- DL manuals
- D-Link
- Network Router
- DGS-3700-12
- User manual
D-Link DGS-3700-12 User manual - Understanding Qos
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual
149
Understanding QoS
The Switch has eight priority queues. These priority queues are labeled from 0-7, with 7 being the highest priority
queue and 0 the lowest priority queue. The eight priority tags, specified in IEEE 802.1p are mapped to the Switch's
priority queue as follows:
Priority 0 is assigned to the Switch's Q2 queue.
Priority 1 is assigned to the Switch's Q0 queue.
Priority 2 is assigned to the Switch's Q1 queue.
Priority 3 is assigned to the Switch's Q3 queue.
Priority 4 is assigned to the Switch's Q4 queue.
Priority 5 is assigned to the Switch's Q5
queue.
Priority 6 is assigned to the Switch's Q6 queue.
Priority 7 is assigned to the Switch's Q7 queue.
For strict priority-based scheduling, any packets residing in the higher priority queues are transmitted first. Multiple
strict priority queues empty based on their priority tags. Only when these queues are empty, are packets of lower
priority transmitted.
For weighted round-robin queuing, the number of packets sent from each priority queue depends upon the assigned
weight. For a configuration of 8 CoS queues, A~H, with their respective weight value: 8~1. When each queue has 10
outbound packets, they are sent in the following sequence:
A1, B1, C1, D1, E1, F1, G1, H1,
A2, B2, C2, D2, E2, F2, G2,
A3, B3, C3, D3, E3, F3,
A4, B4, C4, D4, E4,
A5, B5, C5, D5,
A6, B6, C6,
A7, B7,
A8,
A9, B8, C7, D6, E5, F4, G3, H2,
A10, B9, C8, D7, E6, F5, G4
B10, C9, D8, E7, F6,
C10, D9, E8,
D10,
E9, F7, G5, H3,
E10, F8, G6,
F9,
F10, G7, H4,
G8,
G9, H5,
G10, H6 ~ H10
For weighted round robin queuing, if each CoS queue has the same weight value, then each CoS queue has an equal
opportunity to send packets just like round robin queuing.
Remember that the DGS-3700 Series has eight priority queues (and eight Classes of Service) for each port on the
Switch.
Summary of DGS-3700-12
Page 1
User manual product model: dgs-3700 series layer 2 managed gigabit ethernet switch release 2.00
Page 2
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual ii _________________________________________________________________________________ information in this document is subject to change without notice. © 2010 d-link corporation. All rights reserved. Reproduction in any manner whats...
Page 3: Table Of Contents
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 1 table of contents intended readers ....................................................................................................................................................... 11 typographical conventions.................
Page 4
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 2 arp ............................................................................................................................................................................. 33 static arp settings ...............................
Page 5
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 3 l2 features ................................................................................................................................... 60 vlan ................................................................................
Page 6
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 4 stp port settings .................................................................................................................................................................... 89 mst configuration identification .............
Page 7
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 5 ipv4 max multicast group settings ........................................................................................................................................ 122 ipv6 multicast filtering ................................
Page 8
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 6 dscp trust settings .............................................................................................................................................................. 157 dscp map settings ...............................
Page 9
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 7 dhcp snooping entry ........................................................................................................................................................... 213 nd snoop ...........................................
Page 10
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 8 ssh ........................................................................................................................................................................... 243 ssh settings .......................................
Page 11
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 9 ethernet oam settings .......................................................................................................................................................... 278 ethernet oam configuration settings ...............
Page 12
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 10 configuration file backup & restore ....................................................................................................................... 305 upload log file .......................................................
Page 13: Intended Readers
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 11 intended readers the dgs-3700 series user manual contains information for setup and management of the switch. This manual is intended for network managers familiar with network management concepts and terminology. Typographical ...
Page 14: Section 1
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 12 section 1 web-based switch configuration introduction login to web manager web-based user interface web pages introduction all software functions of the switch can be managed, configured and monitored via the embedded web-based ...
Page 15: Web-Based User Interface
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 13 web-based user interface the user interface provides access to various switch configuration and management windows, allows you to view performance statistics, and permits you to graphically monitor the system status. Areas of th...
Page 16: Web Pages
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 14 notice: any changes made to the switch configuration during the current session must be saved in the save changes window (explained below) or use the command line interface (cli) command save. Web pages when you connect to the m...
Page 17: Section 2
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 15 section 2 system configuration device information system information settings dual configuration settings firmware information settings port configuration serial port settings warning temperature settings system log configuratio...
Page 18
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 16 system information settings thiswindow contains the system information details. The user may enter a system name, system location and system contact to aid in defining the switch, to the user's preference. This window displays t...
Page 19
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 17 store two configuration files for use. Id 1 will be the default boot up configuration file for the switch unless otherwise configured by the user. Version displays the firmware version set in the switch. Size (bytes) displays th...
Page 20: Port Configuration
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 18 port rs232. T – if the ip address has this letter attached to it, it denotes a firmware upgrade through telnet. S – if the ip address has this letter attached to it, it denotes a firmware upgrade through the simple network manag...
Page 21
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 19 trap log specifies whether or not to send the trap and log, when the operating parameter exceeds the alarm or warning threshold. From port /to port specifies a port or range of ports to be configured. State specifies to enable o...
Page 22
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 20 figure 2- 7 ddm voltage threshold settings window the following fields can be configured: parameter description from port / to port specifies a port or range of ports to be configured. High alarm this is the highest threshold fo...
Page 23
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 21 click apply to implement changes made. Ddm tx power threshold settings this table is used to configure the threshold of tx power for specific ports on the switch. To view this window, click system configuration > port configurat...
Page 24: Ddm Status Table
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 22 from port /to port specifies a port or range of ports to be configured. High alarm this is the highest threshold for the alarm. When the operating parameter rises above this value, action associated with the alarm will be taken....
Page 25
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 23 use the remaining pull-down menus to configure the parameters described below: figure 2- 12 port settings window the following parameters can be configured: parameter description from port /to port use the pull-down menus to sel...
Page 26: Port Description Settings
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 24 flow control displays the flow control scheme used for the various port configurations. Ports configured for full-duplex use 802.3x flow control, half-duplex ports use backpressure flow control, and auto ports use an automatic s...
Page 27: Jumbo Frame Settings
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 25 parameter description port displays the port that has been error disabled. Port state describes the current running state of the port, whether enabled or disabled. Connection status this field will read the uplink status of the ...
Page 28: System Log Configuration
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 26 warning temperature settings the following window is used to set trap and log states for warnings about system temperature, and to set the high and low temperature thresholds that trigger the trap and log. To view this window, c...
Page 29: System Log Server Settings
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 27 figure 2- 18 system log settings window the following parameters can be set: parameter description system log to activate the system log select enabled or disabled. Save mode use this drop-down menu to specify the method that wi...
Page 30: System Log
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 28 (514 or 6000-65535) severity this drop-down menu allows you to select the level of messages that will be sent. The options are emergency, alert, critical, error, warning, notice, informational, and debug. Facility some of the op...
Page 31: System Severity Settings
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 29 the information in the table is categorized as: parameter description log type choose the type of log to view. There are two choices: severity – choose emergency, alert, critical, error, warning, notice, informational, and debu ...
Page 32: Time Settings
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 30 here, the time range settings are to be applied to an access profile rule using the access profiletable. The user may enter up to 64 time range entries on the switch. To view this window, click system configuration > time range ...
Page 33
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 31 to view this window, click system configuration > user accounts settings,as shown below: figure 2- 24 user accounts settings window the following fields can be set: parameter description user name the name of the user, an alphan...
Page 34
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 32 notice: in case of lost passwords or password corruption, please refer to the d-link website and the white paper entitled “password recovery procedure”, which will guide you through the steps necessary to resolve this issue. Adm...
Page 35: Section 3
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 33 section 3 management arp ipv6 neighbor settings ip interface management settings out of band management settings session table single ip management snmp settings telnet settings web settings arp the arp section includes static a...
Page 36: Arp Table
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 34 mac address the mac address of the arp entry. After entering the ip address and mac address of the static arp entry, click apply to implement the new entry. To completely clear the static arp settings, click the delete all butto...
Page 37: Ip Interface
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 35 state to find or delete specific entries use the pull down menu to select all, address, static, or dynamic. All – select to view all configured neighbor devices which are ipv6 neighbors of the ip interface previously created. Ad...
Page 38
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 36 note: the switch's factory default ip address is 10.90.90.90 with a subnet mask of 255.0.0.0 and a default gateway of 0.0.0.0. To use the bootp or dhcp protocols to assign the switch an ip address, subnet mask, and default gatew...
Page 39: Interface Settings
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 37 setting the switch’s ip address using the console interface each switch must be assigned its own ip address, which is used for communication with an snmp network manager or other tcp/ip application (for example bootp, tftp). The...
Page 40
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 38 figure 3- 6 ipv4 interface settings (ipv4 edit) window to manually assign the switch's ip address, subnet mask, and default gateway address: 1. Click static at the top of the window. 2. Enter the appropriate ipv4 address and sub...
Page 41
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 39 255.255.255.0 for a class c network, but custom subnet masks are allowed. Vlan name this allows the entry of a vlan name from which a management station will be allowed to manage the switch using tcp/ip (in-band via web manager ...
Page 42: Management Settings
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 40 local address addressing information is available. Management settings to view this window, click management > manangement settings, as shown below: figure 3- 8 management settings window cli paging settings clipaging status can...
Page 43: Session Table
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 41 out of band management settings this window is used to configure the rj-45 out-of-band (oob) management port on the switch. The oob port is physically isolated from the data channels of the switch. This port allows administrator...
Page 44: Single Ip Management
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 42 single ip management simply put, d-link single ip management is a concept that will stack switches together over ethernet instead of using stacking ports or modules. There are some advantages in implementing the "single ip manag...
Page 45: The Upgrade To V1.6
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 43 when a cs becomes a ms, it automatically becomes a member of the first snmp community (including read/write and read only) to which the cs belongs. However, if a ms has its own ip address, it can belong to snmp communities to wh...
Page 46: Topology
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 44 figure 3- 12 single ip settings window (enabled) the following parameters can be set: parameters description sim state use the pull-down menu to either enable or disable the sim state on the switch. Disabled will render all sim ...
Page 47
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 45 figure 3- 13 single ip management window – tree view the tree view window holds the following information under the data tab: parameter description device name this field will display thedevice nameof the switches in the sim gro...
Page 48
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 46 figure 3- 14 topology view this window will display how the devices within the single ip management group are connected to other groups and devices. Possible icons in this screen are as follows: icon description group layer 2 co...
Page 49: Tool Tips
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 47 unknown device non-sim devices tool tips in the topology view window, the mouse plays an important role in configuration and in viewing device information. Setting the mouse cursor over a specific device in the topology window (...
Page 50: Group Icon
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 48 group icon figure 3- 17 right-clicking a group icon figure 3- 18 property window this window holds the following information: parameter description device name this field will display the device name of the switches in the sim g...
Page 51: Commander Switch Icon
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 49 commander switch icon figure 3- 19 right-clicking a commander icon the following options may appear for the user to configure: collapse – to collapse the group that will be represented by a single icon. Expand – to expand the si...
Page 52: Menu Bar
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 50 figure 3- 22 input password window property – to pop up a window to display the device information, as shown below. Menu bar the single ip management window contains a menu bar for device configurations, as seen below. Figure 3-...
Page 53: Snmp Settings
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 51 figure 3- 25 about window snmp settings simple network management protocol (snmp) is an osi layer 7 (application layer) designed specifically for managing and monitoring network devices. Snmp enables network management stations ...
Page 54: Mibs
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 52 generates traps and sends them to the trap recipient (or network manager). Typical traps include trap messages for authentication failure, topology change and broadcast\multicast storm. Mibs the switch in the management informat...
Page 55: Snmp View Table Settings
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 53 figure 3- 28 snmp linkchange traps settings window to enable or disable the linkchange traps state, use the pull-down menu and then click apply. Snmp view table settings this window is used to assign views to community strings t...
Page 56: Snmp Group Table Settings
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 54 snmp community table settings use this table to view existing snmp community table configurations and to create a snmp community string to define the relationship between the snmp manager and an agent. The community string acts ...
Page 57: Snmp Engine Id Settings
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 55 figure 3- 31 snmp group table settings window to delete an existing snmp group table entry, click the corresponding delete button. The following parameters can be set: parameter description group name type an alphanumeric string...
Page 58: Snmp User Table Settings
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 56 figure 3- 32 snmp engine id settings window to change the engine id, enter the new engine id in the space provided and click the apply button. Snmp user table settings this windowdisplays all of the snmp user's currently configu...
Page 59: Snmp Host Table Settings
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 57 to implement changes made, click apply. To delete an existing snmp user table entry, click the corresponding delete button. Snmp host table settings this window is used to set up snmp trap recipients. To view this window, click ...
Page 60: Rmon Settings
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 58 the following parameters can be configured: parameter description host ipv6 address enter the ipv6 host ip address to which the trap packet will be sent. User-based security model used the drop-down menu to select the user-based...
Page 61: Telnet Settings
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 59 telnet settings telnet configuration is enabled by default. If you do not want to allow configuration of the system through telnet choose disabled. The tcp ports are numbered between 1 and 65535. The "well-known" tcp port for th...
Page 62: Section 4
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 60 section 4 l2 features vlan qinq layer 2 protocol tunneling settings spanning tree link aggregation fdb l2 multicast control erps settings local loopback port settings lldp the following section will aid the user in configuring l...
Page 63: Notes About Vlans
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 61 appears as a single lan. Vlans also logically segment the network into different broadcast domains so that packets are forwarded only between ports within the vlan. Typically, a vlan corresponds to a particular subnet, although ...
Page 64: 802.1Q Vlan Tags
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 62 figure 4- 1 ieee .Q packet forwarding 802.1q vlan tags the figure below shows the 802.1q vlan tag. There are four additional octets inserted after the source mac address. Their presence is indicated by a value of 0x8100 in the e...
Page 65
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 63 figure 4- 2 ieee .Q tag the ethertype and vlan id are inserted after the mac source address, but before the original ethertype/length or logical link control. Because the packet is now a bit longer than it was originally, the cy...
Page 66: Port Vlan Id
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 64 port vlan id packets that are tagged (are carrying the 802.1q vid information) can be transmitted from one 802.1q compliant network device to another with the vlan information intact. This allows 802.1q vlans to span network dev...
Page 67: Default Vlan
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 65 same vid) as the ingress port. If it does not, the packet is dropped. If it has the same vid, the packet is forwarded and the destination port transmits it on its attached network segment. This process is referred to as ingress ...
Page 68: Vlan and Trunk Groups
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 66 vlan and trunk groups the members of a trunk group have the same vlan setting. Any vlan setting on the members of a trunk group will apply to the other member ports. Note: in order to use vlan segmentation in conjunction with po...
Page 69
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 67 in this example, the service provider access network switch (provider edge switch) is the device creating and configuring double vlans with different spvids for specific customers (say customer a and customer b). Both cevlans (c...
Page 70: 802.1Q Vlan Settings
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 68 802.1q vlan settings this window lists all previously configured vlans by vlan id and vlan name. To view this window, click l2 features > vlan > 802.1q vlan settings as shown below: figure 4- 5 802.1q vlan settings window to cre...
Page 71
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 69 figure 4- 6 802.1q vlan settings window – add/edit vlan tab to return to the 802.1q vlan settings window, click the vlan list tab at the top of the window. To change an existing 802.1q vlan entry, click the corresponding edit bu...
Page 72
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 70 figure 4- 7 802.1q vlan settings window – edit tab the following fields can then be set in either the add/edit vlan or edit802.1q vlan windows: parameter description vid allows the entry of a vlan id, or displays the vlan id of ...
Page 73
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 71 figure 4- 8 802.1q vlan settings window – find vlan tab to create a vlan batch entry click the vlan batch settings tab at the top of the window. The following window will open: figure 4- 9 802.1q vlan settings window – vlan batc...
Page 74: 802.1V Protocol Vlan
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 72 forbidden select this to specify the port as not being a member of the vlan and that the port is forbidden from becoming a member of the vlan dynamically. Click apply to implement changes made. 802.1v protocol vlan the 802.1v pr...
Page 75: Gvrp
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 73 figure 4- 11 802.1v protocol vlan settings window the following fields can be set: parameter description group id click the corresponding radio button to select a previously configured group id from the drop- down menu. Group na...
Page 76: Gvrp Global Settings
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 74 gvrp global settings the gvrp allows interoperability with other switches, so the values of the gvrp timers can be configured. This table is used to set the gvrp global settings. To view this window, click l2 features > vlan > g...
Page 77: Mac-Based Vlan Settings
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 75 figure 4- 13 gvrp port settings window the following fields can be set: parameter description from port /to port these two fields allow you to specify the range of ports that will be included in the port-based vlan that you are ...
Page 78: Pvid Auto Assign Settings
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 76 figure 4- 14 mac-based vlan settings menu the following fields can be set parameter description mac address specify the mac address to be reauthenticated by entering it into the mac addressfield. Vlan name enter the vlan name of...
Page 79: Vlan Precedence Settings
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 77 figure 4- 16 subnet vlan settings window the following parameters can be configured: parameter description vlan name the vlan name to be associated with the subnet. Vid the vlan id to be associated with the subnet. Ipv4 network ...
Page 80: Vlan Counter Settings
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 78 figure 4- 17 vlan precedence settings window the following parameters can be configured: parameter description from port/to port specify the port or range of ports you wish to configure. Vlan precedence use the drop-down menu to...
Page 81: Voice Vlan
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 79 vid list click the radio button to identify the vlan by its vlan id. Enter the vid or vid list you wish to configure. Vlan name click the radio button to identify the vlans by their vlan name. Ports (e.G.:1-5) enter a list of po...
Page 82: Voice Vlan Port Settings
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 80 the voice vlan after expiration of the voice vlan aging timer. If voice traffic resumes during the aging time, the aging timer will be reset and stop. The range is 1 to 65535 minutes. The default value is 720 minutes. Log state ...
Page 83: Voice Vlan Device
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 81 figure 4- 21 voice vlan oui settings window the fields that can be configured are described below: parameter description oui address enter the user-defined oui mac address. Mask enter the user-defined oui mac address mask. Descr...
Page 84: Show Vlan Ports
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 82 figure 4- 23 browse vlan window show vlan ports this window displays the relationship between switch’s ports and vlans. Select a port from the drop-down menu and click the find button. The given port’s vlan information will be s...
Page 85: Vlan Translation Settings
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 83 tables which may exceed the vlan mapping limit. Q-in-q uses a single service provider vlan (spvlan) for customers who have multiple vlans. Customer’s vlan ids are segregated within the service provider’s network even when they u...
Page 86
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 84 figure 4- 26 vlan translation settings window the following fields can be set: parameter description from port/to port a consecutive group of ports that are part of the vlan configuration starting with the selected port. Cvid (1...
Page 87: Spanning Tree
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 85 layer 2 protocol tunneling setttings this window allows users to configure layer 2 protocol tunneling on the switch. To view this window, click l2 features > vlan > layer 2 protocol tunneling settings, as shown below. Figure 4- ...
Page 88
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 86 1. A configuration name defined by an alphanumeric string of up to 32 characters (defined in the mst configuration identification window in the configuration namefield). 2. A configuration revision number (named here as a revisi...
Page 89: Stp Bridge Global Settings
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 87 edge port the edge port is a configurable designation used for a port that is directly connected to a segment where a loop cannot be created. An example would be a port connected directly to a single workstation. Ports that are ...
Page 90
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 88 stp version use the pull-down menu to choose the desired version of stp to be implemented on the switch. There are three choices: stp – select this parameter to set the spanning tree protocol (stp) globally on the switch. Rstp –...
Page 91: Stp Port Settings
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 89 stp port settings this window is used to configure the stp port settings on the switch. Stp can be set up on a port per port basis. To view this window, click l2 features > spanning tree > stp port settings,as shown below: figur...
Page 92
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 90 migrate setting this parameter as yes will set the ports to send out bpdu packets to other bridges, requesting information on their stp setting if the switch is configured for rstp, the port will be capable to migrate from 802.1...
Page 93
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 91 mst configuration identification the following windows in the mst configuration identification section allow the user to configure a msti instance on the switch. These settings will uniquely identify a multiple spanning tree ins...
Page 94: Stp Instance Settings
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 92 stp instance settings this table is used to create stp instance settings on the switch. An stp instance may have multiple members with the same mstp configuration. There is no limit to the number of stp regions in a network but ...
Page 95: Mstp Port Information
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 93 mstp port information this window displays the current mstp port information and can be used to update the port configuration for an msti id. If a loop occurs, the mstp function will use the port priority to select an interface ...
Page 96: Link Aggregation
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 94 link aggregation the link aggregation section includes port trunking settings and lacp port settings. Port trunking settings port trunk groups are used to combine a number of ports together to make a single high-bandwidth data p...
Page 97
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 95 link aggregation is most commonly used to link a bandwidth intensive network device or devices, such as a server, to the backbone of a network. The switch allows the creation of up to six link aggregation groups, each group cons...
Page 98: Lacp Port Settings
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 96 lacp port settings this window is used to create port trunking groups on the switch. Using the following window, the user may set which ports will be active and passive in processing and sending lacp control frames. To view this...
Page 99: Fdb
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 97 fdb the fdb section includes static fdb settings, mac notification settings, mac address aging time settings, mac address table, and arp & fdb table. Static fdb settings the static fdb settings section includes unicast static fd...
Page 100
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 98 multicast static fdb settings users can set up multicast forwarding on the switch. To view this window, click l2 features > fdb > static fdb settings > multicast static fdb settings,as shown below: figure 4- 38 multicast static ...
Page 101: Mac Notification Settings
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 99 mac notification settings mac notification is used to monitor mac addresses learned and entered into the forwarding database. This window allows you to globally set mac notification on the switch. Users can set mac notification ...
Page 102
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 100 mac address aging time settings users can configure the mac address aging time on the switch. To view this window, click l2 features > fdb > mac address aging time settings,as shown below: figure 4- 40 mac address aging time se...
Page 103: Mac Address Table
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 101 mac address table this allows the switch's dynamic and static mac address forwarding table to be viewed. When the switch learns an association between a mac address and a port number, or static mac address, it makes an entry in...
Page 104: Arp And Fdb Table
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 102 arp and fdb table this window is used to display current arp or fdb table entries on the switch. To search a specific arp entry, enter an interface name or an ip address at the top of the window and click find by port or find b...
Page 105: L2 Multicast Control
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 103 l2 multicast control the l2 multicast control section includes igmp snooping, mld snooping, and multicast vlan. Igmp snooping internet group management protocol (igmp) snooping allows the switch to recognize igmp queries and re...
Page 106
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 104 vlan name this is the vlan name that, along with the vlan id, identifies the vlan for which the user wishes to modify the igmp snooping settings. Rate limit displays the rate limitation. Querier ip the querier ip address to sen...
Page 107
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 105 figure 4- 45 igmp snooping router port settings window igmp snooping rate limit settings this table allows the user to configure the rate of igmp snooping control packets that are allowed per port or vlan. To view this window, ...
Page 108: Igmp Router Port
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 106 igmp snooping static group settings this table is used to configure the current igmp snooping static group information on the switch. To view this window, click l2 features > l2 multicast control > igmp snooping > igmp snooping...
Page 109: Igmp Snooping Group
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 107 igmp snooping group users can view the switch’s igmp snooping group table. Igmp snooping allows the switch to read the multicast group ip address and the corresponding mac address from igmp packets that pass through the switch....
Page 110: Igmp Snooping Counter
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 108 igmp snooping forwarding table this window allows users to configure the igmp snooping forwarding table. To view this window, click l2 features > l2 multicast control > igmp snooping > igmp snooping forwarding table, as shown b...
Page 111: Igmp Host Table
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 109 igmp host table this window allows users to configure the igmp host table. To view this window, click l2 features > l2 multicast control > igmp snooping > igmp host table, as shown below: figure 4- 52 igmp host table window the...
Page 112: Mld Snooping
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 110 mld snooping multicast listener discovery (mld) snooping is an ipv6 function used similarly to igmp snooping in ipv4. It is used to discover ports on a vlan that are requesting multicast data. Instead of flooding all ports on a...
Page 113
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 111 figure 4- 54 mld snooping parameters settings window the following parameters may be viewed or modified: parameter description vlan id this is the vlan id that, along with the vlan name, identifies the vlan for which to modify ...
Page 114
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 112 querier, which will not send out multicast listener query messages. Click apply to implement any changes made and to return to the mld snooping settings window. To modify the router port settings, click the hyperlinked modify r...
Page 115
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 113 figure 4- 57 mld snooping rate limit settings (edit) window enter the new rate limit and click apply. Mld snooping static group settings this window is used to configure the mld snooping static group information on the switch: ...
Page 116: Mld Router Port
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 114 mld router port users can display which of the switch’s ports are currently configured as router ports in ipv6. A router port configured by a user (using the console or web-based management interfaces) is displayed as a static ...
Page 117: Mld Snooping Counter
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 115 group the multicast group. Member port the port members of this group. Mode the mode in current use. Mld snooping forwarding table this window allows users to configure the igmp snooping forwarding table. To view this window, c...
Page 118: Mld Host Table
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 116 port list the port list of the multicast group. Click apply to implement changes made. Mld host table this window allows users to display the current host of the vlan, port or group on the switch. The hosts only take effect whe...
Page 119
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 117 figure 4- 65 multicast group profile multicast address settings window enter the multicast address list and click add the new information will be displayed in the table. Click to return to the igmp multicast group profile setti...
Page 120
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 118 figure 4- 67 igmp snooping multicast vlan settings (edit) window the following fields can be set: parameter description state toggle the state between disabled and enabled. Replace source ip enter the ip address to replace the ...
Page 121
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 119 figure 4- 69 multicast group profile multicast address settings window enter the multicast address list and click add the new information will be displayed in the table. Click to return to the mld multicast group profile settin...
Page 122: Multicast Filtering
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 120 figure 4- 71 mld snooping multicast vlan settings (edit) window the following fields can be set: parameter description state toggle the state between disabled and enabled. Replace source ip enter the ip address to replace the s...
Page 123
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 121 figure 4- 72 ipv4 multicast profile settings window the following fields can be set parameter description profile id (1-60) enter a profile id between 1 and 60. Profile name enter a name for the ipv4 multicast profile. To delet...
Page 124: Ipv6 Multicast Filtering
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 122 figure 4- 75 ipv4 limited multicast range settings window to add a new range enter the information and click add, to delete an entry enter the information and click delete. Ipv4 max multicast group settings this windowallows us...
Page 125
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 123 figure 4- 77 ipv6 multicast profile settings window the following fields can be set: parameter description profile id (1-60) use the drop-down menu to choose a profile id. Profile name enter a name for the ipv6 multicast profil...
Page 126
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 124 figure 4- 80 ipv6 limited multicast range settings window to add a new range enter the information and click add, to delete an entry enter the information and click delete. Ipv6 max multicast group settings this windowallows us...
Page 127: Multicast Filtering Mode
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 125 multicast filtering mode this window is used to configure the multicast filtering settings on the switch. It allows users to configure the switch to forward or filter the unregistered groups per vlan. Use the find function to d...
Page 128: Erps Settings
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 126 erps settings ethernet ring protection switching (erps), is the first industry standard (itu-t g.8032) for ethernet ring protection switching. It is achieved by integrating mature ethernet operations, administration, and mainte...
Page 129
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 127 note: stp and lbd should be disabled on the ring ports before enabling erps. Erps cannot be enabled before the r-aps vlan is created, and ring ports, rpl port, and rpl owner are configured. Note that these parameters cannot be ...
Page 130
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 128 figure 4- 84 erps settings (edit) window the following parameters may be configured after the edit button has been clicked on the window above: parameter description ring status tick the check box and toggle between enabled and...
Page 131: Erps Sub-Ring Settings
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 129 is to prevent the possibility a loop forming in the event that two or more r-aps signal fail messages are sent simultaneously from different ends of the ring. Wtr time (5-12) tick the check box and enter the wait-to-restore (wt...
Page 132: Lldp
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 130 local loopback ports settings the local loopback ports settings are used to start or stop the internal loopback test on selected ports, or to set or recover external loopback mode. When internal loopback is enabled, the device ...
Page 133: Lldp Global Settings
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 131 lldp global settings this window is used to configure the lldp global settings on the switch. When lldp is enabled the switch can start to transmit, receive and process lldp packets. The specific function of each port will depe...
Page 134: Lldp Port Settings
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 132 lldp port settings this window is used to display the lldp port settings on the switch. The ports can be individually configured to send notifications to configured snmp trap receivers. To view this window, click l2 features > ...
Page 135: Lldp Basic Tlvs Settings
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 133 lldp management address list this window is used to find the lldp management address information on the switch. To view this window, click l2 features > lldp > lldp > lldp management address list,as shown below: figure 4- 89 ll...
Page 136: Lldp Dot1 Tlvs Settings
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 134 from port /to port use the pull-down menu to select a range of ports to be configured. Port description use the drop-down menu to enable or disable port description. System name use the drop-down menu to enable or disable syste...
Page 137: Lldp Dot3 Tlvs Settings
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 135 dot1 tlv protocol identity use the drop-down menu to enable or disable the advertised protocol identity. This tlv optional data type indicates whether the corresponding local system’s protocol identity instance will be transmit...
Page 138: Lldp Statistics System
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 136 lldp statistics system this window allows an overview of neighbor detection activity, lldp statistics and the settings for individual port on the switch. Use the drop-down menu to check a specific port and click find the inform...
Page 139
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 137 figure 4- 95 lldp local port information (show normal) window use the drop-down menu to select a port and then click find. The information will be displayed on the lower half of the window. To return to the previous window, cli...
Page 140
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 138 protocol identity entries count figure 4- 99 lldp local port information (protocol identity entries count detail) display to return to the lldp local port information window click the button. Mac/phy configuration/status figure...
Page 141: Lldp-Med
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 139 lldp remote port information this window displays port information learned from the neighbor. The switch receives packets from a remote station and is able to store the information as local. To view this window, click l2 featur...
Page 142: Lldp-Mep Port Settings
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 140 lldp-mep port settings on this window the user can enable or disable transmit lldp-med tlvs. Setting non-supported capability shall have no functional effect and will result in an inconsistent value error returned to the manage...
Page 143
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 141 lldp-med local port information on this window the lldp-med local port information will be displayed per port. To view this window, click l2 features > lldp > lldp-med > lldp-med local port information,as shown below: figure 4-...
Page 144: Section 5
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 142 section 5 l3 features ipv4 static/default route settings ipv4 route table ipv6 static/default route settings ipv6 route table ip forwarding table ipv4 static/default route settings the switch supports static routing for ipv4 an...
Page 145
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 143 click apply to implement changes made..
Page 146: Ipv4 Route Table
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 144 ipv4 route table on this window the user can view the static ipv4 entries configured. To view this window, click l3 features > ipv4 route table,as shown below: figure 5- 2 ipv4 route table window ipv6 static/default route setti...
Page 147: Ipv6 Route Table
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 145 ipv6 route table on this window the user can view the static ipv6 entries configured. To view this window, click l3 features > ipv6 route table,as shown below: figure 5- 4 ipv6 route table window ip forwarding table on this win...
Page 148
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 146.
Page 149: Section 6
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 147 section 6 qos 802.1p settings bandwidth control traffic control settings dscp hol blocking prevention scheduling settings management packet priority settings sred the dgs-3700 series supports 802.1p priority queuing quality of ...
Page 150
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 148 figure 6- 1 mapping qos on the switch the picture above shows the default priority setting for the switch. Class-7 has the highest priority of the eight priority queues on the switch. In order to implement qos, the user is requ...
Page 151: Understanding Qos
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 149 understanding qos the switch has eight priority queues. These priority queues are labeled from 0-7, with 7 being the highest priority queue and 0 the lowest priority queue. The eight priority tags, specified in ieee 802.1p are ...
Page 152: 802.1P Settings
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 150 802.1p settings the 802.1p settings section includes 802.1p default priority settings, 802.1p user priority settings, and 802.1p map settings. 802.1p default priority settings the switch allows the assignment of a default 802.1...
Page 153
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 151 802.1p user priority settings this window is used to map the 802.1p user priority of an incoming packet to one of the eight hardware queues available on the switch. To view this window, click qos > 802.1p settings > 802.1p user...
Page 154: 802.1P Map Settings
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 152 802.1p map settings this window is used to enable 802.1p map settings. To view this window, click qos > 802.1p settings > 802.1p map settings,as shown below: figure 6- 4 802.1p map settings window the following parameters may b...
Page 155: Bandwidth Control
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 153 bandwidth control the bandwidth control section includes bandwidth control settings and queue bandwidth control settings. Bandwidth control settings the bandwidth control settings are used to place a ceiling on the transmitting...
Page 156
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 154 queue bandwidth control settings the queue bandwidth control settings are used to set a limit, either highest or lowest, on the transmitting data rates for the priority queue of the port. To view this window, click qos > bandwi...
Page 157: Traffic Control Settings
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 155 traffic control settings on a computer network, packets such as multicast packets and broadcast packets continually flood the network as normal procedure. At times, this traffic may increase due to a malicious end station on th...
Page 158
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 156 action select the method of traffic control from the pull-down menu. The choices are: drop – utilizes the hardware traffic control mechanism, which means the switch’s hardware will determine the packet storm based on the thresh...
Page 159: Dscp
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 157 note: traffic control cannot be implemented on ports that are set for link aggregation (port trunking). Note: ports that are in the shutdown forever mode will be seen as discarding in spanning tree windows and implementations t...
Page 160: Dscp Map Settings
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 158 dscp map settings this window is used to enable dscp map settings. To view this window, click qos > dscp > dscp map settings,as shown below: figure 6- 9 dscp map settings window the following parameters may be set: parameter de...
Page 161: Scheduling Settings
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 159 scheduling settings the scheduling settings section includes qos scheduling settings and qos scheduling mechanism. Qos scheduling settings this window allows the user to configure the way the switch will set the specified class...
Page 162: Qos Scheduling Mechanism
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 160 qos scheduling mechanism changing the output scheduling used for the hardware queues in the switch can customize qos. As with any changes to qos implementation, careful consideration should be given to how network traffic in lo...
Page 163: Sred
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 161 parameter description management packet priority use the drop-down menu to set the management packet priority between 7 (default) and 0. Click apply to implement change made. Sred simple random early detection (sred) is a simpl...
Page 164: Sred Drop Counter
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 162 parameters configured here for all cos queues. Drop green enabled: probabilistic drop yellow and red colored packets if the queue depth is above the lower threshold, and probabilistic drop green colored packets if the queue dep...
Page 165: Section 7
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 163 section 7 acl acl configuration wizard access profile list cpu access profile list acl finder acl flow meter access profiles allow you to establish criteria to determine whether or not the switch will forward packets based on t...
Page 166: Access Profile List
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 164 access id (1-128) type in a unique identifier number for this access. This value can be set from 1 to 128. From use the drop-down menu to select from mac address, ipv4 address, ipv6 address, or any. To use the drop-down menu to...
Page 167
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 165 figure 7- 3 add acl profile window if creating an ethernet acl, enter the profile id and profile name and click select. The following window will appear: figure 7- 4 add acl profile window (ethernet).
Page 168
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 166 click on the boxes at the top of the table, which will then turn red and reveal parameters for configuration. To create a new entry, enter the correct information and then click create. To return to the access profile list wind...
Page 169
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 167 figure 7- 6 access profile detail information window (ethernet) to return to the access profile list window, click show all profiles. To add a rule to a previously configured entry, click on the corresponding add/view rules on ...
Page 170
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 168 802.1p (0-7) enter a value from 0 to 7 to specify that the access profile will apply only to packets with this 802.1p priority value. Action select permit to specify that the packets that match the access profile are forwarded ...
Page 171
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 169 figure 7- 10 access rule detail information (ethernet) to create an ipv4 acl,select ipv4, enter the profile id and profile name into the top half of the screen in the add acl profile window, and click select. The following wind...
Page 172
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 170 destination ip mask enter an ip address mask for the destination ip address. Icmp type icmp – specifies that the switch will examine the internet control message protocol (icmp) field within each packet. Type – specifies that t...
Page 173
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 171 figure 7- 12 access profile list window (ipv4) to view the configurations for previously configured entry, click on the corresponding show details button, which will display the following window: figure 7- 13 access profile det...
Page 174
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 172 switch, according to any additional rule added (see below). Select deny to specify the packets that match the access profile to be filtered. Select mirror to specify that packets that match the access profile are mirrored to a ...
Page 175
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 173 figure 7- 16 access rule detail information window (ipv4) to configure the ipv6 acl,select ipv6 in the add acl profile window, enter the profile id and profile name into the top half of the screen and then click select. The fol...
Page 176
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 174 the user can enter a specific udp source port mask or udp destination port mask. Ipv6 address ipv6 source address – enter an ipv6 address to be used as the source address mask. Ipv6 destination address – enter an ipv6 address t...
Page 177
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 175 figure 7- 20 add access rule window (ipv6) the following parameters may be configured for the ipv6 filter. Parameter description access id (1-128) enter a unique identifier number for this access. This value can be set from 1 t...
Page 178
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 176 class field is a part of the packet header that is similar to the type of service (tos) or precedence bits field in ipv4. Time range name tick the check box and enter the name of the time range settings that has been previously...
Page 179
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 177 figure 7- 23 add acl profile window (packet content) click on the boxes at the top of the table, which will then turn red and reveal parameters for configuration. To create a new entry, enter the correct information and click c...
Page 180
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 178 able to inspect any specified content of a packet in different protocol layers. Click apply to implement changes made. Click create to view the new access profile list entry in the access profile list window shown below. To add...
Page 181
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 179 figure 7- 26 add access rule window (packet content) the following parameters may be configured for the packet content filter. Parameter description access id (1-128) type in a unique identifier number for this access. This val...
Page 182: Cpu Access Profile List
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 180 ports specifies that the access rule will take effect on one port or a range of ports. Vlan name specifies the access rule will take effect on the vlan name specified. Vlan id specifies the access rule will take effect on the v...
Page 183
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 181 figure 7- 29 cpu access profile list window this window displays the cpu access profile list entries created on the switch. To view the configurations for an entry, click the corresponding show details button. To add an entry t...
Page 184
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 182 destination mac mask enter a mac address mask for the destination mac address. 802.1q vlan selecting this option instructs the switch to examine the vlan identifier of each packet header and use this as the full or partial crit...
Page 185
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 183 profile. Select ethernet to instruct the switch to examine the layer 2 part of each packet header. Select ipv4 to instruct the switch to examine the ipv4 address in each frame's header. Select ipv6 to instruct the switch to exa...
Page 186
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 184 figure 7- 33 cpu access profile detail information window (ipv4) the window shown below is the add cpu acl profilewindow for ipv6. Figure 7- 34 add cpu acl profile window (ipv6) the following parameters may be configured for th...
Page 187
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 185 ipv6 address ipv6 source address – enter an ipv6 address to be used as the source address mask. Ipv6 destination address – enter an ipv6 address that will be used as the destination address mask. Note: at any one time the user ...
Page 188
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 186 type mask. This will change the window according to the requirements for the type of profile. Select ethernet to instruct the switch to examine the layer 2 part of each packet header. Select ipv4 to instruct the switch to exami...
Page 189
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 187 figure 7- 39 add cpu access rule window (ethernet) to set the access rule for ethernet, adjust the following parameters and click apply. Parameter description access id (1-100) type in a unique identifier number for this access...
Page 190
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 188 to configure the access rules for ip, open the cpu access profile list window and click add/view rules for an ip entry. This will open the following window. Figure 7- 41 cpu access rule list window (ipv4) to remove a previously...
Page 191
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 189 figure 7- 43 cpu access rule detail information window (ipv4) to establish the rule for a previously created cpu access profile: to configure the access rules for ip, open the cpu access profile list window and click add/view r...
Page 192
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 190 switch, according to any additional rule added (see below). Select deny to specify the packets that match the access profile to be filtered. Class enter an ipv6 class. The class can be between 0 and 255. Flow label configuring ...
Page 193
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 191 figure 7- 48 add cpu access rule window (packet content) to set the access rule for packet content, adjust the following parameters and click apply. Parameter description access id (1-100) type in a unique identifier number for...
Page 194: Acl Finder
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 192 figure 7- 49 cpu access rule detail information window (packet content) acl finder this window is used to help find a previously configured acl entry. To search for an entry, enter the profile id from the drop-down menu, select...
Page 195
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 193 figure 7- 52 acl flow meter configuration window the following fields may be configured: parameter description profile id use the drop-down menu to select the pre-configured profile id that will be used to configure the flow me...
Page 196
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 194 srtcm – single rate three color marker, marks packets green, yellow or red based on a rate and two burst sizes. This is useful when only burst size matters. • cir (kbps) – specifies the committed information rate of the packet....
Page 197: Section 8
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 195 section 8 security 802.1x radius ip-mac-port binding (mpb) mac-based access control web-based access control (wac) compound authentication port security bpdu attack protection loopback detection settings traffic segmentation ne...
Page 198: 802.1X
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 196 802.1x 802.1x port-based and host-based access control the ieee 802.1x standard is a security measure for authorizing and authenticating users to gain access to various wired or wireless devices on a specified local area networ...
Page 199: Authenticator
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 197 figure 8- 3 the authentication server authenticator the authenticator (the switch) is an intermediary between the authentication server and the client. The authenticator serves two purposes when utilizing the 802.1x function. T...
Page 200: Client
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 198 client the client is simply the end station that wishes to gain access to the lan or switch services. All end stations must be running software that is compliant with the 802.1x protocol. For users running windows xp or windows...
Page 201
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 199 understanding 802.1x port-based and host-based network access control the original intent behind the development of 802.1x was to leverage the characteristics of point-to-point in lans. As any single lan segment in such infrast...
Page 202: 802.1X Global Settings
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 200 host-based network access control figure 8- 8 example of typical host-based configuration in order to successfully make use of 802.1x in a shared media lan segment, it would be necessary to create “logical” ports, one for each ...
Page 203: 802.1X Port Settings
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 201 this window allows you to set the following features: parameter description authentication mode the authentication mode allows the user to choose among, disabled, port based or mac based authentication mode. When choosing mac b...
Page 204: 802.1X User Settings
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 202 supptimeout (1-65535) this value determines timeout conditions in the exchanges between the authenticator and the client. The default setting is 30 seconds. Servertimeout (1-65535) this value determines timeout conditions in th...
Page 205: Guest Vlan Settings
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 203 to view this window, click security > 802.1x > 802.1x user,as shown below: figure 8- 11 802.1x user window guest vlan settings on 802.1x security enabled networks, there is a need for non 802.1x supported devices to gain limite...
Page 206: Radius
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 204 this window is used to configure the guest vlan on the switch. To view this window, click security > 802.1x > guest vlan settings,as shown below: figure 8- 13 guest vlan window the following fields may be modified to enable the...
Page 207: Radius Accounting Settings
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 205 parameter description index choose the desired radius server to configure: 1, 2 or 3. Ipv4 address/ipv6 address select either ipv4 address or ipv6 address to set the radius server ip. Authentication port (1-65535) set the radiu...
Page 208: Radius Authentication
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 206 figure 8- 15 radius accounting settings window radius authentication this table contains information concerning the activity of the radius authentication client on the client side of the radius authentication protocol. To view ...
Page 209: Radius Account Client
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 207 authentication server. Accessaccepts the number of radius access-accept packets (valid or invalid) received from this server. Accessrejects the number of radius access-reject packets (valid or invalid) received from this server...
Page 210: Ip-Mac-Port Binding (Impb)
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 208 identifier the nas-identifier of the radius account. (this is not necessarily the same as sysname in mib ii.) serverindex the identification number assigned to each radius accounting server that it shares a secret with. Servera...
Page 211: Impb Port Settings
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 209 trap/logfield will enable and disable the sending of trap log messages for ip-mac binding. When enabled, the switch will send a trap message to the snmp agent and the switch log when an arp packet is received that doesn’t match...
Page 212
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 210 figure 8- 19 impb port settings window the following fields can be set or modified: parameter description from port /to port select a port or range of ports to set for ip-mac binding. Ipv4 state use the pull-down menu to enable...
Page 213: Impb Entry Settings
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 211 when the packet is found by the entry, the mac address will be set to dynamic state. If the packet is not found by the entry, the mac address will be set to block. Other packets will be bypassed. Zero ip use the pull-down menu ...
Page 214: Mac Block List
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 212 mac block list this window is used to view unauthorized devices that have been blocked by ip-mac binding restrictions. To find an unauthorized device that has been blocked by the ip-mac binding restrictions, enter the vid and m...
Page 215: Dhcp Snooping Entry
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 213 dhcp snooping entry this window is used to configure dhcp snooping entry settings. To view this window, click security > ip-mac-port binding > dhcp snooping > dhcp snooping entry, as shown below: figure 8- 23 dhcp snooping entr...
Page 216: Nd Snoop Entry
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 214 from port/to port select the port or range of ports to configure. Maximum entry (1- 10) enter the maximum number of entries. The range is 1 to 10. Alternatively, tick the no limit check box. Click apply for implement changes. N...
Page 217
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 215 mac-based access control settings the following window is used to set the parameters for the mac-based access control function on the switch. Here the user can set the running state, method of authentication, radius password an...
Page 218
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 216 password enter the password for the radius server which is to be used for packets being sent requesting authentication. The default password is “default”. Radius authorization toggle enabled and disabled. The user can enable or...
Page 219
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 217 figure 8- 27 mac-based access control local mac settings to add a mac address to the local authentication list, enter the mac address and the target vlan name into their appropriate fields and click apply. To change a mac addre...
Page 220
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 218 web-based access control (wac) web-based authentication login is a feature designed to authenticate a user when the user is trying to access the internet via the switch. The authentication process uses the http protocol. The sw...
Page 221: Conditions And Limitations
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 219 figure 8- 29 web-based access control conditions and limitations 1. Certain functions exist on the switch that will filter http packets, such as the access profile function. The user needs to be very careful when setting filter...
Page 222: Wac Global Settings
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 220 wac global settings users can configure the switch for web authentication. To view this window, click security > web-based access control (wac) > wac global settings,as shown below: figure 8- 30 wac global settings the fields t...
Page 223: Wac Port Settings
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 221 figure 8- 31 wac user settings window to set the web-based access control for the switch, complete the following fields: parameter description user name enter the user name of up to 15 alphanumeric characters of the guest wishi...
Page 224: Wac Authentication State
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 222 from port use this drop-down menu to select the beginning port of a range of ports to be enabled as wac ports. To port use this drop-down menu to select the ending port of a range of ports to be enabled as wac ports. Aging time...
Page 225: Compound Authentication
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 223 original rx vid display the vid from which the user being authenticated originated. State display the state of wac authentication. Vid display the assigned vlan. Assigned priority display the assigned priority. Aging time/block...
Page 226: 802.1X & Impb Mode
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 224 802.1x & impb mode this mode adds an extra layer of security by checking the ip mac-binding port binding (impb) table before trying one of the supported authentication methods. The impb table is used to create a ‘white list’ th...
Page 227
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 225 802.1x+impb, impb+wac, and mac+impb. None means all compound authentication methods are disabled. Any (mac, 802.1x or wac) means if any of the authentication methods pass, then access will be granted. In this mode, mbac, 802.1x...
Page 228: Port Security
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 226 port security the port security section includes port security settings, port security vlan settings, and port security entries. Port security settings a given ports’ (or a range of ports') dynamic mac address learning can be l...
Page 229: Port Security Entries
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 227 port security vlan settings this table is used to set the maximum port-security entries that can be learned on a specific vlan. To view this window, click security > port security > port security vlan settings,as shown below: f...
Page 230
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 228 click apply to implement changes. Bpdu attack protection settings this window is used to configure the bpdu protection function for the ports on the switch. In generally, there are two states in bpdu protection function. One is...
Page 231: Loopback Detection Settings
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 229 click apply to implement changes made. Loopback detection settings the loopback detection function is used to detect the loop created by a specific port. This feature is used to temporarily shut down a port on the switch when a...
Page 232: Netbios Filtering Settings
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 230 click apply to implement changes made. Traffic segmentation settings traffic segmentation is used to limit traffic flow from a single port to a group of ports on either a single switch or a group of ports on another switch in a...
Page 233: Dhcp Server Screening
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 231 this window is used to configure the netbios filtering setting. To view this window, click security > netbios filtering settings,as shown below: figure 8- 42 netbios filtering settings window enter the ports you wish to configu...
Page 234
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 232 figure 8- 43 dhcp screening port settings window the following parameters can be set: parameter description dhcp server screening trap log state enable or disable the dhcp server screening trap and log state. The default value ...
Page 235
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 233 the user may set the following parameters: parameter description server ip address the ip address of the dhcp server. Client’s mac address the mac address of the dhcp client. Ports (e.G: 1-3, 5) choose the range of ports to use...
Page 236: Enable Admin
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 234 please note that when the user logins to the device successfully through tacacs/xtacacs/tacacs+server or none method, the “user” privilege level is the only level assigned. If the user wants to get the administration privilege ...
Page 237
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 235 application authentication settings this window is used to configure switch configuration applications (console, telnet, ssh, web) for login at the user level and at the administration level (enable admin) utilizing a previousl...
Page 238
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 236 figure 8- 48 authentication server group settings window the switch has four built-in authentication server groups that cannot be removed but can be modified. To modify a particular group, click on its corresponding edit button...
Page 239
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 237 note: the four built in server groups can only have server hosts running the same tacacs daemon. Tacacs/xtacacs/tacacs+ protocols are separate entities and are not compatible with each other. Authentication server settings this...
Page 240: Login Method Lists Settings
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 238 note: more than one authentication protocol can be run on the same physical server host but, remember that tacacs/xtacacs/tacacs+ are separate entities and are not compatible with each other login method lists settings this com...
Page 241
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 239 server_group – adding this parameter will require the user to be authenticated using a user- defined server group previously configured on the switch. Local – adding this parameter will require the user to be authenticated usin...
Page 242: Ssl Settings
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 240 password must set the local enable password. None – adding this parameter will require no authentication to access the switch. Radius – adding this parameter will require the user to be authenticated using the radius protocol f...
Page 243: Download Certificate
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 241 process between client and host as they “exchange keys” in looking for a match and therefore authentication to be accepted to negotiate encryptions on the following level. Encryption: the second part of the ciphersuite that inc...
Page 244
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 242 figure 8- 54 ssl settings window to set up the ssl function on the switch, configure the following parameters and click apply. Parameter description ssl settings ssl status enable or disable the ssl status on the switch. The de...
Page 245: Ssh
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 243 note: enabling the ssl command will disable the web-based switch management. To log on to the switch again, the header of the url must begin with https://. Entering anything else into the address field of the web browser will r...
Page 246
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 244 timeout (120-600) seconds. The default setting is 120 seconds. Authfail attempts (2-20) allows the administrator to set the maximum number of attempts that a user may try to log on to the ssh server utilizing the ssh authentica...
Page 247
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 245 aes128-cbc tick the check box to enable the advanced encryption standard aes128 encryption algorithm with cipher block chaining. The default is enabled. Aes192-cbc tick the check box to enable the advanced encryption standard a...
Page 248: Trusted Host Settings
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 246 user name enter a user name of no more than 15 characters to identify the ssh user. This user name must be a previously configured user account on the switch. Auth. Mode the administrator may choose one of the following to set ...
Page 249: Safeguard Engine Settings
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 247 figure 8- 59 trusted host window to delete an entry click the corresponding delete button. Safeguard engine settings periodically, malicious hosts on the network will attack the switch by utilizing packet flooding (arp storm) o...
Page 250
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 248 figure 8- 60 mapping qos on the switch for every consecutive checking interval that reveals a packet flooding issue, the switch will double the time it will accept a few ingress arp and ip broadcast packets. In the example abov...
Page 251
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 249 to configure the switch’s safeguard engine, change the state to enabledwhen the safeguard engine is enabled a green light will show on the gray bar at the top of this window, next to safeguard. To set the safeguard engine for t...
Page 252: Section 9
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 250 section 9 network application dhcp relay dhcp server dhcpv6 dns sntp dhcp the dhcp section includes dhcp relay, dhcp server, dhcp local relay settings, and dhcpv6 relay. Dhcp relay the dhcp relay section inlcudes dhcp relay glo...
Page 253
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 251 (0-65535) of the dhcp packet. If a non-zero value is entered, the switch will use that value, along with the hop count to determine whether to forward a given dhcp packet. Dhcp relay option 82 state this field can be toggled be...
Page 254
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 252 note: if the switch receives a packet that contains the option-82 field from a dhcp client and the information-checking feature is enabled, the switch drops the packet because it is invalid. However, in some instances, you migh...
Page 255
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 253 dhcp relay interface settings this window allows the user to set up a server, by ip address, for relaying dhcp information to the switch. The user may enter a previously configured ip interface on the switch that will be connec...
Page 256
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 254 dhcp relay option 60 settings this window is used to configure option 60 relay rules on the switch. Different strings can be specified for the same relay server, and the same string can be specified with multiple relay servers....
Page 257: Dhcp Server
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 255 the following parameters may be configured: parameter description dhcp relay option 61 default select the dhcp relay option 61 default action. Drop – specify to drop the packet. Relay – specify to relay the packet to an ip addr...
Page 258
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 256 server will discard the current ip address and try another ip address. Ping timeout choose the amount of time the dhcp server must waits before timing out a ping packet. The default value is 100..
Page 259: Dhcp Server Pool Settings
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 257 dhcp server exclude address settings the dhcp server assumes that all ip addresses in a dhcp pool subnet are available for assigning to dhcp clients. You must use this page to specify the ip address that the dhcp server should ...
Page 260
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 258 figure 9- 10 dhcp server pool settings (edit) window the fields that can be configured are described below: parameter description ip address enter the ip address. Netmask enter the netmask. Netbios node type netbios node type f...
Page 261
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 259 dhcp server manual binding an address binding is a mapping between the ip address and mac address of a client. The ip address of a client can be assigned manually by an administrator or assigned automatically from a pool by a d...
Page 262: Dhcp Conflict Ip
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 260 dhcp conflict ip the dhcp server will use ping packet to determine whether an ip address is conflict with other host before binding this ip. The ip address which has been identified conflict will be moved to the conflict ip dat...
Page 263: Dhcpv6 Relay Settings
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 261 parameter description dhcpv6 relay state enable dhcpv6 relay or disable dhcpv6 relay globally on the switch. Click apply to change the dhcpv6 relay status. Dhcpv6 relay hop count (1-32) set the number of hops allowed for dhcpv6...
Page 264: Dns
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 262 dns dns relay computer users usually prefer to use text names for computers for which they may want to open a connection. Computers themselves, require 32 bit ip addresses. Somewhere, a database of network devices’ text names a...
Page 265: Dns Relay Static Settings
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 263 parameter description dns relay state enable or disable the dns relay state. Primary name server enter the primary dns server ip address. Secondary name server enter the secondary dns server ip address. Dns relay cache state en...
Page 266
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 264 figure 9- 19 sntp settings window the fields that can be configured are described below: parameter description sntp state use this radio button to enable or disable sntp. Current time displays the current time. Time source disp...
Page 267: Time Zone Settings
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 265 time zone settings users can configure time zones and daylight savings time settings for sntp. To view this window, click network application > sntp > time zone settings,as shown below: figure 9- 20 time zone settings window th...
Page 268
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 266 to: which week of the month enter the week of the month the dst will end. To: day of week enter the day of the week that dst will end. To: month enter the month that dst will end. To: time in hh:mm enter the time dst will end. ...
Page 269: Section 10
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 267 section 10 oam cfm ethernet oam duld settings cable diagnostics cfm connectivity fault management (cfm) is defined by ieee 802.1ag, which is a standard for detecting, isolating and reporting connectivity faults in a network. Cf...
Page 270
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 268 maintenance point a maintenance point in cfm is a point of demarcation on a port within a maintenance domain. Maintenance points filter cfm frames within the boundries of an md by dropping frames that do not belong to the corre...
Page 271: Cfm Settings
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 269 cfm settings this window is used to configure connectivity fault management (cfm) settings. To view this window, click oam > cfm > cfm settings,as shown below: figure 10- 1 cfm settings window the fields that can be configured ...
Page 272
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 270 figure 10- 2 cfm ma settings (add) window the fields that can be configured are described below: parameter description ma enter the maintenance association name. Vid the vlan identifier. Each different ma must be associated wit...
Page 273
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 271 figure 10- 3 cfm mip table window to add a mep, click on the add mep button next to a configured ma at the bottom of the cfm settings window. The following window opens: figure 10- 4 cfm mep settings window click view detail th...
Page 274
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 272 figure 10- 5 cfm mep information window to re-configure the mep entry, click on the edit button. Figure 10- 6 cfm mep information (edit) window the fields that can be configured are described below: parameter description ccm st...
Page 275
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 273 xcon ccm -only the fault alarms whose priority is equal to or higher than “cross-connect ccm received” are sent. None - no fault alarm is sent. This is the default value. Mep state this is the mep administrative state. Enabled ...
Page 276: Cfm Port Settings
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 274 the fields that can be configured are described below: parameter description state tick the check box to toggle between enabled and disabled. Enabled – the cfm extension lck setting state is enabled. Disabled – the cfm extensio...
Page 277: Cfm Loopback Settings
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 275 cfm loopback settings this window is used to configure the cfm loopback settings on the switch. To view this window, click oam > cfm > cfm loopback settings,as shown below: figure 10- 10 cfm loopback settings window the followi...
Page 278: Cfm Linktrace Settings
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 276 cfm linktrace settings this window is used to configure the cfm linktrace settings on the switch. To view this window, click oam > cfm > cfm linktrace settings,as shown below: figure 10- 11 cfm linktrace settings window the fol...
Page 279: Cfm Packet Counter
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 277 cfm packet counter this window displays the cfm packet rx/tx counters on the switch. Enter the ports to view and click find. To view this window, click oam > cfm > cfm packet counter,as shown below: figure 10- 12 cfm packet cou...
Page 280: Ethernet Oam
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 278 ethernet oam the ethernet oam section includes ethernet oam settings, ethernet oam configuraion settings, ethernet oam event log, and ethernet oam statistics. Ethernet oam settings this window is used to configure the ports eth...
Page 281
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 279 ethernet oam configuration settings this window is used to configure and display the primary controls and status information for ethernet oam on the switch. To view this window, click oam > ethernet oam > ethernet oam configura...
Page 282: Ethernet Oam Event Log
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 280 ethernet oam event log this window allows the user to view the ethernet oam event log information. The switch can buffer up to 1000 event logs. The event log will provide and record detailed information about each oam event. Sp...
Page 283: Duld Settings
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 281 duld settings the switch features a d-link unidirectional link detection (duld) module. The unidirectional link detection provides a mechanism that can be used to detect unidirectional link for ethernet switches whose phys do n...
Page 284: Section 11
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 282 section 11 monitoring utilization statistics mirror sflow ping test trace route peripheral utilization the utilization windows include cpu utilization, dram & flash utilization, and port utilization. Cpu utilization this window...
Page 285: Dram & Flash Utilization
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 283 show/hide check whether or not to display five secs, one min, and five mins. Dram & flash utilization on this window the user can view information regarding dram and flash utilization. To view this window, click monitoring > dr...
Page 286: Statistics
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 284 is 200. Show/hide check whether or not to display port util. Statistics the statistics section includes port statistics, packet size, vlan counter statistics, and historical counter & utilization. Port statistics the port stati...
Page 287: Umb_Cast (Rx)
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 285 figure 11- 5 received (rx) table window (for bytes and packets) the following fields may be set or viewed: parameter description port use the drop-down menu to choose the port that will display statistics. Time interval select ...
Page 288
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 286 figure 11- 6 umb_cast (rx) window (for unicast, multicast, and broadcast packets) to view the umb_cast (rx) table window, click the view table link. Figure 11- 7 umb_cast (rx) table window (for unicast, multicast, and broadcast...
Page 289: Transmitted (Tx)
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 287 multicast count the total number of good packets that were received by a multicast address. Broadcast count the total number of good packets that were received by a broadcast address. Show/hide check whether or not to display m...
Page 290
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 288 figure 11- 9 transmitted (tx) table window (for bytes and packets) the following fields may be set or viewed: parameter description port use the drop-down menu to choose the port that will display statistics. Time interval sele...
Page 291: Errors
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 289 errors the web manager allows port error statistics compiled by the switch's management agent to be viewed as either a line graph or a table. Four windows are offered. Received (rx) to select a port to view these statistics or,...
Page 292
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 290 parameter description port use the drop-down menu to choose the port that will display statistics. Time interval select the desired setting between 1s and 60s, where "s" stands for seconds. The default value is one second. Reco...
Page 293: Transmitted (Tx)
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 291 transmitted (tx) to select a port to view these statistics or, select the port by using the port pull-down menu. The user may also use the real-time graphic of the switch at the top of the web page by simply clicking on a port....
Page 294
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 292 value is one second. Record number select number of times the switch will be polled between 20 and 200. The default value is 200. Exdefer count the number of packets for which the first transmission attempt on a particular inte...
Page 295: Packet Size
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 293 packet size the web manager allows packets received by the switch, arranged in six groups and classed by size, to be viewed as either a line graph or a table. Two windows are offered. To select a port to view these statistics f...
Page 296: Vlan Counter Statistics
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 294 port use the drop-down menu to choose the port that will display statistics. Time interval select the desired setting between 1s and 60s, where "s" stands for seconds. The default value is one second. Record number select numbe...
Page 297: Historical Counter
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 295 vlan name specifies the vlan name. Vid (1-4094) specifies the vlan id. Port list specifies the ports that are attached to the vlan. Enter the appropriate information and click find, the informationwill be displayed in the vlan ...
Page 298: Historical Utilization
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 296 historical utilization this window displays information regarding the historical utilization of the cpu and memory. The counters are set up in 15-minute and one-day intervals. There is a maximum of five 15-minute historical uti...
Page 299: Rspan Settings
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 297 figure 11- 19 port mirror window to configure a mirror port: 1. Change the status to enabled. 2. Select thesource port from where you want to the frames to come from. 3. Select the target port, which receives the copies from th...
Page 300: Sflow
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 298 figure 11- 21 rspan settings window (modify) enter the source ports or redirect ports you wish to add or delete and click apply. To return to the rspan settings window click . Sflow the sflow folder contains four windows to ena...
Page 301
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 299 analyzer server id (1-4) up to four sflow analyzer servers can be configured. Owner name the entity making use of this sflow analyzer server. Timeout (1-2000000) the length of time before the server is timed out. When the analy...
Page 302: Ping Test
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 300 sflow counter poller settings this window is used to create the sflow counter poller settings on the switch. Within the sflow counter poller function, the port statistics counter information will be forwarded to the server at t...
Page 303: Trace Route
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 301 the following parameters may be configured: parameter description ipv4 ping test target ip address enter the target ipv4 address of the host. Repeat pinging for click the infinite times radio button, which will tell the ping pr...
Page 304: Peripheral
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 302 trace route packet can pass. The trace route option will cross while seeking the network path between two devices. The range for the ttl is 1 to 60 hops. Port the port number. The value range is from 30000 to 64900. Timeout def...
Page 305: Section 12
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 303 section 12 save and tools save configuration id 1 save configuration id 2 save log save all configuration file backup & restore upload log file reset download firmware reboot system save configuration id 1 this window is used t...
Page 306: Save Log
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 304 save log this window is used to save the configuration log only. To view this window, click save > save log,as shown below: figure 12- 3 save log window save all this window is used to save the current configuration settings to...
Page 307
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 305 configuration file backup & restore the switch supports dual image storage for configuration file backup and restoration. The firmware and configuration images are indexed by id number 1 or 2. To change the boot firmware image,...
Page 308: Upload Log File
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 306 upload log file the following window is used to upload a log file for the switch. To view this window, click tools > upload log file,as shown below: figure 12- 6 upload log file window to upload a history or attack log from the...
Page 309: Download Firmware
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 307 download firmware the following window is used to download firmware for the switch. To view this window, click tools > download firmware,as shown below: figure 12- 8 download firmware window to download firmware from a tftp ser...
Page 310: Appendix A
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 308 appendix a mitigating arp spoofing attacks using packet content acl address resolution protocol (arp) is the standard method for finding a host's hardware address (mac address) when only its ip address is known. This protocol i...
Page 311
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 309 destination address source address ether-type arp fcs ff-ff-ff-ff-ff-ff 00-20-5c-01-11-11 table- (ethernet frame format) when the switch receives the frame, it will check the “source address” in the ethernet frame’s header. If ...
Page 312
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 310 figure-3 when pc b replies to the arp request, its mac address will be written into “target h/w address” in the arp payload shown in table-3. The arp reply will be then encapsulated into the ethernet frame again and sent back t...
Page 313
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 311 how arp spoofing attacks a network arp spoofing, also known as arp poisoning, is a method to attack an ethernet network which may allow an attacker to sniff data frames on a lan, modify the traffic, or stop the traffic altogeth...
Page 314
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 312 destination address source address ethernet type h/w type protocol type h/w address length protocol address length operation sender h/w address sender protocol address target h/w address target protocol address (6-byte) (6-byte...
Page 315
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 313 • prevent arp spoofing via packet content acl concerning the common dos attack today caused by the arp spoofing, d-link managed switch can effectively mitigate it via its unique packet content acl. For that reason the basic acl...
Page 316
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 314 offset chunk offset chunk0 offset chunk1 offset chunk2 offset chunk3 offset chunk4 offset chunk5 offset chunk6 offset chunk7 offset chunk8 offset chunk9 offset chunk10 offset chunk11 offset chunk12 offset chunk13 offset chunk14...
Page 317
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 315.
Page 318: Appendix B
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 316 appendix b system log entries the following table lists all possible entries and their corresponding meanings that will appear in the system log of this switch. Category event description log information severity system system ...
Page 320
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 318 spanning tree protocol is disabled spanning tree protocol is disabled informational ssh successful login through ssh successful login through ssh (username: , ip: , mac: ) informational login failed through ssh login failed thr...
Page 321
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 319 login failed through telnet authenticated by aaa local method login failed through telnet from authenticated by aaa local method (username: , mac: ) warning successful login through ssh authenticated by aaa local method success...
Page 322
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 320 server , mac: ) login failed through telnet authenticated by aaa server login failed through telnet from authenticated by aaa server (username: , mac: ) warning successful login through ssh authenticated by aaa server successfu...
Page 323
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 321 successful enable admin through ssh authenticated by aaa none method successful enable admin through ssh from authenticated by aaa none method (username: , mac: ) informational successful enable admin through console authentica...
Page 324
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 322 web(ssl) from due to aaa server timeout or improper configuration. Due to aaa server timeout or improper configuration (username: ,mac: ) login failed through telnet from user due to aaa server timeout or improper configuration...
Page 325
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 323 unauthenticated ip address encountered and discarded by ip-mac port binding unauthenticated ip-mac address and discarded by ip-mac port binding (ip: , mac: , port: ) warning loop-back detection lbd loop occurred port lbd loop o...
Page 326
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 324 password change activity password was changed by (username: ) informational dual configuration excution error encountered druring system boot-up configuration had syntax error and execute error warning 802.1x vid assigned from ...
Page 327: Dgs-3700 Series Trap List
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 325 dgs-3700 series trap list trap name/oid variable bind format mib name severity coldstart 1.3.6.1.6.3.1.1.5.1 none v2 rfc1907 (snmpv2-mib) critical warmstart 1.3.6.1.6.3.1.1.5.2 none v2 rfc1907 (snmpv2-mib) critical authenticati...
Page 328
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 326 swmacbasedauthloggedsuccess 1.3.6.1.4.1.171.12.35.11.1.0.1 swmacbasedauthloggedsucc ess v2 mba-mib warning swmacbasedauthloggedfail 1.3.6.1.4.1.171.12.35.11.1.0.2 swmacbasedauthloggedfail v2 mba-mib warning swmacbasedauthagesou...
Page 329: Appendix C
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 327 appendix c glossary 1000base-sx: a short laser wavelength on multimode fiber optic cable for a maximum length of 500 meters 1000base-lx: a long wavelength for a "long haul" fiber optic cable for a maximum length of 10 kilometer...
Page 330
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 328 lan - local area network: a network of connected computing resources (such as pcs, printers, servers) covering a relatively small geographic area (usually not larger than a floor or building). Characterized by high data rates a...
Page 331: Appendix D
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 329 appendix d password recovery procedure this section describes the procedure for resetting passwords on d-link switches. Authenticating any user who tries to access networks is necessary and important. The basic authentication m...
Page 332
Dgs-3700-12/dgs-3700-12g series layer 2 gigabit ethernet user manual 330 3. In the “password recovery mode” only the following commands can be used. Command parameters reset config this command resets the whole configuration back to the default values. Reboot this command exits the reset password re...