Page 1 User Manual DGS-3200 Series Product Model: Layer 2 Gigabit Ethernet Managed Switch Release 1.1...
Page 2 Microsoft Corporation. Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products. D-Link Computer Corporation disclaims any proprietary interest in trademarks and trade names other than its own.
Page 3 FCC Warning This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment.
Page 4: Table Of Contents
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Table of Contents Intended Readers.................................... x Typographical Conventions ....................................x Notes, Notices, and Cautions ................................ xi Safety Instructions..................................xii Safety Cautions ......................................xii General Precautions for Rack-Mountable Products ............................ xiii Lithium Battery Precaution..................................xiv Protecting Against Electrostatic Discharge ..............................xiv...
Page 5 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Configuration ..............................27 Device Information ..................................27 System Information..................................28 Serial Port Settings..................................29 IP Address ....................................30 Setting the Switch's IP Address using the Console Interface ........................31 IPv6 Interface Settings ................................. 32 IPv6 Route Table ..................................
Page 6 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch SNMP Community Table....................................58 SNMP Host Table ......................................60 SNMP v6Host Table .....................................60 SNMP Engine ID ......................................61 SNMP Trap Configuration....................................61 RMON ..........................................62 Single IP Management ................................. 62 Single IP Settings......................................64 Topology........................................65 Firmware Upgrade ......................................71 Configuration File Backup/Restore................................71...
Page 7 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Bandwidth Control..................................108 Traffic Control ................................... 108 802.1p Default Priority................................111 802.1p User Priority ................................... 111 QoS Scheduling Mechanism ..............................112 Security .................................113 Safeguard Engine ..................................113 Trusted Host....................................115 IP-MAC-Port Binding................................116 IP-MAC Binding Port Settings ...................................116...
Page 8 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch JWAC Port Settings ....................................149 JWAC User Settings ....................................150 ACL ................................151 Access Profile List ..................................151 CPU Access Profile List................................165 Time Range Settings .................................. 178 Monitoring ..............................179 CPU Utilization..................................179 Port Utilization................................... 181 Packet Size ....................................
Page 9 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Reboot System ................................... 213 Appendix A - Technical Specifications ......................214 Appendix B - Cables and Connectors ......................216 Appendix C – Module Specs and Cable Lengths ..................217 Appendix D - Switch Log Entries .......................218 Appendix E –...
Page 10: Intended Readers
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Intended Readers The DGS-3200-10 Series Manual contains information for setup and management of the Switch. This manual is intended for network managers familiar with network management concepts and terminology. Typographical Conventions Convention Description In a command line, square brackets indicate an optional entry.
Page 11: Notes, Notices, And Cautions
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Notes, Notices, and Cautions A NOTE indicates important information that helps make better use of the device. A NOTICE indicates either potential damage to hardware or loss of data and tells how to avoid the problem.
Page 12: Safety Instructions
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Safety Instructions Use the following safety guidelines to ensure your own personal safety and to help protect your system from potential damage. Throughout this safety section, the caution icon ( ) is used to indicate cautions and precautions that need to be reviewed and followed.
Page 13: General Precautions For Rack-Mountable Products
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch • Observe extension cable and power strip ratings. Make sure that the total ampere rating of all products plugged into the extension cable or power strip does not exceed 80 percent of the ampere ratings limit for the extension cable or power strip.
Page 14: Lithium Battery Precaution
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch NOTE: A qualified electrician must perform all connections to DC power and to safety grounds. All electrical wiring must comply with applicable local or national codes and practices. CAUTION: Never defeat the ground conductor or operate the equipment in the absence of a suitably installed ground conductor.
Page 15: Introduction
This manual describes the installation, maintenance and configurations concerning the Switch. Switch Description D-Link's next-generation DGS-3200 Series is a high performancee switch family that combines ultimate performance with fault tolerance, security, management functions with flexibility, and ease-of-use. The Switch has a combination of 1000BASE-T ports and SFP ports that may be used in uplinking various network devices to the Switch, including PCs, hubs and other switches to provide a gigabit Ethernet uplink in full-duplex mode.
Page 16: Features
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Features The list of features below highlights the significant features of the Switch. • IEEE 802.3 compliant • IEEE 802.3z compliant • IEEE 802.3x Flow Control in full-duplex compliant • IEEE 802.3u compliant •...
Page 17: Ports
Two Combo SFP Ports (both 100FX and 1000BASE-X) • Two 1000Mbps Copper Combo Ports (10BASE-T/100BASE-TX/1000BASE-T) • One RS-232 DB-9 console port NOTE: For customers interested in D-View, D-Link Corporation's proprietary SNMP management software, go to the D-Link Website and download the software and manual.
Page 18: Front-Panel Components
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Front-Panel Components The front panel of the Switch consists of LED indicators for Power, Console, and for Link/Act for each port on the Switch including SFP port LEDs. A separate table below describes LED indicators in more detail.
Page 19: Rear Panel Description
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch This LED will light green after powering the Switch on to indicate the ready state of the Power device. The indicator is dark when the Switch is no longer receiving power (i.e powered off).
Page 20: Side Panel Description
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Side Panel Description The system heat vents located on each side dissipate heat. Do not block these openings. Leave at least 6 inches of space at the rear and sides of the Switch for proper ventilation. Be reminded that without proper heat dissipation and air circulation, system components might overheat, which could lead to system failure or even severely damage components.
Page 21: Installation
• RS-232 console cable • One CD Kit for User’s Guide/CLI/D-View module If any item is missing or damaged, please contact your local D-Link Reseller for replacement. Installation Guidelines Please follow these guidelines for setting up the Switch: • Install the Switch on a sturdy, level surface that can support at least 6.6 lb. (3 kg) of weight. Do not place heavy objects on the Switch.
Page 22: Installing The Switch Without The Rack
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Installing the Switch without the Rack First, attach the rubber feet included with the Switch if installing on a desktop or shelf. Attach these cushioning feet on the bottom at each corner of the device. Allow enough ventilation space between the Switch and any other objects in the vicinity.
Page 23: Installing The Switch In A Rack
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Installing the Switch in a Rack The Switch can be mounted in a standard 19" rack. Use the following diagrams as a guide. Figure 2- 3. Fasten mounting brackets to the DGS-3200-10 Figure 2- 4.
Page 24: Mounting The Switch In A Standard 19" Rack
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Mounting the Switch in a Standard 19" Rack Figure 2- 5. Installing the DGS-3200-10 in a rack Figure 2- 6. Installing the DGS-3200-16 in a rack Power On 1. Plug one end of the AC power cord into the power connector of the Switch and the other end into the local power source outlet.
Page 25: Installing The Sfp Ports
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Installing the SFP ports The Switch is equipped with SFP (Small Form Factor Portable) ports, which are to be used with fiber-optical transceiver cabling in order to uplink various other networking devices for a gigabit link that may span great distances. These SFP ports support full- duplex transmissions, have auto-negotiation and can be used with DEM-310GT (1000BASE-LX), DEM-311GT (1000BASE-SX), DEM-312GT2 (1000BASE-SX), DEM-314GT (1000BASE-LH) and DEM-315GT (1000BASE-ZX) transceivers.
Page 26: Connecting The Switch
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Section 3 Connecting the Switch Switch to End Node Switch to Switch Connecting To Network Backbone or Server NOTE: All high-performance N-Way Ethernet ports can support both MDI-II and MDI-X connections. Switch to End Node End nodes include PCs outfitted with a 10, 100 or 1000 Mbps RJ-45 Ethernet Network Interface Card (NIC) and routers.
Page 27 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 3- 2. Connect the DGS-3200-16 to a port on a switch with straight or crossover cable Figure 3- 3. An example of a typical DGS-3200-10 connection...
Page 28 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 3- 4. An example of a typical DGS-3200-16 connection...
Page 29: Connecting To Network Backbone Or Server
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Connecting To Network Backbone or Server The combo SFP ports and the 1000BASE-T ports are ideal for uplinking to a network backbone, server or server farm. The copper ports operate at a speed of 1000, 100 or 10Mbps in full or half duplex mode. The fiber-optic ports can operate at both 100Mbps and 1000Mbps in full duplex mode.
Page 30: Introduction To Switch Management
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Section 4 Introduction to Switch Management Management Options Connecting the Console Port (RS-232 DCE) First Time Connecting to the Switch Password Protection SNMP Settings IP Address Assignment Connecting Devices to the Switch Management Options This system may be managed out-of-band through the console port on the front panel or in-band using Telnet.
Page 31: Connecting The Console Port (Rs-232 Dce)
Enter the commands to complete desired tasks. Many commands require administrator-level access privileges. Read the next section for more information on setting up user accounts. See the DGS-3200 Series CLI Manual on the documentation CD for a list of all commands and additional information on using the CLI.
Page 32: Managing The Switch For The First Time
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Once connected to the console, the screen below will appear on the console screen. This is where the user will enter commands to perform all the available management functions. The Switch will prompt the user to enter a user name and a password. Upon the initial connection, there is no user name or password and therefore just press enter twice to access the command line interface.
Page 33: Password Protection
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 4- 2. Initial screen, first time connecting to the Switch Press Enter in both the Username and Password fields. Then access will be given to enter commands after the command prompt DGS-3200-10:4#.
Page 34 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch The sample below illustrates a successful creation of a new administrator-level account with the user name "newmanager". DGS-3200-10:4#create account admin newmanager Command: create account admin newmanager Enter a case-sensitive new password:******** Enter the new password again for confirmation:******** Success.
Page 35 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch SNMP Settings Simple Network Management Protocol (SNMP) is an OSI Layer 7 (Application Layer) designed specifically for managing and monitoring network devices. SNMP enables network management stations to read and modify the settings of gateways, routers, switches and other network devices.
Page 36: Ip Address Assignment
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch IP Address Assignment An IP Address must be assigned to each switch, which is used for communication with an SNMP network manager or other TCP/IP application (for example BOOTP, TFTP). The Switch's default IP address is 10.90.90.90. The user may change the default Switch IP address to meet the specification of your networking address scheme.
Page 37 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 4- 4. Assigning the Switch an IP Address In the above example, the Switch was assigned an IP address of 10.24.22.100 with a subnet mask of 255.0.0.0. The system message Success indicates that the command was executed successfully. The Switch can now be configured and managed via...
Page 38: Web-Based Switch Configuration
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Section 5 Web-based Switch Configuration Introduction Logging onto the Web Manager Web-Based User Interface Basic Setup Reboot Basic Switch Setup Network Management Switch Utilities Network Monitoring IGMP Snooping Status Introduction All software functions of the Switch can be managed, configured, and monitored via the embedded web-based (HTML) interface.
Page 39: Web-Based User Interface
Presents a graphical near real-time image of the front panel of the Switch. This area displays the Switch's ports and expansion modules and shows port activity, depending on the specified mode. Some management functions, including port monitoring are accessible here. Click the D-Link logo to go to the D-Link website.
Page 40: Web Pages
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Web Pages When connecting to the management mode of the Switch with a web browser, a login screen is displayed. Enter a user name and password to access the Switch's management mode.
Page 41: Configuration
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Section 6 Configuration Device Information Serial Port Settings System Information IP Address IPv6 Interface Settings IPv6 Route Table Port Configuration Static ARP Settings User Accounts System Log Configuration System Severity Settings DHCP/BOOTP Relay...
Page 42: System Information
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 6- 1. Device Information window System Information This window allows a user to enter a System Name, System Location, and System Contact to aid in defining the Switch. To enter system information for the Switch: Open the Configuration folder and click System Information.
Page 43: Serial Port Settings
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Serial Port Settings This window allows a user to adjust the Baud Rate and the Auto Logout values. To enter serial port settings for the Switch: Open the Configuration folder and click Serial Port Settings to open the following window: Figure 6- 3.
Page 44: Ip Address
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch IP Address The IP address may initially be set using the console interface prior to connecting to it through the Ethernet. If the Switch IP address has not yet been changed, read the introduction of the DGS-3200-10 CLI Manual or return to Section 4 of this manual for more information.
Page 45: Setting The Switch's Ip Address Using The Console Interface
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Subnet Mask A Bitmask that determines the extent of the subnet that the Switch is on. Should be of the form xxx.xxx.xxx.xxx, where each xxx is a number (represented in decimal) between 0 and 255. The value should be 255.0.0.0 for a Class A network, 255.255.0.0 for a Class B network, and...
Page 46: Ipv6 Interface Settings
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch IPv6 Interface Settings To configure the Switch's IPv6 interface settings: Open the Configuration folder and click IPv6 Interfaces Settings. The web manager will display the Switch's current IPv6 interface settings in this window, as displayed below.
Page 47: Ipv6 Neighbor Settings
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch IPv6 Neighbor Settings To configure the Switch's IPv6 neighbor settings: Open the Configuration folder and click IPv6 Neighbor Settings. The web manager will display the Switch's current IPv6 neighbor settings in the table at the bottom of this window, as displayed below.
Page 48: Port Configuration
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Port Configuration The Port Configuration folder contains three windows: Port Settings, Port Description, and Port Error Disabled. Port Settings Click Configuration > Port Configuration > Port Settings to display the following window: Figure 6- 9.
Page 49: Port Description
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Learning source MAC addresses are automatically listed in the forwarding table. When address learning is Disabled, MAC addresses must be manually entered into the forwarding table. This is sometimes done for reasons of security or efficiency. See the section on Forwarding/Filtering for information on entering MAC addresses into the forwarding table.
Page 50: Static Arp Settings
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Reason Describes the reason why the port has been error-disabled, such as it has become a shutdown port for storm control. Static ARP Settings The Address Resolution Protocol is a TCP/IP protocol that converts IP addresses into physical addresses. This table allows network managers to view, define, modify, and delete ARP information for specific devices.
Page 51: User Accounts
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch User Accounts Use the User Accounts window to control user privileges. To view existing User Accounts, open the Configuration folder and click on the User Accounts link. This will open the User Accounts window, as displayed below.
Page 52: System Log Configuration
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch System Log Configuration The System Log Configuration folder contains two windows: System Log Settings and System Log Host. System Log Settings The System Log Settings window may be used to choose a method for which to save the switch log to the flash memory of the Switch.
Page 53: System Severity Settings
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Facility Use the drop-down menu to select Local 0, Local 1, Local 2, Local 3, Local 4, Local 5, Local 6, or Local 7. Status Choose Enabled or Disabled to activate or deactivate.
Page 54: Dhcp/Bootp Relay
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch DHCP/BOOTP Relay The DHCP/BOOTP Relay folder contains two windows: DHCP/BOOTP Relay Global Settings and DHCP/BOOTP Relay Interface Settings. DHCP/BOOTP Relay Global Settings The relay hops count limit allows the maximum number of hops (routers) that the DHCP/BOOTP messages can be relayed through to be set.
Page 55 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Disabled- If the field is toggled to Disabled the relay agent will not insert and remove DHCP relay information (option 82 field) in messages between DHCP servers and clients, and the check and policy settings will have no effect.
Page 56 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch d. Length VLAN: the incoming VLAN ID of DHCP client packet. Module: For a standalone switch, the Module is always 0; For a stackable switch, the Module is the Unit ID. g. Port: The incoming port number of DHCP client packet, port number starts from 1.
Page 57: Dhcp/Bootp Relay Interface Settings
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch DHCP/BOOTP Relay Interface Settings This window allows the user to set up a server, by IP address, for relaying DHCP/BOOTP information to the Switch. The user may enter a previously configured IP interface on the Switch that will be connected directly to the DHCP/BOOTP server using this window.
Page 58: Mac Address Aging Time
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch MAC Address Aging Time To configure the MAC Address Aging Time on the Switch, click Configuration > MAC Address Aging Time: Figure 6- 22. MAC Address Aging Time window Enter a value between 10 and 875 seconds.
Page 59: Telnet Settings
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Telnet Settings To configure Telnet Settings on the Switch, click Configuration > Telnet Settings: Figure 6- 24. Telnet Settings window The following parameters may be configured or viewed: Parameter Description Telnet Status Telnet configuration is Enabled by default.
Page 60: Cli Paging Settings
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch CLI Paging Settings To configure CLI paging on the Switch, click Configuration > CLI Paging Settings: Figure 6- 26. CLI Paging Settings window The following parameter may be configured or viewed: Parameter...
Page 61 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Console Serial Port (RS-232). T - If the IP address has this letter attached to it, it denotes a firmware upgrade through Telnet. S - If the IP address has this letter attached to it, it denotes a firmware upgrade through the Simple Network Management Protocol (SNMP).
Page 62: Dual Configuration Settings
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Dual Configuration Settings The following window displays dual configuration settings on the Switch. The Switch allows two firmware images to be stored in its memory and either can be configured to be the boot-up firmware for the Switch. The user may select a boot-up firmware image for the Switch by clicking the Boot button to select it.
Page 63: Smtp Settings
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch SMTP Settings SMTP or Simple Mail Transfer Protocol is a function of the Switch that will send switch events to mail recipients based on e-mail addresses entered in the window below. The Switch is to be configured as a client of SMTP while the server is a remote device that will receive messages from the Switch, place the appropriate information into an e-mail and deliver it to recipients configured on the Switch.
Page 64: Ping Test
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Ping Test Ping is a small program that sends ICMP Echo packets to the IP address you specify. The destination node then responds to or "echoes" the packets sent from the Switch. This is very useful to verify connectivity between the Switch and other nodes on the network.
Page 65: Sntp Settings
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch SNTP Settings SNTP or Simple Network Time Protocol is used by the Switch to synchronize the clock of the computer. The SNTP Settings folder contains two windows: Time Settings and Time Zone Settings.
Page 66: Time Zone Settings
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Time Zone Settings The following window is used to configure time zones and Daylight Savings time settings for SNTP. Open the Configuration folder, click SNTP Settings, and click the Time Zone Settings link, revealing the following window.
Page 67: Mac Notification Settings
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch To: Day Of Week Enter the day of the week that DST will end. To: Month Enter the month that DST will end. To: Time In HH:MM Enter the time DST will end.
Page 68: Mac Notification Port Settings
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch MAC Notification Port Settings To set MAC notification for individual ports on the Switch, open the Configuration folder, click MAC Notification Settings, and click the MAC Notification Port Settings link, revealing the following window.
Page 69: Snmp Settings
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch SNMP Settings Simple Network Management Protocol (SNMP) is an OSI Layer 7 (Application Layer) designed specifically for managing and monitoring network devices. SNMP enables network management stations to read and modify the settings of gateways, routers, switches, and other network devices.
Page 70: Snmp Global State Settings
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch SNMP Global State Settings SNMP global state settings can be enabled or disabled on this window. To view the SNMP Global State Settings window, open the SNMP Settings folder under Configuration and click SNMP Global State Settings entry. The following window should appear: Figure 6- 35.
Page 71: Snmp Group Table
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch SNMP Group Table An SNMP Group created with this table maps SNMP users (identified in the SNMP User Table) to the views created in the previous window. To view the SNMP Group Table window, open the SNMP Settings folder in the Configuration folder and click the SNMP Group Table entry.
Page 72: Snmp User Table
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch SNMP User Table This window displays all of the SNMP User's currently configured on the Switch. In the SNMP Settings folder, located in the Configuration folder, click on the SNMP User Table link. This will open the SNMP User Table window, as shown below.
Page 73 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch • An Access List of IP addresses of SNMP managers that are permitted to use the community string to gain access to the Switch's SNMP agent. • Any MIB view that defines the subset of all MIB objects will be accessible to the SNMP community.
Page 74: Snmp Host Table
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch SNMP Host Table Use the SNMP Host Table window to set up SNMP trap recipients. Open the SNMP Settings folder located in the Configuration folder and click on the SNMP Host Table link. This will open the SNMP Host Table window, as shown below.
Page 75: Snmp Engine Id
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch The following parameters can set: Parameter Description Host IPv6 Address Type the IP address of the remote management station that will serve as the SNMP host for the Switch. V1 - To specifies that SNMP version 1 will be used.
Page 76: Rmon
To enable or disable RMON for SNMP, use the radio button and click Apply. Single IP Management Simply put, D-Link Single IP Management is a concept that will stack switches together over Ethernet instead of using stacking ports or modules. There are some advantages in implementing the "Single IP Management" feature: 1.
Page 77 The CaS can be configured through the CS to become a MS. After configuring one switch to operate as the CS of a SIM group, additional DGS-3200 Series switches may join the group by manually configuring the Switch to be a MS. The CS will then serve as the in band entry point for access to the MS. The CS’s IP address will become the path to all MS's of the group and the CS’s Administrator's password, and/or authentication will control...
Page 78: Single Ip Settings
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch • Configuration Files – This switch now supports downloading and uploading of configuration files both to (for configuration restoration) and from (for configuration backup) MS’s, using a TFTP server. • Log – The Switch now supports uploading MS log files to a TFTP server.
Page 79: Topology
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 6- 47. Single IP Settings window for Commander (enabled) Topology This window will be used to configure and manage the Switch within the SIM group and requires Java script to function properly on your computer.
Page 80 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Remote Port Displays the number of the physical port on the MS or CaS to which the CS is connected. The CS will have no entry in this field. MAC Address Displays the MAC Address of the corresponding Switch.
Page 81 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Layer 3 candidate switch Unknown device Non-SIM devices Tool Tips In the Topology view window, the mouse plays an important role in configuration and in viewing device information. Setting the mouse cursor over a specific device in the topology window (tool tip) will display the same information about a specific device as the Tree view does.
Page 82 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Right-Click Right-clicking on a device will allow the user to perform various functions, depending on the role of the Switch in the SIM group and the icon associated with it. Group Icon Figure 6- 52.
Page 83 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Commander Switch Icon Figure 6- 54. Right-Clicking a Commander Icon The following options may appear for the user to configure: • Collapse - To collapse the group that will be represented by a single icon.
Page 84 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch • Expand - To expand the SIM group, in detail. • Add to group - Add a candidate to a group. Clicking this option will reveal the following dialog box for the user to enter a password for authentication from the Candidate Switch before being added to the SIM group.
Page 85: Firmware Upgrade
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Firmware Upgrade The Commander Switch may be used for firmware upgrades of member switches. To access the following window, click Configuration > Single IP Management > Firmware Upgrade. Member Switches will be listed in the table and will be specified by Port (port on the CS where the MS resides), MAC Address, Model Name and Version.
Page 86: Layer 2 Features
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Section 7 Layer 2 Features Jumbo Frame 802.1Q VLAN 802.1Q VLAN Batch Settings 802.1V Protocol VLAN MAC Based VLAN Settings GVRP Settings PVID Auto Assign Settings Trunking LACP Port Settings Traffic Segmentation...
Page 87: 802.1Q Vlan
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch 802.1Q VLAN Understanding IEEE 802.1p Priority Priority tagging is a function defined by the IEEE 802.1p standard designed to provide a means of managing traffic on a network where many different types of data may be transmitted simultaneously. It is intended to alleviate problems associated with the delivery of time critical data over congested networks.
Page 88 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch • Egress port - A port on a switch where packets are flowing out of the Switch, either to another switch or to an end station, and tagging decisions must be made.
Page 89 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch 802.1Q VLAN Tags The figure below shows the 802.1Q VLAN tag. There are four additional octets inserted after the source MAC address. Their presence is indicated by a value of 0x8100 in the EtherType field. When a packet's EtherType field is equal to 0x8100, the packet carries the IEEE 802.1Q/802.1p tag.
Page 90 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Prior to the adoption of 802.1Q VLANs, port-based and MAC-based VLANs were in common use. These VLANs relied upon a Port VLAN ID (PVID) to forward packets. A packet received on a given port would be assigned that port's PVID and then be forwarded to the port that corresponded to the packet's destination address (found in the Switch's forwarding table).
Page 91 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch NOTE: If no VLANs are configured on the Switch, then all packets will be forwarded to any destination port. Packets with unknown source addresses will be flooded to all ports. Broadcast and multicast packets will also be flooded to all ports.
Page 92 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 7- 5. VLAN List tab of the 802.1Q VLAN window The VLAN List tab lists all previously configured VLANs by VLAN ID and VLAN Name. To delete an existing 802.1Q VLAN, click the corresponding Delete VID button.
Page 93 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 7- 7. Find/Edit VLAN tab of the 802.1Q VLAN window NOTE: The Switch supports up to 4k static VLAN entries. The following fields can then be set in the Add/Edit VLAN tab:...
Page 94: 802.1Q Vlan Batch Settings
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch 802.1Q VLAN Batch Settings The function allows the user to create an 802.1Q VLAN Batch. To view this window click L2 Features > 802.1Q VLAN Batch Settings. Figure 7- 8. 802.1Q VLAN Batch Settings window...
Page 95: 802.1V Protocol Vlan
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch 802.1v Protocol VLAN The 802.1v Protocol VLAN folder contains two windows: Protocol VLAN Group Settings and 802.1v Protocol VLAN Settings. 802.1v Protocol Group Settings The table allows the user to create Protocol VLAN groups and add protocols to that group. The 802.1v Protocol VLAN Group Settings supports multiple VLANs for each protocol and allows the user to configure the untagged ports of different protocols on the same physical port.
Page 96 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 7- 10. 802.1v Protocol VLAN Settings window The following fields can be set: Parameter Description Group ID Highlight the corresponding RADIUS button to select a previously configured Group ID from the drop-down menu.
Page 97: Mac Based Vlan Settings
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch MAC Based VLAN Settings This table is used to create new MAC Based VLAN entries and search, edit and delete existing entries. To view this window click L2 Features > MAC Based VLAN Settings: Figure 7- 11.
Page 98: Gvrp Settings
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch GVRP Settings In the L2 Features folder, click GVRP Settings. The GVRP Settings window, shown below, allows you to determine whether the Switch will share its VLAN configuration information with other GARP VLAN Registration Protocol (GVRP) enabled switches.
Page 99: Pvid Auto Assign Settings
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch PVID Auto Assign Settings In the L2 Features folder, click PVID Auto Assign Settings. The window, shown below, allows you to enable or disable PVID Auto Assign Status. The default setting is enabled.
Page 100: Trunking
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Trunking Understanding Port Trunk Groups Port trunk groups are used to combine a number of ports together to make a single high-bandwidth data pipeline. The Switch supports up to five port trunk groups with two to eight ports in each group. A potential bit rate of 8000 Mbps can be achieved.
Page 101 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch VLAN, and their STP status, static multicast, traffic control; traffic segmentation and 802.1p default priority configurations must be identical. Port locking, port mirroring and 802.1X must not be enabled on the trunk group. Further, the LACP aggregated links must all be of the same speed and should be configured as full duplex.
Page 102: Lacp Port Settings
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch LACP Port Settings This window is used in conjunction with the Trunking window to create port trunking groups on the Switch. Using the following window, the user may set which ports will be active and passive in processing and sending LACP control frames.
Page 103: Traffic Segmentation
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Traffic Segmentation Traffic segmentation is used to limit traffic flow from a single or group of ports, to a group of ports. This method of segmenting the flow of traffic is similar to using VLANs to limit traffic, but is more restrictive. It provides a method of directing traffic that does not increase the overhead of the Master switch CPU.
Page 104: Ip Multicast Profile Settings
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Description VID (VLAN ID) This is the VLAN ID that, along with the VLAN Name, identifies the VLAN the user wishes to modify the IGMP Snooping Settings for. VLAN Name This is the VLAN Name that, along with the VLAN ID, identifies the VLAN the user wishes to modify the IGMP Snooping Settings for.
Page 105: Limited Multicast Address Range Settings
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 7- 20. Multicast Address Group List Settings window Enter the multicast IP address list, starting with the lowest in the range, and then click Add. To return to the IP Multicast Profile Settings window, click the <<Previous button.
Page 106: Mld Snooping Settings
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 7- 22. Max Multicast Group Settings window To add a Maximum Multicast Group range, enter the appropriate information and then click Apply. MLD Snooping Settings Multicast Listener Discovery (MLD) Snooping is an IPv6 function used similarly to IGMP snooping in IPv4. It is used to discover ports on a VLAN that are requesting multicast data.
Page 107 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch To configure the settings for MLD snooping, click L2 Features > MLD Snooping Settings, which will open the following window. Figure 7- 23. MLD Snooping Settings window This window displays the current MLD Snooping settings set on the Switch, defined by VLAN. To configure a specific VLAN for MLD snooping, click the VLAN’s corresponding Edit button.
Page 108: Port Mirroring
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Port Mirroring The Switch allows you to copy frames transmitted and received on a port and redirect the copies to another port. You can attach a monitoring device to the mirrored port, such as a sniffer or an RMON probe, to view details about the packets passing through the first port.
Page 109: Loopback Detection Settings
STP will be familiar to most networking professionals. However, since 802.1w RSTP and 802.1s MSTP have been recently introduced to D-Link managed Ethernet switches, a brief introduction to the technology is provided below followed by a description of how to set up 802.1D STP, 802.1w RSTP, and 802.1s MSTP.
Page 110 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch This protocol will also tag BDPU packets so receiving devices can distinguish spanning tree instances, spanning tree regions and the VLANs associated with them. An MSTI ID will classify these instances. MSTP will connect multiple spanning trees with a Common and Internal Spanning Tree (CIST).
Page 111 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Port Transition States An essential difference between the three protocols is in the way ports transition to a forwarding state and in the way this transition relates to the role of the port (forwarding or not forwarding) in the topology. MSTP and RSTP combine the transition states disabled, blocking and listening used in 802.1D and creates a single state Discarding.
Page 112: Stp Bridge Global Settings
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch STP Bridge Global Settings To open the following window, open Spanning Tree in the L2 Features folder and click the STP Bridge Global Settings link. Use the STP Status radio buttons to enable or disable STP globally, and use the STP Version drop-down menu to choose the STP method.
Page 113 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Description STP Status Use the radio button to globally enable or disable STP. STP Version Use the pull-down menu to choose the desired version of STP: STP - Select this parameter to set the Spanning Tree Protocol (STP) globally on the switch.
Page 114: Stp Port Settings
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch STP Port Settings STP can be set up on a port per port basis. To view the STP Port Settings window, click L2 Features > Spanning Tree > STP Port Settings: Figure 7- 29. STP Port Settings window It is advisable to define an STP Group to correspond to a VLAN group of ports.
Page 115: Mst Configuration Identification
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Edge Choosing the True parameter designates the port as an edge port. Edge ports cannot create loops, however an edge port can lose edge port status if a topology change creates a poten- tial for a loop.
Page 116: Stp Instance Settings
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch STP Instance Settings This window displays MSTIs currently set on the Switch and allows users to change the Priority of the MSTIs. To view the following window, click L2 Features > Spanning Tree > STP Instance Settings: Figure 7- 31.
Page 117: Mstp Port Information
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch MSTP Port Information This window displays the current MSTI configuration information and can be used to update the port configuration for an MSTI ID. If a loop occurs, the MSTP function will use the port priority to select an interface to put into the forwarding state. Set a higher priority value for interfaces to be selected for forwarding first.
Page 118: Forwarding & Filtering
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Forwarding & Filtering The Forwarding & Filtering folder contains three windows: Unicast Forwarding, Multicast Forwarding, and Multicast Filtering Mode. Unicast Forwarding To set up Unicast Forwarding on the Switch, open the Forwarding & Filtering folder in the L2 Features folder and click on the Unicast Forwarding link.
Page 119: Multicast Filtering Mode
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch using GMRP. The options are: None - No restrictions on the port dynamically joining the multicast group. When None is chosen, the port will not be a member of the Static Multicast Group.
Page 120: Qos
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Section 8 Bandwidth Control Traffic Control 802.p Default Priority 802.1p User Priority QoS Scheduling Mechanism QoS is an implementation of the IEEE 802.1p standard that allows network administrators a method of reserving bandwidth for important functions that require a large bandwidth or have a high priority, such as VoIP (voice-over Internet Protocol), web browsing applications, file server applications or video conferencing.
Page 121 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch For example, let’s say a user wishes to have a video conference between two remotely set computers. The administrator can add priority tags to the video packets being sent out, utilizing the Access Profile commands. Then, on the receiving end, the administrator instructs the Switch to examine packets for this tag, acquires the tagged packets and maps them to a class queue on the Switch.
Page 122: Bandwidth Control
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Bandwidth Control The bandwidth control settings are used to place a ceiling on the transmitting and receiving data rates for any selected port. In the QoS folder, click Bandwidth Control, to view the window shown below.
Page 123 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Use this window to enable or disable storm control and adjust the threshold for multicast and broadcast storms. To view the following window, click QoS > Traffic Control: Figure 8- 3. Traffic Control window...
Page 124 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Settings in handling a Traffic Storm is one of the following: None – Will send no Storm trap warning messages regardless of action taken by the Traffic • Control mechanism. Storm Occurred – Will send Storm Trap warning messages upon the occurrence of a •...
Page 125: 802.1P Default Priority
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch 802.1p Default Priority The Switch allows the assignment of a default 802.1p priority to each port on the Switch. In the QoS folder, click 802.1p Default Priority to view the window shown below.
Page 126: Qos Scheduling Mechanism
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch QoS Scheduling Mechanism The Scheduling Mechanism drop-down menu allows a selection between a Weight Fair and a Strict mechanism for emptying the priority classes. In the QoS folder click QoS Scheduling Mechanism, to view the window shown below.
Page 127: Security
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Section 9 Security Safeguard Engine Trusted Host IP-MAC-Port Binding Port Security Guest VLAN 802.1X SSL Settings Access Authentication Control MAC Based Access Control Web Authentication (Web-based Access Control) JWAC Safeguard Engine Periodically, malicious hosts on the network will attack the Switch by utilizing packet flooding (ARP Storm) or other methods.
Page 128 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 9- 1. Safeguard Engine example For every consecutive checking interval that reveals a packet flooding issue, the Switch will double the time it will discard ingress ARP and IP broadcast packets and packets from untrusted IP addresses. In the example above, the Switch doubled the time for dropping ARP and IP broadcast packets when consecutive flooding issues were detected at 5-second intervals.
Page 129: Trusted Host
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Description Use the radio button to globally enable or disable Safeguard Engine settings for the Switch. Safeguard Engine State Rising Used to configure the acceptable level of CPU utilization before the Safeguard Engine mechanism Threshold is enabled.
Page 130: Ip-Mac-Port Binding
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch IP-MAC-Port Binding The IP network layer uses a four-byte address. The Ethernet link layer uses a six-byte MAC address. Binding these two address types together allows the transmission of data between the layers. The primary purpose of IP-MAC binding is to restrict the access to a switch to a number of authorized users.
Page 131: Ip-Mac Binding Settings
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch IP-MAC Binding Settings The window shown below can be used to create IP-MAC binding entries. Enter the IP and MAC addresses of the authorized users in the appropriate fields and click Apply. To modify either the IP address or the MAC address of the binding entry, make the desired changes in the appropriate field and click the corresponding Edit button.
Page 132: Ip-Mac Binding Blocked
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch All Ports Tick this check box to configure this IP-MAC binding entry (IP Address + MAC Address) for all ports on the Switch. NOTE: When configuring the ACL mode function of the IP-MAC binding function, please pay close attention to previously set ACL entries.
Page 133: Port Security
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Port Security The Port Security folder contains two windows: Port Security Settings and Port Lock Entries. Port Security Settings A given port’s (or a range of ports') dynamic MAC address learning can be locked such that the current source MAC addresses entered into the MAC address forwarding table can not be changed once the port lock is enabled.
Page 134: Port Lock Entries
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Port Lock Entries This window is used to remove an entry from the port security entries learned by the Switch and entered into the forwarding database. To view this window, click Security > Port Security > Port Lock Entries.
Page 135: Guest Vlan
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Guest VLAN On 802.1X security-enabled networks, there is a need for non- 802.1X supported devices to gain limited access to the network, due to lack of the proper 802.1X software or incompatible...
Page 136: 122
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch 802.1X The 802.1X folder contains seven windows (depending on the current 802.1X) settings: 802.1X Settings, 802.1X User, Initialize Port(s) (Port based and MAC based), Reauthenticate Port(s) (Port based and MAC based), and Authentic RADIUS Server.
Page 137: 802.1X User
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch ReAuthEnabled Determines whether regular reauthentication will take place on this port. The default setting is Disabled. Port Control This allows the user to control the port authorization state. Select ForceAuthorized to disable 802.1X and cause the port to transition to the authorized state without any authentication exchange required.
Page 138: Initialize Port(S)
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Initialize Port(s) Existing 802.1X port and MAC settings are displayed and can be configured using the two windows below. To initialize ports for the port side of 802.1X, the user must first enable 802.1X by port in the 802.1X Settings window.
Page 139: Reauthenticate Port(S)
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Reauthenticate Port(s) Users can display and configure reauthenticate ports for 802.1X port and MAC using the two windows below. To reauthenticate ports for the port side of 802.1X, the user must first enable 802.1X by port in the 802.1X Settings window Click Security >...
Page 140: Authentic Radius Server
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Authentic RADIUS Server The RADIUS feature of the Switch allows the user to facilitate centralized user administration as well as providing protection against a sniffing, active hacker. The Web Manager offers three windows.
Page 141: Ssl Settings
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch SSL Settings Secure Sockets Layer, or SSL, is a security feature that will provide a secure communication path between a host and client through the use of authentication, digital signatures and encryption. These security functions are implemented through the use of a...
Page 142 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 9- 18. SSL Settings window To set up the SSL function on the Switch, configure the parameters in the SSL Settings section described below and click Apply. To set up the SSL ciphersuite function on the Switch, configure the parameters in the SSL Ciphersuite Settings section described below and click Apply.
Page 143: Ssh
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch extension (Ex. c:/pkey.der) Click Apply to implement changes made. NOTE: Certain implementations concerning the function and configuration of SSL are not available on the web-based management of this Switch and need to be configured using the command line interface.
Page 144: Ssh Authmode And Algorithm Settings
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Description SSH Server Status Use the radio buttons to enable or disable SSH on the Switch. The default is Disabled. Max Session (1-8) Enter a value between 1 and 8 to set the number of users that may simultaneously access the Switch.
Page 145 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch 3DES-CBC Use the check box to enable or disable the Triple Data Encryption Standard encryption algorithm with Cipher Block Chaining. The default is enabled. Blow-fish CBC Use the check box to enable or disable the Blowfish encryption algorithm with Cipher Block Chaining.
Page 146: Ssh User Authentication Mode
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch SSH User Authentication Mode The following window is used to configure parameters for users attempting to access the Switch through SSH. To access the following window, click Security > SSH > SSH User Authentication Mode.
Page 147: Access Authentication Control
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Access Authentication Control The TACACS / XTACACS / TACACS+ / RADIUS commands allow users to secure access to the Switch using the TACACS / XTACACS / TACACS+ / RADIUS protocols. When a user logs in to the Switch or tries to access the administrator level privilege, he or she is prompted for a password.
Page 148: Authentication Policy And Parameter Settings
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Authentication Policy and Parameter Settings This window will enable an administrator-defined authentication policy for users trying to access the Switch. When enabled, the device will check the Login Method List and choose a technique for user authentication upon login.
Page 149: Authentication Server Group
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Enable Method List Using the pull-down menu, configure an application for normal login on the user level, utilizing a previously configured method list. The user may use the default Method List or other Method List configured by the user.
Page 150: Authentication Server Host
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 9- 25. Edit Server Group tab of the Authentication Server Group window To add an Authentication Server Host to the list, enter its name in the Group Name field, IP address in the IP Address field, use the drop-down menu to choose the Protocol associated with the IP address of the Authentication Server Host, and then click Add to add this Authentication Server Host to the group.
Page 151 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 9- 26. Authentication Server Host window Configure the following parameters to add an Authentication Server Host: Parameter Description IP Address The IP address of the remote server host to add. Protocol The protocol used by the server host.
Page 152: Login Method Lists
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Login Method Lists This window will configure a user-defined or default Login Method List of authentication techniques for users logging on to the Switch. The sequence of techniques implemented in this command will affect the authentication result. For example, if a user enters a sequence of techniques, for example TACACS - XTACACS- local, the Switch will send an authentication request to the first TACACS host in the server group.
Page 153: Enable Method Lists
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Enable Method Lists The Enable Method Lists window is used to set up Method Lists to promote users with user level privileges to Administrator (Admin) level privileges using authentication methods on the Switch. Once a user acquires normal user level privileges on the Switch, he or she must be authenticated by a method on the Switch to gain administrator privileges on the Switch, which is defined by the Administrator.
Page 154: Configure Local Enable Password
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Configure Local Enable Password This window will configure the locally enabled password for Enable Admin. When a user chooses the "local_enable" method to promote user level privileges to administrator privileges, he or she will be prompted to enter the password configured here that is locally set on the Switch.
Page 155: Mac Based Access Control
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch MAC Based Access Control The MAC-Based Access Control feature will allow users to configure a list of MAC addresses, either locally or on a remote RADIUS server, to be authenticated by the Switch and given access rights based on the configurations set on the Switch of the target VLAN where these authenticated users are placed.
Page 156 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 9- 31. MAC Based Access Control Global Settings window To configure a port or range of ports for the MAC-Based Access Control feature, use the From Port and To Port drop-down menus to choose the ports, and then use the State drop-down menu to enable them.
Page 157: Mac Based Access Control Local Mac Settings
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch MAC Based Access Control Local MAC Settings The following window is used to set a list of MAC addresses, along with their corresponding target VLAN, which will be authenticated for the Switch. Once a queried MAC address is matched in this window, it will be placed in the VLAN associated with it here.
Page 158 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Conditions and Limitations 1. The subnet of the authentication VLAN’s IP interface must be the same as that of the client. If not configured properly, the authentication will be permanently denied by the authenticator.
Page 159: Web Authentication Settings
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Web Authentication Settings To configure the Switch for Web Authentication, go to the Security folder, open Web Authentication, and click Web Authentication Settings, which will open the following window: Figure 9- 33. Web Authentication Settings window...
Page 160: Web Authentication User Settings
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch wishing limited access rights through the Switch. When one client on a port has been authenticated for Web-based Access Control, all clients on this port are authenticated as well Use this drop-down menu to enable the configured ports as Web Authentication ports.
Page 161: Jwac
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch User Name Use the drop-down menu to select the user name that has been guest-authenticated through this process, to be mapped to a previously configured VLAN with limited rights. VLAN Name Enter the VLAN name of a previously configured VLAN to which a successfully authenticated Web user will be mapped.
Page 162 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch dropped. Forcible Logout This parameter enables or disables JWAC Forcible Logout. When Forcible Logout is Enabled, a Ping packet from an authenticated host to the JWAC Switch with TTL=1 will be regarded as a logout request, and the host will move back to the unauthenticated state.
Page 163: Jwac Port Settings
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch JWAC Port Settings To configure JWAC port settings for the Switch, go to the Security folder, open JWAC, and click JWAC Port Settings, which will open the following window: Figure 9- 36. JWAC Port Settings window...
Page 164: Jwac User Settings
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch JWAC User Settings To configure JWAC user settings for the Switch, go to the Security folder, open JWAC, and click JWAC User Settings, which will open the following window: Figure 9- 37. JWAC User Settings window To set the User Account settings for the JWAC by the Switch, complete the following fields and then click the Add button.
Page 165: Acl
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Section 10 Access Profile List CPU Access Profile List Time Range Settings Access Profile List Access profiles allow you to establish criteria to determine whether the Switch will forward packets based on the information contained in each packet's header.
Page 166 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 10- 2. Add ACL Profile window for Ethernet ACL The following parameters can be set for the Ethernet ACL type: Parameter Description Use the drop-down menu to select a unique identifier number for this profile set. This value can Select Profile ID be set from 1 to 200.
Page 167 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 10- 3. Access Profile Detail Information window for Ethernet The window shown below is the Add ACL Profile window for IPv4: Figure 10- 4. Add ACL Profile window for IPv4 ACL...
Page 168 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch IPv4 Source IP Mask Enter an IP address mask for the source IP address. IPv4 Destination IP Enter an IP address mask for the destination IP address. Mask Selecting this option instructs the Switch to examine the protocol type value in each frame's Protocol header.
Page 169 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 10- 6. Add ACL Profile window for IPv6 The following parameters can be set for the IPv6 ACL type: Parameter Description Select Profile ID Use the drop-down menu to select a unique identifier number for this profile set. This value can be set from 1 to 200.
Page 170 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch To view the setting details for a created profile, click the Show Details button for the corresponding entry on the Access Profile List window, revealing the following window: Figure 10- 7. Access Profile Detail Information window for IPv6 The window shown below is the Add ACL Profile window for Packet Content: Figure 10- 8.
Page 171 0 0x0000ffff will match packet byte offset, 0,1 Note: Only one packet content mask profile can be created at a time. Use of the D-Link xStack switch family’s advanced Packet Content Mask (also known as Packet Content Access Control List – ACL) feature can effectively mitigate common network attacks such as ARP Spoofing.
Page 172 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch To remove a previously created rule, click the corresponding Delete Rules button. To add a new Access Rule, click the Add Rule button: Figure 10- 11. Add Access Rule window for Ethernet To set the Access Rule for Ethernet, adjust the following parameters and click Apply.
Page 173 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch 156249) following equation: 1 value = 64kbit/sec. (ex. If the user selects an Rx rate of 10 then the ingress rate is 640kbit/sec.) The user many select a value between 1 and 156249 or tick the No Limit check box.
Page 174 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 10- 14. Add Access Rule window for IPv4 To set the Access Rule for IP, adjust the following parameters and click Apply. Parameter Description Access ID (1- Type in a unique identifier number for this access. This value can be set from 1 to 200.
Page 175 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Time Range Tick the check box and enter the name of the Time Range settings that has been previously Name configured in the Time Range Settings window. This will set specific times when this access rule will be implemented on the Switch.
Page 176 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 10- 17. Add Access Rule window for IPv6 To set the Access Rule for IPv6, adjust the following parameters and click Apply. Parameter Description Access ID (1-200) Type in a unique identifier number for this access. This value can be set from 1 to 200.
Page 177 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch access rule will not be configured. Ticking the All Ports check box will denote all ports on the Switch. To view the settings of a previously correctly configured rule, click the corresponding Show Details button on the Access Rule List window to view the following window: Figure 10- 18.
Page 178 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 10- 20. Add Access Rule window for Packet Content To set the Access Rule for Packet Content, adjust the following parameters and click Apply. Parameter Description Access ID (1- Type in a unique identifier number for this access. This value can be set from 1 to 200.
Page 179: Cpu Access Profile List
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch box. The default setting is No Limit. Time Range Tick the check box and enter the name of the Time Range settings that has been previously Name configured in the Time Range Settings window. This will set specific times when this access rule will be implemented on the Switch.
Page 180 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 10- 22. CPU Access Profile List window This window displays the CPU Access Profile List entries created on the Switch (one CPU access profile of each type has been created for explanatory purposes). To view the configurations for an entry, click the corresponding Show Details button.
Page 181 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 10- 23. Add CPU ACL Profile window for Ethernet Parameter Description Use the drop-down menu to select a unique identifier number for this profile set. This value can Select Profile ID be set from 1 to 5.
Page 182 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch To view the settings of a previously correctly created profile, click the corresponding Show Details button on the CPU Access Profile List window to view the following window: Figure 10- 24. CPU Access Profile Detail Information window for Ethernet The window shown below is the Add CPU ACL Profile window for IP (IPv4).
Page 183 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch 802.1Q VLAN Selecting this option instructs the Switch to examine the VLAN part of each packet header and use this as the, or part of the criterion for forwarding. Selecting this option instructs the Switch to examine the DiffServ Code part of each packet IPv4 DSCP header and use this as the, or part of the criterion for forwarding.
Page 184 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 10- 27. Add CPU ACL Profile window for IPv6 The following parameters may be configured for the IPv6 filter. Parameter Description Select Profile ID Use the drop-down menu to select a unique identifier number for this profile set. This value can be set from 1 to 5.
Page 185 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch To view the settings of a previously correctly created profile, click the corresponding Show Details button on the CPU Access Profile List window to view the following window: Figure 10- 28. CPU Access Profile Detail Information window for IPv6 The window shown below is the Add CPU ACL Profile window for Packet Content.
Page 186 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Offset This field will instruct the Switch to mask the packet header beginning with the offset value specified: • 0-15 - Enter a value in hex form to mask the packet from the beginning of the packet to the 15th byte.
Page 187 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 10- 32. Add Access Rule window for Ethernet To set the Access Rule for Ethernet, adjust the following parameters and click Apply. Parameter Description Access ID (1-100) Type in a unique identifier number for this access. This value can be set from 1 to 100.
Page 188 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch To configure the Access Rules for IP, open the CPU Access Profile List window and click Add/View Rules for an IP entry. This will open the following window. Figure 10- 34. CPU Access Rule List window for IPv4 To remove a previously created rule, click the corresponding Delete Rules button.
Page 189 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch To view the settings of a previously correctly configured rule, click the corresponding Show Details button on the CPU Access Rule List window to view the following window: Figure 10- 36. CPU Access Rule Detail Information window for IPv4 To establish the rule for a previously created CPU Access Profile: To configure the Access Rules for IP, open the CPU Access Profile List window and click Add/View Rules for an IPv6 entry.
Page 190 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Action Select Permit to specify that the packets that match the access profile are forwarded by the Switch, according to any additional rule added (see below). Select Deny to specify that packets that do not match the access profile are not forwarded by the Switch and will be filtered.
Page 191 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 10- 41. Add Access Rule window for Packet Content To set the Access Rule for Packet Content, adjust the following parameters and click Apply. Parameter Description Type in a unique identifier number for this access. This value can be set from 1 to 100.
Page 192: Time Range Settings
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 10- 42. CPU Access Rule Detail Information window for Packet Content Time Range Settings The Time Range window is used in conjunction with the Access Profile feature to determine a starting point and an ending point, based on days of the week, when an Access Profile configuration will be enabled on the Switch.
Page 193: Monitoring
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Section 11 Monitoring CPU Utilization Port Utilization Packet Size Packets Errors Port Access Control Browse ARP Table Browse VLAN Browse Router Port Browse MLD Router Port Browse Session Table IGMP Snooping Group...
Page 194 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 11- 1. CPU Utilization window To view the CPU utilization by port, use the real-time graphic of the Switch and/or switch stack at the top of the web page by simply clicking on a port. Click Apply to implement the configured settings. The window will automatically refresh with new updated statistics.
Page 195: Port Utilization
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Port Utilization The Port Utilization window displays the percentage of the total available bandwidth being used on the port. To view this window, open the Monitoring folder and click the Port Utilization link: Figure 11- 2.
Page 196: Packet Size
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Packet Size The Web Manager allows packets received by the Switch, arranged in six groups and classed by size, to be viewed as either a line graph or a table. Two windows are offered. To select a port to view these statistics for, select the port by using the Port pull-down menu.
Page 197 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Port Use the drop-down menu to choose the port that will display statistics. Time Interval Select the desired setting between 1s and 60s, where "s" stands for seconds. The default value is one second.
Page 198: Packets
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Packets The Web Manager allows various packet statistics to be viewed as either a line graph or a table. Six windows are offered. Received (RX) Click Monitoring > Packets > Received (RX) to view the following graph of packets received on the Switch. To select a port to view these statistics for, select the port by using the Port pull-down menu.
Page 199 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 11- 6. Received (RX) Table window (for Bytes and Packets) The following fields may be set or viewed: Parameter Description Use the drop-down menu to choose the port that will display statistics.
Page 200: Umb_Cast (Rx)
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch UMB_cast (RX) Click Monitoring > Packets > UMB_cast (RX) to view the following graph of UMB cast packets received on the Switch. To select a port to view these statistics for, select the port by using the Port pull-down menu. The user may also use the real-time graphic of the Switch at the top of the web page by simply clicking on a port.
Page 201: Transmitted (Tx)
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Port Use the drop-down menu to choose the port that will display statistics. Time Interval Select the desired setting between 1s and 60s, where "s" stands for seconds. The default value is one second.
Page 202 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 11- 10. Transmitted (TX) Table window (for Bytes and Packets) The following fields may be set or viewed: Parameter Description Port Use the drop-down menu to choose the port that will display statistics.
Page 203: Errors
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Errors The Web Manager allows port error statistics compiled by the Switch's management agent to be viewed as either a line graph or a table. Four windows are offered. Received (RX) Click Monitoring > Errors > Received (RX) to view the following graph of error packets received on the Switch. To select a port to view these statistics for, select the port by using the Port pull-down menu.
Page 204 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 11- 12. Received (RX) Table window (for errors) The following fields can be set: Parameter Description Port Use the drop-down menu to choose the port that will display statistics. Time Interval Select the desired setting between 1s and 60s, where "s"...
Page 205: Transmitted (Tx)
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch View Graphic Clicking this button instructs the Switch to display a line graph rather than a table. Transmitted (TX) Click the Monitoring > Errors > Transmitted (TX) to view the following graph of error packets received on the Switch. To select a port to view these statistics for, select the port by using the Port pull-down menu.
Page 206 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch The following fields may be set or viewed: Parameter Description Port Use the drop-down menu to choose the port that will display statistics. Time Interval Select the desired setting between 1s and 60s, where "s" stands for seconds. The default value is one second.
Page 207: Port Access Control
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Port Access Control The following windows are used to monitor 802.1X statistics of the Switch, on a per port basis. To view the Port Access Control windows, open the Monitoring folder and click Port Access Control. There are seven monitoring windows in this section.
Page 208 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 11- 16. Authenticator State window – MAC-Based 802.1X This window displays the Authenticator State for individual ports on a selected device. A polling interval between 1 and 60 seconds can be set using the drop-down menu at the top of the window and clicking OK.
Page 209: Authenticator Statistics
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Authenticator Statistics This window contains the statistics objects for the Authenticator PAE associated with each port. An entry appears in this table for each port that supports the Authenticator function. To view the Authenticator Statistics, click Monitoring > Port Access Control > Authenticator Statistics.
Page 210 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Tx Req The number of EAP Request frames (other than Rq/Id frames) that have been transmitted by this Authenticator. Rx RespId The number of EAP Resp/Id frames that have been received by this Authenticator.
Page 211: Authenticator Session Statistics
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Authenticator Session Statistics This window contains the session statistics objects for the Authenticator PAE associated with each port. An entry appears in this table for each port that supports the Authenticator function.
Page 212 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Frames Tx The number of user data frames transmitted on this port during the session. A unique identifier for the session, in the form of a printable ASCII string of at least three characters.
Page 213: Authenticator Diagnostics
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Authenticator Diagnostics This window contains the diagnostic information regarding the operation of the Authenticator associated with each port. An entry appears in this table for each port that supports the Authenticator function.
Page 214 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Auth Timeout Counts the number of times that the state machine transitions from AUTHENTICATING to ABORTING, as a result of the Backend Authentication state machine indicating authentication timeout (authTimeout = TRUE). Auth Fail...
Page 215: Radius Authentication
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch RADIUS Authentication This table contains information concerning the activity of the RADIUS authentication client on the client side of the RADIUS authentication protocol. To view the RADIUS Authentication window, click Monitoring > Port Access Control > RADIUS Authentication.
Page 216: Radius Account Client
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch AccessResponses The number of malformed RADIUS Access-Response packets received from this server. Malformed packets include packets with an invalid length. Bad authenticators or Signature attributes or known types are not included as malformed access responses.
Page 217 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Identifier The NAS-Identifier of the RADIUS accounting client. (This is not necessarily the same as sysName in MIB II.) ServerAddr The (conceptual) table listing the RADIUS accounting servers with which the client shares a secret.
Page 218: Browse Arp Table
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Browse ARP Table This window displays current ARP entries on the Switch. To search a specific ARP entry, enter an Interface Name or an IP Address at the top of the window and click Find. Click the Show Static button to display static ARP table entries. To clear the ARP Table, click Clear All.
Page 219: Browse Router Port
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Browse Router Port This window displays which of the Switch’s ports are currently configured as router ports. A router port configured by a user (using the console or Web-based management interfaces) is displayed as a static router port, designated by S. A router port that is dynamically configured by the Switch is designated by D, while a Forbidden port is designated by F.
Page 220: Browse Session Table
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Browse Session Table This window displays the management sessions since the Switch was last rebooted. To view the Browse Session Table window, open the Monitoring folder and click Browse Session Table. Figure 11- 26. Browse Session Table window IGMP Snooping Group This window allows the Switch’s IGMP Snooping Group Table to be viewed.
Page 221: Mld Snooping Group
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch MLD Snooping Group The following window allows the user to view MLD Snooping Groups present on the Switch. MLD Snooping is an IPv6 function comparable to IGMP Snooping for IPv4. The user may browse this table by either VLAN Name or VID List present in the Switch by entering that VLAN Name/VID List in the empty field shown below, and clicking the Find button.
Page 222: Mac Address Table
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch MAC Address Table This allows the Switch's dynamic MAC address forwarding table to be viewed. When the Switch learns an association between a MAC address and a port number, it makes an entry into its forwarding table. These entries are then used to forward packets through the Switch.
Page 223: System Log
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch System Log The Web manager allows the Switch's history log, as compiled by the Switch's management agent, to be viewed. To view the Switch history log, open the Monitoring folder and click System Log: Figure 11- 31.
Page 224: Save Services And Tools
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Section 12 Save Services and Tools Save Configuration ID 1 Save Configuration ID 2 Save Log Save All Configuration File Backup & Restore Upload Log File Reset Download Firmware Reboot System The four Save windows include: Save Configuration 1, Save Configuration 2, Save Log, and Save All. Each version of the window will aid the user in saving configurations to the Switch’s memory.
Page 225: Save Configuration Id 2
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Save Configuration ID 2 Open the Save drop-down menu at the top of the Web manager and click Save Configuration ID 2 to open the following window: Figure 12- 2. Save Configuration ID 2 window...
Page 226: Configuration File Backup & Restore
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Configuration File Backup & Restore The Switch supports dual image storage for configuration file backup and restoration. The firmware and configuration images are indexed by ID number 1 or 2. To change the boot firmware image, use the Configuration ID drop-down menu to select the desired configuration file to backup or restore.
Page 227: Download Firmware
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Download Firmware The following window is used to download firmware for the Switch. Figure 12- 8. Download Firmware window Enter the Server IP address in the first field and and specify the path/file name of the firmware in the third field. Select either IPv4 or IPv6.
Page 228: Appendix A - Technical Specifications
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Appendix A - Technical Specifications General Standards IEEE 802.3 10BASE-T Ethernet IEEE 802.3u 100BASE-TX Fast Ethernet IEEE 802.3ab 1000BASE-T Gigabit Ethernet IEEE 802.3z 1000BASE-T (SFP “Mini GBIC”) IEEE 802.1D/w/s Spanning Tree (Rapid, Multiple) IEEE 802.1Q VLAN...
Page 229 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Physical and Environmental Internal Power Supply AC Input: 100 – 240 VAC, 50-60 Hz DGS-3200-10: 20.9 Watts (Max.) Power Consumption DGS-3200-16: 28.9 Watts (Max.) Operating Temperature DGS-3200-10: 0 - 40°C DGS-3200-16: 0 - 50°C Storage Temperature -40 - 70°C...
Page 230: Appendix B - Cables And Connectors
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Appendix B - Cables and Connectors When connecting the Switch to another switch, a bridge or hub, a normal cable is necessary. Please review these products for matching cable pin assignment. The following diagrams and tables show the standard RJ-45 receptacle/connector and their pin assignments.
Page 231: Appendix C - Module Specs And Cable Lengths
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Appendix C – Module Specs and Cable Lengths Use the following table to as a guide for the module specs and maximum cable lengths. Standard Media Type Maximum Distance Mini-GBIC 1000BASE-LX, Single-mode fiber module...
Page 232: Appendix D - Switch Log Entries
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Appendix D - Switch Log Entries The following table lists all possible entries and their corresponding meanings that will appear in the System Log of this Switch. Category Event Description Log Information...
Page 233 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch will no IP and MAC information for logging Configuration Configuration successfully "by console" and "IP": <ipaddr>, successfully uploaded uploaded by console MAC: <macaddr>" are XOR (Username: <username>, IP: shown in log string, which Informational <ipaddr>, MAC: <macaddr>)
Page 234 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch <username>, IP: <ipaddr>, MAC: <macaddr>) Login failed through Login failed through Web Web (SSL) (SSL) (Username: Warning <username>, IP: <ipaddr>, MAC: <macaddr>) Logout through Web Logout through Web (SSL) (SSL) (Username: <username>, IP: Informational <ipaddr>, MAC: <macaddr>)
Page 235 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch SSH session timed out SSH session timed out (Username: <username>, IP: Informational <ipaddr>, MAC: <macaddr>) SSH server is enabled SSH server is enabled Informational SSH server is disabled SSH server is disabled...
Page 236 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch MAC: <macaddr>) Login failed through Login failed through SSH from SSH authenticated by <userIP> authenticated by AAA local method AAA local method (Username: Warning <username>, MAC: <macaddr>) Successful login Successful login through...
Page 237 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Login failed through Login failed through Web Web due to AAA from <userIP> due to AAA server timeout or server timeout or improper Warning improper configuration configuration (Username: <username>, MAC: <macaddr>) Successful login...
Page 238 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Enable Admin failed Enable Admin failed through through Web Web from <userIP> authenticated by AAA authenticated by AAA Warning local_enable method local_enable method (Username: <username>, MAC: <macaddr>) Successful Enable Successful Enable Admin Admin through Telnet through Telnet from <userIP>...
Page 239 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Enable Admin failed Enable Admin failed through through Console Console authenticated by Warning authenticated by AAA AAA server <serverIP> server (Username: <username>) Enable Admin failed Enable Admin failed through through Console due to...
Page 240 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Enable Admin failed Enable Admin failed through through Telnet due to Telnet from <userIP> due to AAA server timeout or AAA server timeout or Warning improper configuration improper configuration (Username: <username>, MAC: <macaddr>)
Page 241 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Safeguard Safeguard Engine is in Safeguard Engine enters Informational Engine normal mode NORMAL mode Safeguard Engine is in Safeguard Engine enters Warning filtering packet mode EXHAUSTED mode Packet Broadcast strom Port <unitID:portNum>...
Page 242 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch assigned from assigned ingress bandwith <portNum> RADIUS server after :<ingressBandwidth> to port stackable device Port: RADIUS client <[unitID:]portNum> (account : <unitID:portNum> authenticated by <username>) RADIUS server successfully. This Ingress bandwidth will assign to the port.
Page 243: Appendix E - Mitigating Arp Spoofing Attacks Using Packet Content Acl
LAN (known as ARP spoofing). This document is intended to introduce the ARP protocol, ARP spoofing attacks, and the countermeasures brought by D-Link’s switches to thwart ARP spoofing attacks. In the process of ARP, PC A will first issue an ARP request to query PC B’s MAC address. The network structure is shown in Figure-1.
Page 244 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Forwarding Table Port1 00-20-5C-01-11-11 In addition, when the switch receives the broadcasted ARP request, it will flood the frame to all ports except the source port, port 1 (see Figure-2). Figure-2 When the switch floods the frame of ARP request to the network, all PCs will receive and examine the frame but only PC B will reply the query as the destination IP matched (see Figure-3).
Page 245 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Table-3 (ARP Payload) Protocol H/W Address Protocol Operation Sender Sender Target Target Type Type Length Address H/W Address Protocol H/W Address Protocol Length Address Address ARP reply 00-20-5C-01-11-11 10.10.10.1 00-00-00-00-00-00 10.10.10.2 When PC B replies to the query, the “Destination Address” in the Ethernet frame will be changed to PC A’s MAC address. The “Source Address”...
Page 246 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch How ARP Spoofing Attacks a Network ARP spoofing, also known as ARP poisoning, is a method to attack an Ethernet network which may allow an attacker to sniff data frames on a LAN, modify the traffic, or stop the traffic altogether (known as a Denial of Service – DoS attack). The principle of ARP spoofing is to send the fake, or spoofed ARP messages to an Ethernet network.
Page 247 Figure-5 Prevent ARP Spoofing via Packet Content ACL D-Link managed switches can effectively mitigate common DoS attacks caused by ARP spoofing via a unique Package Content ACL. For the reason that basic ACL can only filter ARP packets based on packet type, VLAN ID, Source, and Destination MAC information, there is a need for further inspections of ARP packets.
Page 248 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Configuration The configuration logic is as follows: 1. Only if the ARP matches Source MAC address in Ethernet, Sender MAC address and Sender IP address in ARP protocol can pass through the switch. (In this example, it is gateway’s ARP.) 2.
Page 249 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch...
Page 250: Glossary
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Glossary 1000BASE-SX: A short laser wavelength on multimode fiber optic cable for a maximum length of 2 kilometers. 1000BASE-LX: A long wavelength for a "long haul" fiber optic cable for a maximum length of 10 kilometers.
Page 251 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch latency: The delay between the time a device receives a packet and the time the packet is forwarded out of the destination port. line speed: See baud rate. main port: The port in a resilient link that carries data traffic in normal operating conditions.
Page 252: Warranties
Warranty Period or ninety (90) days, whichever is longer, and is subject to the same limitations and exclusions. If a material defect is incapable of correction, or if D-Link determines that it is not practical to repair or replace the defective Hardware, the actual price paid by the original purchaser for the defective Hardware will be refunded by D-Link upon return to D-Link of the defective Hardware.
Page 253 D-Link. The repaired or replaced packages will be shipped to the customer via UPS Ground or any common carrier selected by D-Link. Return shipping charges shall be prepaid by D-Link if you use an address in the United States, otherwise we will ship the product to you freight collect.
Page 254 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures: •...
Page 255 (90) days after any repaired or replaced Hardware is delivered. If a material defect is incapable of correction, or if D-Link determines in its sole discretion that it is not practical to repair or replace the defective Hardware, the price paid by the original purchaser for the defective Hardware will be refunded by D-Link upon return to D-Link of the defective Hardware.
Page 256 Software is delivered. If a material non-conformance is incapable of correction, or if D-Link determines in its sole discretion that it is not practical to replace the non- conforming Software, the price paid by the original licensee for the non-conforming Software will be refunded by D-Link;...
Page 257 This limited warranty provides specific legal rights and the product owner may also have other rights which vary from state to state. Trademarks Copyright 2008 D-Link Corporation. Contents subject to change without prior notice. D-Link is a registered trademark of D-Link Corporation/D-Link Systems, Inc. All other trademarks belong to their respective proprietors.
Page 258: Technical Support
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Technical Support Technical Support You can find software updates and user documentation on the D-Link website. D-Link provides free technical support for customers within the United States and within Canada for the duration of the service period, and warranty confirmation service, during the warranty period on this product.
Page 259 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Technical Support You can find software updates and user documentation on the D-Link websites. If you require product support, we encourage you to browse our FAQ section on the Website before contacting the Support line. We have many FAQ’s, which we hope will provide you a speedy resolution for your problem.
Page 260 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Technische Unterstützung Aktualisierte Versionen von Software und Benutzerhandbuch finden Sie auf der Website von D-Link. D-Link bietet kostenfreie technische Unterstützung für Kunden innerhalb Deutschlands, Österreichs, der Schweiz und Osteuropas. Unsere Kunden können technische Unterstützung über unsere Website, per E-Mail oder telefonisch anfordern.
Page 261 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Assistance technique Vous trouverez la documentation et les logiciels les plus récents sur le site web D- Link. Vous pouvez contacter le service technique de D-Link par notre site internet ou par téléphone.
Page 262 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Asistencia Técnica Puede encontrar las últimas versiones de software así como documentación técnica en el sitio web de D-Link. D-Link ofrece asistencia técnica gratuita para clientes residentes en España durante el periodo de garantía del producto.
Page 263 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Supporto tecnico Gli ultimi aggiornamenti e la documentazione sono disponibili sul sito D-Link. Supporto Tecnico dal lunedì al venerdì dalle ore 9.00 alle ore 19.00 con orario continuato Telefono: 02-39607160 Web: http://www.dlink.it/supporto.html...
Page 264 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Technical Support You can find software updates and user documentation on the D-Link website. D-Link provides free technical support for customers within Benelux for the duration of the warranty period on this product.
Page 265 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Pomoc techniczna Najnowsze wersje oprogramowania i dokumentacji użytkownika można znaleźć w serwisie internetowym firmy D-Link. D-Link zapewnia bezpłatną pomoc techniczną klientom w Polsce w okresie gwarancyjnym produktu. Klienci z Polski mogą się kontaktować z działem pomocy technicznej firmy D-Link za pośrednictwem Internetu lub telefonicznie.
Page 266 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Technická podpora Aktualizované verze software a uživatelských příruček najdete na webové stránce firmy D-Link. D-Link poskytuje svým zákazníkům bezplatnou technickou podporu Zákazníci mohou kontaktovat oddělení technické podpory přes webové stránky, mailem nebo telefonicky Telefon: 225 281 553 Land Line 1,78 CZK/min - Mobile 5.40 CZK/min...
Page 267 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Technikai Támogatás Meghajtó programokat és frissítéseket a D-Link Magyarország weblapjáról tölthet le. Tel: 06 1 461-3001 Fax: 06 1 461-3004 Land Line 14,99 HUG/min - Mobile 49.99,HUF/min Web: http://www.dlink.hu E-mail: support@dlink.hu...
Page 268 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Teknisk Support Du kan finne programvare oppdateringer og bruker dokumentasjon på D-Links web sider. D-Link tilbyr sine kunder gratis teknisk support under produktets garantitid. Kunder kan kontakte D-Links teknisk support via våre hjemmesider, eller på...
Page 269 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Teknisk Support Du finder software opdateringer og bruger- dokumentation på D-Link’s hjemmeside. D-Link tilbyder gratis teknisk support til kunder i Danmark i hele produktets garantiperiode. Danske kunder kan kontakte D-Link’s tekniske support via vores hjemmeside eller telefonisk.
Page 270 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Teknistä tukea asiakkaille Suomessa: D-Link tarjoaa teknistä tukea asiakkailleen. Tuotteen takuun voimassaoloajan. Tekninen tuki palvelee seuraavasti: numerosta : 0800-114 677 Arkisin klo. 9 - 21 Internetin kautta: Web: http://www.dlink.fi...
Page 271 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Teknisk Support På vår hemsida kan du hitta mer information om mjukvaru uppdateringar och annan användarinformation. D-Link tillhandahåller teknisk support till kunder i Sverige under hela garantitiden för denna produkt. D-Link Teknisk Support via telefon: 0770-33 00 35 Vardagar 08.00-20.00...
Page 272 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Suporte Técnico Você pode encontrar atualizações de software e documentação de utilizador no site de D-Link Portugal http://www.dlink.pt. A D-Link fornece suporte técnico gratuito para clientes no Portugal durante o período de vigência de garantia deste produto.
Page 273 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Τεχνική Υποστήριξη Μπορείτε να βρείτε software updates και πληροφορίες για τη χρήση των προϊόντων στις ιστοσελίδες της D-Link Η D-Link προσφέρει στους πελάτες της δωρεάν υποστήριξη στον Ελλαδικό χώρο Μπορείτε να επικοινωνείτε µε το τµήµα τεχνικής υποστήριξης µέσω της...
Page 274 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Tehnička podrška Hvala vam na odabiru D-Link proizvoda. Za dodatne informacije, podršku i upute za korištenje uređaja, molimo vas da posjetite D-Link internetsku stranicu na www.dlink.eu Web: www.dlink.biz/hr...
Page 275 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Tehnična podpora Zahvaljujemo se vam, ker ste izbrali D-Link proizvod. Za vse nadaljnje informacije, podporo ter navodila za uporabo prosimo obiščite D-Link - ovo spletno stran www.dlink.eu Web: www.dlink.biz/sl...
Page 276 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Suport tehnica Vă mulţumim pentru alegerea produselor D-Link. Pentru mai multe informaţii, suport şi manuale ale produselor vă rugăm să vizitaţi site-ul D- Link www.dlink.eu Web: www.dlink.ro...
Page 277 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Technical Support You can find software updates and user documentation on the D-Link website. Tech Support for customers in Australia: Tel: 1300-766-868 Monday to Friday 8:00am to 8:00pm EST Saturday 9:00am to 1:00pm EST http://www.dlink.com.au...
Page 278 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Technical Support You can find software updates and user documentation on the D-Link website. Tech Support for customers in Egypt: Tel: +202-2919035 or +202-2919047 Sunday to Thursday 9:00am to 5:00pm http://support.dlink-me.com e-mail: amostafa@dlink-me.com...
Page 279 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Техническая поддержка Обновления программного обеспечения и документация доступны на Интернет-сайте D-Link. D-Link предоставляет бесплатную поддержку для клиентов в течение гарантийного срока. Клиенты могут обратиться в группу технической поддержки D-Link по телефону или через Интернет.
Page 280 El servicio de soporte técnico tiene presencia en numerosos países de la Región Latino América, y presta asistencia gratuita a todos los clientes de D-Link, en forma telefónica e internet, a través de la casilla soporte@dlinkla.com Soporte Técnico Help Desk Argentina: Teléfono: 0800-12235465 Lunes a Viernes 09:00 am a 22:00 pm...
Page 281 Você pode encontrar atualizações de software e documentação de usuário no site da D-Link Brasil www.dlinkbrasil.com.br. A D-Link fornece suporte técnico gratuito para clientes no Brasil durante o período de vigência da garantia deste produto. Suporte Técnico para clientes no Brasil: Telefone São Paulo +11-2185-9301...
Page 282 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch D-Link 友訊科技台灣分公司技術支援資訊如果您還有任何本使用手冊無法協助您解決的產品相關問題，台灣地區用戶可以透過我們的網站、電子郵件或電話等方式與D-Link台灣地區技術支援工程師聯絡。 D-Link 免付費技術諮詢專線 0800-002-615 服務時間：週一至週五，早上8:30 到晚上9:00 (不含周六、日及國定假日) 網站：http://www.dlink.com.tw 電子郵件：dssqa_service@dlink.com.tw 如果您是台灣地區以外的用戶，請參考D-Link網站全球各地分公司的聯絡資訊以取得相關支援服務。產品保固期限、台灣區維修據點查詢，請參考以下網頁說明： http://www.dlink.com.tw 產品維修：使用者可直接送至全省聯強直營維修站或請洽您的原購買經銷商。...
Page 283 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Dukungan Teknis Update perangkat lunak dan dokumentasi pengguna dapat diperoleh pada situs web D-Link. Dukungan Teknis untuk pelanggan: Dukungan Teknis D-Link melalui telepon: Tel: +62-21-5731610 Dukungan Teknis D-Link melalui Internet: Email : support@dlink.co.id...
Page 284 DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch 技术支持您可以在 D-Link 的官方網站找到產品的軟件升級和使用手冊办公地址：北京市东城区北三环东路 36 号环球贸易中心 B 座 26F 02- 05 室邮编: 100013 技术支持中心电话：8008296688/ (028)66052968 技术支持中心传真：(028)85176948 维修中心地址：北京市东城区北三环东路 36 号环球贸易中心 B 座 26F 02-05 室邮编: 100013 维修中心电话：(010) 58257789 维修中心传真：(010) 58257790...
Page 285: International Offices
International Offices...
Page 286 8. What category best describes your company? Aerospace Engineering Education Finance Hospital Legal Insurance/Real Estate Manufacturing Retail/Chain store/Wholesale Government Transportation/Utilities/Communication System house/company Other________________________________ 9. Would you recommend your D-Link product to a friend? Don't know yet 10.Your comments on this product? ______________________________________________________________________________________________ ______________________________________________________________________________________________...

D-Link DGS-3200 Series User Manual

Quick Links

Related Manuals for D-Link DGS-3200 Series

Summary of Contents for D-Link DGS-3200 Series