D-Link xStack DGS-3200-10 User Manual - Firmware Upgrade

Other manuals for xStack DGS-3200-10: Specifications, User Manual

Manual is about: xStack DGS-3200 Series Layer 2 Managed Gigabit Ethernet Switch

Page of 302

Download

Print this page

Bookmark us

xStack

DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch

Firmware Upgrade

The Commander Switch may be used for firmware upgrades of member switches. Member Switches will be listed in the table and

will be specified by Port (port on the CS where the MS resides), MAC Address, Model Name and Version. To specify a certain

Switch for firmware download, click its corresponding check box under the Port heading. To update the firmware, enter the Server

IP Address where the firmware resides and enter the Path/Filename of the firmware. Click

Download

to initiate the file transfer.

To view the following window, click

Configuration

Single IP Management > Firmware Upgrade

Figure 2 - 66. Firmware Upgrade window for Single IP Management

Configuration File Backup/Restore

The Commander Switch can instruct configuration file backup and restore to the Mem ber Switch using a TFTP server. Member

Switches will be listed in the ta ble and will b e specified by Port (port on the CS where the MS resi des), MAC Address, Model

Name and Version. To sp ecify a cer tain Switch for upgrading configuration files, click its corresponding radio button under the

Port heading. To update the configuration file, enter the Server IP Address where the file resides and enter the Path/Filename of

the configuration file. Click

Restore

to initiate the file tran sfer from a TFTP serv er to the Switch. Click

Backup

to backup the

configuration file to a TFTP server.

To view the following window, click

Configuration

Single IP Management > Configuration File Backup/Restore

Figure 2 - 67. Configuration File Backup/Restore window for Single IP Management

Upload Log File

The Commander Switch can order a log file from a member switch sent to a server. Provide the Server IP address for storing the

log and the log file path and filename on the member switch. Click

Upload

to send the log file to a TFTP server.

To view the following window, click

Configuration

Single IP Management > Upload Log File

Figure 2 - 68. Upload Log File window for Single IP Management

« ‹ Prev 68 69 70 71 72 73 74 Next › »

Summary of xStack DGS-3200-10

Page 1
Manual product model: xstack ® dgs-3200 series layer 2 managed gigabit ethernet switch release 1.5.
Page 2
_____________________________________________ information in this document is subject to change without notice. © 2009 d-link corporation. All rights reserved. Reproduction in any manner whatsoever without the written permission of d-link corporation is strictly forbidden. Trademarks used in this te...
Page 3: Table of Contents
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch iii table of contents intended readers........................................................................................................................................................................... Ix typographical conventi...
Page 4
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch iv telnet settings.............................................................................................................................................................................. 27 password encryption.......................
Page 5
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch v pvid auto assign settings ......................................................................................................................................................... 79 port trunking .......................................
Page 6
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch vi port lock entries ........................................................................................................................................................................................132 dhcp server screening........
Page 7
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch vii multiple authentication settings ................................................................................................................................................................177 guest vlan ..........................
Page 8
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch viii save log .................................................................................................................................................................................... 251 save all...............................
Page 9: Intended Readers
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch ix intended readers the dgs-3200 series manual contains i nformation for set up an d m anagement of t he switch. This m anual i s i ntended for network managers familiar with network management concepts and terminology. Typographical c...
Page 10: Notes, Notices, and Cautions
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch x notes, notices, and cautions a note indicates important information that helps make better use of the device. A notice indicates either potential damage to hardware or loss of data and tells how to avoid the problem. A caution indica...
Page 11
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch xi do not push any objects into the openings of the system. Doing so can cause fire or el ectric shock by shorting out interior components. Use the product only with approved equipment. Allow the product to cool before removing covers ...
Page 12
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch xii caution: installing systems in a rack without the front and side stabilizers installed could cause the rack to tip over, potentially resulting in bodily injury under certain circumstances. Therefore, always install the stabilizers ...
Page 13
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch xiii lithium battery precaution caution : incorrectly replacing the lithium battery of the switch may cause the battery to explode. Replace this battery only with the same or equivalent type recommended by the manufacturer. Discard use...
Page 14: Section 1
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 1 section 1 web-based switch configuration introduction logging onto the web manager web-based user interface introduction all software functions of the switch can be managed, configured, and monitored via the embedded web-based (html)...
Page 15: Web-Based User Interface
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 2 web-based user interface the user i nterface provides access to various switch configuration and management windows, allows the user to view performance statistics, and permits graphical monitoring of the system status. Areas of the ...
Page 16: Web Pages
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 3 web pages when connecting to the management mode of the switch with a web browser, a login screen is displayed. Enter a user name and password to access the switch's management mode. Below is a list of the folders and windows availab...
Page 17
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 4 note: be sure to configure the user name and password in the user accounts window before connecting the switch to the greater network..
Page 18: Section 2
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 5 section 2 configuration device information system information serial port settings ip address ipv6 interface settings ipv6 route table ipv6 neighbor settings port configuration static arp settings user accounts system log configurati...
Page 19: Device Information
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 6 device information this window contains the main settings for all major functions for the switch. It appears automatically when you log on to the switch. To retu rn to the device i nformation w indow af ter v iewing oth er windows, c...
Page 20: System Information
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 7 system information the user can enter a system name, system location, and system contact to aid in defining the switch. To view the following window, click configuration > system information : figure 2- 2. System information window t...
Page 21: Serial Port Settings
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 8 serial port settings the user can adjust the baud rate and the auto logout values. To view the following window, click configuration > serial port settings : figure 2- 3. Serial port settings window baud rate this field specifies the...
Page 22
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 9 note: the switch’s factory default ip address is 10.90.90.90 with a subnet mask of 255.0.0.0 and a default gateway of 0.0.0.0. To use the dhcp or bootp protocols to assign the switch an ip address, subnet mask, and default gateway ad...
Page 23: Ipv6 Interface Settings
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 10 setting the switch’s ip address using the console interface each switch must be assi gned its own ip address, which is used for communication with an snmp network manager or other tcp/ip application (for example bootp, tftp). The sw...
Page 24
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 11 to modify an ipv6 interface table entry, click the corresponding edit button. The following window opens: figure 2- 6. Ipv6 interface settings (edit) window the ipv6 window is divided into three distinct parts. The following paramet...
Page 25: Ipv6 Route Table
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 12 ipv6 route table the user can configure the switch’s ipv6 route table. To view the following window, click configuration > ipv6 route table : figure 2- 7. Ipv6 route table window enter an ipv6 address in the gateway field and click ...
Page 26: Ipv6 Neighbor Settings
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 13 ipv6 neighbor settings the user can configure the switch’s ipv6 neighbor settings. The switch’s current ipv6 neighbor settings will be displayed in the table at the bottom of this window. To view the following window, click configur...
Page 27: Port Configuration
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 14 port configuration the port configuration folder contains three windows: port settings , port description , and port error disabled . Port settings to view the following window, click configuration > port configuration > port settin...
Page 28: Port Description
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 15 address learning enable or disable mac address learning for the selected ports. When enabled , destination and source mac addresses are automatically listed in the forwarding table. When address learning is disabled , mac addresses ...
Page 29: Port Error Disabled
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 16 port error disabled the following window will display the information about ports that have had their connection status disabled, for reasons such as storm control or link down status. To view the following window, click configurati...
Page 30
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 17 after entering the ip address and mac address of the static arp entry, click apply to implement the new entry. To completely clear the static arp entries, click the delete all button. To modify a st atic arp en try, click the edit b...
Page 31: User Accounts
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 18 user accounts the switch allows the control of user privileges. To view the following window, click configuration > user accounts : figure 2- 13. User accounts window to add a new user, type in a user name and new password and retyp...
Page 32: System Log Configuration
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 19 management admin user configuration yes read-only network monitoring yes read-only community strings and trap stations yes read-only update firmware and configuration files yes no system utilities yes no factory reset yes no user ac...
Page 33: System Log Host
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 20 system log host the switch can send syslog messages to up to four designated servers using the system log server. To view the following window, click configuration > system log configuration > system log host : figure 2- 16. System ...
Page 34: Dhcp/bootp Relay
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 21 parameter description system severity choose how the alerts are used from the drop-down menu. Select log to send the alert of the severity type configured to the switch’s log for analysis. Choose trap to send it to an snmp agent for...
Page 35
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 22 dhcp relay agent information option 82 state this field can be toggled between enabled and disabled using the drop-down menu. It is used to enable or disable the dhcp relay agent information option 82 on the switch. The default is d...
Page 36
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 23 implementation of dhcp relay agent information option 82 the config dhcp_relay opti on_82 command configures the dhcp relay ag ent information option 82 setting of the switch . The formats for the circuit id sub-option and the remot...
Page 37: Dhcp Local Relay Settings
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 24 dhcp/bootp relay interface settings users can set up a server, by ip address, for relaying dhcp/bootp information to the switch. Th e user may enter a previ ously configured ip interface on the switch th at will be connected directl...
Page 38
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 25 parameter description dhcp local relay global state enable or disable the dhcp local relay global state. The default is disabled. Vlan name this is the vlan name that identifies the vlan the user wishes to apply the dhcp local relay...
Page 39: Mac Address Aging Time
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 26 mac address aging time users can configure the mac address aging time on the switch. To view the following window, click configuration > mac address aging time : figure 2 – 23. Mac address aging time window enter a value between 10 ...
Page 40: Telnet Settings
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 27 telnet settings users can configure telnet settings on the switch. To view the following window, click configuration > telnet settings : figure 2 – 25. Telnet settings window the following parameters may be configured or viewed: par...
Page 41: Cli Paging Settings
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 28 cli paging settings users can stop the scrolling of multiple pages beyond the limits of the console when using the command line interface. To view the following window, click configuration > cli paging settings : figure 2 – 27. Cli ...
Page 42
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 29 figure 2 – 29. Firmware information window (dgs-3200-24 model) the following parameters may be configured or viewed: parameter description id states the image id number of the firmware in the switch’s memory. The switch can store 2 ...
Page 43: Power Saving Settings
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 30 power saving settings this window allows the user to implement the switch’s built-in power saving features. When the power saving state is enabled , a port which has a link down status will be turned off to save power to the switch....
Page 44: Dual Configuration Settings
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 31 dual configuration settings users can display dual configuration settings on the switch. The switch allows two configurations to be stored in its memory and either can be configured as the boot-up configuration for the switch (the d...
Page 45
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 32 update time states the specific time the configuration version was downloaded to the switch. From states the ip address of the origin of the configuration. There are five ways a configuration may be downloaded to the switch. Boot-up...
Page 46: Smtp Settings
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 33 smtp settings smtp or simple mail transfer protocol is a function of the switch that will send switch events to mail recipients based on e-mail addresses entered in the window below. The switch is to be configured as a client of smt...
Page 47: Ping Test
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 34 ping test users can ping either an ipv4 address or an ipv6 address. Ping is a small program that sends icmp echo packets to the ip address you specify. The destination node then responds to or “echoes” the packets sent from the swit...
Page 48: Sntp Settings
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 35 sntp settings sntp or simple network time protocol is used by the switch to synchronize the clock of the computer. The sntp settings folder contains two windows: time settings and timezone settings . Time settings users can configur...
Page 49: Time Zone Settings
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 36 time zone settings users can configure time zones and daylight savings time settings for sntp. To view the following window, click configuration > sntp settings > time zone settings : figure 2 - 36. Time zone settings window the fol...
Page 50: Mac Notification Settings
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 37 to: day of week enter the day of the week that dst will end. To: month enter the month that dst will end. To: time in hh:mm enter the time dst will end. Dst annual settings – using annual mode will enable dst seasonal time adjustmen...
Page 51
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 38 mac notification port settings users can set mac notification for individual ports on the switch. To view the following window, click configuration > mac notification settings > mac notification port settings : figure 2 - 38. Mac no...
Page 52: Snmp Settings
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 39 snmp settings simple network management protocol (snmp) is an osi layer 7 (application layer) designed specifically for managing and monitoring network devices. Snmp enables network management stations to read and modify the setting...
Page 53: Snmp Global State Settings
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 40 snmp global state settings snmp global state settings can be enabled or disabled. To view the following window, click configuration > snmp settings > snmp global state settings : figure 2 - 39. Snmp global state settings window clic...
Page 54: Snmp View Table
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 41 snmp view table users can assign views to community strings that define which mib objects can be accessed by a remote snmp manager. To view the following window, click configuration > snmp settings > snmp view table : figure 2 - 41....
Page 55: Snmp Group Table
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 42 snmp group table an snmp g roup c reated with t his t able maps snm p u sers (i dentified in th e snmp user tab le) t o the views created in the previous window. To view the following window, click configuration > snmp settings > sn...
Page 56: Snmp User Table
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 43 to implement your new settings, click apply . Snmp user table this window displays all of the snmp user’s currently configured on the switch. To view the following window, click configuration > snmp user table : figure 2 - 43. Snmp ...
Page 57: Snmp Community Table
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 44 snmp community table users can create an snmp community string to define the relationship between the snmp manager and an agent. The community string acts like a password to permit access to the a gent on the switch. One or m ore of...
Page 58: Snmp Host Table
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 45 snmp host table users can set up snmp trap recipients for ipv4. To view the following window, click configuration > snmp settings > snmp host table : figure 2 - 45. Snmp host table window to add a new entry to the switch’s snmp ho s...
Page 59: Snmp V6Host Table
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 46 snmp v6host table users can set up snmp trap recipients for ipv6. To view the following window, click configuration > snmp settings > snmp v6host table : figure 2 - 46. Snmp v6host table window to add a new entry to the switch’s snm...
Page 60: Snmp Engine Id
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 47 snmp engine id the engine id is a unique identifier used for snmp v3 implementations on the switch. To view the following window, click configuration > snmp settings > snmp engine id : figure 2 - 47. Snmp engine id window to change ...
Page 61: Rmon
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 48 rmon users can enable and disable remote monitoring (rmon) status for the snmp function on the switch. In addition, rmon rising and falling alarm traps can be enabled and disabled. To view the following window, click configuration >...
Page 62
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 49 there are three classifications for switches using sim. The commander switch (cs) , which is the master switch of the group, member switch (ms) , which is a sw itch t hat i s r ecognized by the cs a member of a sim group, an d a can...
Page 63: Single Ip Settings
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 50 when a cas becomes a ms, it autom atically becomes a m ember of t he first snmp community (including read/write and rea d only) to which the cs b elongs. However, if a ms h as its own ip address, it can belong to snmp co mmunities t...
Page 64
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 51 figure 2 - 52. Single ip settings window for candidate (enabled) parameter description sim state use the drop-down menu to either enable or disable the sim state on the switch. Disabled will render all sim functions on the switch in...
Page 65: Topology
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 52 topology this window will be used to configure and manage the switch within the sim group and requires java script to function properly on your computer. The java runtime environment on your server should initiate and lead you to th...
Page 66
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 53 figure 2 - 55. Topology view window this window will display how the devices within the single ip management group connect to other groups and devices. Possible icons on this window are as follows: icon description group layer 2 com...
Page 67
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 54 tool tips in the topology view window, the mouse plays an important role in configuration and in viewing device information. Setting the mouse cursor over a specific device in the topology window (tool tip) will display the same inf...
Page 68
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 55 group icon figure 2 - 58. Right-clicking a group icon the following options may appear for the user to configure: collapse – to collapse the group that will be represented by a single icon. Expand – to expand the sim group, in detai...
Page 69
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 56 commander switch icon figure 2 - 60. Right-clicking a commander icon the following options may appear for the user to configure: collapse – to collapse the group that will be represented by a single icon. Expand – to expand the sim ...
Page 70
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 57 add to group – add a candidate to a group. Clicking this option will reveal the following dialog box for the user to enter a password for au thentication fro m the candidate switch befo re being ad ded to th e si m group. Click ok t...
Page 71: Firmware Upgrade
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 58 firmware upgrade the commander switch may be used for firmware upgrades of member switches. Member switches will be listed in the table and will be specified by port (port on the cs where the ms resides), mac address, model name and...
Page 72: Sd Card Fs Settings
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 59 sd card fs settings users can plug an sd f lash car d i nto a front sl ot on th e d gs-3200-24 ( dgs-3200-10 and dgs-3200-16 do no t support th is feature). The sd flash card allows users to carry out the following: save the switch ...
Page 73
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 60 format if you have inserted a new sd flash card this button will appear. Click this button to format the new sd flash card. Copy to click this button to copy a file to another location. Move to click this button to move a file to an...
Page 74: Section 3
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 61 section 3 l2 features jumbo frame egress filter settings 802.1q vlan private vlan settings 802.1v protocol vlan mac-based vlan settings gvrp settings pvid auto assign settings port trunking vlan trunk settings lacp port settings tra...
Page 75: Egress Filter Settings
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 62 egress filter settings users can configure an egress filter on specific ports for unknown unicast and unregistered multicast packets. The switch drops all unk nown unicast/multicast packets on egress ports when it dete cts unknown u...
Page 76
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 63 vlan description a virtual local area network (vlan) is a network topology configured according to a l ogical scheme rather than the physical layout. Vlans can be used to combine any collection of lan segments into an autonomous use...
Page 77
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 64 forwarding rules between ports – decides whether to filter or forward the packet. Egress rules – determines if the packet must be sent tagged or untagged. Figure 3 - 3. Ieee 802.1q packet forwarding 802.1q vlan tags the figure below...
Page 78
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 65 figure 3 - 4. Ieee 802.1q tag the ethertype and vlan id a re inserted after t he mac source address, but before the original ethertype/length or logical link c ontrol. Because the packet is now a bit longer than it was originally, t...
Page 79
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 66 tagged packets are forwarded according to the vid contained within the tag. Tagged packets are also assigned a pvid, but the pvid is not used to make packet-forwarding decisions, the vid is. Tag-aware switches must keep a tab le to ...
Page 80
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 67 an example is presented below: vlan name vid switch ports system (default) 1 5, 6, 7 engineering 2 9, 10 sales 5 1, 2, 3, 4 table 3 - 1. Vlan example – assigned ports port-based vlans port-based vlans limit traffic th at flows into ...
Page 81
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 68 to view the following window, click l2 features > 802.1q vlan : figure 3 - 6. Vlan list tab of the 802.1q vlan window the vlan list tab lists all previously configured vlans by vlan id and vlan name. To delete an existing 802.1q vla...
Page 82
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 69 vlan name allows the entry of a name for the new vlan or for editing the vlan name in the add/edit vlan tab. Advertisement enabling this function will allow the switch to send out gvrp packets to outside sources, notifying that they...
Page 83
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 70 figure 3 - 9. Vlan batch settings tab of the 802.1q vlan window the following fields can be set in the vlan batch settings windows: parameter description vid list (e.G. 2-5) enter a vlan id list that can be added, deleted or configu...
Page 84: Private Vlan Settings
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 71 private vlan settings the switch al lows users to create private vla ns. A p rivate vla n divides the layer 2 b roadcast domain of a vla n into subdomains and are particularly useful for service providers who need to assign a unique...
Page 85
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 72 to view the following window, click l2 features > private vlan settings : figure 3 - 11. Private vlan settings window creating a new private vlan: configure the following parameters in the add private vlan section to create a new pr...
Page 86
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 73 if a private vlan matches the search criteria, the private vlan will appear in the list at the bottom of the window. The following information is displayed in the private vlan list at the bottom of the window: parameter description ...
Page 87
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 74 editing an existing private vlan: in the private vlan list, click the edit button next to the private vlan you want to modify. The following window opens: figure 3 - 13. Private vlan settings (edit) window the window is divided into...
Page 88
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 75 community vlan displays the vlan id or vlan name of any vlans that have been configured as community vlans. Community ports displays the port numbers of any vlans that have been configured as community vlans. Deleting a private isol...
Page 89: 802.1V Protocol Vlan
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 76 802.1v protocol vlan the 802.1v pro tocol vlan folder co ntains t wo wi ndows: 802.1v protocol gr oup se ttings and 802.1v pr otocol vl an settings . 802.1v protocol group settings users can c reate protocol vlan groups and add prot...
Page 90
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 77 802.1v protocol vlan settings users can configure protocol vlan settings. The lower half of the table displays any previously created settings. To view the following window, click l2 features > 802.1v protocol vlan > 802.1v protocol...
Page 91: Mac-Based Vlan Settings
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 78 mac-based vlan settings users can create new mac-based vlan entries and search, edit, and delete existing entries. When an entry is created for a port, the port will automatically become the untagged member port of the specified vla...
Page 92: Pvid Auto Assign Settings
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 79 the following fields can be set: parameter description from port this drop-down menu allows the selection of the beginning port for a range of ports that will be included in the port-based vlan. To port this drop-down menu allows th...
Page 93: Port Trunking
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 80 port trunking understanding port trunk groups port t runk groups a re u sed t o com bine a num ber o f ports t ogether t o make a si ngle hi gh-band-width data pi peline. Another advantage of i mplementing port t runk g roups i s re...
Page 94
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 81 the switch treats all ports in a trunk group as a single port. Data transmitted to a specific host (destination address) will always be transmitted over the same port in a trunk group. This allows packets in a data stream to arrive ...
Page 95
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 82 the user-changeable parameters are as follows: parameter description algorithm toggle between mac source dest and ip source dest . Group id select an id number for the group, between 1 and 5 for the dgs-3200-10, between 1 and 8 for ...
Page 96: Vlan Trunk Settings
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 83 vlan trunk settings enable vlan on a port to allow frames belonging to unknown vlan groups to pass through that port. This is useful if you want to set up vlan groups on end devices without having to configure the same vlan groups o...
Page 97: Lacp Port Settings
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 84 lacp port settings in conjunction with the trunking window, users can create port trunking groups on the switch. Using the following window, the user may set which ports will be active and passive in processing and sending lacp cont...
Page 98: Traffic Segmentation
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 85 traffic segmentation traffic segmentation is used to limit traffic flow from a single or group of ports, to a group of ports. This method of segmenting the flow of traffic is similar to using vlans to limit traffic, but is more rest...
Page 99
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 86 to enable igmp snooping globally on the switch: click the enabled radio button. Click the apply button to apply the igmp snooping setting. The following parameters may be viewed in the igmp snooping settings window: parameter descri...
Page 100
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 87 editing the igmp snooping parameters for a vlan: click the edit button next to the vlan you want to edit. The following window appears: figure 3 - 26. Igmp snooping parameters settings window the igmp snooping parameters settings wi...
Page 101
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 88 router timeout (1-16711450 sec) this specifies the time-out for dynamically learned router ports. Default = 260 . Leave timer (1-16711450 sec) this specifies the maximum amount of time in seconds between the switch receiving a leave...
Page 102
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 89 data driven learning settings the s witch al lows y ou t o i mplement dat a driven l earning f or igmp s nooping g roups. If data-driven l earning, al so k nown as dynamic ip multicast learning, is enabled for a vlan, when the switc...
Page 103: Ism Vlan Settings
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 90 ism vlan settings in a switching environment, multiple vlans may exist. Every time a multicast query passes through the switch, the switch must forward separate different copies of the data to each vlan on the system, which, in turn...
Page 104
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 91 member port (e.G.: 1-4, 6) enter a port or list of ports to be added to the multicast vlan. Member ports shall be the untagged members of the multicast vlan. Tagged member port enter a port or list of ports that will become tagged m...
Page 105
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 92 when you have finished configuring the previous parameters, click the add button to add the new ism vlan. The new ism vlan will appear in the list at the bottom of the window, as shown below: figure 3 - 29. Ism vlan settings window ...
Page 106: Ism Profile Settings
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 93 editing an existing ism vlan group list setting: 1. Click the group list link next the ism vlan you want to edit. 2. The following window opens: figure 3 - 30. Ism vlan group list settings window 3. Type in a name to identify the ne...
Page 107
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 94 editing an existing ism vlan group list setting: 1. Click the group list link next the ism profile you want to edit. 2. The following window opens: figure 3 - 32. Ism vlan settings window 3. Type in the multicast address range you w...
Page 108
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 95 figure 3 - 34. Multicast address group list settings window enter the multicast ip address list, starting with the lowest in the range, and then click add . To return to the ip multicast profile settings window, click the button. Li...
Page 109: Max Multicast Group Settings
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 96 to configure the multicast address filtering function on a port for a specific profile, configure the parameters in the center of the window as described below: parameter description from / to use the drop-down menus to specify the ...
Page 110
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 97 mld control messages three t ypes of m essages are t ransferred be tween de vices usi ng m ld snooping. T hese t hree m essages are al l de fined by f our icmpv6 packet headers, labeled 130, 131, 132, and 143. 1. Multicast listener ...
Page 111
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 98 state used to enable or disable mld snooping for the specified vlan. This field is disabled by default. To configure a specific vlan for mld snooping, click the vlan’s corresponding edit button. The following window appears: figure ...
Page 112
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 99 last listener query interval (1-25 sec) use this parameter to specify the maximum amount of time between group-specific query messages, including those sent in response to done-group messages. You might lower this interval to reduce...
Page 113: Port Mirroring
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 100 port mirroring the switch allows you to copy frames transmitted and received on a port and redirect the copies to another port. You can attach a monitoring device to the mirrored port, such as a sniffer or an rmon probe, to view de...
Page 114: Loopback Detection Settings
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 101 loopback detection settings the l oopback det ection function i s u sed to det ect t he l oop c reated by a specific port. T his feature is u sed to temporarily shutdown a port on the switch when a ctp (configuration testing protoc...
Page 115: Spanning Tree
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 102 trap status set the desired trap status: none , loop detected , loop cleared , or both . Interval (1-32767) set a loopdetect interval between 1 and 32767 seconds. The default is 10 seconds. Recover time (0 or 60- 1000000) time allo...
Page 116
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 103 802.1d-2004 rapid spanning tree the switch implements three versions of the spanning tree protocol, the multiple spanning tree protocol (mstp) as defined by the ie ee 802.1q-2005, t he rapid s panning t ree p rotocol (r stp) as def...
Page 117
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 104 the spanning tree protocol (stp) operates on two levels: 1. On the switch level, the settings are globally implemented. 2. On the port level, the settings are implemented on a per user-defined group of ports basis..
Page 118: Stp Bridge Global Settings
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 105 stp bridge global settings use the stp status radio buttons to enable or disable stp globally, and use the stp version drop-down menu to choose the stp method. To view the following windows, click l2 features > spanning tree > stp ...
Page 119
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 106 see the table below for descriptions of the stp versions and corresponding setting options. Note: the bridge hello time cannot be longer than the bridge max age. Otherwise, a configuration error will occur. Observe the following fo...
Page 120: Stp Port Settings
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 107 stp port settings stp can be set up on a port per port basis. To view the following window, click l2 features > spanning tree > stp port settings : figure 3 - 45. Stp port settings window it is advisable to define an stp group to c...
Page 121
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 108 forward bpdu use the drop-down menu to enable or disable the flooding of bpdu packets when stp is disabled. Edge choosing the true parameter designates the port as an edge port. Edge ports cannot create loops, however an edge port ...
Page 122: Stp Instance Settings
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 109 stp instance settings this window displays mstis currently set on the switch and allows users to change the priority of the mstis. To view the following window, click l2 features > spanning tree > stp instance settings : figure 3 -...
Page 123: Mstp Port Information
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 110 mstp port information this window displays the current msti configuration information and can be used to update the port configuration for an msti id. If a loop occurs, the mstp function will use the port priority to select an inte...
Page 124: Forwarding & Filtering
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 111 forwarding & filtering the forwarding & filtering folder con tains th ree windows: unicast forw arding , multica st forwarding , and multicast filtering mode . Unicast forwarding users can set up unicast forwarding on the switch. T...
Page 125: Multicast Filtering Mode
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 112 parameter description vid the vlan id of the vlan the corresponding mac address belongs to. Multicast mac address the static destination mac address of the multicast packets. This must be a multicast mac address. Port allows the se...
Page 126: Section 4
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 113 section 4 qos bandwidth control traffic control 802.1p default priority 802.1p user priority qos scheduling mechanism qos is an i mplementation of the ieee 802.1p standard that allows network administrators a m ethod of reserving b...
Page 127
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 114 see if it h as the prop er identifying tag. Then the user may forward these tagged packets to designated classes of se rvice on the switch where they will be emptied, based on priority. For example, let’s say a user wishes to have ...
Page 128: Bandwidth Control
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 115 bandwidth control the bandwidth control settings are used to place a ceiling on the transmitting and receiving data rates for any selected port. To view the following window, click qos > bandwidth control : figure 4 - 2. Bandwidth ...
Page 129: Traffic Control
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 116 traffic control on a c omputer network, packets s uch as multicast packets and broa dcast pac kets continually f lood th e n etwork as nor mal procedure. At times, this traffic m ay increase do to a m alicious endstation on the net...
Page 130
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 117 shutdown – utilizes the switch’s software traffic control mechanism to determine the packet storm occurring. Once detected, the port will deny all incoming traffic to the port except stp bpdu packets, which are essential in keeping...
Page 131: 802.1P Default Priority
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 118 802.1p default priority the switch allows the assignment of a default 802.1p priority to each port on the switch. To view the following window, click qos > 802.1p default priority : figure 4 - 4. 802.1p default priority window this...
Page 132: Qos Scheduling Mechanism
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 119 qos scheduling mechanism the scheduling mechanism drop-down menu allows a selection between a weight fair and a strict mechanism for emptying the priority classes. To view the following window, click qos > qos scheduling mechanism ...
Page 133: Section 5
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 120 section 5 security safeguard engine trusted host ip-mac-port binding (impb) port security dhcp server screening guest vlan 802.1x ssl settings ssh access authentication control mac-based access control (mac) web-based access contro...
Page 134
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 121 figure 5 - 1. Safeguard engine example for every consecutive checking interval that reveals a packet flooding issue, the switch will double the time it will discard ingress arp and ip broadcast packets and packets from untrusted ip...
Page 135: Trusted Host
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 122 parameter description safeguard engine state use the radio button to globally enable or disable safeguard engine settings for the switch. Rising threshold (20% - 100%) used to configure the acceptable level of cpu utilization befor...
Page 136: Ip-Mac-Port Binding (Impb)
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 123 ip-mac-port binding (impb) general overview the dgs-3200 series switches offer ip-mac-port binding (impb), a d-link security application used most often on edge switches directly connected to network hosts. Impb is also an integral...
Page 137
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 124 acl mode in acl mode, a switch performs ip packet inspection in addition to arp packet inspection. Essentially, acl rules will be used to permit statically configured impb entries and deny other ip packets with the incorrect ip-mac...
Page 138: Impb Global Settings
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 125 impb global settings users can enable or disable the global impb settings: trap log state and dhcp snoop state, on the switch. The trap/log field will enable and disable the sending of trap log messages for ip-mac binding. When ena...
Page 139: Impb Port Settings
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 126 impb port settings users can configure impb settings on a port basis. Select a port or a range of ports with the from port and to port fields. Enable or disable the port with strict or loose state, enable or disable allow zero ip a...
Page 140
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 127 the following fields can be set or modified: parameter description from port/to port select a range of ports to set for ip-mac-port binding. State use the drop-down menu to enable or disable these ports for ip-mac binding. Enabled ...
Page 141: Impb Entry Settings
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 128 max entry (1-50) enter the maximum number of dhcp snooping entries that can be learned on the ports specified in the from port / to port drop-down menus. To specify that there should be no limit on the number of dhcp snooping entri...
Page 142: Dhcp Snooping Entries
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 129 dhcp snooping entries this table is used to view dhcp snooping entries on specific ports. To view the following window, click security > ip-mac-port binding (impb) > dhcp snooping entries : figure 5 - 9. Dhcp snooping entries windo...
Page 143: Mac Block List
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 130 mac block list this table is used to view unauthorized devices that have been blocked by ip-mac binding restrictions. To find an unauthorized device m ac address t hat h as bee n blocked by t he i p-mac bi nding rest rictions, e nt...
Page 144: Port Security
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 131 port security the port security folder contains two windows: port security settings and port lock entries . Port security settings a given port’s (or a range of ports') dynamic mac address learning can be l ocked such that the curr...
Page 145: Port Lock Entries
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 132 port lock entries users can remove an entry from the port security entries learned by the switch and entered into the forwarding database. To view the following window, click security > port security > port lock entries : figure 5 ...
Page 146: Dhcp Server Screening
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 133 dhcp server screening the dhcp server screening folder contains two windows: dhcp screening port settings and dhcp offer filtering . Dhcp screening port settings the switch supports dhcp server screening, a feature that denies acce...
Page 147: Dhcp Offer Filtering
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 134 dhcp offer filtering this function allows the user to not only restrict all dhcp server packets but also to receive any specified dhcp server packet by any specified dhcp client, it is useful when one or more dhcp servers are prese...
Page 148: Guest Vlan
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 135 guest vlan on 802 .1x secu rity-enabled n etworks, t here is a need fo r non - 802.1x supported de vices to gain limited access to the net work, due t o l ack of t he p roper 80 2.1x s oftware or i ncompatible devices, s uch as c o...
Page 149
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 136 802.1x (port-based and host-based access control) the ieee 802.1x standard is a security measure for authorizing and authenticating users to gain access to various wired or wireless devices on a specified local area network by usin...
Page 150
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 137 authentication server the authentication server is a remote device that is connected to the same network as the client and authenticator, must be running a radius server program and must be configured properly on the authenticator ...
Page 151
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 138 client the client is simply the endstation that wishes to gain access to the lan or switch services. All end stations must be running software that is compliant with the 802.1x protocol. For users running windows xp and windows vis...
Page 152
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 139 understanding 802.1x port-based and host-based network access control the original intent behind the development of 802.1x was to leverage the characteristics of point-to-point in lans. As any single lan segment in such infrastruct...
Page 153
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 140 host-based network access control 802.1x client network access controlled port network access uncontrolled port radius server ethernet switch 802.1x client 802.1x client 802.1x client 802.1x client 802.1x client 802.1x client 802.1...
Page 154: 802.1X Settings
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 141 802.1x settings users can configure 802.1x authenticator settings. To view the following window, click security > 802.1x > 802.1x settings : figure 5 - 25. 802.1x settings window use the from port and to port drop-down menus to con...
Page 155: 802.1X User
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 142 txperiod (1-65535) this sets the txperiod of time for the authenticator pae state machine. This value determines the period of an eap request/identity packet transmitted to the client. The default setting is 30 seconds. Reauthperio...
Page 156: Initialize Port(S)
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 143 initialize port(s) existing 802.1x port and host settings are displayed and can be configured using the two windows below. To initialize ports for the port side of 802.1x, the user must first enable 802.1x by port in the 802.1x set...
Page 157: Reauthenticate Port(S)
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 144 reauthenticate port(s) users can display and configure reauthenticate ports for 802.1x port and host using the two windows below. To reauthenticate ports for the port side of 802.1x, the user must first enable 802.1x by port in the...
Page 158: Authentic Radius Server
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 145 authentic radius server the radius feature of the switch allows the user to facilitate centralized user administration as well as providing protection against a sniffing, active hacker. The web manager offers three windows. To view...
Page 159: Ssl Settings
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 146 ssl settings secure so ckets layer, or ssl, is a security featu re t hat will provide a secu re co mmunication path b etween a host an d clien t through the use of authentication, digital signatures and encryption. These security f...
Page 160
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 147 to view the following window, click security > ssl settings : figure 5 - 32. Ssl settings window to set up the ssl function on the switch, configure the parameters in the ssl settings section described below and click apply . To se...
Page 161: Ssh
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 148 certificate file name enter the path and the filename of the certificate file to download. This file must have a .Der extension. (ex. C:/cert.Der) key file name enter the path and the filename of the key file to download. This file...
Page 162: Ssh Configuration
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 149 ssh configuration users can configure and view settings for the ssh server. To view the following window, click security > ssh > ssh configuration : figure 5 - 33. Ssh configuration window to configure the ssh server on the switch,...
Page 163
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 150 ssh authmode and algorithm settings users can c onfigure t he desired t ypes of ssh al gorithms used for a uthentication e ncryption. The re are three c ategories of algorithms l isted and specific al gorithms o f each may be ena b...
Page 164
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 151 twofish128 use the check box to enable or disable the twofish128 encryption algorithm. The default is enabled. Twofish192 use the check box to enable or disable the twofish192 encryption algorithm. The default is enabled. Twofish25...
Page 165: Ssh User Authentication Mode
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 152 ssh user authentication mode users can configure parameters for users attempting to access the switch through ssh. To view the following window, click security > ssh > ssh user authentication mode : figure 5 - 35. Ssh user authenti...
Page 166
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 153 access authentication control the tacacs / xtacacs / tacacs+ / radi us commands allow users to secure access to the switch using the tacacs / xtacacs / tacacs+ / radius protocols. When a user logs in to the switch or tries to acces...
Page 167
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 154 authentication policy and parameter settings users can en able an ad ministrator-defined authentication policy for users trying to access th e switch. When enabled, the device will check the login method list and choose a technique...
Page 168: Authentication Server Group
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 155 the following parameters can be set: parameter description application lists the configuration applications on the switch. The user may configure the login method list and enable method list for authentication for users utilizing t...
Page 169
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 156 figure 5 - 39. Edit server group tab of the authentication server group window to add an authentication server host to the list, enter its name in the group name field, ip address in the ip address field, use the drop-down menu to ...
Page 170: Authentication Server Host
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 157 authentication server host user-defined authentication server hosts for the tacacs / xtacacs / tacacs+ / radius security protocols can be set on the switch. When a user attem pts to acces s the switch with authentication policy ena...
Page 171: Login Method Lists
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 158 login method lists user-defined or default login method list of authentication techniques can be configured for users logging on to the switch. The sequence of techniques implemented in this command will affect the authentication r...
Page 172: Enable Method Lists
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 159 enable method lists users can set up method lists to pro mote users with user lev el privileges to ad ministrator (ad min) level priv ileges using authentication methods on t he swi tch. O nce a use r ac quires normal user l evel p...
Page 173: Enable Admin
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 160 configure local enable password users can configure the locally enabled password for enable admin. When a user chooses the "local_enable" method to promote user level privileges to administrator privileges, he or she will be prompt...
Page 174: Mac Settings
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 161 mac-based access control (mac) mac-based access control is a method to authenticate and authorize access using either a port or host. For port-based mac, the method decides port access rights, while for host-based mac, the method d...
Page 175
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 162 the m ac settings window is d ivided in to fo ur main sectio ns. Th e top sectio n co nfigures th e m ac g lobal state, th e seco nd section is used to specify and configure the method used for authentication, the third section is ...
Page 176
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 163 configuring mac settings configuration on ports: parameter description from port the beginning port of a range of ports to be configured for mac-based access control. To port the ending port of a range of ports to be configured for...
Page 177: Mac Local Settings
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 164 mac local settings users can set a list of m ac addresses, along with their corresponding target vlan, which will be authenticated for the switch. Once a queried mac a ddress is m atched in this wi ndow, it will be placed in the vl...
Page 178
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 165 figure 5 - 47. Six basic steps in a successful web authentication process.
Page 179: Wac Global Settings
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 166 conditions and limitations 1. If the client is utilizing dhcp to attain an ip address, the authentication vlan must provide a dhcp server or a dhcp relay function so that client may obtain an ip address. 2. Certain functions exist ...
Page 180: Wac User Settings
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 167 default redirpath enter the url of the website that authenticated users placed in the vlan are directed to once authenticated. This path must be entered into this field before the web-based access control can be enabled. Clear defa...
Page 181
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 168 to set the user account settings for the web authentication by the switch, complete the following fields: parameter description create wac user user name enter the user name of up to 15 alphanumeric characters of the guest wishing ...
Page 182: Wac Port Settings
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 169 wac port settings users can view and set port configurations for web authentication. To view the following window, click security > web-based access control (wac) > wac port settings : figure 5 - 50. Wac port settings window to set...
Page 183: Jwac Global Settings
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 170 japanese web-based access control (jwac) the japanese web-based access contr ol (jwac) f older c ontains fi ve windows: jwac gl obal se ttings , jw ac port settings , jwac user settings , jwac customize page language , and jwac cus...
Page 184
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 171 udp filtering this parameter enables or disables jwac udp filtering. When udp filtering is enabled , all udp and icmp packets except dhcp and dns packets from unauthenticated hosts will be dropped. Forcible logout this parameter en...
Page 185: Jwac Port Settings
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 172 jwac port settings users can configure jwac port settings for the switch. To view the following window, click security > japanese web-based access control (jwac) > jwac port settings : figure 5 - 52. Jwac port settings window to se...
Page 186: Jwac User Settings
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 173 jwac user settings users can configure jwac user settings for the switch. To view the following window, click security > japanese web-based access control (jwac) > jwac user settings : figure 5 - 53. Jwac user settings window to se...
Page 187: Jwac Customize Page
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 174 jwac customize page users can configure jwac page settings for the switch. To view the following window, click security > japanese web-based access control (jwac) > jwac customize page : figure 5 - 55. Jwac customize page window co...
Page 188
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 175 any (mac, 802.1x or wac) mode figure 5 - 56. Any (mac, 802.1x or wac) mode in the diagram above the switch port has been configured to allow clients to authenticate using 802.1x, mbac, or wac. When a client tries to connect to the ...
Page 189
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 176 802.1x & impb mode figure 5 - 58. 802.1x & impb mode this mode adds an ex tra layer of security by ch ecking the ip mac-binding port binding (impb) table b efore trying one of the supported authentication methods. The impb table is...
Page 190
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 177 this mode adds an ex tra layer of security by ch ecking the ip mac-binding port binding (impb) table b efore trying one of the supported authentication methods. The impb table is used to create a ‘wh ite-list’ that checks if t he i...
Page 191: Guest Vlan
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 178 methods the multiple authentication method options include: none , any (mac, 802.1x or wac/jwac) , 802.1x+impb , impb+jwac , and impb+wac . None means all multiple authentication methods are disabled. Any (mac, 802.1x or wac/jwac) ...
Page 192
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 179 igmp access control settings (igmp authentication) users can set igmp a uthentication, otherwise known a s igmp acces s control, on i ndividual port s on the switch. When t he authentication state is enabled , and the switch receiv...
Page 193
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 180 arp spoofing prevention settings users ca n t ry to prevent arp s poofing by hac kers a nd other unauthorized parties t rying t o acc ess t he s witch by usi ng t he following security feature. To view the following window, click s...
Page 194: Section 6
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 181 section 6 acl acl configuration wizard access profile list cpu access profile list time range settings acl configuration wizard in order to m ake access profile and rule c reation significantly easier to use, an acl wizard has been...
Page 195: Access Profile List
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 182 access profile list access profiles allow you to estab lish criteria to determine whether the switch will forward packets based on the information contained in each packet's header. The switch supports four profile types, ethernet ...
Page 196
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 183 the window shown below is the add acl profile window for ethernet: figure 6 - 3. Add acl profile window for ethernet acl the following parameters can be set for the ethernet acl type: parameter description select profile id use the...
Page 197
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 184 802.1p selecting this option instructs the switch to examine the 802.1p priority value of each packet header and use this as the, or part of the criterion for forwarding. Ethernet type selecting this option instructs the switch to ...
Page 198
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 185 the following parameters can be set for the ipv4 acl type: parameter description select profile id use the drop-down menu to select a unique identifier number for this profile set. This value can be set from 1 to 200 . Select acl t...
Page 199
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 186 dst port mask - specify a udp port mask for the destination port in hex form (hex 0x0-0xffff). Protocol id - enter a value defining the protocol id in the packet header to mask. Specify the protocol id mask in hex form (hex 0x0-0xf...
Page 200
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 187 select acl type select profile based on ethernet (mac address), ipv4 address, ipv6 address, or packet content. This will change the window according to the requirements for the type of profile. Select ethernet acl to instruct the s...
Page 201
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 188 figure 6 - 9. Add acl profile window for packet content the following parameters can be set for the packet content type: parameter description select profile id use the drop-down menu to select a unique identifier number for this p...
Page 202
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 189 chunk0 chunk1 chunk2 …… chunk29 chunk30 chunk31 b126, b127, b0, b1 b2, b3, b4, b5 b6, b7, b8, b9 …… b114, b115, b116, b117 b118, b119, b120, b121 b122, b123, b124, b125 example: offset_chunk_1 0 0xffffffff will match packet byte of...
Page 203
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 190 figure 6 - 12. Add access rule window for ethernet to set the access rule for ethernet, adjust the following parameters and click apply . Parameter description access id (1-200) type in a unique identifier number for this access. T...
Page 204
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 191 rx rate (1-15625) use this to limit rx bandwidth for the profile being configured. This rate is implemented using the following equation: 1 value = 64kbit/sec. (ex. If the user selects an rx rate of 10 then the ingress rate is 640k...
Page 205
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 192 figure 6 - 15. Add access rule window for ipv4 to set the access rule for ip, adjust the following parameters and click apply . Parameter description access id (1-200) type in a unique identifier number for this access. This value ...
Page 206
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 193 dscp this field allows the user to enter a dscp value in the space provided, which will instruct the switch to examine the diffserv code part of each packet header and use this as the, or part of the criterion for forwarding. The u...
Page 207
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 194 figure 6 - 18. Add access rule window for ipv6 to set the access rule for ipv6, adjust the following parameters and click apply . Parameter description access id (1-200) type in a unique identifier number for this access. This valu...
Page 208
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 195 rx rate (1-15625) use this to limit rx bandwidth for the profile being configured. This rate is implemented using the following equation: 1 value = 64kbit/sec. (ex. If the user selects an rx rate of 10 then the ingress rate is 640k...
Page 209
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 196 figure 6 - 21. Add access rule window for packet content to set the access rule for packet content, adjust the following parameters and click apply . Parameter description access id (1- 200) type in a unique identifier number for t...
Page 210
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 197 rx rate (1- 15625) use this to limit rx bandwidth for the profile being configured. This rate is implemented using the following equation: 1 value = 64kbit/sec. (ex. If the user selects an rx rate of 10 then the ingress rate is 640...
Page 211: Cpu Access Profile List
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 198 cpu access profile list due to a chipset limitation and needed extra switch security, the switch incorporates cpu interface filtering. This added feature increases t he running sec urity of the switch by e nabling the use r to c re...
Page 212
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 199 the window shown below is the add cpu acl profile window for ethernet. Figure 6 - 24. Add cpu acl profile window for ethernet parameter description select profile id (1-5) use the drop-down menu to select a unique identifier number...
Page 213
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 200 to view the settings of a prev iously correctly created profile, c lick the corresponding show details button on the cpu access profile list window to view the following window: figure 6 - 25. Cpu access profile detail information ...
Page 214
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 201 802.1q vlan selecting this option instructs the switch to examine the vlan part of each packet header and use this as the, or part of the criterion for forwarding. Ipv4 dscp selecting this option instructs the switch to examine the...
Page 215
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 202 figure 6 - 28. Add cpu acl profile window for ipv6.
Page 216
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 203 the following parameters may be configured for the ipv6 filter. Parameter description select profile id use the drop-down menu to select a unique identifier number for this profile set. This value can be set from 1 to 5 . Select ac...
Page 217
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 204 figure 6 - 30. Add cpu acl profile window for packet content the following parameters may be configured for the packet content filter. Parameter description select profile id use the drop-down menu to select a unique identifier num...
Page 218
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 205 to view the settings of a prev iously correctly created profile, c lick the corresponding show details button on the cpu access profile list window to view the following window: figure 6 - 31. Cpu access profile detail information ...
Page 219
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 206 to set the access rule for ethernet, adjust the following parameters and click apply . Parameter description access id (1-100) type in a unique identifier number for this access. This value can be set from 1 to 100 . Action select ...
Page 220
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 207 figure 6 - 36. Add access rule window for ipv4 to set the access rule for ip, adjust the following parameters and click apply parameter description access id (1-100) type in a unique identifier number for this access. This value ca...
Page 221
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 208 to establish the rule for a previously created cpu access profile: to configure the access rules for ip, open the cpu access profile list window and click add/view rules for an ipv6 entry. This will open the following window. Figur...
Page 222
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 209 ports ticking the all ports check box will denote all ports on the switch. To view the settings of a previously correctly configured rule, click the co rresponding show details button on th e cpu access rule list window to view the...
Page 223: Time Range Settings
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 210 to set the access rule for packet content, adjust the following parameters and click apply . Parameter description access id (1-100) type in a unique identifier number for this access. This value can be set from 1 to 100 . Action s...
Page 224
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 211 the user may adjust the following parameters to configure a time range on the switch: parameter description range name enter a name of no more than 32 alphanumeric characters that will be used to identify this time range on the swi...
Page 225: Section 7
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 212 section 7 monitoring device environment (dgs-3200-16 and dgs-3200-24 only) cable diagnostics cpu utilization port utilization packet size packets errors port access control browse arp table browse vlan browse router port browse mld...
Page 226: Cable Diagnostics
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 213 cable diagnostics the cable diagnostics feature is designed primarily for administrators or customer service representatives to verify and test copper cables; it can rapidly determine the quality of the cables and the types of erro...
Page 227: Cpu Utilization
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 214 cpu utilization users can display the percentage of the cpu being used, expressed as an integer percentage and calculated as a simple average by time interval. To view the following window, click monitoring > cpu utilization : figu...
Page 228: Port Utilization
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 215 port utilization users can display the percentage of the total available bandwidth being used on the port. To view the following window, click monitoring > port utilization : figure 7 - 5. Port utilization window to select a port t...
Page 229: Packet Size
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 216 packet size users can display packets received by the switch, arranged in six groups and classed by size, as either a line graph or a table. Two windows are offered. To select a port to view these statistics for, select the port by...
Page 230
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 217 the following fields can be set or viewed: parameter description port use the drop-down menu to choose the port that will display statistics. Time interval select the desired setting between 1s and 60s , where "s" stands for second...
Page 231: Packets
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 218 packets the web manager allows various packet statistics to be viewed as either a line graph or a table. Six windows are offered. Received (rx) to select a port to view these statistics for, select the port by using the port drop-d...
Page 232
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 219 the following fields may be set or viewed: parameter description port use the drop-down menu to choose the port that will display statistics. Time interval select the desired setting between 1s and 60s , where "s" stands for second...
Page 233: Umb_Cast (Rx)
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 220 umb_cast (rx) to select a port to view these statistics for, select the port by using the port drop-down menu. The user may also use the real-time graphic of the switch at the top of the web page by simply clicking on a port. To vi...
Page 234: Transmitted (Tx)
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 221 the following fields may be set or viewed: parameter description port use the drop-down menu to choose the port that will display statistics. Time interval select the desired setting between 1s and 60s , where "s" stands for second...
Page 235
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 222 to view the transmitted (tx) table window, click the link view table . Figure 7 - 13. Transmitted (tx) table window (for bytes and packets) the following fields may be set or viewed: parameter description port use the drop-down men...
Page 236: Errors
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 223 errors the web manager allows port error statistics compiled by the switch's management agent to be viewed as either a line graph or a table. Four windows are offered. Received (rx) to select a port to view these statistics for, se...
Page 237
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 224 the following fields can be set: parameter description port use the drop-down menu to choose the port that will display statistics. Time interval select the desired setting between 1s and 60s , where "s" stands for seconds. The def...
Page 238: Transmitted (Tx)
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 225 transmitted (tx) to select a port to view these statistics for, select the port by using the port drop-down menu. The user may also use the real-time graphic of the switch at the top of the web page by simply clicking on a port. To...
Page 239
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 226 the following fields may be set or viewed: parameter description port use the drop-down menu to choose the port that will display statistics. Time interval select the desired setting between 1s and 60s , where "s" stands for second...
Page 240: Port Access Control
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 227 port access control the following windows are used to monitor 802.1x statistics of the switch, on a per port basis. To view the port access control windows, open the monitoring folder and click port access control . There are seven...
Page 241: Radius Account Client
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 228 accesschallenges the number of radius access-challenge packets (valid or invalid) received from this server. Accessresponses the number of malformed radius access-response packets received from this server. Malformed packets includ...
Page 242
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 229 serverportnumber the udp port the client is using to send requests to this server. Roundtriptime the time interval between the most recent accounting-response and the accounting-request that matched it from this radius accounting s...
Page 243: Authenticator State
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 230 authenticator state the following section describes the 802.1x status on the switch. Users can view the authenticator state. To view the following windows, click monitoring > port access control > authenticator state : figure 7 - 2...
Page 244
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 231 figure 7 - 21. Authenticator state window (port-based 802.1x authentication mode) this window displays th e au thenticator state for ind ividual ports on a selected device. A po lling interval between 1 an d 60 seconds can be set u...
Page 245: Authenticator Statistics
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 232 authenticator statistics users can display tatistics objects for the authenticator pae associated with each port. An entry appears in this table for each port that supports the authenticator function. To view the following window, ...
Page 246
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 233 figure 7 - 23. Authenticator statistics window (port-based 802.1x authentication mode) the user may also select the desired time interval to update the statistics, between 1s and 60s , where “s” stands for seconds. The default valu...
Page 247
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 234 last source the source mac address carried in the most recently received eapol frame..
Page 248
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 235 authenticator session statistics users can display session statistics objects for the authenticator pae associated with each port. An entry appears in this table for each port that supports the authenticator function. To view the f...
Page 249
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 236 figure 7 - 25. Authenticator session statistics window (port-based 802.1x authentication mode) the user may select th e d esired time in terval to update t he statistics, between 1s and 60s , where “s ” stands for se conds. T he de...
Page 250
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 237 time the duration of the session in seconds. Terminate cause the reason for the session termination. There are eight possible reasons for termination. 1) supplicant logoff 2) port failure 3) supplicant restart 4) reauthentication f...
Page 251: Authenticator Diagnostics
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 238 authenticator diagnostics users can display diagnostic information regarding the operation of the authenticator associated with each port. An entry appears in this table for each port that supports the authenticator function. To vi...
Page 252
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 239 figure 7 - 27. Authenticator diagnostics window (port-based 802.1x authentication mode) the user may select th e d esired time in terval to update t he statistics, between 1s and 60s , where “s ” stands for se conds. T he default v...
Page 253
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 240 auth timeout counts the number of times that the state machine transitions from authenticating to aborting, as a result of the backend authentication state machine indicating authentication timeout (authtimeout = true). Auth fail c...
Page 254: Browse Arp Table
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 241 browse arp table users can display current arp entries on the switch. To search a specific arp entry, enter an interface name or an ip address at the top of the window and click find . Click the show static button to display static...
Page 255: Browse Router Port
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 242 browse router port users can display which of the switch’s ports are currently configured as router ports. A router port configured by a user (using the c onsole or web-based managem ent int erfaces) is displayed as a static router...
Page 256: Browse Session Table
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 243 browse session table users can display the management sessions since the switch was last rebooted. To view the following window, click monitoring > browse session table : figure 7 - 32. Browse session table window igmp snooping gro...
Page 257: Mld Snooping Group
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 244 mld snooping group users can view mld snooping groups present on the switch. Mld snooping is an ipv6 function comparable to igmp snooping for ipv4. To view the following window, click monitoring > mld snooping group : figure 7 - 34...
Page 258: Wac Authenticating State
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 245 wac authenticating state users can display the current wac authentication state and delete wac authentication state settings. To view the following window, click monitoring > wac authenticating state : figure 7 - 35 . Wac authentic...
Page 259: Jwac Host Table
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 246 jwac host table users can display japanese web-based access control host table information. To view the following window, click monitoring > jwac host table : figure 7 - 36 . Jwac host table window the following fields and settings...
Page 260: Mac Address Table
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 247 mac address table this allows the switch's dynamic mac address forwarding table to be viewed. When the switch learns an association between a mac ad dress and a port num ber, it m akes an en try in to its fo rwarding ta ble. T hese...
Page 261: System Log
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 248 system log users can view the history log as compiled by the switch's management agent. To view the following window, click monitoring > system log : figure 7 - 38. System log window the switch can record event information in its o...
Page 262: Mac Authentication State
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 249 mac authentication state users can use the mac authentication state window to display the mac-based access control authentication mac addreses. To view the following window, click monitoring > mac authentication state : figure 7 - ...
Page 263: Section 8
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 250 section 8 save and tools save configuration save log save all download configuration file/download configuration file to nv-ram (dgs-3200-24 only) download configuration file to sd card (dgs-3200-24 only) download firmware/download...
Page 264: Save Configuration
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch save configuration open th e save d rop-down menu on t he left-hand si de o f t he m enu ba r at t he t op of t he web m anager an d cl ick save configuration to open the following window: figure 8 - 1. Save configuration window (dgs-3...
Page 265: Save All
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch save all open the save drop-down menu on the left-hand side of the menu bar at the top of the web manager and click save al l to immediately save the current configuration file and current log. The following window will open: figure 8 ...
Page 266
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch download configuration file to sd card figure 8 - 8. Download configuration file to sd card window (dgs-3200-24) use th e radio button to select eith er ipv 4 or ipv6 . En ter t he tf tp server ip a ddress for the ty pe of ip selected....
Page 267: Download Firmware to Sd Card
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch download firmware to sd card figure 8 - 11. Download firmware to sd card window (dgs-3200-24) use th e radio button to select eith er ipv 4 or ipv6 . En ter t he tf tp server ip a ddress for the ty pe of ip selected. Specify the path/f...
Page 268: Reset
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch upload log file/upload log file to tftp a history and attack log can be uploaded from the switch to a tftp server. Open the tools drop-down menu on the left-hand side of the menu bar at the top of the web manager and click upload log f...
Page 269: Reboot System
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch reboot system the following window is used to restart the switch. Open the tools drop-down menu on the left-hand side of the menu bar at the top of the web manager and click reboot system to open the following window: figure 8 - 17. Re...
Page 270: Using Packet Content Acl
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch appendix a – mitigating arp spoofing attacks using packet content acl how address resolution protocol works address resolution protocol (arp) is the standard method for finding a host’s hardware address (mac address) when only its ip a...
Page 271
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch figure 2 when the switch floods the frame of arp request to the network, all pcs will receive and examine the frame but only pc b will reply the query as the destination ip matched (see figure 3). Figure 3 when pc b replies to the arp ...
Page 272
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch the switch will also examine the “source address” of the ethernet frame and find that the address is not in the forwarding table. The switch will learn pc b’s mac and update its forwarding table. 259 forwarding table port1 00-20-5c-01-...
Page 273
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch how arp spoofing attacks a network arp spoofing, also known as arp poisoning, is a method to attack an ethernet network which may allow an attacker to sniff data frames on a lan, modify the traffic, or stop the traffic altogether (know...
Page 274
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch figure 5 prevent arp spoofing via packet content acl d-link managed switches can effectively mitigate common dos attacks caused by arp spoofing via a unique package content acl. For th e reason th at basic acl can on ly filter arp pack...
Page 275: Configuration
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch configuration the configuration logic is as follows: 1. Only if the arp matches source mac address in ethernet, sender mac address and sender ip address in arp protocol can pass through the switch. (in this example, it is the gateway’s...
Page 276
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 263.
Page 277
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 264 appendix b – switch log entries the following table lists all possible entries and their corresponding meanings that will appear in the system log of this switch. Category event description log information severity remark system sy...
Page 278
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 265 configuration successfully downloaded configuration successfully downloaded by console (username: , ip: , mac: ) informational "by console" and "ip": , mac: " are xor shown in log string, which means if user login by console, will ...
Page 279
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 266 login failed through web login failed through web (username: , ip: , mac: ) warning logout through web logout through web (username: , ip: , mac: ) informational successful login through web (ssl) successful login through web (ssl)...
Page 280
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 267 , mac: ) login failed through ssh login failed through ssh (username: , ip: , mac: ) warning logout through ssh logout through ssh (username: , ip: , mac: ) informational ssh session timed out ssh session timed out (username: , ip:...
Page 281
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 268 login failed through telnet authenticated by aaa local method login failed through telnet from authenticated by aaa local method (username: , mac: ) warning successful login through ssh authenticated by aaa local method successful ...
Page 282
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 269 successful login through web authenticated by aaa server successful login through web from authenticated by aaa server (username: , mac: ) informational login failed through web authenticated by aaa server login failed through web ...
Page 283
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 270 enable admin failed through console authenticated by aaa local_enable method enable admin failed through console authenticated by aaa local_enable method (username: ) warning successful enable admin through web authenticated by aaa...
Page 284
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 271 successful enable admin through ssh authenticated by aaa none method successful enable admin through ssh from authenticated by aaa none method (username: , mac: ) informational successful enable admin through console authenticated ...
Page 285
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 272 successful enable admin through telnet authenticated by aaa server successful enable admin through telnet from authenticated by aaa server (username: , mac: ) informational enable admin failed through telnet authenticated by aaa se...
Page 286
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 273 dynamic impb entry is conflict with static fdb dynamic impb entry is conflict with static fdb (ip:, mac:, port) warning dynamic impb entry is conflict with static arp dynamic impb entry is conflict with static arp (ip:, mac:, port)...
Page 287
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 274 port shut down due to a packet storm port is currently shut down due to a packet storm warning jwac login ok jwac login successful (username:%s,ip:%s,mac:%s ,port:%s) informational login fail jwac login rejected (username:%s,ip:%s,...
Page 288
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 275 egress bandwidth assigned from radius server after radius client authenticated by radius server successfully. This egress bandwidth will assign to the port. Radius server assigned egress bandwidth : > to port (account: ) informatio...
Page 289: Appendix C – Trap Logs
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 276 appendix c – trap logs this table lists the trap logs found on the dgs-3200 series switches. Macnotificationtrap this trap indicates the mac address variations in the address table. 1.3.6.1.4.1.171.11.101.1.2.100.1.2.0.1 portsecuri...
Page 290
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 277 filterdetectedtrap this trap is sent when an illegal dhcp server is detected. The same illegal dhcp server ip address detected is just sent once to the trap receivers within the log ceasing unauthorized duration. 1.3.6.1.4.1.171.12...
Page 291
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 278 linkdown a linkdown trap signifies that the sending protocol entity recognizes a failure in one of the communication links represented in the agent's configuration. 1.3.6.1.6.3.1.1.5.3 linkup a linkup trap signifies that the sendin...
Page 292
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 279 appendix d – password recovery procedure this document describes the procedure for resetting passwords on d-link switches. Authenticating any user who tries to access networks is necessary and important. The basic authentication me...
Page 293: Appendix E – Glossary
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 280 appendix e – glossary 1000base-sx: a short laser wavelength on multimode fiber optic cable for a maximum length of 2 kilometers. 1000base-lx: a long wavelength for a "long haul" fiber optic cable for a maximum length of 10 kilomete...
Page 294
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 281 latency: the delay between the time a device receives a packet and the time the packet is forwarded out of the destination port. Line speed: see baud rate. Main port: the port in a resilient link that carries data traffic in normal...
Page 295: Warranty
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 282 warranty.
Page 296
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch subject to the terms and conditions set forth herein, d-link systems, inc. (“d-link”) provides this lifetime product warranty for hardware: only for products purchased, delivered and used within the fifty states of the united states, t...
Page 297
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 284 what is not covered: the warranty provided herein by d-link does not cover: products that, in d-link’s judgment, have been subjected to abuse, accident, alteration, modification, tampering, negligence, misuse, faulty installation, ...
Page 298: Product Registration
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch product registration register your d-link product online at http://support.Dlink.Com/register/ 285 product registration is entirely voluntary and failure to complete or return this form will not diminish your warranty rights..
Page 299
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 286 limited warranty (exclude usa, europe, china and taiwan) d-link provides this lim ited warranty for its product only to the person or entity who originally purchased the product from d-link or its authorized reseller or distributor...
Page 300
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 287 provided only to the or iginal licensee, and is subject to th e terms and conditions of the license granted by d-link for the software. The warranty period shall extend for an additional ninety (90) days after any replacement softw...
Page 301
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 288 initial installation, installation and removal of the product for repair, and shipping costs; operational adjustments covered in the operating manual for the product, and normal maintenance; damage that occurs in shipment, due to a...
Page 302: Fcc Warning
Xstack ® dgs-3200 series layer 2 gigabit ethernet managed switch 289 d-link is a registered tr ademark of d- link corporation/ d-link international ptd ltd. All other trademarks belong to their respective proprietors. Copyright statement no part of this publication may be reproduced in any form or b...