- DL manuals
- D-Link
- Switch
- xStack DGS-3426P
- Product Manual
D-Link xStack DGS-3426P Product Manual
Summary of xStack DGS-3426P
Page 1
Xstack ® dgs-3400 series layer 2 managed gigabit ethernet sw itch i web ui reference guide product model: xstack ® dgs-3400 series layer 2 managed gigabit ethernet switch release 2.7.
Page 2
Xstack ® dgs-3400 series layer 2 managed gigabit ethernet sw itch ii _____________________________________________ information in this document is subject to change without notice. © 2010 d-link corporation. All rights reserved. Reproduction in any manner whatsoever without the written permission of...
Page 3: Table Of Contents
Table of contents intended readers ........................................................................................................................................................................... Ix typographical conventions ...................................................................
Page 4
Ping test ...................................................................................................................................................................................... 50 ipv4 ping test ............................................................................................
Page 5
Sflow sampler settings ............................................................................................................................................................................... 110 sflow poller settings ..............................................................................
Page 6
Q-in-q settings ........................................................................................................................................................................................... 210 vlan translation settings .....................................................................
Page 7
Safeguard engine settings .......................................................................................................................................................................... 330 traffic segmentation .................................................................................
Page 8
Configuration information .......................................................................................................................................................................... 389 current configuration settings .......................................................................
Page 9: Intended Readers
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch ix intended readers the xstack ® dgs-3400 series user manual contains information for setup and management of the switch. This manual is intended for network managers familiar with network management concepts and terminology. Typograp...
Page 10: Section 1
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 1 section 1 web-based switch configuration introduction logging in to the web manager web-based user interface web pages introduction all software functions of the xstack ® dgs-3400 switch series can be managed, configured and monitor...
Page 11: Web-Based User Interface
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 2 leave both the user name field and the passwordfield blank and click ok. This will open the web-based user interface. The switch management features available in the web-based manager are explained below. Web-based user interface th...
Page 12: Web Pages
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 3 web pages when connecting to the management mode of the switch with a web browser, a login screen is displayed. Enter a user name and password to access the switch's management mode. Below is a list of the main folders available in ...
Page 13: Section 2
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 4 section 2 administration dgs-3400 web management tool ip address interface settings stacking port configuration user accounts password encryption mirror system log system severity settings command logging settings sntp settings mac ...
Page 14: Device Information
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 5 sflow ip multicast vlan replication single ip management (sim) overview rip ip tunnel settings device information figure 2 - 1 device information window device information window configurable parameters include those described in th...
Page 15
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 6 parameter description system name enter a system name for the switch, if so desired. This name will identify it in the switch network. System location enter the location of the switch, if so desired. System contact enter a contact n...
Page 16: Ipv6
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 7 network radius radius on the switch. The default setting is enabled. Forward eapol pdu the user may use the pull-down menu to enable or disable the forward eapol pdu on the switch. The default setting is disabled. Hol prevention if ...
Page 17
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 8 new option fields to be integrated into the ipv6 system without hassles and limitations. These optional headers are placed between the header and the payload of a packet, if they are necessary at all. Authentication and privacy exte...
Page 18: Packet Format
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 9 packet format as in ipv4, the ipv6 packet consists of the packet header and the payload, but the difference occurs in the packet header which has been amended and improved for better packet flow and processing. The following will ou...
Page 19: Address Format
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 10 extension headers extension headers are used to identify optional parameters regarding ipv6 packets such as routing, fragmentation of packets or authentication parameters. The types of extension headers supported are hop-by-hop, ro...
Page 20
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 11 set of xxxx represents a 16-bit hexadecimal value (ex. 2d83:0c76:3140:0000:0000:020c:417a:3214). Although this address looks long and cumbersome, there are some compression rules that will shorten the format of the ipv6 address to ...
Page 21: Icmpv6
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 12 icmpv6 network professionals are already very familiar with icmp for ipv4, which is an essential tool in the ipv4 network, relaying messages about network problems and the general condition of the network. Icmpv6 is the successor t...
Page 22
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 13 duplicate address detection (dad) dad messages are used to specify that there is more than one node on a local link possessing the same ip address. Ipv6 addresses are only leased for a defined period of time. When that time expires...
Page 23: Ip Address
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 14 the six ip interfaces, each with an ip address (listed in the table above), and a subnet mask of 255.224.0.0 can be entered into the setup ip interface window. Ip address the ip address may initially be set using the console interf...
Page 24
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 15 parameter description bootp the switch will send out a bootp broadcast request when it is powered up. The bootp protocol allows ip addresses, network masks, and default gateways to be assigned by a central bootp server. If this opt...
Page 25: Interface Settings
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 16 successful entry of the command will produce a “success”message, indicating that the command execution was correctly. The user may now utilize this address to configure or manage the switch through telnet, the command line interfac...
Page 26
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 17 figure 2 - 5 ipv4 interface settings - edit window enter a name for the new interface to be added in the interface name field (if editing an ip interface, the interface name will already be in the top field as seen in the window ab...
Page 27: Ipv6 Interface Settings
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 18 ipv6 interface settings this window is used to set up ipv6 interfaces and addresses for the switch. To view this window, click administration > interface settings > ipv6 interface settings, as shown below. Figure 2 - 6 ipv6 interfa...
Page 28
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 19 figure 2 - 8 ipv6 interface settings - edit window the following fields may be viewed or modified. Parameter description interface name this field displays the name for the ip interface, or it is used to add a new interface. The de...
Page 29
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 20 vlan name this field states the vlan name directly associated with this interface. Interface admin state use the pull-down menu to enable or disable configuration on this interface. Dhcpv6 client state use the pull-down menu to ena...
Page 30: Stacking
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 21 ra managed flag use the pull-down menu to enable or disable the managed flag. When enabled, this will trigger the router to use a stateful autoconfiguration process to get both global and link- local ipv6 addresses for the switch. ...
Page 31
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 22 figure 2 - 9 switches stacked in a duplex ring figure 2 - 10 switches stacked in a duplex chain within each of these topologies, each switch plays a role in the switch stack. These roles can be set by the user per individual switch...
Page 32: Stacking Mode Settings
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 23 once switches have been assembled in the topology desired by the user and powered on, the stack will undergo three processes until it reaches a functioning state. Initialization state – this is the first state of the stack, where t...
Page 33: Force Master Role Settings
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 24 to view this window, click administration > stacking > mode settings, as shown below. Figure 2 - 11 stacking mode settings window use the pull-down menu, choose enabled and click apply to allow stacking of this switch. Force master...
Page 34: Port Configuration
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 25 higher the priority. The box (switch) with the lowest priority number in the stack is the primary master switch. The primary master switch will be used to configure applications of the switch stack. Information configured in this w...
Page 35: Port Error Disabled
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 26 state toggle the state field to either enable or disable a given port or group of ports. Flow control displays the flow control scheme used for the various port configurations. Ports configured for full-duplex use 802.3x flow contr...
Page 36: Port Description
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 27 figure 2 - 15 port error disabled window the following parameters are displayed: parameter description port displays the port that has been error disabled. State describes the current running state of the port, whether enabled or d...
Page 37
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 28 parameter description unit select the unit to configure. From / to these two fields are use to select a port or range of ports. Medium type if configuring the combo ports, this defines the type of transport medium to be used, wheth...
Page 38: Port Details
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 29 figure 2 - 17 port auto negotiation information table window port details this window is used to view detailed port information for individual ports on a particular unit. Use the drop-down menus to select the specific port of the u...
Page 39: Port Media Type
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 30 figure 2 - 18 port details window port media type this window is used to display the port media type available on each unit. To view a particular switch in the stack use the drop- down menu to select the unit. To view this window, ...
Page 40: Cable Diagnostics
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 31 figure 2 - 19 port media type window cable diagnostics this window is used to control the cable diagnostics and determine where and what kind of errors have occurred on the cable. This function is primarily used for administrators ...
Page 41: User Accounts
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 32 figure 2 - 20 cable diagnostics window user accounts use the user account management window to control user privileges, create new users and view existing user accounts. To view this window, click administration > user accounts, as...
Page 42: Password Encryption
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 33 figure 2 - 23 user accounts - modify window the following parameters are displayed or can be configured: parameter description user name enter a name for the account, or display the name of the selected account. Old password enter ...
Page 43: Mirror
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 34 form, or if the password has been converted to encrypted form by the last enable password encryption command, the password will still be in encrypted form and cannot be reverted back to plaintext form. Click apply to implement the ...
Page 44
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 35 figure 2 - 26 port mirroring window enter an id in the group id (1-4) field and click find to see all the entry that belongs to the group in the lower half of the window. Click view all to see all the entries. Click to remove the c...
Page 45: System Log
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 36 group id (1-4) enter or display the group id this entry belongs to. Target port tick the check box and enter the port which received the copies from the source port. State use the pull-down menu to enable or disable the mirror grou...
Page 46
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 37 figure 2 - 29 system log host window click to remove the corresponding entry. To add a new system log server, click the add button, and the window below appears: figure 2 - 30 configure system log server - add window to modify an e...
Page 47
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 38 are emergency, alert, critical, error, warning, notice, informational, debug, all and level. The default severity is emergency. Facility some of the operating system daemons and processes have been assigned facility values. Process...
Page 48: System Severity Settings
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 39 system log source interface settings this window may be used to choose a method for which to save the switch log to the flash memory on the switch. To view this window, click administration > system log > system log source interfac...
Page 49: Command Logging Settings
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 40 system severity choose how the alerts are used from the drop-down menu. Select log to send the alert of the severity type configured to the switch’s log for analysis. Choose trap to send it to an snmp agent for analysis, or select ...
Page 50: Time Zone And Dst
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 41 figure 2 - 36 time settings window the following parameters are displayed or can be configured: parameter description time settings - current time system boot time displays the time when the switch was initially started for this se...
Page 51
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 42 to view this window, click administration > sntp settings > time zone and dst, as shown below. Figure 2 - 37 time zone and dst settings window the following parameters can be set: parameter description time zone and dst daylight sa...
Page 52
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 43 from: month enter the month dst will start on. From: time in hh:mm enter the time of day that dst will start on. To: which day enter the week of the month the dst will end. To: day of week enter the day of the week that dst will en...
Page 53: Mac Notification Settings
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 44 mac notification settings figure 2 - 38 new mac notification global settings window tftp services trivial file transfer protocol (tftp) services allow the switch's firmware to be upgraded by transferring a new firmware file from a ...
Page 54
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 45 supports dual image storage for configuration and firmware. The firmware and configuration images are indexed by id number 1 or 2. To change the boot firmware image, use the config firmware image window (administration > multiple i...
Page 55: Multiple Image Services
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 46 server ipv4 address enter the ipv4 address of the server from which to download firmware and configuration or upload configuration and log. Server ipv6 address enter the ipv6 address of the server from which to download firmware an...
Page 56: Config Firmware Image
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 47 firmware images for use. Image id 1 will be the default boot up firmware for the switch unless otherwise configured by the user. Version states the firmware version. Size states the size of the corresponding firmware, in bytes. Upd...
Page 57: Rcp
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 48 rcp rcp (remote copy protocol) is a unix remote shell service which allows files to be copied between a server and client. Rcp is an application that operates above the tcp protocols, and uses port number 514 as the tcp destination...
Page 58: Rcp Services
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 49 figure 2 - 43 rcp server settings window the following parameters can be configured: parameter description action toggle the action between add and clear. Type select to enter the information in ip address and/or user name fields. ...
Page 59: Ping Test
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 50 download configuration, upload configuration, upload log, and upload attack log. Rcp server ipv4 address enter the ip address of the rcp server. User name enter the remote user name on the rcp server. Local file name enter the file...
Page 60: Ipv6 Ping Test
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 51 target ip address click the radio button and enter the target ip address to be pinged. Domain name click the radio button and enter the domain name of the host. Repeat times the user may use the infinite times radio button, in the ...
Page 61: Ipv6 Neighbor
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 52 repeat times enter the number of times desired to attempt to ping the ipv6 address configured in this window. Users may enter a number of times between 1 and 255. Size use this field to set the datagram size of the packet, or in es...
Page 62
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 53 state display the running state of the corresponding ipv6 neighbor. The user may see six possible entries in this field, which are incomplete, stale, probe, reachable, delay or static. Link layer mac address display the mac address...
Page 63
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 54 figure 2 - 49 route redistribution settings window the following fields can be configured: parameter description dst. Protocol use the pull-down menu to select the target protocol. Src. Protocol use the pull-down menu to select the...
Page 64
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 55 figure 2 - 50 ipv4 static/default route settings window this window shows the following values: parameter description ip address the ipv4 address of the static/default route. Subnet mask the corresponding subnet mask of the ip addr...
Page 65
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 56 backup entries cannot have the same gateway. Click apply to implement the changes. To return to the ipv4 static/default route settings window, click the show all static/default route entries link. Ipv6 static/default route settings...
Page 66: Route Preference Settings
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 57 parameter description ipv6 address/prefix length specify the address and mask information using the format as ipv6 address / prefix length (ipv6 address is hexadecimal number, prefix length is decimal number, for example 1234::5d7f...
Page 67: Gratuitous Arp Settings
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 58 gratuitous arp settings an arp announcement (also known as gratuitous arp) is a packet (usually an arp request) containing a valid sha and spa for the host which sent it, with tpa equal to spa. Such a request is not intended to sol...
Page 68: Static Arp Settings
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 59 the following fields can be set or viewed: parameter description ip interface name displays the name of the interface that is being edited. Gratuitous arp trap & log the switch can trap and log ip conflict events to inform the admi...
Page 69: Dhcp/bootp Relay
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 60 figure 2 - 59 static arp settings - edit window the following fields can be set or viewed: parameter description ip address the ip address of the arp entry. This field cannot be edited in the static arp settings – edit window. Mac ...
Page 70
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 61 figure 2 - 61 dhcp/ bootp relay global settings window the following fields can be set: parameter description dhcp/bootp relay state this field can be toggled between enabled and disabled using the pull-down menu. It is used to ena...
Page 71
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 62 implement policies like restricting the number of ip addresses that can be assigned to a single remote id or circuit id. Then the dhcp server echoes the option 82 field in the dhcp reply. The dhcp server unicasts the reply to the b...
Page 72
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 63 the implementation of dhcp information option 82 the config dhcp_relay option_82 command configures the dhcp relay agent information option 82 setting of the switch. The formats for the circuit id sub-option and the remote id sub-o...
Page 73
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 64 dhcp/bootp relay interface settings this window allows the user to set up a server, by ip address, for relaying dhcp/bootp information. The user may enter a previously configured ip interface on the switch that will indicate which ...
Page 74
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 65 relay ip address enter the specified ip address for the dhcp relay forward. Mode use the pull-down menu to choose either relay or drop. When drop is specified, the packet with no matching rules found will be dropped without further...
Page 75
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 66 exact match – the option 60 string in the packet must fully match the specified string. Partial match – the option 60 string in the packet only needs to partially match the specified string. Click apply to implement the changes. To...
Page 76
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 67 to remove an entry, enter the appropriate mac address or string information and click delete. To delete all entries click clear all. To add a new entry click add the following window will appear. Figure 2 - 69 dhcp relay option 61 ...
Page 77: Dhcpv6 Relay
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 68 vid list display the vlan list. Click apply to implement the changes. Dhcpv6 relay this section contains information for configuring dhcpv6 relay, including dhcp v6 relay global settings and dhcpv6 relay interface settings. Dhcpv6 ...
Page 78
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 69 to search for an entry, enter the interface name and click find. To display all current entries on the switch click view all. To change a current entry, click the corresponding modify button of the entry, revealing the following wi...
Page 79: Dhcp Server
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 70 dhcp server for this release, the switch now has the capability to act as a dhcp server to devices within its locally attached network. Dhcp, or dynamic host configuration protocol, allows the switch to delegate ip addresses, subne...
Page 80: Dhcp Server Pool Settings
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 71 dhcp server exclude address settings the following window will allow the user to set an ip address, or a range of ip addresses that are not to be included in the range of ip addresses that the switch will allot to clients requestin...
Page 81
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 72 figure 2 - 77 create dhcp pool window users must first create the pool by entering a name of up to 12 alphanumeric characters into the pool name field and clicking apply. To remove an entry in the table, click the corresponding but...
Page 82
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 73 the following parameters can be configured or viewed: parameter description pool name denotes the name of the dhcp pool for which you are currently adjusting the parameters. Ip address enter the ip address to be assigned to request...
Page 83
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 74 figure 2 - 79 dhcp server pool display window to return to the create dhcp pool window, click the show all dhcp server pool entries link. Dhcp server dynamic binding the following window will allow users to view dynamically bound i...
Page 84
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 75 pool name to find the dynamically bound entries of a specific pool, enter the pool name into the field and click find. Dynamically bound entries of this pool will be displayed in the table. To clear the corresponding pool name entr...
Page 85: Dhcpv6 Server
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 76 figure 2 - 82 create dhcp pool manual binding window the following parameters may be configured or viewed. Parameter description pool name enter the name of the dhcp pool within which will be created a manual dhcp binding entry. Ip...
Page 86: Dhcpv6 Server Pool Settings
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 77 figure 2 - 83 dhcpv6 server global settings window the following parameters may be configured: parameter description global state use the pull-down menu to globally enable or disable the switch as a dhcp server. Click apply to impl...
Page 87
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 78 to configure the settings of a pool in the dhcpv6 server pool table, click the corresponding modify button to reveal the following window: figure 2 - 86 dhcpv6 pool table - edit window the following parameters can be configured or ...
Page 88
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 79 figure 2 - 87 dhcpv6 server manual biding brief table window to find the dhcpv6 server manual binding entries, enter the pool name into the field and click find. Click view all to see all the entries. To remove an entry from the ta...
Page 89
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 80 figure 2 - 89 dhcpv6 server dynamic biding brief table window to find the dhcpv6 server dynamic binding entries, enter the pool name into the field and click find. Click view all to see all the entries. To remove an entry from the ...
Page 90
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 81 figure 2 - 92 dhcpv6 server dynamic interface table - edit window the following fields can be configured or viewed: parameter description interface name display the name of the interface. Dhcpv6 server state use the pull-down menu ...
Page 91: Filter Dhcp Server
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 82 figure 2 - 94 dhcpv6 server excluded address brief table - view window the following fields can be configured or viewed: parameter description pool name display the name of the pool. Begin address enter the starting ip address of t...
Page 92
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 83 the following parameters may be configured: parameter description trap/log enable this function to record logs and send traps when the switch detects the illegal dhcp server packets. Illegal server log suppress duration the dhcp se...
Page 93
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 84 port list specify the ports that will enable or disable the filter dhcp server. Tick the all ports check box to select all ports. Filter dhcp server port settings action select add or delete to add or delete a filter dhcp server en...
Page 94: Rspan
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 85 from / to specify the ports on which the bpdu tunneling will be enabled or disabled. Type use the drop-down menu to select the configuration type. Tunnel – specifies that the bpdu is received from a tunnel port, this packets da wil...
Page 95: Rspan Settings
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 86 rspan settings this window allows the user to search for a previously created vlan and to view the rspan settings for it. To view this window, click administration > rspan > rspan settings, as shown below. Figure 2 - 99 rspan setti...
Page 96
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 87 figure 2 - 100 rspan settings – edit redirect window the following fields can be configured: parameter description vlan name this is the vlan name that, along with the vlan id, identifies the vlan which will modify the rspan entrie...
Page 97: Dns Relay
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 88 modify the rspan entries. Vid (1-4094) this is the vlan id that, along with the vlan name, identifies the vlan which will to modify the rspan entries. Mirror group id (1-4) tick the check box and enter a group id which mirror sessi...
Page 98: Dns Relay Global Settings
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 89 dns relay global settings to view this window, click administration > dns relay > dns relay global settings, as shown below. Figure 2 - 102 dns relay global settings window the following fields can be set: parameter description dns...
Page 99: Dns Resolver
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 90 to add an entry into the dns relay static table, simply enter a domain name with its corresponding ip address and click add under the apply heading. A successful entry will be presented in the table below, as shown in the example a...
Page 100
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 91 to remove an entry from the table, click its corresponding under the delete heading. Click add to reveal the following window to configure: figure 2 - 106 dns resolver static name server settings window the following fields can be ...
Page 101
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 92 click add to reveal the following window to configure: figure 2 - 109 dns resolver static host name settings window the following fields can be set: parameter description host name enter the host’s host name. Ip address enter the h...
Page 102: Snmp Manager
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 93 snmp manager snmp settings simple network management protocol (snmp) is an osi layer 7 (application layer) designed specifically for managing and monitoring network devices. Snmp enables network management stations to read and modi...
Page 103: Snmp Trap Settings
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 94 snmp settings are configured using the menus located on the snmp v3 folder of the web manager. Workstations on the network that are allowed snmp privileged access to the switch can be restricted with the management station ip addre...
Page 104: Snmp User Table
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 95 snmp user table this windowdisplays all of the snmp users currently configured on the switch. To view this window, click administration > snmp manager > snmp user table, as shown below. Figure 2 - 112 snmp user table window to dele...
Page 105
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 96 figure 2 - 114 snmp user table - add window the following parameters can be configured: parameter description user name enter an alphanumeric string of up to 32 characters. This is used to identify the snmp user. Group name this na...
Page 106: Snmp View Table
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 97 snmp view table this window is used to assign views to community strings that define which mib objects can be accessed by a remote snmp manager. To view this window, click administration > snmp manager > snmp view table, as shown b...
Page 107: Snmp Group Table
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 98 can access. Select excluded to exclude this object from the list of objects that an snmp manager can access. To implement your new settings, click apply. To return to the snmp view table window, click the show all snmp view table e...
Page 108: Snmp Community Table
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 99 figure 2 - 119 snmp group table configuration window the following parameters can be configured: parameter description group name type an alphanumeric string of up to 32 characters. This is used to identify the new snmp group of sn...
Page 109: Snmp Host Table
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 100 • read/write or read-only level permission for the mib objects accessible to the snmp community. To view this window, click administration > snmp manager > snmp community table, as shown below. Figure 2 - 120 snmp community table ...
Page 110
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 101 users now have the choice of adding an ipv4 or an ipv6 host to the snmp host table. To add a new ipv4 entry to the switch's snmp host table, click the add ipv4 host button in the upper left-hand corner of the window. This will ope...
Page 111: Snmp Engine Id
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 102 v2 – to specify that snmp version 2 will be used. V3-noauth-nopriv – to specify that the snmp version 3 will be used, with a noauth-nopriv security level. V3-auth-nopriv – to specify that the snmp version 3 will be used, with an a...
Page 112: Poe
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 103 ipv6 address tick the check box and enter an ipv6 address. Click apply to implement the changes. To remove an entry, click the corresponding button. Poe the dgs-3426p switch supports power over ethernet (poe) as defined by the iee...
Page 113
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 104 figure 2 - 126 poe system settings window the following parameters can be configured: parameter description unit choose the switch in the switch stack for which to configure the poe settings. Users should note that not all switche...
Page 114: Poe Port Settings
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 105 poe port settings this window is used to configure the poe port settings on the switch. To view this window, click administration > poe > poe port settings: figure 2 - 127 poe port settings window the following parameters can be c...
Page 115
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 106 priority use the pull-down menu to select the priority of the poe ports. Port priority determines the priority which the system attempts to supply the power to the ports. There are three levels of priority that can be selected, cr...
Page 116: Sflow
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 107 sflow figure 2 - 128 sflow basic setup sflow is a feature on the switch that allows users to monitor network traffic running through the switch to identify network problems through packet sampling and packet counter information of...
Page 117: Sflow Global Settings
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 108 sflow global settings the following window is used to globally enable the sflow feature for the switch. Simply use the pull-down menu and click apply to enable or disable sflow. This window will also display the sflow version curr...
Page 118
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 109 owner displays the owner of the entry made here. The user that added this sflow analyzer configured this name. Timeout (sec) displays the configured time, in seconds, after which the analyzer server will time out. When the server ...
Page 119: Sflow Sampler Settings
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 110 figure 2 - 132 sflow analyzer settings – edit window the following fields can be configured or viewed: parameter description analyzer server (1- 4) enter an integer from 1 to 4 to denote the sflow analyzer to be added. Up to four ...
Page 120
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 111 figure 2 - 133 sflow sampler settings window the following fields are displayed: parameter description port displays the port from which packet samples are being extracted. Analyzer server id displays the id of the analyzer server...
Page 121: Sflow Poller Settings
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 112 figure 2 - 135 sflow sampler settings - edit window the following fields can be configured or viewed: parameter description unit select the unit you wish to configure. From / to choose the beginning and ending range of ports to be...
Page 122
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 113 figure 2 - 136 sflow counter poller settings window the following fields are displayed: parameter description port displays the port from which packet counter samples are being taken. Analyzer server id displays the id of the anal...
Page 123
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 114 figure 2 - 138 sflow counter poller settings - edit window the following parameters can be configured or viewed: parameter description unit select the unit you wish to configure. From / to choose the beginning and ending range of ...
Page 124
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 115 parameter description ip multicast vlan replication state enable or disable the ip multicast vlan replication state on the switch. Ttl ttl specifies whether to decrease the time to live of a packet, the user can choose either decr...
Page 125
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 116 figure 2 - 141 ip multicast vlan replication settings - source edit window the following fields may be set: parameter description entry name the name of the previously created ip multicast vlan replication entry will be displayed....
Page 126
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 117 figure 2 - 142 ip multicast vlan replication settings - destination edit window the following fields may be set: parameter description entry name the name of the previously created ip multicast vlan replication entry will be displ...
Page 127
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 118 single ip management (sim) overview simply put, d-link single ip management is a concept that will stack switches together over ethernet instead of using stacking ports or modules. There are some advantages in implementing the “si...
Page 128
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 119 • the user can manually configure a cs to become a cas. • a ms can become a cas by: • being configured as a cas through the cs. • if report packets from the cs to the ms time out. • the user can manually configure a cas to become ...
Page 129: Sim Settings
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 120 note: sim management does not support ipv6. For users wishing to utilize this function, switches in the sim group must be configured with ipv4 addresses. Ipv6 for sim management will be supported in a future release of this switch...
Page 130: Topology
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 121 a commander switch. This is the default setting for the sim role of the dgs-3400 series. Commander – choosing this parameter will make the switch a commander switch (cs). The user may join other switches to this switch, over ether...
Page 131
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 122 the tree view window holds the following information under the data tab: parameter description device name this field will display the device name of the switches in the sim group configured by the user. If no device is configured...
Page 132
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 123 this screen will display how the devices within the single ip management group connect to other groups and devices. Possible icons in this screen are as follows: icon description group layer 2 commander switch layer 3 commander sw...
Page 133
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 124 tool tips in the topology view window, the mouse plays an important role in configuration and in viewing device information. Setting the mouse cursor over a specific device in the topology window (tool tip) will display the same i...
Page 134
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 125 figure 2 - 148 port speed utilizing the tool tip.
Page 135
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 126 right-click right-clicking on a device will allow the user to perform various functions, depending on the role of the switch in the sim group and the icon associated with it. Group icon figure 2 - 149 right-clicking a group icon t...
Page 136
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 127 commander switch icon figure 2 - 151 right-clicking a commander icon the following options may appear for the user to configure: • collapse – to collapse the group that will be represented by a single icon. • expand – to expand th...
Page 137
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 128 • collapse – to collapse the group that will be represented by a single icon. • expand – to expand the sim group, in detail. • add to group – add a candidate to a group. Clicking this option will reveal the following screen for th...
Page 138: Firmware Upgrade
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 129 help • about - will display the sim information, including the current sim version. Figure 2 - 157 about window firmware upgrade this window is used to upgrade firmware from the commander switch to the member switch. Member switch...
Page 139: Upload Log
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 130 upload log the following window is used to upload log files from sim member switches to a specified pc. To upload a log file, enter the ip address of the sim member switch and then enter the path on your pc to which to save this f...
Page 140: Rip
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 131 rip version 1 message format there are two types of rip messages: routing information messages and information requests. Both types use the same format. The command field specifies an operation according the following table: comma...
Page 141
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 132 rip global settings to setup rip for the ip interfaces configured on the switch, the user must first globally enable rip and then configure rip settings for the individual ip interfaces. To globally enable rip on the switch, click...
Page 142: Ripng
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 133 ip address the ip address corresponding to the interface name showing in the field above. Tx mode toggle among disabled, v1 only, v1 compatible, and v2 only. This entry specifies which version of the rip protocol will be used to t...
Page 143
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 134 expire time (1-65535) enter the value (in seconds) of the expire time. Garbage collection time (1-65535) enter the value (in seconds) of the garbage-collection timer. Click apply to implement changes made. Ripng interface settings...
Page 144: Ip Tunnel Settings
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 135 ip tunnel settings the switch supports ip tunneling. The idea behind this feature is to be able to integrate ipv6 into and coexist with existing ipv4 networks. It is expected that ipv4 and ipv6 hosts will need to coexist for a sub...
Page 145
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 136 the following parameters can be configured or viewed: parameter description interface name this is the ipv6 tunnel interface name. Interface admin state enable or disable ip tunneling. Mode select from manual, 6to4, or isatap. Man...
Page 146: Section 3
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 137 section 3 l2 features vlans trunking igmp snooping mld snooping loop-back detection global settings spanning tree forwarding & filtering lldp q-in-q erps duld settings nlb multicast fdb settings the following section will aid the ...
Page 147
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 138 tagging – the act of putting 802.1q vlan information into the header of a packet. Untagging – the act of stripping 802.1q vlan information out of the packet header. Ingress port – a port on a switch where packets are flowing into ...
Page 148
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 139 figure 3 - 1 ieee 802.1q packet forwarding 802.1q vlan tags the figure below shows the 802.1q vlan tag. There are four additional octets inserted after the source mac address. Their presence is indicated by a value of 0x8100 in th...
Page 149
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 140 figure 3 - 2 ieee 802.1q tag the ethertype and vlan id are inserted after the mac source address, but before the original ethertype/length or logical link control. Because the packet is now a bit longer than it was originally, the...
Page 150
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 141 cerned. Tagged packets are forwarded according to the vid contained within the tag. Tagged packets are also assigned a pvid, but the pvid is not used to make packet-forwarding decisions, the vid is. Tag-aware switches must keep a ...
Page 151: Static Vlan Entry
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 142 system (default) 1 5, 6, 7, 8, 21, 22, 23, 24 engineering 2 9, 10, 11, 12 marketing 3 13, 14, 15, 16 finance 4 17, 18, 19, 20 sales 5 1, 2, 3, 4 table 3 - 1 vlan example – assigned ports port-based vlans port-based vlans limit tra...
Page 152
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 143 figure 3 - 4 current static vlan entries window the current static vlan entries window lists all previously configured vlans by vlan id and vlan name. To delete an existing 802.1q vlan, click the corresponding button under the del...
Page 153: Vlan Trunk
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 144 figure 3 - 6 static vlan window – edit window the following parameters can be configured or viewed: parameter description unit select the switch in the switch stack for which to configure vlans. Vid allows the entry of a vlan id i...
Page 154
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 145 figure 3 - 7 vlan trunk global settings window the following parameters can be configured: parameter description vlan trunk status use the pull-down menu to enable or disable vlan trunk global status. State use the pull-down menu ...
Page 155: Gvrp Settings
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 146 gvrp settings figure 3 - 8 gvrp settings window the following fields can be configured: parameter description unit select the switch in the switch stack to be modified. From / to these two fields allow the range of ports that will...
Page 156: Double Vlans
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 147 make vlan forwarding decisions. If the port receives a packet, and ingress filtering is enabled, the port will compare the vid of the incoming packet to its pvid. If the two are unequal, the port will drop the packet. If the two a...
Page 157
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 148 the customer can retain its normal vlan and the service provider can congregate multiple customer vlans within one sp-vlan, thus greatly regulating traffic and routing on the service provider switch. This information is then route...
Page 158: Double Vlan Settings
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 149 double vlan settings this window is used to enable or disable the double vlan state settings. To view this window, click l2 features > vlan > double vlan, as shown below. Figure 3 - 10 double vlan state settings window choose enab...
Page 159
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 150 figure 3 - 13 double vlan state settings - view window parameters shown in the previous window are explained below: parameter description spvid the vlan id number of this potential service provider vlan. Vlan name the name of the ...
Page 160: Pvid Auto Assign
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 151 to configure the parameters for a previously created service provider vlan, click the modify button of the corresponding spvid in the double vlan state settings window. The following window will appear for the user to configure. F...
Page 161: Mac-Based Vlan Settings
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 152 figure 3 - 16 pvid auto assign settings window when enabled, pvid will be automatically assigned when adding a port to a vlan as an untagged member port. Click apply to implement the change. Mac-based vlan settings this table is u...
Page 162
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 153 protocol type header in hexadecimal form ip over ethernet 0x0800 ipx 802.3 0xffff ipx 802.2 0xe0e0 ipx snap 0x8137 ipx over ethernet2 0x8137 declat 0x6004 sna 802.2 0x0404 netbios 0xf0f0 xns 0x0600 vines 0x0bad ipv6 0x86dd appleta...
Page 163
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 154 figure 3 - 19 protocol vlan group - add window the add and modify windows of the protocol vlan group hold the following fields to be configured: parameter description group id (1-16) enter an integer from 1 to 16 to identify the p...
Page 164: Subnet Vlan
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 155 figure 3 - 20 protocol vlan port settings window the following fields may be configured: parameter description port list use this parameter to assign ports to a protocol vlan group or remove them from the protocol vlan group. Tick...
Page 165
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 156 note: 1. If the ip address of the received untagged packet is match two entries in the table. The longest-prefix match order is used. 2. For make the subnet vlan can work well, must add the ingress port into the vlan member ports....
Page 166
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 157 figure 3 - 22 vlan precedence settings window the following fields may be configured: parameter description unit select the switch in the switch stack to be modified. From / to these two fields allow the range of ports that will b...
Page 167: Trunking
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 158 trunking understanding port trunk groups port trunk groups are used to combine a number of ports together to make a single high-bandwidth data pipeline. Dgs-3400 series supports up to 32 port trunk groups with 2 to 8 ports in each...
Page 168: Link Aggregation
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 159 the switch treats all ports in a trunk group as a single port. Data transmitted to a specific host (destination address) will always be transmitted over the same port in a trunk group. This allows packets in a data stream to arriv...
Page 169
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 160 figure 3 - 25 link aggregation group entries - add window to edit a port trunk group, click the corresponding modify button to see the window shown as below..
Page 170
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 161 figure 3 - 26 link aggregation group entries - edit window the user-changeable parameters are as follows: parameter description group id select an id number for the group, between 1 and 32. Type this pull-down menu allows users to...
Page 171: Lacp Port Settings
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 162 unknown unicasts. After setting the previous parameters, click apply to allow your changes to be implemented. Successfully created trunk groups will be show in the link aggregation group entries window. To return to the link aggre...
Page 172
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 163 figure 3 - 27 lacp port settings window the user may set the following parameters: parameter description unit select the switch in the switch stack to be modified. From / to a consecutive group of ports may be configured starting ...
Page 173: Igmp Snooping
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 164 dynamically as needs require. In order to utilize the ability to change an aggregated port group, that is, to add or subtract ports from the group, at least one of the participating devices must designate lacp ports as active. Bot...
Page 174
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 165 click the corresponding modify button in the igmp snooping settings table to open the window, as shown below. Figure 3 - 29 igmp snooping settings – edit window the following parameters may be viewed or modified: parameter descrip...
Page 175: Router Port Settings
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 166 (1- 25) messages, including those sent in response to leave group messages. Default = 1. Version (1-3) configure the igmp version of the query packet which will be sent by the router. Host timeout (1-16711450 sec) this is the maxi...
Page 176
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 167 •igmp queries (from the router port) will be flooded to all ports. All udp multicast packets will be forwarded to the router port. Because routers do not send igmp reports or implement igmp snooping, a multicast router connected t...
Page 177
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 168 none – click this option to not set these ports as router ports static – click this option to designate a range of ports as being connected to a multicast- enabled router. This command will ensure that all packets with this router...
Page 178: Ism Vlan Settings
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 169 figure 3 - 33 igmp snooping static group - add window to modify an entry, click the corresponding modify button, and the following window will be displayed. Figure 3 - 34 igmp static group modify window the following fields can be...
Page 179
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 170 regardless of other normal vlans that are incorporated on the switch, users may add any ports to the multicast vlan where they wish multicast traffic to be sent. Users are to set up a source port, where the multicast traffic is en...
Page 180
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 171 vid (2-4094) enter a vlan id between 2 and 4094. Remap priority (0-7) enter a value between 0 and 7. The remap priority is associated with the data traffic to be forwarded on the multicast vlan. Tick the none check box to use the ...
Page 181
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 172 replace source ip this field is used to replace the source ip address of incoming packets sent by the host before being forwarded to the source port. Remap priority (0-7) enter a value between 0 and 7. The remap priority is associ...
Page 182
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 173 figure 3 - 39 limited ip multicast address range window the following parameters can be configured: parameter description unit select the switch in the switch stack to be modified. From / to enter the port range for which to begin...
Page 183: Mld Snooping
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 174 mld snooping multicast listener discovery (mld) snooping is an ipv6 function used similarly to igmp snooping in ipv4. It is used to discover ports on a vlan that are requesting multicast data. Instead of flooding all ports on a se...
Page 184
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 175 the following parameters can be configured: parameter description mld multicast router only use the pull-down menu to enable or disable the mld multicast router. Mld snooping data driven learning settings (1-511) enter a value bet...
Page 185
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 176 response for mld port listeners. The max response time field allows an entry between 1 and 25 (seconds). Default = 10. Robustness variable (1-255) provides fine-tuning to allow for expected packet loss on a subnet. The user may ch...
Page 186: Mld Router Port Settings
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 177 mld router port settings the following window is used to designate a port or range of ports as being connected to multicast enabled routers. When ipv6 routing control packets, such as dvmrp, ospf or rip, or mld query packets are f...
Page 187
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 178 which to configure these ports: none – click this option to not set these ports as router ports static – click this option to designate a range of ports as being connected to a multicast-enabled router. This command will ensure th...
Page 188
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 179 loop-back detection global settings figure 3 - 44 loopback detection global settings window the following fields may be configured: parameter description loopdetect status choose whether to globally enable or disable the loop-back...
Page 189
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 180 loopdetect trap none – the trap will not be sent in any situation. Loop detected – the trap is sent when the loop condition is detected. Loop cleared – the trap is sent when the loop condition is cleared. Both – the trap will be s...
Page 190: Spanning Tree
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 181 spanning tree this switch supports three versions of the spanning tree protocol: 802.1d-1998 stp, 802.1d-2004 rapid stp, and 802.1q-2005 mstp. 802.1d-1998 stp will be familiar to most networking professionals. However, since 802.1...
Page 191
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 182 port transition states an essential difference between the three protocols is in the way ports transition to a forwarding state and in the way this transition relates to the role of the port (forwarding or not forwarding) in the t...
Page 192: Stp Bridge Global Settings
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 183 the spanning tree protocol (stp) operates on two levels: 1. On the switch level, the settings are globally implemented. 2. On the port level, the settings are implemented on a per-user-defined group of ports basis. Stp bridge glob...
Page 193
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 184 figure 3 - 47 stp bridge global settings window (stp compatible) see the table below for descriptions of the stp versions and corresponding setting options. Note: the hello time cannot be longer than the max. Age. Otherwise, a con...
Page 194
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 185 forward delay (4-30 sec) the forward delay can be from 4 to 30 seconds. Any port on the switch spends this time in the listening state while moving from the blocking state to the forwarding state. Max hops (1-40) used to set the n...
Page 195
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 186 the window above contains the following information: parameter description configuration name a previously configured name set on the switch to uniquely identify the msti (multiple spanning tree instance). If a configuration name ...
Page 196
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 187 the user may configure the following parameters to configure the cist on the switch. Parameter description msti id the msti id of the cist is 0 and cannot be altered. Type this field allows the user to choose a desired method for ...
Page 197: Mstp Port Information
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 188 mstp port information this window displays the current mstp port information and can be used to update the port configuration for an msti id. If a loop occurs, the mstp function will use the port priority to select an interface to...
Page 198
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 189 click apply to implement the changes. Click the show mstp port information table-port 1 of unit 1 to return to the mstp port information window..
Page 199: Stp Instance Settings
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 190 stp instance settings the following window displays mstis currently set on the switch. To view this window, click l2 features > spanning tree > stp instance settings, as shown below. Figure 3 - 54 stp instance settings window the ...
Page 200: Stp Port Settings
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 191 stp port settings stp can be set up on a port per port basis. In addition to setting spanning tree parameters for use on the switch level, the switch allows for the configuration of groups of ports, each port-group of which will h...
Page 201
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 192 from / to a consecutive group of ports may be configured starting with the selected port. External cost (0=auto) this defines a metric that indicates the relative cost of forwarding packets to the specified port list. Port cost ca...
Page 202: Forwarding & Filtering
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 193 click apply to implement the changes. Forwarding & filtering this folder contains windows for unicast forwarding, multicast forwarding and multicast filtering mode. Unicast forwarding figure 3 - 57 setup static unicast forwarding ...
Page 203: Multicast Filtering Mode
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 194 figure 3 - 59 setup static multicast forwarding table window the following parameters can be set: parameter description unit select the switch in the switch stack to be modified. Vid the vlan id of the vlan the corresponding mac a...
Page 204: Lldp
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 195 parameter description vlan name the vlan to which the specified filtering action applies. Tick the all check box to apply the action to all vlans on the switch. Filtering mode this drop-down menu allows you to select the action th...
Page 205: Lldp Global Settings
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 196 lldp global settings this window is used to configure the lldp global settings on the switch. When lldp is enabled the switch can start to transmit, receive and process lldp packets. The specific function of each port will depend ...
Page 206: Basic Lldp Port Settings
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 197 port which will delay advertising any successive lldp advertisements due to change in the lldp mib content. To change the lldp tx delay, enter a value in seconds (1 to 8192). Notification interval (5-3600) lldp notification interv...
Page 207
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 198 the following parameters can be set: parameter description unit select the unit to configure. From / to use the pull-down menu to select a range of ports to be configured. Notification state use the pull-down menu to enable or dis...
Page 208
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 199 figure 3 - 63 802.1 extension lldp port settings window.
Page 209
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 200 the following parameters can be set: parameter description unit select the unit to configure. From / to use the pull-down menu to select a range of ports to be configured. Port vlan id use the drop-down menu to enable or disable t...
Page 210
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 201 figure 3 - 64 802.3 extension lldp port settings window the following parameters can be set: parameter description unit select the unit you wish to configure. From / to use the pull-down menu to select a range of ports to be confi...
Page 211
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 202 power via mdi this specifies that the lldp agent should transmit 'power via mdi tlv'. Three ieee 802.3 pmd implementations (10base-t, 100base-tx, and 1000base-t) allow power to be supplied over the link for connected non-powered s...
Page 212
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 203 figure 3 - 65 lldp management address settings window the following parameters can be set: parameter description unit select the unit you wish to configure. From / to use the pull-down menu to select a range of ports to be configu...
Page 213: Lldp Statistics
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 204 lldp statistics lldp statistics allows you an overview of neighbor detection activity, lldp statistics and the settings for individual ports on the switch. Use the drop-down menu to check a specific unit the information will be di...
Page 214: Lldp Local Port Table
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 205 lldp management address table the following window is used to set up lldp management address settings on the switch. To view this window, click l2 features > lldp > lldp management address settings, as shown below. Figure 3 - 67 l...
Page 215
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 206 figure 3 - 68 lldp local port brief table window.
Page 216
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 207 to view normal information on a per port basis click the corresponding view button, which will display the following window.Cl figure 3 - 69 lldp local port table - view normal window to return to the previous window click the sho...
Page 217: Lldp Remote Port Table
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 208 figure 3 - 70 lldp local port table - view detailed window to return to the lldp local port brief information window, click the show lldp local port brief table link. To view the lldp local port normal table window, click the show...
Page 218
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 209 figure 3 - 71 lldp remote port brief table window select the port you wish to view by using the drop-down menu and click find, the information will be displayed in the lower half of the table. To view the settings for an individua...
Page 219: Q-In-Q
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 210 q-in-q q-in-q is designed for service providers to carry traffic from multiple users across a network. Q-in-q is used to maintain customer specific vlan and layer 2 protocol configurations even when the same vlan id is being used ...
Page 220: Vlan Translation Settings
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 211 parameter description qinq state use the pull down menu to enable or disable the q-in-q state. When q-in-q is enabled, all network port roles will have nni ports and their outer tpid set to 0x88a8. All existing static vlans will r...
Page 221: Erps
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 212 the following fields can be set: parameter description unit select the unit you wish to configure. From / to a consecutive group of ports that are part of the vlan configuration starting with the selected port. Cvid list the custo...
Page 222: Erps Raps Vlan Settings
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 213 log status enable or disable the log state of erps events. The default value is disabled. Trap status enable or disable the trap state of erps events. The default value is disabled click apply to implement the changes. Erps raps v...
Page 223
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 214 figure 3 - 79 erps raps vlan table - edit window the following fields can be set: parameter description erps state this is used to configure ring state of the specified ring. When both the global state and the specified ring erps ...
Page 224
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 215 port. Rpl owner enable or disable the rpl owner. Enabled specifies the device as an rpl owner node. Disabled indicates the node is not an rpl owner. By default, the rpl owner is disabled. Protected vlan action this is used to conf...
Page 225: Duld Settings
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 216 figure 3 - 80 erps raps vlan table - edit sub ring window the following fields can be set: parameter description sub-ring r-aps vlan action toggle between add or delete. Add connects the sub-ring to another ring. Delete disconnect...
Page 226
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 217 figure 3 - 81 duld settings window the following fields can be set: parameter description unit select the unit you wish to configure..
Page 227: Nlb Multicast Fdb Settings
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 218 from / to select a range of ports. Admin state enable or disable the administration state. This indicates these ports unidirectional link detection status. The default state is disabled. Mode toggle between shutdown and normal. Wh...
Page 228
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 219 vlan name click the radio button and enter the vlan of the nlb multicast fdb entry to be created. Vid (1-4094) click the radio button and enter the vlan by the vlan id. Mac address enter the mac address of the nlb multicast fdb en...
Page 229: Section 4
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 220 section 4 qos 802.1p settings bandwidth control hol prevention settings schedule settings qos the xstack ® dgs-3400 series supports 802.1p priority queuing quality of service. The following section discusses the implementation of ...
Page 230
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 221 figure 4 - 1 an example of the default qos mapping on the switch the picture above shows the default priority setting for the switch. Class-6 has the highest priority of the seven priority classes of service on the switch. In orde...
Page 231
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 222 •priority 0 is assigned to the switch’s q2 queue. •priority 1 is assigned to the switch’s q0 queue. •priority 2 is assigned to the switch’s q1 queue. •priority 3 is assigned to the switch’s q3 queue. •priority 4 is assigned to the...
Page 232: 802.1P Settings
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 223 notice: the switch contains eight classes of service for each port on the switch. One of these classes is reserved for internal use on the switch and is therefore not configurable. All references in the following section regarding...
Page 233
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 224 802.1p default priority settings the switch allows the assignment of a default 802.1p priority to each port on the switch. The priority tags are numbered from 0, the lowest priority, to 7, the highest priority. To view this window...
Page 234
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 225 value, from 0-7 in the priority field. Click apply to implement the changes. 802.1p user priority settings the xstack ® dgs-3400 series allows the assignment of a class of service to each of the 802.1p priorities. To view this win...
Page 235: Bandwidth Control
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 226 class id use the pull-down menu to select the switch’s hardware priority queue. The switch has seven hardware priority queues available. Click apply to implement the changes. Bandwidth control the bandwidth control section include...
Page 236
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 227 figure 4 - 4 bandwidth settings window the following parameters can be set or are displayed: parameter description unit select the switch in the switch stack to be modified. From / to a consecutive group of ports may be configured...
Page 237
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 228 effective rx rate specifies the limitation of the received data rate. Effective tx rate specifies the limitation of the transmitted data rate. Click apply to set the bandwidth control for the selected ports. Results of configured ...
Page 238
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 229 figure 4 - 5 per queue bandwidth control settings window the following parameters can be set: parameter description unit select the switch in the switch stack to be modified. From / to a consecutive group of ports may be configure...
Page 239: Hol Prevention Settings
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 230 hol prevention settings this window is used to enable or disable head of line (hol) prevention. To view the hol prevention settings window, click qos > hol prevention settings, as shown below. Figure 4 - 6 per queue bandwidth cont...
Page 240
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 231 figure 4 - 7 qos output scheduling window the following values may be assigned to the qos classes to set the scheduling. Parameter description unit select the unit to configure. From / to a consecutive group of ports may be config...
Page 241
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 232 note: entering a 0 for the max packets field in the qos output scheduling window above will create a combination queue. For more information on implementation of this feature, see the next section, configuring the combination queu...
Page 242
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 233 figure 4 - 8 qos scheduling mechanism window the following parameters can be configured. Parameter description unit select the unit to configure. From / to a consecutive group of ports may be configured starting with the selected ...
Page 243
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 234 mode use the pull-down menu to select one of the following modes. Strict - the highest class of service is the first to process traffic. That is, the highest class of service will finish before other queues empty. Weight fair - us...
Page 244: Section 5
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 235 section 5 acl (access control list) time range access profile table acl flow meter cpu interface filtering time range this window is used in conjunction with the access profile feature to determine a starting point and an ending p...
Page 245: Access Profile Table
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 236 click apply to implement changes made. Currently configured entries will be displayed in the time range information table in the bottom half of the window shown above. Access profile table access profiles allow you to establish cr...
Page 246
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 237 parameter description profile id (1-6) type in a unique identifier number for this profile set. This value can be set from 1 to 6. Type select profile based on ethernet (mac address), ip, packet content or ipv6 address. This will ...
Page 247
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 238 figure 5 - 5 access profile configuration window (ip) the following parameters can be set, for ip: parameter description profile id (1-6) type in a unique identifier number for this profile set. This value can be set from 1 to 6. ...
Page 248
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 239 • type - further specify that the access profile will apply an icmp type value. • code - further specify that the access profile will apply an icmp code value. Select igmp to instruct the switch to examine the internet group manag...
Page 249
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 240 figure 5 - 7 access profile configuration window (ipv6) the following parameters can be set, for ip: parameter description profile id (1-6) type in a unique identifier number for this profile set. This value can be set from 1 to 6...
Page 250
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 241 0x0-0xffff) which you wish to filter. Select udp to use the udp port number contained in an incoming packet as the forwarding criterion. Selecting udp requires that you specify a source port mask and/or a destination port mask. • ...
Page 251
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 242 parameter description profile id (1-6) type in a unique identifier number for this profile set. This value can be set from 1 to 6. Type select profile based on ethernet (mac address), ip address, packet content mask or ipv6. This ...
Page 252
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 243 figure 5 - 11 access rule table window (ehternet) to remove a previously created rule, select it and click the button. To add a new access rule, click the add rule button: figure 5 - 12 access rule configuration window (ethernet) ...
Page 253
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 244 and will be filtered. Select mirror to specify that packets match the access profile are mirrored to a port defined in the port mirroring window. Port mirroring must be enabled and a target port must be set. Access id (1-128) type...
Page 254
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 245 click apply to implement the changes. To view the settings of a previously correctly configured rule, click view in the access rule table window to view the following window: figure 5 - 13 access rule display window (ethernet) to ...
Page 255
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 246 figure 5 - 15 access rule configuration window (ip) configure the following access rule configurationsettings for ip: parameter description profile id this is the identifier number for this profile set. Mode select permit to speci...
Page 256
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 247 forwarded by the switch. For more information on priority queues, cos queues and mapping for 802.1p, see the qos section of this manual. Replace dscp (0-63) select this option to instruct the switch to replace the dscp value (in a...
Page 257
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 248 figure 5 - 16 access rule display window (ip) to configure the access rule for ipv6, open the access profile table window and click modify for an ipv6 entry. This will open the following window: figure 5 - 17 access rule table (ip...
Page 258
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 249 figure 5 - 18 access rule configuration window (ipv6) parameter description profile id this is the identifier number for this profile set. Mode select permit to specify that the packets that match the access profile are forwarded ...
Page 259
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 250 header. This class field is a part of the packet header that is similar to the type of service (tos) or precedence bits field of ipv4. Flow label configuring this field, in hex form, will instruct the switch to examine the flow la...
Page 260
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 251 figure 5 - 19 access rule display window (ipv6) the following window is the access rule table for packet content. Figure 5 - 20 access rule table window (packet content mask) to remove a previously created rule, select it and clic...
Page 261
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 252 figure 5 - 21 access rule configuration window (packet content) to set the access rule for the packet content mask, adjust the following parameters and click apply. Parameter description profile id this is the identifier number fo...
Page 262
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 253 priority (0-7) this parameter is specified to re-write the 802.1p default priority previously set in the switch, which is used to determine the cos queue to which packets are forwarded to. Once this field is specified, packets acc...
Page 263: Acl Flow Meter
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 254 figure 5 - 22 access rule display window (packet content) note: when using the acl mirror function, ensure that the port mirroring function is enabled and a target mirror port is set. Acl flow meter before configuring the acl flow...
Page 264
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 255 dscp – differentiated services code point. The part of the packet header where the color will be added. Users may change the dscp field of incoming packets. The acl flow meter function will allow users to color code ip packet flow...
Page 265
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 256 figure 5 - 24 acl flow meter configuration - add window the following fields may be configured: parameter description profile id (1-6) enter the pre-configured profile id for which to configure the acl flow metering parameters. Ac...
Page 266
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 257 following parameters to determine the color rate of the ip packet flow. Cir – the committed information rate can be set between 0 and 156249. The color rates are based on the following two fields which are used in conjunction with...
Page 267: Cpu Interface Filtering
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 258 cpu interface filtering due to a chipset limitation and needed extra switch security, the xstack ® dgs-3400 series switch incorporates cpu interface filtering. This added feature increases the running security of the switch by ena...
Page 268
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 259 cpu interface filtering table this window displays the cpu access profile table entries created on the switch. To view this window, click acl > cpu interface filtering > cpu interface filtering table, as shown below. Figure 5 - 27...
Page 269
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 260 vlan selecting this option instructs the switch to examine the vlan identifier of each packet header and use this as the full or partial criterion for forwarding. Source mac source mac mask - enter a mac address mask for the sourc...
Page 270
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 261 figure 5 - 30 cpu interface filtering configuration window (ip) the following parameters may be configured for the ip cpu filter. Parameter description profile id (1-5) type in a unique identifier number for this profile set. This...
Page 271
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 262 or specify code to further specify that the access profile will apply an icmp code value. Select igmp to instruct the switch to examine the internet group management protocol (igmp) field in each frame's header. • select type to f...
Page 272
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 263 figure 5 - 32 cpu interface filtering configuration window (ipv6) the following parameters may be configured for the ip cpu filter. Parameter description profile id (1-5) type in a unique identifier number for this profile set. Th...
Page 273
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 264 figure 5 - 33 cpu interface filtering entry display window (ipv6) the window shown below is thepacket content maskconfiguration window..
Page 274
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 265 figure 5 - 34 cpu interface filtering configuration window (packet content) this screen will aid the user in configuring the switch to mask packet headers beginning with the offset value specified. The following fields are used to...
Page 275
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 266 packet to the 15th byte. • value (16-31) – enter a value in hex form to mask the packet from byte 16 to byte 31. • value (32-47) – enter a value in hex form to mask the packet from byte 32 to byte 47. • value (48-63) – enter a val...
Page 276
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 267 figure 5 - 37 cpu interface filtering table (ethernet) to create a new rule set for an access profile click the add rule button. A new window is displayed. To remove a previously created rule, click the corresponding button. The f...
Page 277
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 268 mac ethernet type specifies that the access profile will apply only to packets with this hexadecimal 802.1q ethernet type value (hex 0x0-0xffff) in the packet header. The ethernet type value may be set in the form: hex 0x0-0xffff,...
Page 278
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 269 figure 5 - 41 cpu interface filtering rule configuration window (ip) configure the following access rule configuration settings for ip: parameter description profile id this is the identifier number for this profile set. Mode sele...
Page 279
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 270 figure 5 - 42 cpu interface filtering rule display window (ip) the following window is the cpu interface filtering rule table for ipv6. Figure 5 - 43 cpu interface filtering rule table window (ipv6) to create a new rule set for an...
Page 280
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 271 figure 5 - 44 cpu interface filtering rule configuration window (ipv6) configure the following access rule configuration settings for ipv6: parameter description profile id this is the identifier number for this profile set. Mode ...
Page 281
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 272 figure 5 - 45 cpu interface filtering rule display window (ipv6) the following window is the cpu interface filtering rule table for packet content. Figure 5 - 46 cpu interface filtering rule table window (packet content).
Page 282
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 273 to remove a previously created rule, select it and click the button. To add a new access rule, click the add rule button: figure 5 - 47 cpu interface filtering rule configuration window (packet content).
Page 283
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 274 the following parameters can be configured. Parameter description profile id this is the identifier number for this profile set. Mode select permit to specify that the packets that match the access profile are forwarded by the swi...
Page 284: Section 6
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 275 section 6 security authorization attributes state settings traffic control port security ip-mac-port binding 802.1x web-based access control (wac) trust host bpdu attack protection settings arp spoofing prevention settings access ...
Page 285: Traffic Control
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 276 traffic control figure 6 - 2 traffic control settings window if this field times out and the packet storm continues, the port will be placed in a shutdown forever mode which will produce a warning message to be sent to the trap re...
Page 286
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 277 • storm occurred – will send storm trap warning messages upon the occurrence of a traffic storm only. • storm cleared – will send storm trap messages when a traffic storm has been cleared by the switch only. • both – will send sto...
Page 287: Port Security
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 278 note: ports that are in the shutdown (forever) mode will be seen as discarding in spanning tree windows and implementations though these ports will still be forwarding bpdus to the switch’s cpu. Note: ports that are in shutdown (f...
Page 288: Port Security Entries
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 279 from / to a consecutive group of ports may be configured starting with the selected port. Admin state this pull-down menu allows the user to enable or disable port security (locked mac address table for the selected ports). Max. A...
Page 289: Ip-Mac-Port Binding
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 280 ip-mac-port binding general overview t he switch offers ip-mac-port binding (impb), a d-link security application used most often on edge switches directly connected to network hosts. Impb is also an integral part of d-link’s end-...
Page 290
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 281 strict and loose state other than acl and arp mode, users can also configure the state on a port for granular control. There are two states: strict and loose, and only one state can be selected per port. If a port is set to strict...
Page 291: Impb Global Settings
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 282 figure 6 - 7 arp cache poisoning when the user configures strict mode and enables impb on a port, arp inspection is enabled. For an arp inspection active port: all arp packets should be captured to the cpu (including broadcast arp...
Page 292: Impb Port Settings
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 283 the dhcp snoop state field will enable and disable the dhcp snooping option. To view this window, click security > ip-mac-port binding > impb global settings: figure 6 - 9 impb global settings window the following parameters can b...
Page 293
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 284 figure 6 - 10 impb port settings window the following fields can be set or modified: parameter description unit choose the switch id number of the switch in the switch stack to be modified. From / to select a port or range of port...
Page 294: Impb Entry Settings
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 285 packets. An example of this is that a malicious user can perform dos attacks by statically configuring the arp table on their pc. In this case, the switch cannot block such attacks because the pc will not send out arp packets. All...
Page 295: Dhcp Snoop Entries
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 286 figure 6 - 11 impb entry settings window the following fields can be set or modified: parameter description ipv4 address click the radio button and enter the ipv4 address to bind to the mac address set below. Ipv6 address click th...
Page 296: Mac Block List
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 287 to view particular port settings, choose the unit - port number and click find. To view all entries on the window, click view all. To delete an entry, enter the port number , choose the clear type, and click clear. Mac block list ...
Page 297: 802.1X
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 288 802.1x 802.1x port-based and host-based access control the ieee 802.1x standard is a security measure for authorizing and authenticating users to gain access to various wired or wireless devices on a specified local area network b...
Page 298
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 289 figure 6 - 17 the authentication server authenticator the authenticator (the switch) is an intermediary between the authentication server and the client. The authenticator serves two purposes when utilizing 802.1x. The first purpo...
Page 299
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 290 figure 6 - 19 the client authentication process utilizing the three roles stated above, the 802.1x protocol provides a stable and secure way of authorizing and authenticating users attempting to access the network. Only eapol traf...
Page 300
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 291 port-based network access control figure 6 - 21 example of typical port-based configuration once the connected device has successfully been authenticated, the port then becomes authorized, and all subsequent traffic on the port is...
Page 301
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 292 mac-based network access control figure 6 - 22 example of typical mac-based configuration in order to successfully make use of 802.1x in a shared media lan segment, it would be necessary to create “logical” ports, one for each att...
Page 302: 802.1X Port Settings
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 293 guest vlans figure 6 - 23 guest vlan authentication process limitations using the guest vlan 1. Ports supporting guest vlans cannot be gvrp enabled and vice versa. 2. A port cannot be a member of a guest vlan and a static vlan sim...
Page 303
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 294 figure 6 - 24 configure 802.1x authenticator parameter window to configure the settings by port, click its corresponding modify button, which will display the following table to configure:.
Page 304
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 295 figure 6 - 25 configure 802.1x port settings window this screen allows setting of the following features: parameter description unit choose the switch id number of the switch in the switch stack to be modified. From / to enter the...
Page 305: Guest Vlan Settings
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 296 txperiod (1-65535) this sets the txperiod of time for the authenticator pae state machine. This value determines the period of an eap request/identity packet transmitted to the client. The default setting is 30 seconds. Quietperio...
Page 306
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 297 enabled ports – selecting this option will enable ports listed in the port list below, as part of the guest vlan. Be sure that these ports are configured for this vlan or users will be prompted with an error message. Disabled port...
Page 307: 802.1X User Settings
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 298 ipv6 address click the radio button and enter the radius ipv6 address. Authentic udp port (1-65535) set the radius authentic server(s) udp port. The default port is 1812. Accounting udp port (1-65535) set the radius account server...
Page 308: Initialize Port(S)
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 299 confirm password re-enter the password entered in the field above. Click apply to implement the changes. The new user will be displayed in the 802.1x user table. To remove a user click the corresponding button. Note: the user must...
Page 309: Reauthenticate Port(S)
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 300 from / to select ports to be initialized. Mac address the mac address of the switch connected to the corresponding port, if any. Port a read-only field indicating a port on the switch. Auth pae state the authenticator pae state wi...
Page 310
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 301 figure 6 - 32 reauthenticate port(s) window (mac-based 802.1x) to reauthenticate ports, first choose the switch in the switch stack by using the pull-down menu and then choose the range of ports in the from and to field. Then the ...
Page 311
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 302 web-based access control (wac) conditions and limitations 1. The subnet of the authentication vlan’s ip interface must be the same as that of the client. If not configured properly, the authentication will be permanently denied by...
Page 312: Wac Global Settings
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 303 wac global settings this window is used to enable and configure web-based access control global state on the switch. To view this window, click security > web-based access control (wac) > wac global settings, as shown below. Figur...
Page 313: Wac Port Settings
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 304 configured to be an ipv6 address that exists on the subnet. Http(s) ports(1- 65535) this function specifies the tcp port that will be used to identify the http or https packets to be trapped to the cpu for the authentication proce...
Page 314
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 305 figure 6 - 34 wac port settings window the following parameters can be configured: parameter description unit use the drop-down menu to select the unit you wish to configure. From / to enter the range of ports you wish to configur...
Page 315: Wac User Account
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 306 block time (0-300 sec) this parameter specifies the period of time a host will keep in a blocked state after it fails to authenticate. Enter a value between 0 and 300 seconds. The default setting is 60 seconds. Click apply to impl...
Page 316: Wac Authentication State
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 307 figure 6 - 37 user account modify window the following parameters can be configured: parameter description user name enter a user name for the new account. Old password enter the original password for the user. This field is case-...
Page 317: Trust Host
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 308 figure 6 - 38 wac host table settings window the following parameters can be configured: parameter description port list enter the ports you wish to find or delete. Check the all ports box to select all ports. State select the sta...
Page 318
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 309 figure 6 - 39 security ip window to configure secure ip addresses for trusted host management of the switch, type the ip address of the station you are currently using in the first field as well as up to three additional ip addres...
Page 319
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 310 bpdu attack protection settings this window is used to configure the bpdp protection function for the ports on the switch. In generally, there are two states in bpdu protection function. One is the normal state, and another is the...
Page 320
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 311 the following parameters can be configured: parameter description global state enable or disable the bpdu attack protection global state. Trap state enable or disable the bpdu attack trap state. Log state enable or disable the bpd...
Page 321
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 312 parameter description gateway ip address enter the gateway ip address. Gateway mac address enter the gateway mac address. Ports enter the port or range of ports to be configured. Alternatively, tick the all ports check box to conf...
Page 322
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 313 note: tacacs, xtacacs and tacacs+ are separate entities and are not compatible. The switch and the server must be configured exactly the same, using the same protocol. (for example, if the switch is set up for tacacs authenticatio...
Page 323
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 314 authentication policy and parameter settings this command will enable an administrator-defined authentication policy for users trying to access the switch. When enabled, the device will check the login method list and choose a tec...
Page 324
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 315 parameter description application lists the configuration applications on the switch. The user may configure the login method list and enable method list for authentication for users utilizing the console (command line interface) ...
Page 325: Authentication Server Host
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 316 figure 6 - 45 add a server host to server group - xtacacs window to add an authentication server host to the list, enter its ip address in the ip address field, choose the protocol associated with the ip address of the authenticat...
Page 326
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 317 figure 6 - 47 authentication server host window to add an authentication server host, click the add button, revealing the following window: figure 6 - 48 authentication server host setting - add window configure the following para...
Page 327: Login Method Lists
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 318 note: more than one authentication protocol can be run on the same physical server host but, remember that tacacs/xtacacs/tacacs+ are separate entities and are not compatible with each other. Login method lists this command will c...
Page 328: Enable Method Lists
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 319 figure 6 - 51 login method list – add window to define a login method list, set the following parameters and click apply: parameter description method list name enter a method list name defined by the user of up to 15 characters. ...
Page 329
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 320 note: to set the local enable password, see the next section, entitled local enable password. To view this window, click security > access authentication control > enable method lists, as shown below. Figure 6 - 52 enable method l...
Page 330
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 321 to define an enable login method list, set the following parameters: parameter description method list name enter a method list name defined by the user of up to 15 characters. Method 1, 2, 3, 4 the user may add one, or a combinat...
Page 331: Enable Admin
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 322 enable admin the enable adminwindow is for users who have logged on to the switch on the normal user level, and wish to be promoted to the administrator level. After logging on to the switch, users will have only user level privil...
Page 332: Radius Accounting Settings
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 323 radius accounting settings the accounting feature of the switch uses a remote radius server to collect information regarding events occurring on the switch. The following is a list of information that will be sent to the radius se...
Page 333
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 324 there are three types of accounting that can be enabled on the switch. Network – when enabled, the switch will send informational packets to a remote radius server when 802.1x users connect to the physical ports on the switch to a...
Page 334
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 325 mac-based access control (mac) the mac-based access control feature will allow users to configure a list of mac addresses, either locally or on a remote radius server, to be authenticated by the switch and given access rights base...
Page 335
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 326 figure 6 - 58 mac-based access control global settings window.
Page 336
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 327 the following parameters may be viewed or set: parameter description mac-based access control global settings state use the pull-down menu to globally enable or disable the mac-based access control function on the switch. Method u...
Page 337
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 328 aging time (1-1440 min) specifies a time period (configurable per port) between 1-1440 minutes, during which an authenticated host will stay in an authenticated state. When the aging time has expired, the host will be moved back t...
Page 338: Safeguard Engine
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 329 safeguard engine periodically, malicious hosts on the network will attack the switch by utilizing packet flooding (arp storm) or other methods. These attacks may increase the switch load beyond its capability. To alleviate this pr...
Page 339: Safeguard Engine Settings
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 330 notice: when safeguard engine is enabled, the switch will allot bandwidth to various traffic flows (arp, ip) using the ffp (fast filter processor) metering table to control the cpu utilization and limit traffic. This may limit the...
Page 340: Traffic Segmentation
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 331 flow to the cpu by dynamically allotting an even bandwidth to all traffic flows. Strict – if selected, this function will stop accepting all arp packets not intended for the switch, and will stop receiving all unnecessary broadcas...
Page 341: Secure Socket Layer (Ssl)
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 332 figure 6 - 65 setup forwarding ports window configuring traffic segmentation on the xstack ® dgs-3400 series is accomplished in two parts. First, select a switch in the switch stack by using the unit pull-down menu, and then speci...
Page 342: Ssl
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 333 ssl this window is used to download a certificate file for the ssl function on the switch from a tftp server. The certificate file is a data record used for authenticating devices on the network. It contains information on the own...
Page 343: Secure Shell (Ssh)
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 334 key file name enter the path and the filename of the key file to download. This file must have a .Der extension (ex. C:/pkey.Der) configuration ssl status use the pull-down menu to enable or disable the ssl status on the switch. T...
Page 344: Ssh Server Configuration
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 335 3. Configure the encryption algorithm that ssh will use to encrypt and decrypt messages sent between the ssh client and the ssh server, using the ssh authentication mode and algorithm settings window. 4. Finally, enable ssh on the...
Page 345
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 336 and 60 min. The default setting is never. Listened port number enter the virtual port number to be used with this feature. The common port number for ssh is 22. Click apply to implement the changes. Ssh authentication mode and alg...
Page 346
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 337 default. Public key this field may be enabled or disabled to choose if the administrator wishes to use a public key configuration set on a ssh server, for authentication. This field is enabled by default. Host-based this field may...
Page 347
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 338 ssh user authentication mode the following windows are used to configure parameters for users attempting to access the switch through ssh. To view this window, click security > ssh > ssh user authentication mode, as shown below. F...
Page 348: Compound Authentication
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 339 must be a previously configured user account on the switch. Auth. Mode the administrator may choose one of the following to set the authorization for users attempting to access the switch. Host based – this parameter should be cho...
Page 349
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 340 802.1x + impb mode this mode adds an extra layer of security by checking the ip mac-binding port binding (impb) table before trying one of the supported authentication methods. The impb table is used to create a “white list” that ...
Page 350
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 341 permit if permit is selected, the client is always regarded as an authenticated. If the guest vlan enabled, the client will stay at the guest vlan, otherwise, it will stay at the original vlan. Click apply to implement the changes...
Page 351
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 342 figure 6 - 78 multiple authentication settings window the following parameters may be set: parameter description unit choose the unit id of the switch in the switch stack you wish to configure. From / to select a port or range of ...
Page 352
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 343 methods none – specifies that multiple authentication is not enabled. Any – specifies that a client will gain access if it passes any of the authentication methods (802.1x, mac, or jwac/wac). 802.1x+impb – specifies that 802.1x+im...
Page 353: Jwac Global Settings
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 344 japanese web-based access control (jwac) the jwac folder contains six windows: jwac global configuration, jwac port settings, jwac user account, jwac host information, jwac customize page language settings and jwac customize page....
Page 354
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 345 figure 6 - 81 jwac global state configuration window.
Page 355
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 346 to set jwac for the switch, complete the following fields: parameter description jwac global state settings jwac global state use this drop-down menu to either enable or disable jwac on the switch. Jwac configuration forcible logo...
Page 356: Jwac Port Settings
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 347 error timeout (5-300 sec) this parameter is used to set the quarantine server error timeout. When the quarantine server monitor is enabled, the jwac switch will periodically check if the quarantine works okay. If the switch does n...
Page 357
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 348 figure 6 - 82 jwac port table parameter window to configure individual jwac port settings, click the add button, the following window will be displayed:.
Page 358
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 349 figure 6 - 83 jwac port table parameter - add window to configure the settings by port, click the corresponding modify button, which will display the following window: figure 6 - 84 j jwac port table parameter - edit window to set...
Page 359: Jwac User Account
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 350 min) 1440 minutes. To maintain a constant port configuration, tick the infinite check box. Idle time (1-1440 minutes) this parameter specifies the period of time during which there is no traffic for an authenticated host and the h...
Page 360: Jwac Authentication State
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 351 to view jwac user settings for the switch, click the show all jwac user account entries link, to view the following window: figure 6 - 87 jwac user accounts window to add another jwac user account to the switch, click the add butt...
Page 361
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 352 figure 6 - 89 jwac authentication state table window to search for hosts, enter the port list information and click the search button. To clear an entry, enter the port list information and click the delete button. Jwac customize ...
Page 362: Jwac Customize Page
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 353 jwac customize page this window is used to customize fields in the jwac customize page. To view this window, click security > japanese web-based access control (jwac) > jwac customize page, as shown below. Figure 6 - 91 jwac custo...
Page 363: Section 7
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 354 section 7 monitoring device status stacking information stacking device module information dram & flash utilization cpu utilization port utilization packets errors packet size browse router port browse mld router port vlan status ...
Page 364: Stacking Information
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 355 the following fields may be viewed in this window: parameter description id specifies the switch in the switch stack that is being displayed. Internal power displays active if the internal power supply is powering the system. Exte...
Page 365: Stacking Device
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 356 exist denotes whether a switch does or does not exist in a stack. Priority displays the priority id of the switch. The lower the number, the higher the priority. The box (switch) with the lowest priority number in the stack denote...
Page 366: Dram & Flash Utilization
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 357 module name the full name of the module installed. Rev. No. The version of the installed module. Serial the serial number of the module. Description a brief description of the type of module. Dram & flash utilization this window i...
Page 367: Cpu Utilization
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 358 cpu utilization this window displays the percentage of the cpu being used, expressed as an integer percentage and calculated as a simple average by time interval. To view this window, click monitoring > cpu utilization, as shown b...
Page 368: Port Utilization
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 359 port utilization this window displays the percentage of the total available bandwidth being used on the port. To view this window, click monitoring > port utilization, as shown below. Figure 7 - 7 port utilization window to select...
Page 369: Packets
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 360 packets the web manager allows various packet statistics to be viewed as either a line graph or a table. Six windows are offered. Received (rx) this window displays the following graph of packets received on the switch. To select ...
Page 370
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 361 figure 7 - 9 rx packets analysis table window the following fields may be set or viewed: parameter description time interval select the desired setting between 1s and 60s, where “s” stands for seconds. The default value is one sec...
Page 371: Umb Cast (Rx)
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 362 umb cast (rx) to select a port to view these statistics for, first select the switch in the switch stack by using the unit pull-down menu and then select the port by using the port pull-down menu. The user may also use the real-ti...
Page 372
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 363 figure 7 - 11 rx packets analysis window (table for unicast, multicast, and broadcast packets) the following fields may be set or viewed: parameter description time interval select the desired setting between 1s and 60s, where “s”...
Page 373: Transmitted (Tx)
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 364 transmitted (tx) to select a port to view these statistics for, first select the switch in the switch stack by using the unitpull-down menu and then select the port by using the port pull-down menu. The user may also use the real-...
Page 374
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 365 figure 7 - 13 tx packets analysis window (table for bytes and packets) the following fields may be set or viewed: parameter description time interval select the desired setting between 1s and 60s, where “s” stands for seconds. The...
Page 375: Errors
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 366 errors the web manager allows port error statistics compiled by the switch's management agent to be viewed as either a line graph or a table. Four windows are offered. Received (rx) to select a port to view these statistics for, f...
Page 376
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 367 figure 7 - 15 rx error analysis window (table) the following fields can be set: parameter description time interval select the desired setting between 1s and 60s, where “s” stands for seconds. The default value is one second. Reco...
Page 377: Transmitted (Tx)
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 368 vlaningdr incremented for each packet that is discarded by vlan ingress checking. Show/hide check whether or not to display crc error, under size, over size, fragment, jabber, and drop errors. Clear clicking this button clears all...
Page 378
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 369 figure 7 - 17 tx error analysis window (table) the following fields may be set or viewed: parameter description time interval select the desired setting between 1s and 60s, where “s” stands for seconds. The default value is one se...
Page 379: Packet Size
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 370 packet size the web manager allows packets received by the switch, arranged in six groups and classed by size, to be viewed as either a line graph or a table. Two windows are offered. To select a port to view these statistics for,...
Page 380
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 371 to view the packet size analysis table window, click the link view table , which will show the following table: figure 7 - 19 rx size analysis window (table) the following fields can be set or viewed: parameter description time in...
Page 381: Browse Router Port
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 372 512-1023 the total number of packets (including bad packets) received that were between 512 and 1023 octets in length inclusive (excluding framing bits but including fcs octets). 1024-1518 the total number of packets (including ba...
Page 382: Browse Mld Router Port
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 373 browse mld router port this displays which of the switch’s ports are currently configured as router ports in ipv6. A router port configured by a user (using the console or web-based management interfaces) is displayed as a static ...
Page 383: Vlan Status Port
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 374 vlan status port this window allows the vlan status for each of the switch's ports to be viewed. To view settings for a particular port, enter the port number and click find. To view this window, click monitoring > vlan status por...
Page 384: Authenticator Statistics
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 375 mac address displays the mac address of the client that is present when configured in mac based mode. It displays “-p” when configured in port based mode. State the authenticator state value can be: authenticated, authenticating, ...
Page 385: Authenticator Diagnostics
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 376 authenticator diagnostics this table contains the diagnostic information regarding the operation of the authenticator associated with each port. An entry appears in this table for each port that supports the authenticator function...
Page 386
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 377 parameter description invalidserveraddresses the number of radius accounting-response packets received from unknown addresses. Identifier the nas-identifier of the radius accounting client. (this is not necessarily the same as sys...
Page 387: Mac Address Table
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 378 mac address table this allows the switch's dynamic mac address forwarding table to be viewed. When the switch learns an association between a mac address and a port number, it makes an entry into its forwarding table. These entrie...
Page 388: Igmp Snooping Group
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 379 igmp snooping group this window allows the switch’s igmp snooping group table to be viewed. Igmp snooping allows the switch to read the multicast group ip address and the corresponding mac address from igmp packets that pass throu...
Page 389: Mld Snooping Group
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 380 mld snooping group the following window allows the user to view mld snooping groups present on the switch. Mld snooping is an ipv6 function comparable to igmp snooping for ipv4. The user may browse this table by vlan name present ...
Page 390: Trace Route
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 381 trace route the following window will aid the user in back tracing the route taken by a packet before arriving at the switch. When initiated, the trace route program will display the ip addresses of the previous hops a packet take...
Page 391
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 382 trace ipv6 route to view this window, click monitoring > trace route > trace ipv6 route, as shown below. Figure 7 - 36 trace ipv6 route window the following parameter can be configured: parameter description target ipv6 address en...
Page 392: Switch Logs
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 383 switch logs the web manager allows the switch's history log, as compiled by the switch's management agent, to be viewed. To view this window, click monitoring > switch log, as shown below. Figure 7 - 37 switch history logs window ...
Page 393: Browse Arp Table
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 384 browse arp table this window will show current arp entries on the switch. To search a specific arp entry, enter an interface name into the interface name, an ip address or a mac address, and click find. To clear the arp table, cli...
Page 394: Ip Forwarding Table
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 385 ip forwarding table the ip forwarding table window is read-only where the user may view ip addresses discovered by the switch. To search a specific ip address, enter it into the field labeled ip address at the top of the window an...
Page 395
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 386 browse ipv6 routing table to view this window, click monitoring > routing table > browse ipv6 routing table, as shown below. Figure 7 - 42 ipv6 routing table window mac-based access control authentication status to clear mac-based...
Page 396: Section 8
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 387 section 8 save, reset and reboot reset reboot system save services logout reset the resetfunction has several options when resetting the switch. Some of the current configuration parameters can be retained while resetting all othe...
Page 397: Save Services
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 388 click the no radio button for not saving the current configuration before restarting the switch. All of the configuration information entered from the last time save changeswas executed will be lost. Click the restart button to re...
Page 398: Configuration Information
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 389 configuration information the following window is used to view information regarding configuration files saved in the switch. The switch can hold two configuration files in its memory. Configuration files can be uploaded to the sw...
Page 399: Logout
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 390 current configuration settings the following window is used to select one of the two possible configuration files that can be stored in the switch as a boot up configuration file, or to select it for deletion from the switch’s mem...
Page 400: Appendix A
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 391 appendix a mitigating arp spoofing attacks using packet content acl how address resolution protocol works address resolution protocol (arp) is the standard method for finding a host’s hardware address (mac address) when only its i...
Page 401
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 392 figure 2 when the switch floods the frame of arp request to the network, all pcs will receive and examine the frame but only pc b will reply the query as the destination ip matched (see figure 3). Figure 3 when pc b replies to the...
Page 402
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 393 how arp spoofing attacks a network arp spoofing, also known as arp poisoning, is a method to attack an ethernet network which may allow an attacker to sniff data frames on a lan, modify the traffic, or stop the traffic altogether ...
Page 403
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 394 a common dos attack today can be done by associating a nonexistent or any specified mac address to the ip address of the network’s default gateway. The malicious attacker only needs to broadcast one gratuitous arp to the network c...
Page 404
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 395 example topology.
Page 405: Configuration
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 396 configuration the configuration logic is as follows: 1. Only if the arp matches source mac address in ethernet, sender mac address and sender ip address in arp protocol can pass through the switch. (in this example, it is the gate...
Page 406
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 397.
Page 407: Appendix B
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 398 appendix b switch log entries the following table lists all possible entries and their corresponding meanings that will appear in the system log of this switch. Category event description log information severity remark system sys...
Page 408
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 399 configuration successfully downloaded configuration successfully downloaded by console (username: , ip: ) informational by console and “ip: , mac: “ are xor shown in log string, which means if user login by console, will no ip and...
Page 409
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 400 will no ip and mac information for logging console successful login through console unit , successful login through console (username: ) informational there are no ip and mac if login by console. Login failed through console unit ...
Page 410
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 401 ) cist new root selected cist new root bridge selected (mac: , priority: ) informational msti root selected msti regional new root bridge selected (instance: , mac: , priority: ) informational bpdu loop back on port bpdu loop back...
Page 411
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 402 method ) successful login through web (ssl) authenticated by aaa local method successful login through web (ssl) from authenticated by aaa local method (username: ) informational login failed through web (ssl) authenticated by aaa...
Page 412
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 403 login failed through console due to aaa server timeout or improper configuration login failed through console due to aaa server timeout or improper configuration (username: ) warning successful login through web authenticated by a...
Page 413
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 404 configuration ) successful enable admin through console authenticated by aaa local_enable method successful enable admin through console authenticated by aaa local_enable method (username: ) informational enable admin failed throu...
Page 414
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 405 successful enable admin through console authenticated by aaa none method successful enable admin through console authenticated by aaa none method (username: ) informational successful enable admin through web authenticated by aaa ...
Page 415
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 406 ) enable admin failed through web (ssl) authenticated by aaa server enable admin failed through web (ssl) from authenticated by aaa server (username: ) warning enable admin failed through web (ssl) due to aaa server timeout or imp...
Page 416
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 407 dynamic impb entry is in conflict with static arp dynamic impb entry is conflict with static arp(ip: , mac: , port ) warning dynamic impb entry conflicts with static impb dynamic impb entry conflicts with static impb: , mac: , por...
Page 417
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 408 the authorized number of users on a port has reached the maximum user limit. Port enters mbac stop learning state. Warning the authorized number of users on a port is below the maximum user limit in a time interval (interval is pr...
Page 418: Appendix C
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 409 whole device. This log will be triggered when the authorized user number is below the max user limit on whole device in a time interval (interval is project depended) wac recovers from stop learning state. Warning appendix c trap ...
Page 419
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 410 vlanlooprestart this trap is sent when a port with a vid loop restarts after the interval time. 1.3.6.1.4.1.171.11.70.1.2.16.1.2.0 .0.6 1.3.6.1.4.1.171.11.70.2.2.16.1.2.0 .0.6 1.3.6.1.4.1.171.11.70.3.2.16.1.2.0 .0.6 1.3.6.1.4.1.17...
Page 420
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 411 singleipmsauthfail the commander switch will send swsingleipmsauthfail notification to the indicated host when its member generates an authentation failure notification 1.3.6.1.4.1.171.12.8.6.0.15 singleipmsnewroot the commander s...
Page 421
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 412 powerrecover power recover notification. The notification is issued when the swpowerstatus changes in the following cases: fail -> lowvoltage. Fail -> overcurrent. Fail -> working. 1.3.6.1.4.1.171.12.11.2.2.2.0.3 agentgratuitousar...
Page 422
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 413 its election. Implementation of this trap is optional. Topologychange a topologychange trap is sent by a bridge when any of its configured ports transitions from the learning state to the forwarding state, or from the forwarding s...
Page 423: Glossary
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 414 glossary 1000base-sx: a short laser wavelength on multimode fiber optic cable for a maximum length of 550 meters 1000base-lx: a long wavelength for a “long haul” fiber optic cable for a maximum length of 10 kilometers 100base-fx: ...
Page 424
Xstack ® dgs-3400 series layer 2 gigabit ethernet managed sw itch 415 line speed: see baud rate. Main port: the port in a resilient link that carries data traffic in normal operating conditions. Mdi - medium dependent interface: an ethernet port connection where the transmitter of one device is conn...