
Page 262
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch the following fields can be viewed or set: parameter description vlan name enter a vlan name by which to browse the forwarding table. Mac address enter a mac address by which to browse the forwarding table. Port sel...
Page 263: Switch Log
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch switch log the web manager allows the switch's history log, as compiled by the switch's management agent, to be viewed. To view the switch history log, click monitoring > switch log. Figure 11- 16. Switch history lo...
Page 264: Igmp Snooping Group
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch igmp snooping group this window allows the switch’s igmp snooping group table to be viewed. Igmp snooping allows the switch to read the multicast group ip address and the corresponding mac address from igmp packets ...
Page 265: Browse Router Port
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch browse router port this window displays which of the switch’s ports are currently configured as router ports. A router port configured by a user (using the console or web-based management interfaces) is displayed as...
Page 266
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch figure 11- 20. Mld snooping group window the following field can be viewed: parameter description vid the vlan id to identify the mld multicast group. Vlan name the vlan name of the mld multicast group. Source group...
Page 267: Static Arp Settings
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch static arp settings this window will show current arp entries on the switch.To clear the arp table, click clear all. To view this window click monitoring > static arp settings. Figure 11- 22. Static arp settings win...
Page 268
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch figure 11- 25. Arp-fdb window to search for information regarding a specific entry, enter the appropriate information and click find. The arp-fdb entries will be displayed in the arp-fdb table, to add an entry to th...
Page 269: Gratuitous Arp Settings
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch gratuitous arp settings this window will show the gratuitous arp settings on the switch. An arp announcement (also known as gratuitous arp) is a packet (usually an arp request) containing a valid sha (sender hardwar...
Page 270: Session Table
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch interval after making the desired changes, click apply to implement the new gratuitous arp table entry. Session table the session table allows the user to view detailed information on the current configuration sessi...
Page 271
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch parameter description server the identification number assigned to each radius authentication server that the client shares a secret with. Udp port the udp port the client is using to send requests to this server. T...
Page 272: Radius Accounting
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch radius accounting this window shows managed objects used for managing radius accounting clients, and the current statistics associated with them. It has one row for each radius authentication server that the client ...
Page 273: Reset
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch unknowntypes the number of radius packets of unknown type which were received from this server on the accounting port. Packetsdropped the number of radius packets, which were received from this server on the account...
Page 274: Reboot System
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch reboot system the following window is used to restart the switch. Figure 11- 32. Reboot system window clicking the yes radio button will instruct the switch to save the current configuration to non-volatile ram befo...
Page 275: Logout
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch logout click the logout button on the logout window to immediately exit the switch. Figure 11- 34. Logout window 261.
Page 276: Appendix A
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch appendix a technical specifications general protocols fiber-optic ieee 802.3 10base-t ethernet ieee 802.3u 100base-tx fast ethernet ieee 802.3ab 1000base-t gigabit ethernet ieee 802.3z 1000base-t (sfp “mini gbic”) i...
Page 277
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch internal power supply input: des-3028/des-3052/des-3028g - 100~240v, ac/0.5a, 50~60hz des-3052p - 100~240v, ac/5a, 50~60hz des-3028p - 100~240v, ac/2.9a, 50~60hz output: des-3028/des-3052/des-3028g: 12v, 3.3a (max) ...
Page 278
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch poe features poe capable ports des-3028p:random 12 ports des-3052p:random 24 ports max 15.4w per port power feeding for poe des-3028p: per port 15.4w (default), output capacity for des-3028p185w des-3052p: per por...
Page 279
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch led indicators location led indicative color status description solid light power on power green light off power off solid light console on blinking post is in progress/ post is failure. Per device console green lig...
Page 280
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch feature detailed description internal power supply ac input: 100 - 240 vac, 50-60 hz performance feature detailed description wire speed on all fe/ge ports full-wire speed (full-duplex) operation on all fe/ge ports ...
Page 281
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch 1. Dem-310gt (1000base-lx) 2. Dem-311gt (1000base-sx) 3. Dem-314gt (1000base-lh) 4. Dem-315gt (1000base-zx) 5. Dem-210 (single mode 100base-fx) 6. Dem-211 (multi mode 100base-fx) wdm transceiver supported: 1.Dem-330...
Page 282: Appendix B
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch appendix b system log entries the following table lists all possible entries and their corresponding meanings that will appear in the system log of this switch. Category event description log content severity system...
Page 283
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch configuration download by console was unsuccessful configuration download by console was unsuccessful! (username: ) warning configuration successfully uploaded configuration successfully uploaded (username: , ip: ) ...
Page 284
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch logout through web logout through web (username: , ip: ) informational successful login through web (ssl) successful login through web (ssl) (username: , ip: ) informational login failed through web (ssl) login fail...
Page 285
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch logout through ssh logout through ssh (username: , ip: ) informational ssh session timed out ssh session timed out (username: , ip: ) informational ssh server is enabled ssh server is enabled informational ssh serve...
Page 286
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch successful login through ssh authenticated by aaa local method successful login through ssh from authenticated by aaa local method (username: ) informational login failed through ssh authenticated by aaa local metho...
Page 287
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch login failed through web due to aaa server timeout or improper configuration login failed through web from due to aaa server timeout or improper configuration (username:) warning successful login through web (ssl) a...
Page 288
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch successful enable admin through web authenticated by aaa local_enable method successful enable admin through web from authenticated by aaa local_enable method (username: ) informational enable admin failed through w...
Page 289
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch successful enable admin through web (ssl) authenticated by aaa none method. Successful enable admin through web(ssl) from authenticated by aaa none method (username: ) informational successful enable admin through t...
Page 290
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch enable admin failed through web(ssl) due to aaa server timeout or improper configuration enable admin failed through web(ssl) due to aaa server timeout or improper configuration (username: ) warning successful enabl...
Page 291
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch ip:,mac:) safeguard engine safeguard engine is in normal mode safeguard engine enters normal mode informational safeguard engine is in exhausted mode safeguard engine enters exhausted mode warning packet storm broad...
Page 292: Standard Trap List
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch 278 802.1x authentication failure 802.1x authentication failure from (username: , port , mac: ) warning 802.1x authentication failure for the radius server 802.1x authentication failure for the radius server timeout...
Page 293: Proprietary Trap List
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch 1.3.6.1.6.3.1.1.5.4 ifadminstatus ifoperstatus (if-mib) newroot 1.3.6.1.2.1.17.0.1 none v2 rfc1493 (bridge-mib) topologychange 1.3.6.1.2.1.17.0.2 none v2 rfc1493 (bridge-mib) proprietary trap list trap name/oid vari...
Page 294
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch 1.3.6.1.4.1.171.11.63.11.2.20.0.1 280
Page 295: Appendix C
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch appendix c cable lengths use the following table to as a guide for the maximum cable lengths. Standard media type maximum distance mini-gbic 1000base-lx, single-mode fiber module 1000base-sx, multi-mode fiber module...
Page 296: Appendix D
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch appendix d password recovery procedure this document describes the procedure for resetting passwords on d-link switches. Authenticating any user who tries to access networks is necessary and important. The basic aut...
Page 297
Des-3028 des-3028p des-3028g des-3052 des-3052p layer 2 fast ethernet managed switch command parameters accounts. Reset password {} the reset password command resets the password of the specified user. If a username is not specified, the password of all users will be reset. Show account the show acc...
Page 298: Appendix E
Appendix e glossary 1000base-sx: a short laser wavelength on multimode fiber optic cable for a maximum length of 2000 meters 1000base-lx: a long wavelength for a "long haul" fiber optic cable for a maximum length of 10 kilometers 100base-fx: 100mbps ethernet implementation over fiber. 100base-tx: 10...
Page 299
Lan - local area network: a network of connected computing resources (such as pcs, printers, servers) covering a relatively small geographic area (usually not larger than a floor or building). Characterized by high data rates and low error rates. Latency: the delay between the time a device receives...
Page 300: Appendix E
Appendix e arp packet content acl address resolution protocol (arp) is the standard method for finding a host's hardware address (mac address) when only its ip address is known. This protocol is vulnerable so hackers can spoof the ip and mac information in the arp packets to attack a lan (known as a...
Page 301
When the switch receives the frame, it will check the “source address” in the ethernet frame’s header. If the address is not in its forwarding table, the switch will learn pc a’s mac and the associated port and enter them in its forwarding table. Port1 00-20-5c-01-11-11 forwarding table in addition,...
Page 302
H/w type protocol type h/w address length protocol address length operation arp reply sender h/w address 00-20-5c-01-11-11 sender protocol address 10.10.10.1 target h/w address 00-20-5c-01-22-22 target protocol address 10.10.10.2 table – 3 (arp payload) when pc b replies to the query, “destination a...
Page 303
How arp spoofing attacks a network arp spoofing, also known as arp poisoning, is a method to attack an ethernet network which may allow an attacker to sniff data frames on a lan, modify the traffic, or stop the traffic altogether (known as a denial of service - dos attack). The principle of arp spoo...
Page 304
Gratuitous arp ethernet header destination address source address ethernet type h/w type protocol type h/w address length protocol address length operation sender h/w address sender protocol address target h/w address target protocol address (6-byte) (6-byte) (2-byte) (2-byte) (2-byte) (1-byte) (1-b...
Page 305
Prevent arp spoofing via packet content acl concerning the common dos attack today caused by the arp spoofing, d-link managed switches can effectively mitigate it via its unique packet content acl. The reason for this is that basic acls can only filter arp packets based on packet type, vlan id, sour...
Page 308
Fcc warning this equipment has been tested and found to comply with the limits for a class a digital device, pursuant to part 15 of the fcc rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This ...
Page 309
Fiber optic ports - optical safety the following safety warnings apply to all optical devices used in equipment that are removable or directly installed in an i/o module or chassis system. Such devices include but are not limited to gigabit interface converters (gbics), small form factor pluggable (...
Page 310: Warranties/registration
Warranties/registration limited warranty d-link provides this limited warranty for its product only to the person or entity who originally purchased the product from d-link or its authorized reseller or distributor. D-link would fulfill the warranty obligation according to the local warranty policy ...
Page 311
Disclaimer of other warranties: except for the limited warranty specified herein, the product is provided “as-is” without any warranty of any kind including, without limitation, any warranty of merchantability, fitness for a particular purpose and non-infringement. If any implied warranty cannot be ...
Page 312
Subject to the terms and conditions set forth herein, d-link systems, inc. (“d-link”) provides this limited warranty: only to the person or entity that originally purchased the product from d-link or its authorized reseller or distributor, and only for products purchased and delivered within the fif...
Page 313
Pertaining to the product. While necessary maintenance or repairs on your product can be performed by any company, we recommend that you use only an authorized d-link service office. Improper or incorrectly performed maintenance or repair voids this limited warranty. Disclaimer of other warranties: ...
Page 314: Product Registration
Product registration register your d-link product online at http://support.Dlink.Com/register/ product registration is entirely voluntary and failure to complete or return this form will not diminish your warranty rights..
Page 315: Limited Warranty
Limited warranty d-link provides this limited warranty for its product only to the person or entity who originally purchased the product from d-link or its authorized reseller or distributor. D-link would fulfill the warranty obligation according to the local warranty policy in which you purchased o...
Page 316
Conforming software, the price paid by the original licensee for the non-conforming software will be refunded by d-link; provided that the non-conforming software (and all copies thereof) is first returned to d-link. The license granted respecting any software for which a refund is given automatical...
Page 317
Operational adjustments covered in the operating manual for the product, and normal maintenance; damage that occurs in shipment, due to act of god, failures due to power surge, and cosmetic damage; and any hardware, software, firmware or other products or services provided by anyone other than d- li...
Page 318: Fcc Warning
Registered trademark of d-link corporation/d-link systems, inc. All other trademarks belong to their respective proprietors. Copyright statement no part of this publication may be reproduced in any form or by any means or used to make any derivative such as translation, transformation, or adaptation...
Page 319: Tech Support
Tech support technical support you can find software updates and user documentation on the d-link website. D-link provides free technical support for customers within the united states and within canada for the duration of the service period, and warranty confirmation service, during the warranty pe...
Page 320: Technical Support
Technical support united kingdom (mon-fri) home wireless/broadband 0871 873 3000 (9.00am–06.00pm, sat 10.00am-02.00pm) managed, smart, & wireless switches, or firewalls 0871 873 0909 (09.00am – 05.30pm) (bt 10ppm, other carriers may vary.) ireland (mon-fri) all products 1890 886 899 (09.00am-06.00pm...
Page 321: Technical Support
Assistance technique d-link par téléphone : 0 820 0803 03 0,12 €/min la minute : lundi – vendredi de 9h à 13h et de 14h à 19h samedi 9h à 13h et de 14h à 16h assistance technique d-link sur internet : http://www.Dlink.Fr technical support telefono: 199400057 http://www.Dlink.It/support supporto tecn...
Page 322: Pomoc Techniczna
Pomoc techniczna telefoniczna pomoc techniczna firmy d-link: 0 801 022 021 pomoc techniczna firmy d-link świadczona przez internet: url: http://www.Dlink.Pl e-mail: serwis@dlink.Pl technická podpora land line 1,78 czk/min - mobile 5.40 czk/min technikai támogatás tel. : 06 1 461-3001 fax : 06 1 461-...
Page 323: Teknisk Support
Teknistä tukea asiakkaille suomessa: arkisin klo. 9 - 21 numerosta : 06001 5557 internetin kautta : http://www.Dlink.Fi Τεχνική Υποστήριξη teknisk support d-link teknisk support via telefon: 0900-100 77 00 vardagar 08.00-20.00 d-link teknisk support via internet: http://www.Dlink.Se assistência técn...
Page 324: Tehnična Podpora
Hvala vam na odabiru d-link proizvoda. Za dodatne informacije, podršku i upute za korištenje uređaja, molimo vas da posjetite d-link internetsku stranicu na www.Dlink.Eu www.Dlink.Biz/hr tehnična podpora zahvaljujemo se vam, ker ste izbrali d-link proizvod. Za vse nadaljnje informacije, podporo ter ...
Page 325: Technical Support
Technical support you can find software updates and user documentation on the d-link website. Tech support for customers in australia: tel: 1300-766-868 24/7(24hrs, 7days a week) technical support http://www.Dlink.Com.Au e-mail: support@dlink.Com.Au india: tel: 1800-222-002 9.00 am to 9.00 pm. All d...
Page 326: Technical Support
Technical support you can find software updates and user documentation on the d-link website. Tech support for customers in egypt: tel: +202-2919035 or +202-2919047 sunday to thursday 9:00am to 5:00pm http://support.Dlink-me.Com email: support.Eg@dlink-me.Com iran: te: +98-21-88880918,19 saturday to...
Page 327
Техническая поддержка Обновления программного обеспечения и документация доступны на Интернет-сайте d-link. D-link предоставляет бесплатную поддержку для клиентов в течение гарантийного срока. Клиенты могут обратиться в группу технической поддержки d-link по телефону или через Интернет. Техническая ...
Page 328: Soporte Técnico
Soporte tÉcnico usted puede encontrar actualizaciones de softwares o firmwares y documentación para usuarios a través de nuestro sitio www.Dlinkla.Com soporte tÉcnico para usuarios en latino america soporte técnico a través de los siguientes teléfonos de d-link pais numero horario argentina 0800 - 1...
Page 329: Suporte Técnico
Suporte técnico você pode encontrar atualizações de software e documentação de usuário no site da d-link brasil. A d-link fornece suporte técnico gratuito para clientes no brasil durante o período de vigência da garantia deste produto. Suporte técnico para clientes no brasil: telefone são paulo +11-...
Page 330
D-link 友訊科技 台灣分公司 技術支援資訊 如果您還有任何本使用手冊無法協助您解決的產品相關問題,台灣 地區用戶可以透過我們的網站、電子郵件或電話等方式與d-link台灣地區技術支援 工程師聯絡。 d-link 免付費技術諮詢專線 0800-002-615 服務時間:週一至週五,早上9:00到晚上9:00 (不含周六、日及國定假日) 網 站:http://www.Dlink.Com.Tw 電子郵件:dssqa_service@dlink.Com.Tw 如果您是台灣地區以外的用戶,請參考d-link網站全球各地 分公司的聯絡資訊以取得相關支援服務。 產品保固期限、台灣區維修據點查詢,請參考...
Page 331: Dukungan Teknis
Dukungan teknis update perangkat lunak dan dokumentasi pengguna dapat diperoleh pada situs web d-link. Dukungan teknis untuk pelanggan: dukungan teknis d-link melalui telepon: tel: +62-21-5731610 dukungan teknis d-link melalui internet: email : support@dlink.Co.Id website : http://support.Dlink.Co.I...
Page 332: Technical Support
Technical support この度は弊社製品をお買い上げいただき、誠にありがとうご ざいます。 下記弊社 web サイトからユーザ登録及び新製品登録を 行っていただくと、ダウンロードサービスにて サポート情報、ファームウェア、ユーザマニュアルを ダウンロードすることができます。 ディーリンクジャパン web サイト url:http://www.Dlink-jp.Com.
Page 333
技術支持 您可以在 d-link 的官方網站找到產品的軟件升級和使用手冊 办公地址:北京市东城区北三环东路 36 号 环球贸易中心 b 座 26f 02-05 室 邮编: 100013 技术支持中心电话: 8008296688/ (028)66052968 技术支持中心传真: (028)85176948 维修中心地址:北京市东城区北三环东路 36 号 环球贸易中心 b 座 26f 02-05 室 邮编: 100013 维修中心电话: (010) 58257789 维修中心传真: (010) 58257790 网址: http://www.Dlink.Com.Cn 办公时间:周一到周五,早 09...