D-Link xStack DGS-3426G User Manual - Snmp Community Table

Manual is about: Layer 2+ Gigabit Ethernet Managed Switch

Page of 356

Download

Print this page

Bookmark us

xStack

DGS-3426G Layer 2 Gigabit Ethernet Managed Switch

Figure 2 - 81 SNMP Group Table Configuration window

The following parameters can set:

Parameter Description

Group Name

Type an alphanumeric string of up to 32 characters. This is used to identify the new SNMP

group of SNMP users.

Read View Name

This name is used to specify the SNMP group created can request SNMP messages.

Write View Name

Specify a SNMP group name for users that are allowed SNMP write privileges to the Switch's

SNMP agent.

Notify View Name

Specify a SNMP group name for users that can receive SNMP trap messages generated by

the Switch's SNMP agent.

Security Model

SNMPv1 – Specifies that SNMP version 1 will be used.

SNMPv2 – Specifies that SNMP version 2c will be used. The SNMPv2 supports both

centralized and distributed network management strategies. It includes improvements in the

Structure of Management Information (SMI) and adds some security features.

SNMPv3 – Specifies that the SNMP version 3 will be used. SNMPv3 provides secure access

to devices through a combination of authentication and encrypting packets over the network.

Security Level

The Security Level settings only apply to SNMPv3.

NoAuthNoPriv – Specifies that there will be no authorization and no encryption of packets

sent between the Switch and a remote SNMP manager.

AuthNoPriv – Specifies that authorization will be required, but there will be no encryption of

packets sent between the Switch and a remote SNMP manager.

AuthPriv – Specifies that authorization will be required, and that packets sent between the

Switch and a remote SNMP manger will be encrypted.

To implement your new settings, click Apply. To return to the SNMP Group Table, click the

Show All SNMP Group Table

Entries

link.

SNMP Community Table

Use this table to create an SNMP community string to define the relationship between the SNMP manager and an agent. The

community string acts like a password to permit access to the agent on the Switch. One or more of the following characteristics

can be associated with the community string:

•

An Access List of IP addresses of SNMP managers that are permitted to use the community string to gain access to

the Switch's SNMP agent.

•

Any MIB view that defines the subset of all MIB objects will be accessible to the SNMP community.

« ‹ Prev 84 85 86 87 88 89 90 Next › »

Summary of xStack DGS-3426G

Page 1
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch ® user manual product model : xstack ® dgs-3426g layer 2+ gigabit ethernet managed switch release 2.61 i.
Page 2
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch ii _____________________________________________ information in this document is subject to change without notice. © 2009 d-link corporation. All rights reserved. Reproduction in any manner whatsoever without the written permission of d-link...
Page 3: Table of Contents
Table of contents intended readers ........................................................................................................................................................................... Xi typographical conventions ...................................................................
Page 4
User accounts .............................................................................................................................................................................. 30 password encryption ...........................................................................................
Page 5
Layer 2 protocol tunneling (l2pt) settings ............................................................................................................................... 66 rspan ...........................................................................................................................
Page 6
Vlan segmentation ............................................................................................................................................................................. 108 vlan and trunk groups .....................................................................................
Page 7
Lldp .......................................................................................................................................................................................... 155 lldp global settings ......................................................................................
Page 8
Imp global settings .................................................................................................................................................................................... 226 imp port settings ................................................................................
Page 9
Multiple authentication settings ................................................................................................................................................................ 277 authentication guest vlan settings ......................................................................
Page 10
Save, reset and reboot ................................................................................................................................ 318 reset .............................................................................................................................................
Page 11: Intended Readers
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch xi intended readers the xstack ® dgs-3426g manual contains information for setup and management of the switch. This manual is intended for network managers familiar with network management concepts and terminology. Typographical conventions ...
Page 12: Section 1
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 1 section 1 web-based switch configuration introduction logging on to the web manager web-based user interface basic setup web pages introduction all software functions of the xstack ® dgs-3426g switch can be managed, configured and monitore...
Page 13: Web-Based User Interface
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 2 figure 1- 1 enter network password dialog box leave both the user name field and the passwordfield blank and click ok. This will open the web-based user interface. The switch management features available in the web-based manager are expla...
Page 14
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 3 area 2 area 1 area 3 figure 1- 2 main web-manager window area function area 1 select the menu or window to display. Open folders and click the hyperlinked menu buttons and subfolders contained within them to display menus. Click the d-link...
Page 15: Web Pages
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 4 web pages when connecting to the management mode of the switch with a web browser, a login screen is displayed. Enter a user name and password to access the switch's management mode. Below is a list of the main folders available in the web...
Page 16: Section 2
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 5 section 2 administration dgs-3426g web management tool ip address interface settings stacking port configuration user accounts password encryption port mirroring system log system severity settings sntp settings mac notification settings t...
Page 17: Device Information
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 6 device information the device information window contains the main settings for all major functions for the switch. It appears automatically when you log on to the switch. To return to the device information window after viewing other wind...
Page 18
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 7 mac address aging time this field specifies the length of time a learned mac address will remain in the forwarding table without being accessed (that is, how long a learned mac address is allowed to remain idle). To change this, type in a ...
Page 19: Ipv6
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 8 forward eapol pdu the user may use the drop-down menu to enable or disable the forward eapol pdu on the switch. The default setting is disabled. Hol prevention if this option is enabled it prevents the forwarding of data to a port that is ...
Page 20
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 9 flow labeling – this new capability allows packets to be streamlined into certain traffic “flows” if labeled by the sender. In this way, services such as “real time services or non-default quality of service can receive special attention f...
Page 21: Packet Format
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 10 packet format as in ipv4, the ipv6 packet consists of the packet header and the payload, but the difference occurs in the packet header which has been amended and improved for better packet flow and processing. The following will outline ...
Page 22: Address Format
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 11 extension headers extension headers are used to identify optional parameters regarding ipv6 packets such as routing, fragmentation of packets or authentication parameters. The types of extension headers supported are hop-by-hop, routing, ...
Page 23
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 12 set of xxxx represents a 16-bit hexadecimal value (ex. 2d83:0c76:3140:0000:0000:020c:417a:3214). Although this address looks long and cumbersome, there are some compression rules that will shorten the format of the ipv6 address to make it...
Page 24: Icmpv6
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 13 icmpv6 network professionals are already very familiar with icmp for ipv4, which is an essential tool in the ipv4 network, relaying messages about network problems and the general condition of the network. Icmpv6 is the successor to the i...
Page 25
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 14 duplicate address detection (dad) dad messages are used to specify that there is more than one node on a local link possessing the same ip address. Ipv6 addresses are only leased for a defined period of time. When that time expires, the a...
Page 26: Ip Address
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 15 the six ip interfaces, each with an ip address (listed in the table above), and a subnet mask of 255.224.0.0 can be entered into the setup ip interface window. Ip address the ip address may initially be set using the console interface pri...
Page 27
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 16 parameter description bootp the switch will send out a bootp broadcast request when it is powered up. The bootp protocol allows ip addresses, network masks, and default gateways to be assigned by a central bootp server. If this option is ...
Page 28: Interface Settings
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 17 interface settings the ip address may initially be set using the console interface prior to connecting to it through the ethernet. If the switch ip address has not yet been changed, read the introduction of the xstack ® dgs-3426g cli manu...
Page 29: Ipv6 Interface Settings
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 18 fields. Pull the interface admin statedrop-down menu to enabledandclick apply to enter to make the ip interface effective. To view entries in the ip interface settings, click the show all ip interface entries hyperlink. Use the save chang...
Page 30
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 19 figure 2 - 8 ipv6 interface settings – edit the following fields may be viewed or modified. Click apply to set the changes made. Parameter description interface name this field displays the name for the ip interface or it is used to add a...
Page 31
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 20 interface admin state use the drop-down menu to enable or disable configuration on this interface. Ipv6 address use this field to set a global unicast address for the switch. This address will be used to access the network outside of the ...
Page 32: Stacking
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 21 ra other configure flag use the drop-down menu to enable or disable the managed flag. When enabled, this will trigger the router to use a stateful autoconfiguration process to get configuration information that is not address information,...
Page 33
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 22 priorities are the same. The primary master is physically displayed by the seven segment led to the far right on the front panel of the switch where this led will flash between its given box id and ‘h’. Backup master – the backup master i...
Page 34: Stacking Mode Settings
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 23 if both the primary master and the backup master are removed, the election process is immediately processed and a new primary master and backup master are determined. Switches in the stack will clear the configurations of the units remove...
Page 35: Port Configuration
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 24 note: configured box priority settings will not be implemented until users physically save it using the web gui or the cli. Port configuration to view this window, click administration > port configuration > port configuration, as shown o...
Page 36: Port Error Disabled
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 25 enabled. Medium type if configuring the combo ports, this defines the type of transport medium to be used, whether copper or fiber. Speed/duplex toggle the speed/duplex field to either select the speed and duplex/half-duplex state of the ...
Page 37: Port Description
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 26 port description the switch supports a port description feature where the user may name various ports on the switch. First use the unit drop-down menu to choose the switch in the stack to be configured, and then the from and to drop-down ...
Page 38: Port Details
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 27 figure 2 - 16 port auto negotiation information table window port details this window is used to view detailed port information for individual ports on a particular unit. Use the drop-down menus to select the specific port of the unit you...
Page 39: Port Media Type
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 28 figure 2 - 17 port details window port media type this window is used to display the port media type available on each unit. To view a particular switch in the stack, use the drop- down menu to select the unit. To view this window, click ...
Page 40: Cable Diagnostics
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 29 figure 2 - 18 port media window cable diagnostics this window is used to control the cable diagnostics and determine where and what kind of errors have occurred on the cable. This function is primarily used for administrators to view test...
Page 41: User Accounts
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 30 figure 2 - 19 cable diagnostics window user accounts use the user account management window to control user privileges, create new users and view existing user accounts. To view this window, click administration > user accounts, as shown ...
Page 42: Password Encryption
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 31 figure 2 - 22 user accounts modify table window - modify modify or delete an existing user account in this window. Enter the old password for the account, the new password you wish to use, and retype the new password in the confirm passwo...
Page 43: Port Mirroring
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 32 port mirroring the switch allows you to copy frames transmitted and received on a port and redirect the copies to another port. You can attach a monitoring device to the mirrored port, such as a sniffer or an rmon probe, to view details a...
Page 44: System Log
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 33 mirroring within the switch stack users may configure mirroring between switches in the switch stack but certain conditions and restrictions apply. 1. When mirroring is configured in the stack, the primary master and the backup master wil...
Page 45
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 34 figure 2 - 27 configure system log server – edit window configure the parameters listed below: parameter description index(1-4) syslog server settings index (1-4). Server ip the ipv4 address of the syslog server. Severity this drop-down m...
Page 46: System Severity Settings
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 35 status choose enabled or disabled to activate or deactivate. To set the system log server configuration, click apply. To delete an entry from the system log server window, click the corresponding under the deleteheading of the entry to de...
Page 47: Sntp Settings
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 36 parameter description system severity choose how the alerts are used from the drop-down menu. Select log to send the alert of the severity type configured to the switch’s log for analysis. Choose trap to send it to an snmp agent for analy...
Page 48: Time Zone and Dst
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 37 parameter description current time: status system boot time displays the time when the switch was initially started for this session. Current time displays the current time. Time source displays the time source for the system. Current tim...
Page 49
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 38 parameter description time zone and dst settings daylight saving time state use this drop-down menu to enable or disable the dst settings. Daylight saving time offset in minutes use this drop-down menu to specify the amount of time that w...
Page 50: Mac Notification Settings
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 39 mac notification settings mac notification is used to monitor mac addresses learned and entered into the forwarding database. To view this window, click administration > mac notification settings, as shown on the right. Global settings th...
Page 51: Tftp Services
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 40 tftp services trivial file transfer protocol (tftp) services allow the switch's firmware to be upgraded by transferring a new firmware file from a tftp server to the switch. A configuration file can also be downloaded into the switch from...
Page 52: Multiple Image Services
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 41 configuration uploads, select the image id of the configuration. Choosing active will upload the boot up image id configuration to the tftp server. And user can upload configuration of image 1 or 2 by choosing image id. Server ipv4 addres...
Page 53: Config Firmware Image
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 42 r – if the ip address has this letter attached to it, it denotes a firmware upgrade through the console serial port (rs-232). T – if the ip address has this letter attached to it, it denotes a firmware upgrade through telnet. S – if the i...
Page 54: Ipv6 Ping Test
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 43 figure 2 - 36 ipv4 ping test window this window allows the following parameters to be configured. Parameter description target ip address enter the target ip address to be pinged. Repeat pinging for the user may use the infinite times rad...
Page 55: Ipv6 Neighbor
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 44 figure 2 - 37 ipv6 ping test window this window allows the following parameters to be configured to ping an ipv6 address. Parameter description ipv6 address enter an ipv6 address to be pinged. Interface the interface field is used for add...
Page 56
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 45 figure 2 - 38 ipv6 neighbor settings window the following fields can be configured or viewed: parameter description interface name enter the interface name of the ipv6 neighbor you wish to find. Neighbor ipv6 address enter the neighbor ip...
Page 57: Routing Table
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 46 specific interface for a link-local ipv6 address. For global ipv6 addresses, this field may be omitted. Neighbor ipv6 address the ipv6 address of the neighbor entry. Specify the address using the hexadecimal ipv6 address (ipv6 address is ...
Page 58
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 47 status displays whether the entry is active or inactive. Delete click the button to delete this entry from the ipv4 static/default route settings table. To enter an ip interface into the switch’s ipv4 static/default route settings window,...
Page 59: Gratuitous Arp Settings
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 48 parameter description ipv6 address/prefixlen the ipv6 address and corresponding prefix length of the ipv6 static route entry. Interface the ip interface where the static ipv6 route is created. Next hop address the corresponding ipv6 addre...
Page 60
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 49 figure 2 - 44 gratuitous arp settings window the following fields can be set or viewed: parameter description send on ipif status up this is used to enable/disable the sending of gratuitous arp request packets while an ipif interface come...
Page 61: Static Arp Settings
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 50 static arp settings the address resolution protocol (arp) is a tcp/ip protocol that converts ip addresses into physical addresses. This table allows network managers to view, define, modify and delete arp information for specific devices....
Page 62: Dhcp/bootp Relay
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 51 dhcp auto configuration settings this window is used to enable the dhcp autoconfiguration feature on the switch. When enabled, the switch is instructed to receive a configuration file from a tftp server, which will set the switch to becom...
Page 63
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 52 relay state this field can be toggled between enabled and disabled using the drop-down menu. It is used to enable or disable the dhcp/bootp relay service on the switch. The default is disabled relay hops count limit (1-16) this field allo...
Page 64
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 53 dhcp relay agent information option 82 policy this field can be toggled between replace, drop, and keep by using the drop-down menu. It is used to set the switches policy for handling packets when the dhcp relay agent information option 8...
Page 65
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 54 the implementation of dhcp information option 82 the config dhcp_relay option_82 command configures the dhcp relay agent information option 82 setting of the switch. The formats for the circuit id sub-option and the remote id sub-option a...
Page 66
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 55 dhcp/bootp relay interface settings this window allows the user to set up a server, by ip address, for relaying dhcp/bootp information. The user may enter a previously configured ip interface on the switch that will indicate which interfa...
Page 67
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 56 parameter description relay ip address enter the specified ip address for the dhcp relay forward. Mode use the drop-down menu to choose either relay or drop. When drop is specified, the packet with no matching rules found will be dropped ...
Page 68
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 57 partial match – the option 60 string in the packet only needs to partially match the specified string. Dhcp relay option 61 default settings this window is used to configure the dhcp relay option 61 default settings. These settings are us...
Page 69: Dhcp Server
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 58 figure 2 - 58 dhcp relay option 61 add window the following parameters may be configured. Parameter description client id use the drop down menu to select the method of identification for the client id either mac address or string. The ma...
Page 70
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 59 figure 2 - 59 dhcp server global settings window the following parameters may be configured. Parameter description dhcp server global state use the drop-down menu to globally enable or disable the switch as a dhcp server. Ping packets ent...
Page 71: Dhcp Server Pool Settings
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 60 dhcp server pool settings the following windows will allow users to create and then set the parameters for the dhcp pool of the switch’s dhcp server. Users must first create the pool by entering a name of up to 12 alphanumeric characters ...
Page 72
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 61 the following parameters may be configured or viewed. Parameter description pool name denotes the name of the dhcp pool for which you are currently adjusting the parameters. Ip address enter the ip address to be assigned to requesting dhc...
Page 73: Dhcp Server Dynamic Binding
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 62 figure 2 - 63 dhcp server pool display window dhcp server dynamic binding the following window will allow users to view dynamically bound ip addresses of the dhcp server. These ip addresses are ones that were allotted to clients on the lo...
Page 74: Dhcp Server Manual Binding
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 63 pool name this field will denote the pool name of the displayed dynamically bound dhcp entry. Ip address this field will display the ip address allotted to this device by the dhcp server feature of this switch. Hardware address this field...
Page 75: Dhcp Server Screening
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 64 parameter description pool name enter the name of the dhcp pool within which will be created a manual dhcp binding entry. Ip address enter the ip address to be statically bound to a device within the local network that will be specified b...
Page 76
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 65 dhcp server screening port settings this window is used to enable the settings for the filter dhcp server port settings. To view this window, click administration > filter dhcp server > filter dhcp server port settings, as shown below: fi...
Page 77
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 66 layer 2 protocol tunneling (l2pt) settings the layer 2 protocol tunneling (l2pt) supports traffic of multiple customers across service provider networks. L2pt enables the bpdu’s of the same customer’s network to be multicast over specific...
Page 78: Rspan
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 67 rspan rspan (remote switched port analyzer) is a feature used to monitor and analyze the traffic passing through ports. The character ‘r’ is short for ‘remote’ which means that the mirror source ports and the destination port are not on t...
Page 79
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 68 figure 2 - 71 rspan settings window the following fields can be configured: parameter description vlan name enter the name of the vlan you wish to add, find or delete. Vid (1-4094) enter the vlan id of the vlan you wish to add find or del...
Page 80
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 69 figure 2 - 72 rspan settings – edit window the following fields can be configured: parameter description vlan name this is the vlan name that, along with the vlan id, identifies the vlan which will modify the rspan entries. Vid (1-4094) t...
Page 81: Snmp Manager
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 70 snmp manager snmp settings simple network management protocol (snmp) is an osi layer 7 (application layer) designed specifically for managing and monitoring network devices. Snmp enables network management stations to read and modify the ...
Page 82: Snmp Trap Settings
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 71 snmp settings are configured using the menus located on the snmp v3 folder of the web manager. Workstations on the network that are allowed snmp privileged access to the switch can be restricted with the management station ip address menu...
Page 83: Snmp User Table
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 72 snmp user table this windowdisplays all of the snmp users currently configured on the switch. To view this window, click administration > snmp manager > snmp user table, as shown below: figure 2 - 74 snmp user table window to delete an ex...
Page 84
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 73 figure 2 - 76 snmp user table configuration window the following parameters can set: parameter description user name enter an alphanumeric string of up to 32 characters. This is used to identify the snmp user. Group name this name is used...
Page 85: Snmp View Table
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 74 snmp view table this window is used to assign views to community strings that define which mib objects can be accessed by a remote snmp manager. To view this window, click administration > snmp manager > snmp view table, as shown below: f...
Page 86: Snmp Group Table
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 75 manager can access. To implement your new settings, click apply. To return to the snmp view table window, click the show all snmp view table entries link. Snmp group table an snmp group created with this table maps snmp users (identified ...
Page 87: Snmp Community Table
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 76 figure 2 - 81 snmp group table configuration window the following parameters can set: parameter description group name type an alphanumeric string of up to 32 characters. This is used to identify the new snmp group of snmp users. Read vie...
Page 88: Snmp Host Table
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 77 • read/write or read-only level permission for the mib objects accessible to the snmp community. To view this window, click administration > snmp manager > snmp community table, as shown below: figure 2 - 82 snmp community table window th...
Page 89
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 78 users now have the choice of adding an ipv4 or an ipv6 host to the snmp host table. To add a new ipv4 entry to the switch's snmp host table, click the add ipv4 host button in the upper left-hand corner of the window. This will open the sn...
Page 90: Snmp Engine Id
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 79 security level. V3-auth-nopriv – to specify that the snmp version 3 will be used, with an auth-nopriv security level. V3-auth-priv – to specify that the snmp version 3 will be used, with an auth-priv security level. Community string or sn...
Page 91: Poe System Settings
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 80 poe system settings this window is used to configure poe settings on the switch. To view this window, click administration > poe > poe system settings, as shown below: figure 2 - 87 poe system settings window the following parameters can ...
Page 92
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 81 figure 2 - 88 poe port settings window the following parameters can be configured: parameter description unit choose the switch in the switch stack for which to configure the poe settings. From port/to port select a range of ports from th...
Page 93: Sflow
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 82 class 0 – 0.44~12.95w class 1 – 0.44~3.84w class 2 – 3.84~6.49w class 3 – 6.49~12.95w the following is the power limit applied to the port for these four classes. For each class, the power limit is a little more than the power consumption...
Page 94: Sflow Global Settings
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 83 sflow global settings the following window is used to globally enable the sflow feature for the switch. Simply use the drop-down menu and click apply to enable or disable sflow. This window will also display the sflow version currently be...
Page 95
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 84 deleted. Countdown time displays the current time remaining before this analyzer server times out. When the server times out, all sflow samples and counter polls associated with this server will be deleted. Address displays the ip address...
Page 96: Sflow Sampler Settings
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 85 65535) is 6343. Max datagram size (300-1400) this field will specify the maximum number of data bytes that can be packaged into a single sflow datagram. Users may select a value between 300 and 1400 bytes with a default setting of 1400 by...
Page 97: Sflow Poller Settings
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 86 figure 2 - 94 sflow sampler add window the following fields may be set: parameter description unit select the unit you wish to configure. From… to choose the beginning and ending range of ports to be configured for packet sampling. Analyz...
Page 98
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 87 figure 2 - 95 sflow counter poller settings window the following fields are displayed: parameter description port displays the port from which packet counter samples are being taken. Analyzer server id displays the id of the analyzer serv...
Page 99
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 88 120 sec) every time this interval reaches 0, and this information will be included in the sflow datagrams that will be sent to the sflow analyzer for examination. Ticking the disabled check box will disable the counter polling for this en...
Page 100
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 89 figure 2 - 98 ip multicast vlan replication settings window enter a name for the ip multicast replication entry and click apply. The new entry will appear in the ip multicast vlan replication entries table. The user can then configure the...
Page 101
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 90 multicast ip address list a multicast ip address list can be entered. Source ip address a source ip address can be specified. The following table is used to set the destination settings, to view this window click the corresponding view bu...
Page 102
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 91 single ip management (sim) overview simply put, d-link single ip management is a concept that will stack switches together over ethernet instead of using stacking ports or modules. There are some advantages in implementing the "single ip ...
Page 103
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 92 • the user can manually configure a cs to become a cas. • a ms can become a cas by: • being configured as a cas through the cs. • if report packets from the cs to the ms time out. • the user can manually configure a cas to become a cs • t...
Page 104: Sim Using The Web Interface
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 93 note: sim management does not support ipv6. For users wishing to utilize this function, switches in the sim group must be configured with ipv4 addresses. Ipv6 for sim management will be supported in a future release of this switch. Single...
Page 105: Topology
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 94 a commander switch. This is the default setting for the sim role of the dgs-3426g. Commander – choosing this parameter will make the switch a commander switch (cs). The user may join other switches to this switch, over ethernet, to be par...
Page 106
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 95 the tree view window holds the following information under the data tab: parameter description device name this field will display the device name of the switches in the sim group configured by the user. If no device is configured by the ...
Page 107
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 96 this screen will display how the devices within the single ip management group connect to other groups and devices. Possible icons in this screen are as follows: icon description group layer 2 commander switch layer 3 commander switch com...
Page 108
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 97 tool tips in the topology view window, the mouse plays an important role in configuration and in viewing device information. Setting the mouse cursor over a specific device in the topology window (tool tip) will display the same informati...
Page 109
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 98 figure 2 - 106 port speed utilizing the tool tip.
Page 110
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 99 right-click right-clicking on a device will allow the user to perform various functions, depending on the role of the switch in the sim group and the icon associated with it. Group icon figure 2 - 107 right-clicking a group icon the follo...
Page 111
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 100 will have no entry in this field. Port speed displays the connection speed between the cs and the ms or cas commander switch icon figure 2 - 109 right-clicking a commander icon the following options may appear for the user to configure: ...
Page 112
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 101 candidate switch icon figure 2 - 111 right-clicking a candidate icon the following options may appear for the user to configure: • collapse – to collapse the group that will be represented by a single icon. • expand – to expand the sim g...
Page 113: Firmware Upgrade
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 102 figure 2 - 114 input password dialog • remove from group - remove an ms from the group. Device • configure - will open the web manager for the specific device. View • refresh - update the views with the latest status. • topology - displa...
Page 114: Configuration Backup/restore
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 103 configuration backup/restore this window is used to upgrade configuration files from the commander switch to the member switch. Member switches will be listed in the table and will be specified by port (port on the cs where the ms reside...
Page 115: Section 3
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 104 section 3 l2 features vlan trunking igmp snooping mld snooping loop-back detection global settings spanning tree forwarding & filtering lldp q-in-q the following section will aid the user in configuring security functions for the switch....
Page 116
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 105 egress port – a port on a switch where packets are flowing out of the switch, either to another switch or to an end station, and tagging decisions must be made. Ieee 802.1q (tagged) vlans are implemented on the switch. 802.1q vlans requi...
Page 117
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 106 802.1q vlan tags the figure below shows the 802.1q vlan tag. There are four additional octets inserted after the source mac address. Their presence is indicated by a value of 0x8100 in the ethertype field. When a packet's ethertype field...
Page 118
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 107 prior to the adoption of 802.1q vlans, port-based and mac-based vlans were in common use. These vlans relied upon a port vlan id (pvid) to forward packets. A packet received on a given port would be assigned that port's pvid and then be ...
Page 119
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 108 packets cannot cross vlans. If a member of one vlan wants to connect to another vlan, the link must be through an external router. Note: if no vlans are configured on the switch, then all packets will be forwarded to any destination port...
Page 120: Static Vlan Entry
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 109 switch supports fourteen pre-defined protocols for configuration. The user may also choose a protocol that is not one of the fourteen defined protocols by properly configuring the userdefined protocol vlan. The supported protocols for th...
Page 121
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 110 note: the switch supports up to 4k static vlan entries. Figure 3 - 6 static vlan window – modify the following fields can then be set in either the add or modify 802.1q static vlans windows: parameter description unit select the switch i...
Page 122: Gvrp Settings
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 111 gvrp settings the gvrp settings window allows the user to determine whether the switch will share its vlan configuration information with other garp vlan registration protocol (gvrp) enabled switches. In addition, ingress checking can be...
Page 123: Double Vlans
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 112 forwarded to the port for transmission, the port will add an 802.1q tag using the pvid to write the vid in the tag. When the packet arrives at its destination, the receiving device will use the pvid to make vlan forwarding decisions. If ...
Page 124
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 113 network and therefore belong to one vlan on the service provider’s network, thus being a member of two vlans. In this way, the customer can retain its normal vlan and the service provider can congregate multiple customer vlans within one...
Page 125: Double Vlan Settings
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 114 double vlan settings this window is used to enable or disable the double vlan state settings. To view this window click, l2 features > vlan > double vlan, as shown below: figure 3 - 9 double vlan state settings window choose enabled usin...
Page 126
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 115 figure 3 - 12 double vlan information window parameters shown in the previous window are explained below: parameter description spvid the vlan id number of this potential service provider vlan. Vlan name the name of the vlan on the switc...
Page 127: Pvid Auto Assign
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 116 click apply to implement changes made. To configure the parameters for a previously created service provider vlan, click the button of the corresponding spvid in the double vlan state settings window. The following window will appear for...
Page 128: Mac-Based Vlan Settings
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 117 figure 3 - 15 pvid auto assign settings window when enabled, pvid will be automatically assigned when adding a port to a vlan as an untagged member port. Mac-based vlan settings this table is used to create new mac-based vlan entries and...
Page 129
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 118 protocol type header in hexadecimal form ip over ethernet 0x0800 ipx 802.3 0xffff ipx 802.2 0xe0e0 ipx snap 0x8137 ipx over ethernet2 0x8137 declat 0x6004 sna 802.2 0x0404 netbios 0xf0f0 xns 0x0600 vines 0x0bad ipv6 0x86dd appletalk 0x80...
Page 130
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 119 figure 3 - 18 protocol vlan group – add window the add and modify windows of the protocol vlan group hold the following fields to be configured: parameter description group id (1-16) enter an integer from 1 to 16 to identify the protocol...
Page 131
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 120 figure 3 - 19 protocol vlan port settings window the following fields may be configured: parameter description port list use this parameter to assign ports to a protocol vlan group or remove them from the protocol vlan group. Ticking the...
Page 132: Trunking
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 121 trunking understanding port trunk groups port trunk groups are used to combine a number of ports together to make a single high-bandwidth data pipeline. Dgs-3426g supports up to 32 port trunk groups with 2 to 8 ports in each group. A pot...
Page 133: Link Aggregation
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 122 note: if any ports within the trunk group become disconnected, packets intended for the disconnected port will be load shared among the other linked ports of the link aggregation group. Note: trunking may be done across switches in the s...
Page 134
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 123 figure 3 - 22 link aggregation group configuration window.
Page 135
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 124 figure 3 - 23 link aggregation group configuration window (modify) the user-changeable parameters are as follows: parameter description group id select an id number for the group, between 1 and 32. State trunk groups can be toggled betwe...
Page 136: Lacp Port Settings
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 125 after setting the previous parameters, click apply to allow your changes to be implemented. Successfully created trunk groups will be show in the link aggregation group entries window. Note: to configure the algorithm for link aggregatio...
Page 137
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 126 figure 3 - 24 lacp port settings window the user may set the following parameters: parameter description unit select the switch in the switch stack to be modified. From…to a consecutive group of ports may be configured starting with the ...
Page 138: Igmp Snooping
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 127 dynamically as needs require. In order to utilize the ability to change an aggregated port group, that is, to add or subtract ports from the group, at least one of the participating devices must designate lacp ports as active. Both devic...
Page 139
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 128 figure 3 - 26 igmp snooping settings – edit window the following parameters may be viewed or modified: parameter description vlan id this is the vlan id that, along with the vlan name, identifies the vlan the user wishes to modify the ig...
Page 140: Router Port Settings
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 129 table without receiving a membership report. Default = 260. Leave timer this specifies the maximum amount of time in seconds between the switch receiving a leave group message from a host, and the switch issuing a group membership query....
Page 141
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 130 figure 3 - 28 router port window (modify) the following parameters can be set: parameter description unit select the switch in the switch stack to be modified. Vid (vlan id) this is the vlan id that, along with the vlan name, identifies ...
Page 142
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 131 figure 3 - 29 igmp snooping static group settings window the following parameters can be configured: parameter description vid the list of the vlan ids for which to create igmp snooping static group information. Vlan name the name of the...
Page 143: Ism Vlan Settings
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 132 to modify an entry, click the corresponding modify button, the following window will be displayed. Figure 3 - 31 igmp static group modify window the following fields can be configured: parameter description portlist enter the port number...
Page 144
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 133 the following windows will allow users to create and configure multicast vlans for the switch. To view this windows, click l2 features > igmp snooping > ism vlan settings, as shown below. Figure 3 - 32 igmp snooping multicast vlan table ...
Page 145
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 134 2 and 4094. State use the drop-down menu to enable or disable the selected multicast vlan. Member port enter a port or list of ports to be added to the multicast vlan. Member ports will become the untagged members of the multicast vlan. ...
Page 146
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 135 figure 3 - 36 limited ip multicast address range window click apply to implement the new settings on the switch. Click delete to remove the configured range from the settings. Click delete all to delete all limited ip multicast settings....
Page 147: Mld Snooping
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 136 mld snooping multicast listener discovery (mld) snooping is an ipv6 function used similarly to igmp snooping in ipv4. It is used to discover ports on a vlan that are requesting multicast data. Instead of flooding all ports on a selected ...
Page 148
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 137 figure 3 - 38 mld snooping settings – edit window the following parameters may be viewed or modified: parameter description vlan id this is the vlan id that, along with the vlan name, identifies the vlan for which to modify the mld snoop...
Page 149: Mld Router Port Settings
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 138 router timeout specifies the maximum amount of time a router can remain in the switch’s routing table as a listening node of a multicast group without the switch receiving a node listener report. Default setting is 260 seconds. Done time...
Page 150
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 139 figure 3 - 40 router port window (modify) the following parameters can be set: parameter description vid (vlan id) this is the vlan id that, along with the vlan name, identifies the vlan where the mld multicast router is attached. Vlan n...
Page 151
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 140 loop-back detection global settings the loop-back detection function is used to identify loops occurring between the switch and a device that is directly connected to it. This process is accomplished by the use of a configuration testing...
Page 152
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 141 loopdetect trap none – the trap will not be sent in any situation. Loop detected – the trap is sent when the loop condition is detected. Loop cleared – the trap is sent when the loop condition is cleared. Both – the trap will be sent for...
Page 153: Spanning Tree
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 142 spanning tree this switch supports three versions of the spanning tree protocol; 802.1d stp, 802.1w rapid stp and 802.1s mstp. 802.1d stp will be familiar to most networking professionals. However, since 802.1w rstp and 802.1s mstp has b...
Page 154
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 143 all three protocols calculate a stable topology in the same way. Every segment will have a single path to the root bridge. All bridges listen for bpdu packets. However, bpdu packets are sent more frequently - with every hello packet. Bpd...
Page 155: Stp Bridge Global Settings
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 144 stp bridge global settings this window is used to configure the stp bridge global settings on the switch. To view this window, click l2 features > spanning tree > stp bridge global settings, as shown below: figure 3 - 42 stp bridge globa...
Page 156
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 145 figure 3 - 44 stp bridge global settings window (stp compatible) see the table below for descriptions of the stp versions and corresponding setting options. Note: the hello time cannot be longer than the max. Age. Otherwise, a configurat...
Page 157
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 146 forward delay (4-30 sec) the forward delay can be from 4 to 30 seconds. Any port on the switch spends this time in the listening state while moving from the blocking state to the forwarding state. Max hops (1-40) used to set the number o...
Page 158
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 147 mst configuration identification the following windows allow the user to configure a msti instance on the switch. These settings will uniquely identify a multiple spanning tree instance set on the switch. The switch initially possesses o...
Page 159
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 148 parameter description msti id enter a number between 1 and 15 to set a new msti on the switch. Type create is selected to create a new msti. No other choices are available for this field when creating a new msti. Vid list (1-4094) this f...
Page 160: Mstp Port Information
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 149 the user may configure the following parameters for a msti on the switch. Parameter description msti id displays the msti id previously set by the user. Type this field allows the user to choose a desired method for altering the msti set...
Page 161
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 150 the user may configure the following parameters: parameter description instance id displays the msti id of the instance being configured. An entry of 0 in this field denotes the cist (default msti). Internal cost (0=auto) this parameter ...
Page 162: Stp Instance Settings
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 151 stp instance settings the following window displays mstis currently set on the switch. To view this window, click l2 features > spanning tree > stp instance settings, as shown below: figure 3 - 51 stp instance settings window the followi...
Page 163: Stp Port Settings
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 152 stp port settings stp can be set up on a port per port basis. In addition to setting spanning tree parameters for use on the switch level, the switch allows for the configuration of groups of ports, each port-group of which will have its...
Page 164: Forwarding & Filtering
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 153 similar to edge ports, however they are restricted in that a p2p port must operate in full duplex. Like edge ports, p2p ports transition to a forwarding state rapidly thus benefiting from rstp. A p2p value of false indicates that the por...
Page 165: Multicast Forwarding
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 154 multicast forwarding the following window describes how to set up multicast forwarding on the switch. To view this window, click, l2 features > forwarding & filtering >multicast forwarding, as shown below: figure 3 - 55 static multicast ...
Page 166: Multicast Filtering Mode
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 155 multicast filtering mode this window allows users to configure the switch to forward or filter the unregistered groups per vlan. To view this window click, l2 features > forwarding & filtering >multicast filtering mode, as shown below: f...
Page 167: Lldp Global Settings
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 156 lldp global settings this window is used to configure the lldp global settings on the switch. When lldp is enabled the switch can start to transmit, receive and process lldp packets. The specific function of each port will depend on the ...
Page 168: Basic Lldp Port Settings
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 157 notification interval (5-3600) lldp notification interval is used to send notifications to configured snmp trap receiver(s) when an lldp change is detected in an advertisement received on the port from an lldp neighbor. To set the lldp n...
Page 169
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 158 parameter description unit select the unit to configure. From port / to port use the drop-down menu to select a range of ports to be configured. Notification state use the drop-down menu to enable or disable the status of the lldp notifi...
Page 170
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 159 figure 3 - 60 802.1 extension lldp port settings window the following parameters can be set:.
Page 171
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 160 parameter description unit select the unit you wish to configure. From/to use the drop-down menu to select a range of ports to be configured. Port vlan id use the drop-down menu to enable or disable the advertised pvid. This tlv optional...
Page 172
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 161 figure 3 - 61 802.3 extension lldp port settings window the following parameters can be set: parameter description unit select the unit you wish to configure. From/to use the drop-down menu to select a range of ports to be configured. Ma...
Page 173
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 162 the default state is disable power via mdi this specifies that the lldp agent should transmit 'power via mdi tlv'. Three ieee 802.3 pmd implementations (10base-t, 100base-tx, and 1000base-t) allow power to be supplied over the link for c...
Page 174
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 163 figure 3 - 62 lldp management address settings window the following parameters can be set: parameter description unit select the unit you wish to configure. From/to port use the drop-down menu to select a range of ports to be configured....
Page 175: Lldp Statistics
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 164 lldp statistics lldp statistics allows you an overview of neighbor detection activity, lldp statistics and the settings for individual ports on the switch. Use the drop-down menu to check a specific unit the information will be displayed...
Page 176: Lldp Local Port Table
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 165 lldp management address table the following window is used to set up lldp management address settings on the switch. To view this window, click l2 features > lldp > lldp management address settings, as shown below: figure 3 - 64 lldp man...
Page 177
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 166 figure 3 - 65 lldp local port table window to view normal or detailed information on a per port basis click the corresponding view button, which will display the following window:.
Page 178
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 167 figure 3 - 66 lldp local port table (view normal) window to return to the previous window, click the show lldp local port brief table button. To view details of individual parameters click the hyperlinked show lldp local port detailed ta...
Page 179: Lldp Remote Port Table
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 168 figure 3 - 67 lldp local port table (view detail) window to return to the lldp local port table window click the show lldp local port brief table button. To retunt to the previous window, click the show lldp local port normal table . Lld...
Page 180
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 169 figure 3 - 68 lldp remote port table window select the port you wish to view by using the drop-down menu and click find, the information will be displayed in the lower half of the table. To view the settings for an individual port select...
Page 181: Q-In-Q
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 170 q-in-q q-in-q is designed for service providers to carry traffic from multiple users across a network. Q-in-q is used to maintain customer specific vlan and layer 2 protocol configurations even when the same vlan id is being used by diff...
Page 182: Vlan Translation Settings
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 171 the following fields can be set: parameter description qinq state use the drop-down menu to enable or disable the q-in-q state. When q-in-q is enabled, all network port roles will have nni ports and their outer tpid set to 0x88a8. All ex...
Page 183
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 172 the following fields can be set: parameter description unit select the unit you wish to configure. From/to a consecutive group of ports that are part of the vlan configuration starting with the selected port. Cvid list the customer vlan ...
Page 184: Section 4
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 173 section 4 qos bandwidth control qos scheduling mechanism qos output scheduling 802.1p default priority 802.1p user priority qos the xstack ® dgs-3426g switch supports 802.1p priority queuing quality of service. The following section disc...
Page 185
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 174 figure 4 - 1 an example of the default qos mapping on the switch the picture above shows the default priority setting for the switch. Class-6 has the highest priority of the seven priority classes of service on the switch. In order to im...
Page 186
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 175 •priority 0 is assigned to the switch’s q2 queue. •priority 1 is assigned to the switch’s q0 queue. •priority 2 is assigned to the switch’s q1 queue. •priority 3 is assigned to the switch’s q3 queue. •priority 4 is assigned to the switch...
Page 187: Bandwidth Control
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 176 notice: the switch contains eight classes of service for each port on the switch. One of these classes is reserved for internal use on the switch and is therefore not configurable. All references in the following section regarding classe...
Page 188
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 177 figure 4 - 2 bandwidth settings window the following parameters can be set or are displayed: parameter description unit select the switch in the switch stack to be modified. From/to a consecutive group of ports may be configured starting...
Page 189: Qos Scheduling Mechanism
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 178 rate (64- 10000000) this field allows the input of the data rate that will be the limit for the selected port. The user may choose a rate between 64 and 10000000 units, where each unit is defined a 1kbit/s. Effective rx rate specifies th...
Page 190: Qos Output Scheduling
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 179 qos output scheduling qos can be customized by changing the output scheduling used for the hardware classes of service in the switch. As with any changes to qos implementation, careful consideration should be given to how network traffic...
Page 191: 802.1P Default Priority
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 180 configuring the combination queue utilizing the qos output scheduling window shown above, the xstack ® dgs-3426g can implement a combination queue for forwarding packets. This combination queue allows for a combination of strict and weig...
Page 192
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 181 figure 4 - 6 802.1p default priority window the user may adjust the following parameters: parameter description unit use the drop-down menu to choose the switch unit from the switch stack. From/to enter a port range by using the drop-dow...
Page 193: 802.1P User Priority
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 182 802.1p user priority the xstack ® dgs-3426g allows the assignment of a class of service to each of the 802.1p priorities. To view this window click, qos > 802.1p user priority, as shown below: figure 4 - 7 802.1p user priority window onc...
Page 194: Section 5
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 183 section 5 acl (access control list) time range access profile table acl flow meter cpu interface filtering time range this window is used in conjunction with the access profile feature to determine a starting point and an ending point, b...
Page 195: Access Profile Table
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 184 enabled. Tick the select all days check box to configure this time range for every day of the week. Click apply to implement changes made. Currently configured entries will be displayed in the time range information table in the bottom h...
Page 196
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 185 the following parameters can be set, for the ethernet type: parameter description profile id (1-6) type in a unique identifier number for this profile set. This value can be set from 1 to 6. Type select profile based on ethernet (mac add...
Page 197
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 186 figure 5 - 5 access profile configuration window (ip) the following parameters can be set, for ip: parameter description profile id (1-6) type in a unique identifier number for this profile set. This value can be set from 1 to 6. Type se...
Page 198
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 187 • code - further specify that the access profile will apply an icmp code value. Select igmp to instruct the switch to examine the internet group management protocol (igmp) field in each frame's header. • type - further specify that the a...
Page 199
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 188 figure 5 - 7 access profile configuration window (packet content) this window will aid the user in configuring the switch to mask packet headers beginning with the offset value specified. The following fields are used to configure the pa...
Page 200
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 189 figure 5 - 8 access profile entry display window (packet content) the page shown below is theipv6configuration window. Figure 5 - 9 access profile configuration window (ipv6) the following parameters can be set, for ip: parameter descrip...
Page 201
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 190 figure 5 - 10 access profile entry display for ipv6 to establish the rule for a previously created access profile: to configure the access rule for ethernet, open the access profile table window and click modify for an ethernet entry. Th...
Page 202
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 191 to remove a previously created rule, select it and click the button. To add a new access rule, click the add rule button: figure 5 - 12 access rule configuration window (ethernet) to set the access rule for ethernet, adjust the following...
Page 203
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 192 forwarded by the switch. For more information on priority queues, cos queues and mapping for 802.1p, see the qos section of this manual. Replace dscp (0-63) select this option to instruct the switch to replace the dscp value (in a packet...
Page 204
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 193 figure 5 - 13 access rule display window (ethernet) to configure the access rule for ip, open the access profile table window and click modify for an ip entry. This will open the following window: figure 5 - 14 access rule table window (...
Page 205
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 194 figure 5 - 15 access rule configuration window (ip) configure the following access rule configurationsettings for ip: parameter description profile id this is the identifier number for this profile set. Mode select permit to specify that...
Page 206
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 195 replace dscp (0-63) select this option to instruct the switch to replace the dscp value (in a packet that meets the selected criteria) with the value entered in the adjacent field. Vlan name allows the entry of a name for a previously co...
Page 207
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 196 figure 5 - 16 access rule display window (ip) to configure the access rule for ipv6, open the access profile table window and click modify for an ipv6 entry. This will open the following window: figure 5 - 17 access rule table click add ...
Page 208
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 197 figure 5 - 18 access rule configuration window (ipv6) parameter description profile id this is the identifier number for this profile set. Mode select permit to specify that the packets that match the access profile are forwarded by the ...
Page 209
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 198 (0-fffff) ipv6 header. This flow label field is used by a source to label sequences of packets such as non-default quality of service or real time service packets. Source ipv6 address the user may specify an ip address mask for the sourc...
Page 210
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 199 figure 5 - 20 access rule table window (packet content mask) to remove a previously created rule, select it and click the button. To add a new access rule, click the add button: figure 5 - 21 access rule configuration window (packet cont...
Page 211
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 200 in the port mirroring window. Port mirroring must be enabled and a target port must be set. Access id (1-128) type in a unique identifier number for this access. This value can be set from 1 to 128. • auto assign – ticking this check box...
Page 212: Acl Flow Meter
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 201 figure 5 - 22 access profile entry display window (packet content mask) note: when using the acl mirror function, ensure that the port mirroring function is enabled and a target mirror port is set. Acl flow meter before configuring the a...
Page 213
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 202 yellow – when an ip flow is in the yellow mode, its configurable parameters can be set in the exceed field. Users may choose to either permit or drop exceeded packets. Users may also choose to change the dscp field of the packets. Red – ...
Page 214
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 203 figure 5 - 24 acl flow meter configuration window (add) the following fields may be configured: parameter description profile id (1-6) enter the pre-configured profile id for which to configure the acl flow metering parameters. Access id...
Page 215
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 204 cir – the committed information rate can be set between 1 and 156249. The color rates are based on the following two fields which are used in conjunction with the cir. Cbs – committed burst size. Measured in bytes, the cbs is associated ...
Page 216: Cpu Interface Filtering
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 205 cpu interface filtering due to a chipset limitation and needed extra switch security, the xstack ® dgs-3426g switch incorporates cpu interface filtering. This added feature increases the running security of the switch by enabling the use...
Page 217
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 206 figure 5 - 28 cpu interface filtering configuration window (ethernet) parameter description profile id (1-5) type in a unique identifier number for this profile set. This value can be set from 1 to 5. Type select profile based on etherne...
Page 218
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 207 figure 5 - 30 cpu interface filtering configuration window (ip) the following parameters may be configured for the ip cpu filter. Parameter description profile id (1-5) type in a unique identifier number for this profile set. This value ...
Page 219
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 208 value. Select igmp to instruct the switch to examine the internet group management protocol (igmp) field in each frame's header. • select type to further specify that the access profile will apply an igmp type value. Select tcp to use th...
Page 220
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 209 figure 5 - 32 cpu interface filtering configuration window (packet content) this screen will aid the user in configuring the switch to mask packet headers beginning with the offset value specified. The following fields are used to config...
Page 221
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 210 • value (48-63) – enter a value in hex form to mask the packet from byte 48 to byte 63. • value (64-79) – enter a value in hex form to mask the packet from byte 64 to byte 79. Click apply to implement changes made. To view the settings o...
Page 222
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 211 class checking this field will instruct the switch to examine the class field of the ipv6 header. This class field is a part of the packet header that is similar to the type of service (tos) or precedence bits field in ipv4. Flow label c...
Page 223
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 212 figure 5 - 37 cpu interface filtering table – (ethernet) to create a new rule set for an access profile click the add rule button. A new window is displayed. To remove a previously created rule, click the corresponding button. The follow...
Page 224
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 213 ethernet type specifies that the access profile will apply only to packets with this hexadecimal 802.1q ethernet type value (hex 0x0-0xffff) in the packet header. The ethernet type value may be set in the form: hex 0x0-0xffff, which mean...
Page 225
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 214 figure 5 - 41 cpu interface filtering rule configuration window (ip) configure the following access rule configuration settings for ip: parameter description profile id this is the identifier number for this profile set. Mode select perm...
Page 226
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 215 figure 5 - 42 cpu interface filtering rule display window (ip) the following window is the cpu interface filtering rule table for packet content. Figure 5 - 43 cpu interface filtering rule table window (packet content).
Page 227
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 216 to remove a previously created rule, select it and click the button. To add a new access rule, click the add rule button: figure 5 - 44 cpu interface filtering rule configuration window (packet content).
Page 228
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 217 to set the access rule for packet content, adjust the following parameters and click apply. Parameter description profile id this is the identifier number for this profile set. Mode select permit to specify that the packets that match th...
Page 229
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 218 figure 5 - 46 cpu interface filtering rule table window (ipv6) to remove a previously created rule, select it and click the button. To add a new access rule, click the add rule button: figure 5 - 47 cpu interface filtering rule configura...
Page 230
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 219 to set the access rule for ipv6, adjust the following parameters and click apply. Parameter description profile id this is the identifier number for this profile set. Mode select permit to specify that the packets that match the access p...
Page 231: Section 6
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 220 section 6 security authorization network state settings traffic control port security ip-mac-port binding 802.1x web-based access control (wac) trust host access authentication control mac-based access control (mac) safeguard engine traf...
Page 232: Traffic Control
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 221 traffic control on a computer network, packets such as multicast packets and broadcast packets continually flood the network as normal procedure. At times, this traffic may increase do to a malicious endstation on the network or a malfun...
Page 233
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 222 traffic storm only. • storm cleared – will send storm trap messages when a traffic storm has been cleared by the switch only. • both – will send storm trap messages when a traffic storm has been both detected and cleared by the switch. T...
Page 234: Port Security
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 223 note: ports that are in shutdown (forever) mode will be seen as link down in all windows and screens until the user recovers these ports. Port security a given port’s (or a range of ports') dynamic mac address learning can be locked such...
Page 235: Port Security Entries
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 224 permanent – the locked addresses will only age out after the switch has been reset. Deleteontimeout – the locked addresses will age out after the aging timer expires. Deleteonreset – the locked addresses will not age out until the switch...
Page 236: Ip-Mac-Port Binding
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 225 ip-mac-port binding general overview t he dgs-3426g switch offers ip-mac-port binding (impb), a d-link security application used most often on edge switches directly connected to network hosts. Impb is also an integral part of d-link’s e...
Page 237: Imp Global Settings
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 226 acl rules. Acl mode can be viewed as an enhanced version of arp mode because arp mode is enabled by default when acl mode is selected. Strict and loose state other than acl and arp mode, users can also configure the state on a port for g...
Page 238
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 227 figure 6 - 5 imp global settings window the following parameters can be set: parameter description trap/log this field will enable and disable the sending of trap log messages for ip-mac binding. When enabled, the switch will send a trap...
Page 239: Imp Port Settings
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 228 click apply to implement the settings made. Imp port settings this window is used to configure imp settings on a port basis. Select a port or a range of ports with the from port and to port fields. Enable or disable the port with strict ...
Page 240: Imp Entry Settings
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 229 setting. Enabled loose – this mode provides a looser way of control. If the user selects loose mode, the switch will forward all packets by default. However, it will still inspect incoming arp packets and compare them with the switch’s i...
Page 241: Dhcp Snooping Entries
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 230 figure 6 - 7 imp entry settings window the following fields can be set or modified: parameter description ip address enter the ip address to bind to the mac address set below. Mac address enter the mac address to bind to the ip address s...
Page 242: 802.1X
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch figure 6 - 9 mac blocked list window to find an unauthorized device mac address that has been blocked by the ip-mac binding restrictions, enter the vlan name and mac address in the appropriate fields and click find. To delete an entry, click...
Page 243
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 232 authentication server the authentication server is a remote device that is connected to the same network as the client and authenticator, must be running a radius server program and must be configured properly on the authenticator (switc...
Page 244
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 233 figure 6 - 14 the client authentication process utilizing the three roles stated above, the 802.1x protocol provides a stable and secure way of authorizing and authenticating users attempting to access the network. Only eapol traffic is ...
Page 245
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 234 port-based network access control … 802.1x client 802.1x client 802.1x client 802.1x client 802.1x client 802.1x client 802.1x client 802.1x client 802.1x client network access controlled port network access uncontrolled port radius serv...
Page 246
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 235 mac-based network access control 802.1x client network access controlled port network access uncontrolled port radius server ethernet switch 802.1x client 802.1x client 802.1x client 802.1x client 802.1x client 802.1x client 802.1x clien...
Page 247: Guest Vlans
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch guest vlans on 802.1x security enabled networks, there is a need for non 802.1x supported devices to gain limited access to the network, due to the lack of the proper 802.1x software or incompatible devices, such as computers running windows...
Page 248
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 237 parameter description vlan name enter the pre-configured vlan name to create as a guest 802.1x vlan. Operation the user has four choices in configuring the guest 802.1x vlan, which are: enabled ports – selecting this option will enable p...
Page 249
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 238 configure 802.1x authenticator parameter this window is used to configure the 802.1x authenticator settings on the switch. The user may toggle between switches in the switch stack by using the unit drop-down menu. To view this window, cl...
Page 250
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 239 figure 6 - 21 802.1x authenticator settings of unit 1 – modify this screen allows setting of the following features: parameter description unit choose the switch id number of the switch in the switch stack to be modified. From…to enter t...
Page 251: 802.1X User
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 240 txperiod(1-65535) this sets the txperiod of time for the authenticator pae state machine. This value determines the period of an eap request/identity packet transmitted to the client. The default setting is 30 seconds. Quietperiod(0- 655...
Page 252: Initialize Port(S)
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch figure 6 - 22 802.1x user window this screen allows setting of the following features: parameter description max user (1-4000) enter the maximum number of users to be allowed. Check the no limit check box to specify that there will be the ma...
Page 253: Reauthenticate Port(S)
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 242 to initialize ports for the mac side of 802.1x, the user must first enable 802.1x by mac address in the dgs-3426g web management toolwindow. Click security > 802.1x > initialize port(s), as shown below: figure 6 - 24 initialize ports win...
Page 254
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 243 figure 6 - 25 reauthenticate port(s) window (port-based 802.1x) note: the user must first globally enable 802.1x in the dgs-3426g web management tool window before initializing ports. Information in the initialize ports table cannot be v...
Page 255: Authentic Radius Server
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 244 authentic radius server the radius feature of the switch allows the user to facilitate centralized user administration as well as providing protection against a sniffing, active hacker. The web manager offers three windows. To view this ...
Page 256: Wac Global State
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 245 web-based access control (wac) web-based access control (wac), also known as web-based authentication login, is a feature designed to authenticate a user when the user is trying to access the internet via the switch. The authentication p...
Page 257
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 246 figure 6 - 28 wac global state window the following parameters can be configured: parameter description wac global state use this drop-down menu to either enable or disable wac on the switch. Web-based access control configuration method...
Page 258: Wac Port Settings
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 247 if no protocol is specified the protocol used is http. Wac authorization network configuration radius authorization specifies to enable or disable radius authorization. Local authorization specifies to enable or disable local authorizati...
Page 259
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 248 figure 6 - 29 wac port settings window the following parameters can be configured: parameter description unit use the drop down menu to select the unit you wish to configure. From…to enter the range of ports you wish to configure. State ...
Page 260: Wac User Account
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 249 authenticated host and the host will be moved back to the unauthenticated state. Enter a value between 1 and 1440 minutes. A value of infinite indicates the idle state of the authenticated host on the port will never be checked. The defa...
Page 261: Wac Host Table Settings
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 250 figure 6 - 32 wac user account – edit window the following parameters can be configured: parameter description user name enter a user name for the new account. Password enter the password for the user. This field is case-sensitive and mu...
Page 262: Trust Host
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 251 figure 6 - 33 wac host table settings the following parameters can be configured: parameter description port list enter the ports you wish to find or delete. Check the all ports box to select all ports. State select the state of the port...
Page 263
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 252 access authentication control the tacacs / xtacacs / tacacs+ / radius commands allow users to secure access to the switch using the tacacs / xtacacs / tacacs+ / radius protocols. When a user logs in to the switch or tries to access the a...
Page 264
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch authentication policy & parameter settings this command will enable an administrator-defined authentication policy for users trying to access the switch. When enabled, the device will check the login method list and choose a technique for us...
Page 265: Authentication Server Group
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 254 parameter description application lists the configuration applications on the switch. The user may configure the login method list and enable method list for authentication for users utilizing the console (command line interface) applica...
Page 266: Authentication Server Host
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 255 figure 6 - 38 add a server host to server group (xtacacs) window to add an authentication server host to the list, enter its ip address in the ip address field, choose the protocol associated with the ip address of the authentication ser...
Page 267
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 256 figure 6 - 40 authentication server host window to add an authentication server host, click the add button, revealing the following window: figure 6 - 41 authentication server host setting - add window configure the following parameters ...
Page 268: Login Method Lists
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch note: more than one authentication protocol can be run on the same physical server host but, remember that tacacs/xtacacs/tacacs+ are separate entities and are not compatible with each other. Login method lists this command will configure a ...
Page 269: Enable Method Lists
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 258 figure 6 - 44 login method list – add window to define a login method list, set the following parameters and click apply: parameter description method list name enter a method list name defined by the user of up to 15 characters. Method ...
Page 270
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch note: to set the local enable password, see the next section, entitled local enable password. To view this window, click security > access authentication control > enable method lists, as shown below: figure 6 - 45 enable method list setting...
Page 271
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 260 parameter description method list name enter a method list name defined by the user of up to 15 characters. Method 1, 2, 3, 4 the user may add one, or a combination of up to four of the following authentication methods to this method lis...
Page 272: Enable Admin
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 261 enable admin the enable adminwindow is for users who have logged on to the switch on the normal user level, and wish to be promoted to the administrator level. After logging on to the switch, users will have only user level privileges. T...
Page 273: Radius Accounting Settings
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 262 radius accounting settings the accounting feature of the switch uses a remote radius server to collect information regarding events occurring on the switch. The following is a list of information that will be sent to the radius server wh...
Page 274
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 263 mac-based access control (mac) the mac-based access control feature will allow users to configure a list of mac addresses, either locally or on a remote radius server, to be authenticated by the switch and given access rights based on th...
Page 275
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 264 figure 6 - 51 mac-based access control global settings.
Page 276
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 265 the following parameters may be viewed or set: parameter description mac-based access control global settings state use the drop-down menu to globally enable or disable the mac-based access control function on the switch. Method use the ...
Page 277
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch max user (1-4000) specifies per port maximum authenticated number of users. The default value is 128. Aging time (1-1440 min) specifies a time period (configurable per port) between 1-1440 minutes, during which an authenticated host will sta...
Page 278: Safeguard Engine
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 267 safeguard engine periodically, malicious hosts on the network will attack the switch by utilizing packet flooding (arp storm) or other methods. These attacks may increase the switch load beyond its capability. To alleviate this problem, ...
Page 279: Safeguard Engine Settings
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 268 notice: when safeguard engine is enabled, the switch will allot bandwidth to various traffic flows (arp, ip) using the ffp (fast filter processor) metering table to control the cpu utilization and limit traffic. This may limit the speed ...
Page 280: Traffic Segmentation
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 269 switch, and will stop receiving all unnecessary broadcast ip packets, until the storm has subsided. The default setting is fuzzy mode. Safeguard engine current status displays the current mode of the cpu utilization settings. Traffic seg...
Page 281: Secure Socket Layer (Ssl)
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 270 figure 6 - 58 setup forwarding ports window configuring traffic segmentation on the xstack ® dgs-3426g switch series is accomplished in two parts. First, select a switch in the switch stack by using the unit drop-down menu, and then spec...
Page 282: Ssl
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 271 ssl this window is used to download a certificate file for the ssl function on the switch from a tftp server. The certificate file is a data record used for authenticating devices on the network. It contains information on the owner, key...
Page 283: Secure Shell (Ssh)
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 272 key file name enter the path and the filename of the key file to download. This file must have a .Der extension (ex. C:/pkey.Der) configuration ssl status use the drop-down menu to enable or disable the ssl status on the switch. The defa...
Page 284: Ssh Server Configuration
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 273 3. Configure the encryption algorithm that ssh will use to encrypt and decrypt messages sent between the ssh client and the ssh server, using the ssh authentication mode and algorithm settings window. 4. Finally, enable ssh on the switch...
Page 285
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 274 listened port number enter the virtual port number to be used with this feature. The common port number for ssh is 22. Ssh authentication mode and algorithm settings this window allows the configuration of the desired types of ssh algori...
Page 286
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 275 host-based this field may be enabled or disabled to choose if the administrator wishes to use a host computer for authentication. This parameter is intended for linux users requiring ssh authentication techniques and the host computer is...
Page 287: Ssh User Authentication Mode
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 276 ssh user authentication mode the following windows are used to configure parameters for users attempting to access the switch through ssh. To view this window, click security > ssh > ssh user authentication mode, as shown below: figure 6...
Page 288: Multiple Authentication
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 277 parameter description user name enter a user name of no more than 15 characters to identify the ssh user. This user name must be a previously configured user account on the switch. Auth. Mode the administrator may choose one of the follo...
Page 289
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 278 figure 6 - 66 multiple authentication settings window the following parameters may be set: parameter description unit choose the unit id of the switch in the switch stack you wish to configure. From/to select a port or range of ports to ...
Page 290
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 279 keep trying until the next authentication. Host based – each user can be authenticated individually. Methods none – specifies that multiple authentication is not enabled. Any – specifies that a client will gain access if it passes any of...
Page 291: Jwac Global Configuration
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 280 jwac (japanese web-based access control) the jwac folder contains six windows: jwac global configuration, jwac port settings, jwac user account, jwac host information, jwac customize page language settings and jwac customize page. Jwac g...
Page 292
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 281 figure 6 - 69 jwac global settings window.
Page 293
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 282 to set the web authentication for the switch, complete the following fields: parameter description jwac global state settings jwac global state use this drop-down menu to either enable or disable jwac on the switch. Jwac configuration fo...
Page 294: Jwac Port Settings
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 283 attempts to the jwac login page forcibly if the redirect is enabled and the redirect destination is configured to be a quarantine server. Error timeout (5- 300) this parameter is used to set the quarantine server error timeout. When the ...
Page 295
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 284 figure 6 - 70 jwac port settings window to configure individual jwac port settings, click the add button, the following window will be displayed:.
Page 296
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 285 figure 6 - 71 jwac port configuration window to configure the settings by port, click the corresponding modify button, which will display the following window: figure 6 - 72 jwac port configuration window to set the jwac on individual po...
Page 297: Jwac User Account
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 286 jwac configuration window. Idle time (1-1440 minutes) this parameter specifies the period of time during which there is no traffic for an authenticated host and the host will be moved back to the unauthenticated state. Enter a value betw...
Page 298: Jwac Host Information
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 287 figure 6 - 75 jwac user accounts window to add another jwac user account to the switch, click the add button, to clear all the existing entries, click the clear all button. To modify a jwac user account, click the corresponding modify bu...
Page 299: Jwac Customize Page
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 288 figure 6 - 77 jwac host table settings window to search for hosts, enter the port list information and click the search button. To clear an entry, enter the port list information and click the delete button. Jwac customize page language ...
Page 300
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 289 figure 6 - 79 jwac customize page window this window allows the administrator to customize fields in the jwac customize page, enter the new information and click apply..
Page 301: Section 7
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 290 section 7 monitoring device status stacking information stacking device module information cpu utilization port utilization packets errors packet size browse router port browse mld router port vlan status vlan status port port access con...
Page 302: Stacking Information
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 291 right fan displays the status of all right fans. Back fan displays the status of the back fans. Cpu fan displays the status of the cpu fans. Stacking information to change a switch’s default stacking configuration (for example, the order...
Page 303: Stacking Device
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 292 runtime version shows the firmware version in use for the switch. This may be different from the values shown in the illustrations. H/w version shows the hardware version in use for the switch. This may be different from the values shown...
Page 304: Cpu Utilization
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 293 cpu utilization this window displays the percentage of the cpu being used, expressed as an integer percentage and calculated as a simple average by time interval. To view this window, click monitoring > cpu utilization, as shown below: f...
Page 305: Port Utilization
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 294 port utilization this window displays the percentage of the total available bandwidth being used on the port. To view this window, click monitoring > port utilization, as shown below: figure 7 - 6 port utilization window to select a port...
Page 306: Packets
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 295 packets the web manager allows various packet statistics to be viewed as either a line graph or a table. Six windows are offered. Received (rx) this window displays the following graph of packets received on the switch. To select a port ...
Page 307
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 296 figure 7 - 8 rx packets analysis table window the following fields may be set or viewed: parameter description time interval select the desired setting between 1s and 60s, where "s" stands for seconds. The default value is one second. Re...
Page 308: Umb Cast (Rx)
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 297 umb cast (rx) to select a port to view these statistics for, first select the switch in the switch stack by using the unit drop-down menu and then select the port by using the port drop-down menu. The user may also use the real-time grap...
Page 309
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 298 figure 7 - 10 rx packets analysis window (table for unicast, multicast, and broadcast packets) the following fields may be set or viewed: parameter description time interval select the desired setting between 1s and 60s, where "s" stands...
Page 310: Transmitted (Tx)
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 299 transmitted (tx) to select a port to view these statistics for, first select the switch in the switch stack by using the unitdrop-down menu and then select the port by using the port drop-down menu. The user may also use the real-time gr...
Page 311
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 300 figure 7 - 12 tx packets analysis window (table for bytes and packets) the following fields may be set or viewed: parameter description time interval select the desired setting between 1s and 60s, where "s" stands for seconds. The defaul...
Page 312: Errors
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 301 errors the web manager allows port error statistics compiled by the switch's management agent to be viewed as either a line graph or a table. Four windows are offered. Received (rx) to select a port to view these statistics for, first se...
Page 313
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 302 figure 7 - 14 rx error analysis window (table) the following fields can be set: parameter description time interval select the desired setting between 1s and 60s, where "s" stands for seconds. The default value is one second. Record numb...
Page 314: Transmitted (Tx)
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 303 vlaningdr incremented for each packet that is discarded by vlan ingress checking. Show/hide check whether or not to display crc error, under size, over size, fragment, jabber, and drop errors. Clear clicking this button clears all statis...
Page 315
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 304 figure 7 - 16 tx error analysis window (table) the following fields may be set or viewed: parameter description time interval select the desired setting between 1s and 60s, where "s" stands for seconds. The default value is one second. R...
Page 316: Packet Size
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 305 packet size the web manager allows packets received by the switch, arranged in six groups and classed by size, to be viewed as either a line graph or a table. Two windows are offered. To select a port to view these statistics for, first ...
Page 317
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 306 to view the packet size analysis table window, click the link view table , which will show the following table: figure 7 - 18 rx size analysis window (table) the following fields can be set or viewed: parameter description time interval ...
Page 318: Browse Router Port
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 307 view line chart clicking this button instructs the switch to display a line graph rather than a table. Browse router port this displays which of the switch’s ports are currently configured as router ports. A router port configured by a u...
Page 319: Vlan Status
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 308 figure 7 - 20 browse mld snooping router port window vlan status this allows the vlan status for each of the switch's ports to be viewed by vlan. This window displays the ports on the switch that are currentlyegress (e) or tag (t) ports....
Page 320: Port Access Control
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch figure 7 - 22 vlan status port window port access control the following screens are used to monitor 802.1x statistics of the switch, on a per port basis. To view the port access control windows, open the monitoring folder and click the port ...
Page 321: Authenticator Statistics
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 310 the user may also view this window if any port/host is authenticated. Parameter description port list enter the port list you wish to find. To view all ports tick the select all ports check box. Mac address displays the mac address of th...
Page 322: Authenticator Diagnostics
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch figure 7 - 25 authenticator session statistics window authenticator diagnostics this table contains the diagnostic information regarding the operation of the authenticator associated with each port. An entry appears in this table for each po...
Page 323
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 312 figure 7 - 28 radius account client information the user may also select the desired time interval to update the statistics, between 1s and 60s, where “s” stands for seconds. The default value is one second. To clear the current statisti...
Page 324: Mac Address Table
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 313 note: to configure 802.1x features for the xstack ® switch, go to the administration folder and select port access entity. Mac address table this allows the switch's dynamic mac address forwarding table to be viewed. When the switch lear...
Page 325: Igmp Snooping Group
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch vlan name the vlan name of the vlan of which the port is a member. Mac address the mac address entered into the address table. Unit – port the unit and port to which the mac address above corresponds. Type describes the method which the swit...
Page 326: Switch Logs
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 315 the user may search themld snooping group tableby vlan name by entering it in the top left hand corner and clicking find. To view all entries click view all entry. Note: to configure mld snooping for the xstack ® dgs-3426g switch, go to ...
Page 327: Browse Arp Table
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch browse arp table this window will show current arp entries on the switch. To search a specific arp entry, enter an interface name into the interface name or an ip address and click find. To clear the arp table, click clear all. To view this ...
Page 328: Browse Routing Table
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 317 browse routing table the routing table window may be found in the monitoring folder. This window shows the current ip routing table of the switch. To find a specific ip route, enter an ip address along with a proper subnet mask in the tw...
Page 329: Section 8
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch section 8 save, reset and reboot reset reboot system save services logout reset the resetfunction has several options when resetting the switch. Some of the current configuration parameters can be retained while resetting all other configura...
Page 330: Save Services
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 319 clicking the yes click-box will instruct the switch to save the current configuration to non-volatile ram before restarting the switch. Clicking the noclick-box instructs the switch not to save the current configuration before restarting...
Page 331: Configuration Information
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 320 configuration information the following window is used to view information regarding configuration files saved in the switch. The switch can hold two configuration files in its memory. Configuration files can be uploaded to the switch us...
Page 332: Logout
Xstack ® dgs-3426g layer 2 gigabit ethernet managed switch 321 current configuration settings the following window is used to select one of the two possible configuration files that can be stored in the switch as a boot up configuration file, or to select it for deletion from the switch’s memory. To...
Page 333: Appendix A
Appendix a mitigating arp spoofing attacks using packet content acl how address resolution protocol works address resolution protocol (arp) is the standard method for finding a host’s hardware address (mac address) when only its ip address is known. However, this protocol is vulnerable because crack...
Page 334
When the switch floods the frame of arp request to the network, all pcs will receive and examine the frame but only pc b will reply the query as the destination ip matched (see figure 3). Figure 3 when pc b replies to the arp request, its mac address will be written into “target h/w address” in the ...
Page 335
Forwarding table port1 00-20-5c-01-11-11 port2 00-20-5c-01-22-22.
Page 336
How arp spoofing attacks a network arp spoofing, also known as arp poisoning, is a method to attack an ethernet network which may allow an attacker to sniff data frames on a lan, modify the traffic, or stop the traffic altogether (known as a denial of service – dos attack). The principle of arp spoo...
Page 337
Figure 5 prevent arp spoofing via packet content acl d-link managed switches can effectively mitigate common dos attacks caused by arp spoofing via a unique package content acl. For the reason that basic acl can only filter arp packets based on packet type, vlan id, source, and destination mac infor...
Page 338: Configuration
Configuration the configuration logic is as follows: 1. Only if the arp matches source mac address in ethernet, sender mac address and sender ip address in arp protocol can pass through the switch. (in this example, it is the gateway’s arp.) 2. The switch will deny all other arp packets which claim ...
Page 340: Appendix B
Appendix b switch log entries the following table lists all possible entries and their corresponding meanings that will appear in the system log of this switch. Category event description log information severity remark system system started up unit , system started up critical system warm start uni...
Page 341
Firmware upgrade was unsuccessful unit , firmware upgrade by console was unsuccessful! (username: , ip: , mac: ) warning by console and "ip: , mac: " are xor shown in log string, which means if user login by console, will no ip and mac information for logging configuration successfully downloaded co...
Page 342
For logging firmware upgraded to slave unsuccessfully firmware upgraded by console unsuccessfully (username: , ip: , mac: ) warning by console and "ip: , mac: " are xor shown in log string, which means if user login by console, will no ip and mac information for logging console successful login thro...
Page 343
Invalid community string community string! Stp topology changed topology changed (instance: , port: ) informational cist new root selected cist new root bridge selected (mac: , priority: ) informational msti root selected msti regional new root bridge selected (instance: , mac: , priority: ) informa...
Page 344
Login failed through web authenticated by aaa local method login failed through web from authenticated by aaa local method (username: , mac: ) warning successful login through web (ssl) authenticated by aaa local method successful login through web (ssl) from authenticated by aaa local method (usern...
Page 345
Aaa server ) login failed through console due to aaa server timeout or improper configuration login failed through console due to aaa server timeout or improper configuration (username: ) warning successful login through web authenticated by aaa server successful login through web from authenticated...
Page 346
Login failed through ssh authenticated by aaa server login failed through ssh from authenticated by aaa server (username: , mac: ) warning login failed through ssh due to aaa server timeout or improper configuration login failed through ssh from due to aaa server timeout or improper configuration (u...
Page 347
Successful enable admin through ssh authenticated by aaa local_enable method successful enable admin through ssh from authenticated by aaa local_enable method (username: , mac: ) informational enable admin failed through ssh authenticated by aaa local_enable method enable admin failed through ssh fr...
Page 348
Enable admin failed through web authenticated by aaa server enable admin failed through web from authenticated by aaa server (username: , mac: ) warning enable admin failed through web due to aaa server timeout or improper configuration enable admin failed through web from due to aaa server timeout ...
Page 349
Connection failed radius aaa server ack error aaa server (protocol: ) response is wrong warning is one of tacacs, xtacacs, tacacs+, radius aaa does not support this functionality aaa doesn't support this functionality informational ip-mac- port binding unauthenticated ip address encountered and disc...
Page 350: Appendix C
Invalid version packet received vrrp receives an invalid version packet warning invalid virtual id packet received vrrp receives an invalid virtual id packet warning invalid checksum packet received vrrp receives an invalid checksum packet warning invalid ttl packet received interface , vrid receive...
Page 351
Macnotifytrap this trap indicates the mac address variations in the address table. 1.3.6.1.4.1.171.11.70.1.2.16.1.2.0.1 1.3.6.1.4.1.171.11.70.2.2.16.1.2.0.1 1.3.6.1.4.1.171.11.70.3.2.16.1.2.0.1 1.3.6.1.4.1.171.11.70.7.2.16.1.2.0.1 portloopoccurredtrap this trap is sent when a port loop occurs. 1.3.6...
Page 352
Filterdetectedtrap this trap is sent when an illegal dhcp server is detected. The same illegal dhcp server ip address detected is just sent once to the trap receivers within the log ceasing unauthorized duration. 1.3.6.1.4.1.171.12.37.100.0.1 singleipmscoldstart commander switch will send swsingleip...
Page 353
Working -> disconnect. Fail -> connect. Fail -> disconnect. Connect -> lowvoltage. Connect -> overcurrent. Connect -> working. Connect -> disconnect. Disconnect -> lowvoltage. Disconnect -> overcurrent. Disconnect -> working. Disconnect -> connect. Powerfailure power failure notification. The notifi...
Page 354
Linkup a linkup trap signifies that the sending protocol entity recognizes that one of the communication links represented in the agent's configuration has come up. 1.3.6.1.6.3.1.1.5.4 authenticationfailure an authenticationfailure trap signifies that the sending protocol entity is the address of a ...
Page 355: Glossary
Glossary 1000base-sx: a short laser wavelength on multimode fiber optic cable for a maximum length of 550 meters 1000base-lx: a long wavelength for a "long haul" fiber optic cable for a maximum length of 10 kilometers 100base-fx: 100mbps ethernet implementation over fiber. 100base-tx: 100mbps ethern...
Page 356
Line speed: see baud rate. Main port: the port in a resilient link that carries data traffic in normal operating conditions. Mdi - medium dependent interface: an ethernet port connection where the transmitter of one device is connected to the receiver of another device. Mdi-x - medium dependent inte...