1. Manuals
  2. Brands
  3. D-Link Manuals
  4. Switch
  5. DGS-3200-16 - Switch - Stackable
  6. User manual

D-Link DGS-3200-16 - Switch - Stackable User Manual

Layer 2 managed gigabit ethernet switch
Hide thumbs
Table of Contents

Advertisement

Quick Links

Manual
®
DGS-3200 Series
Product Model:
xStack
Layer 2 Managed Gigabit Ethernet Switch
Release 1.35

Advertisement

Table of Contents
loading

Related Manuals for D-Link DGS-3200-16 - Switch - Stackable

Summary of Contents for D-Link DGS-3200-16 - Switch - Stackable

  • Page 1 Manual ® DGS-3200 Series Product Model: xStack Layer 2 Managed Gigabit Ethernet Switch Release 1.35...
  • Page 2 Microsoft Corporation. Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products. D-Link Computer Corporation disclaims any proprietary interest in trademarks and trade names other than its own.

  • Page 3: Table Of Contents

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Table of Contents Intended Readers................................... ix Typographical Conventions ...................................ix Notes, Notices, and Cautions ................................. x Safety Cautions .......................................x General Precautions for Rack-Mountable Products ............................xi Lithium Battery Precaution..................................xiii Protecting Against Electrostatic Discharge ..............................xiii Web-based Switch Configuration........................1 Introduction....................................
  • Page 4 ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Telnet Settings....................................23 Password Encryption..................................23 CLI Paging Settings ..................................24 Firmware Information .................................. 24 Power Saving Settings.................................. 25 Dual Configuration Settings................................. 26 SMTP Settings ..................................... 27 Ping Test ...................................... 28 SNTP Settings ....................................
  • Page 5 ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Traffic Segmentation..................................70 IGMP Snooping ................................... 70 IGMP Snooping Settings ....................................70 Data Driven Learning Settings..................................71 ISM VLAN Settings......................................72 Restrictions and Provisos..................................72 ISM Profile Settings......................................73 IP Multicast Profile Settings ..................................73 Limited Multicast Address Range Settings ..............................74 Max Multicast Group Settings ..................................75 MLD Snooping Settings................................
  • Page 6 ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Guest VLAN ....................................107 802.1X (Port-Based and Host-Based Access Control)....................... 108 Authentication Server ....................................109 Authenticator ......................................109 Client ........................................110 Authentication Process ..................................110 Understanding 802.1X Port-based and Host-based Network Access Control..................111 802.1X Settings......................................112 802.1X User ........................................114 Initialize Port(s) ......................................115 Reauthenticate Port(s) ....................................116...
  • Page 7 ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Access Profile List ..................................149 CPU Access Profile List................................163 Time Range Settings .................................. 176 Monitoring ..............................177 Device Environment................................... 177 Cable Diagnostic ..................................178 CPU Utilization..................................178 Port Utilization................................... 180 Packet Size ....................................
  • Page 8 ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Download Firmware................................... 215 Reboot System ................................... 215 Appendix A – Mitigating ARP Spoofing Attacks Using Packet Content ACL ........216 Appendix B – Switch Log Entries.......................223 Appendix C – Trap Logs ..........................234 Appendix D –...

  • Page 9: Intended Readers

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Intended Readers The DGS-3200 Series Manual contains information for setup and management of the Switch. This manual is intended for network managers familiar with network management concepts and terminology. Typographical Conventions Convention Description In a command line, square brackets indicate an optional entry.

  • Page 10: Notes, Notices, And Cautions

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Notes, Notices, and Cautions A NOTE indicates important information that helps make better use of the device. A NOTICE indicates either potential damage to hardware or loss of data and tells how to avoid the problem. A CAUTION indicates a potential for property damage, personal injury, or death.

  • Page 11: General Precautions For Rack-Mountable Products

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch • Do not push any objects into the openings of the system. Doing so can cause fire or electric shock by shorting out interior components. • Use the product only with approved equipment. •...
  • Page 12 An energy hazard will exist if the safety ground cable is omitted or disconnected. CAUTION: When mounting the Switch on a cement wall, a proper concrete sleeve anchor should be used, such as the one that is included in the optional D-Link Wall Mount kit (DRE-KIT018).

  • Page 13: Lithium Battery Precaution

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Lithium Battery Precaution CAUTION: Incorrectly replacing the lithium battery of the Switch may cause the battery to explode. Replace this battery only with the same or equivalent type recommended by the manufacturer.

  • Page 14: Web-Based Switch Configuration

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Section 1 Web-based Switch Configuration Introduction Logging onto the Web Manager Web-Based User Interface Introduction All software functions of the Switch can be managed, configured, and monitored via the embedded web-based (HTML) interface. Manage the Switch from remote stations anywhere on the network through a standard browser, such as Internet Explorer 5.5 or later, Netscape 8.0 or later, or Firefox 2.0 or later.

  • Page 15: Web-Based User Interface

    Presents a graphical near real-time image of the front panel of the Switch. This area displays the Switch's ports and expansion modules and shows port activity, depending on the specified mode. Some management functions, including port monitoring are accessible here. Click the D-Link logo to go to the D-Link website.

  • Page 16: Web Pages

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Web Pages When connecting to the management mode of the Switch with a web browser, a login screen is displayed. Enter a user name and password to access the Switch's management mode. Below is a list of the folders and windows available in the web interface: Configuration –...

  • Page 17: Configuration

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Section 2 Configuration Device Information System Information Serial Port Settings IP Address IPv6 Interface Settings IPv6 Route Table IPv6 Neighbor Settings Port Configuration Static ARP Settings User Accounts System Log Configuration System Severity Settings DHCP/BOOTP Relay DHCP Local Relay Settings...

  • Page 18: System Information

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 2- 1. Device Information window System Information The user can enter a System Name, System Location, and System Contact to aid in defining the Switch. To view the following window, click Configuration > System Information: Figure 2- 2.

  • Page 19: Serial Port Settings

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Serial Port Settings The user can adjust the Baud Rate and the Auto Logout values. To view the following window, click Configuration > Serial Port Settings: Figure 2- 3. Serial Port Settings window Baud Rate This field specifies the baud rate for the serial port on the Switch.
  • Page 20 ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch NOTE: The Switch’s factory default IP address is 10.90.90.90 with a subnet mask of 255.0.0.0 and a default gateway of 0.0.0.0. To use the DHCP or BOOTP protocols to assign the Switch an IP address, subnet mask, and default gateway address: Use the radio button at the top of the window to choose either DHCP or BOOTP.

  • Page 21: Setting The Switch's Ip Address Using The Console Interface

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Setting the Switch’s IP Address using the Console Interface Each Switch must be assigned its own IP Address, which is used for communication with an SNMP network manager or other TCP/IP application (for example BOOTP, TFTP).

  • Page 22: Ipv6 Route Table

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch The following parameters may be configured or viewed: Parameter Description Interface Name The name of the IPv6 interface being modified. VLAN Name Enter the VLAN name of the IPv6 interface. IPv6 Address Enter the IPv6 address of the interface to be modified.

  • Page 23: Ipv6 Neighbor Settings

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch IPv6 Neighbor Settings The user can configure the Switch’s IPv6 neighbor settings. The Switch’s current IPv6 neighbor settings will be displayed in the table at the bottom of this window. To view the following window, click Configuration >...

  • Page 24: Port Configuration

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Port Configuration The Port Configuration folder contains three windows: Port Settings, Port Description, and Port Error Disabled. Port Settings To view the following window, click Configuration > Port Configuration > Port Settings: Figure 2- 9.

  • Page 25: Port Description

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Address Enable or disable MAC address learning for the selected ports. When Enabled, destination and Learning source MAC addresses are automatically listed in the forwarding table. When address learning is Disabled, MAC addresses must be manually entered into the forwarding table. This is sometimes done for reasons of security or efficiency.

  • Page 26: Static Arp Settings

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Port State Describes the current running state of the port, whether enabled or disabled. Connection Status This field will read the uplink status of the individual ports, whether enabled or disabled. Reason Describes the reason why the port has been error-disabled, such as it has become a shutdown port for storm control.

  • Page 27: User Accounts

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch User Accounts The Switch allows the control of user privileges. To view the following window, click Configuration > User Accounts: Figure 2- 13. User Accounts window To add a new user, type in a User Name and New Password and retype the same password in the Confirm New Password field. Choose the level of privilege (Admin or User) from the Access Right drop-down menu.

  • Page 28: System Log Configuration

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Management Admin User Configuration Read-only Network Monitoring Read-only Community Strings and Trap Stations Read-only Update Firmware and Configuration Files System Utilities Factory Reset User Account Management Add/Update/Delete User Accounts View User Accounts Table 2- 1.

  • Page 29: System Log Host

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch System Log Host The Switch can send Syslog messages to up to four designated servers using the System Log Server. To view the following window, click Configuration > System Log Configuration > System Log Host: Figure 2- 16.

  • Page 30: Dhcp/Bootp Relay

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Description System Severity Choose how the alerts are used from the drop-down menu. Select Log to send the alert of the Severity Type configured to the Switch’s log for analysis. Choose Trap to send it to an SNMP agent for analysis, or select All to send the chosen alert type to an SNMP agent and the Switch’s log for analysis.
  • Page 31 ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch DHCP Relay Agent This field can be toggled between Enabled and Disabled using the pull-down menu. It is Information Option 82 used to enable or disable the DHCP Relay Agent Information Option 82 on the Switch. The State default is Disabled.
  • Page 32 ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch The Implementation of DHCP Relay Agent Information Option 82 The config dhcp_relay option_82 command configures the DHCP relay agent information option 82 setting of the Switch. The formats for the circuit ID sub-option and the remote ID sub-option are as follows: NOTE: For the circuit ID sub-option of a standalone switch, the module field is always zero.

  • Page 33: Dhcp/Bootp Relay Interface Settings

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch DHCP/BOOTP Relay Interface Settings Users can set up a server, by IP address, for relaying DHCP/BOOTP information to the Switch. The user may enter a previously configured IP interface on the Switch that will be connected directly to the DHCP/BOOTP server using this window. Properly configured settings will be displayed in the DHCP/BOOTP Relay Interface Table at the bottom of the window, once the user clicks the Apply button.

  • Page 34: Dhcp Auto Configuration Settings

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Description DHCP Local Enable or disable the DHCP Local Relay Global State. The default is Disabled. Relay Global State This is the VLAN Name that identifies the VLAN the user wishes to apply the DHCP Local Relay VLAN Name operation.

  • Page 35: Mac Address Aging Time

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch MAC Address Aging Time Users can configure the MAC Address aging time on the Switch. To view the following window, click Configuration > MAC Address Aging Time: Figure 2 - 23. MAC Address Aging Time window Enter a value between 10 and 875 seconds.

  • Page 36: Telnet Settings

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Telnet Settings Users can configure Telnet Settings on the Switch. To view the following window, click Configuration > Telnet Settings: Figure 2 - 25. Telnet Settings window The following parameters may be configured or viewed: Parameter Description Telnet Status...

  • Page 37: Cli Paging Settings

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch CLI Paging Settings Users can stop the scrolling of multiple pages beyond the limits of the console when using the Command Line Interface. To view the following window, click Configuration > CLI Paging Settings: Figure 2 - 27.

  • Page 38: Power Saving Settings

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch From States the IP address of the origin of the firmware. There are five ways firmware may be downloaded to the Switch. Boot-up files are denoted by an asterisk (*) next to the file. R –...

  • Page 39: Dual Configuration Settings

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Dual Configuration Settings Users can display dual configuration settings on the Switch. The Switch allows two firmware images to be stored in its memory and either can be configured to be the boot-up firmware for the Switch. The user may select a boot-up firmware image for the Switch by clicking the Boot button to select it.

  • Page 40: Smtp Settings

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch SMTP Settings SMTP or Simple Mail Transfer Protocol is a function of the Switch that will send switch events to mail recipients based on e-mail addresses entered in the window below. The Switch is to be configured as a client of SMTP while the server is a remote device that will receive messages from the Switch, place the appropriate information into an e-mail and deliver it to recipients configured on the Switch.

  • Page 41: Ping Test

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Ping Test Users can Ping either an IPv4 address or an IPv6 address. Ping is a small program that sends ICMP Echo packets to the IP address you specify. The destination node then responds to or “echoes” the packets sent from the Switch. This is very useful to verify connectivity between the Switch and other nodes on the network.

  • Page 42: Sntp Settings

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch SNTP Settings SNTP or Simple Network Time Protocol is used by the Switch to synchronize the clock of the computer. The SNTP Settings folder contains two windows: Time Settings and TimeZone Settings. Time Settings Users can configure the time settings for the Switch.

  • Page 43: Timezone Settings

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch TimeZone Settings Users can configure time zones and Daylight Savings Time settings for SNTP. To view the following window, click Configuration > SNTP Settings > TimeZone Settings: Figure 2 - 34. TimeZone Settings window The following parameters can be set: Parameter Description...

  • Page 44: Mac Notification Settings

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch To: Month Enter the month that DST will end. To: Time In HH:MM Enter the time DST will end. DST Annual Settings – Using annual mode will enable DST seasonal time adjustment. Annual mode requires that the DST beginning and ending date be specified concisely.

  • Page 45: Mac Notification Port Settings

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch MAC Notification Port Settings Users can set MAC notification for individual ports on the Switch. To view the following window, click Configuration > MAC Notification Settings > MAC Notification Port Settings: Figure 2 - 36.

  • Page 46: Snmp Settings

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch SNMP Settings Simple Network Management Protocol (SNMP) is an OSI Layer 7 (Application Layer) designed specifically for managing and monitoring network devices. SNMP enables network management stations to read and modify the settings of gateways, routers, switches, and other network devices.

  • Page 47: Snmp Global State Settings

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch SNMP Global State Settings SNMP global state settings can be enabled or disabled. To view the following window, click Configuration > SNMP Settings > SNMP Global State Settings: Figure 2 - 37. SNMP Global State Settings window Click the Apply button to let your change take effect.

  • Page 48: Snmp Group Table

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch SNMP Group Table An SNMP Group created with this table maps SNMP users (identified in the SNMP User Table) to the views created in the previous window. To view the following window, click Configuration > SNMP Settings > SNMP Group Table: Figure 2 - 39.

  • Page 49: Snmp User Table

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch SNMP User Table This window displays all of the SNMP User’s currently configured on the Switch. To view the following window, click Configuration > SNMP User Table: Figure 2 - 40. SNMP User Table window To delete an existing SNMP User Table entry, click the Delete button corresponding to the entry to delete.

  • Page 50: Snmp Community Table

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch SNMP Community Table Users can create an SNMP community string to define the relationship between the SNMP manager and an agent. The community string acts like a password to permit access to the agent on the Switch. One or more of the following characteristics can be associated with the community string: •...

  • Page 51: Snmp Host Table

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch SNMP Host Table Users can set up SNMP trap recipients for IPv4. To view the following window, click Configuration > SNMP Settings > SNMP Host Table: Figure 2 - 42. SNMP Host Table window To add a new entry to the Switch’s SNMP Host Table, enter the information at the top of the window and then click the Apply button.

  • Page 52: Snmp V6Host Table

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch SNMP v6Host Table Users can set up SNMP trap recipients for IPv6. To view the following window, click Configuration > SNMP Settings > SNMP v6Host Table: Figure 2 - 43. SNMP v6Host Table window To add a new entry to the Switch’s SNMP v6Host Table, enter the information at the top of the window and then click the Apply button.

  • Page 53: Snmp Engine Id

    SNMP management private enterprise number as assigned by IANA (D-Link is 171). The fifth octet is 03 to indicate the rest is the MAC address of this device. The sixth to eleventh octets is the MAC address.

  • Page 54: Single Ip Management

    DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Single IP Management Simply put, D-Link Single IP Management is a concept that will stack switches together over Ethernet instead of using stacking ports or modules. There are some advantages in implementing the “Single IP Management” feature: 1.
  • Page 55 ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch • A MS can become a CaS by: • Being configured as a CaS through the CS. • If report packets from the CS to the MS time out. • The user can manually configure a CaS to become a CS •...

  • Page 56: Single Ip Settings

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Single IP Settings The Switch is set as a Candidate (CaS) as the factory default configuration and Single IP Management is disabled. To enable SIM for the Switch using the Web interface, click Configuration > Single IP Management > SIM Settings: Figure 2 - 47.

  • Page 57: Topology

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 2 - 49. Single IP Settings window for Commander (enabled) Topology This window will be used to configure and manage the Switch within the SIM group and requires Java script to function properly on your computer.
  • Page 58 ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch CS will have no entry in this field. Speed Displays the connection speed between the CS and the MS or CaS. Remote Port Displays the number of the physical port on the MS or CaS to which the CS is connected. The CS will have no entry in this field.

  • Page 59: Tool Tips

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Member switch of other group Layer 2 candidate switch Layer 3 candidate switch Unknown device Non-SIM devices Tool Tips In the Topology view window, the mouse plays an important role in configuration and in viewing device information. Setting the mouse cursor over a specific device in the topology window (tool tip) will display the same information about a specific device as the Tree view does.

  • Page 60: Group Icon

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 2 - 53. Port Speed Utilizing the Tool Tip Right-Click Right-clicking on a device will allow the user to perform various functions, depending on the role of the Switch in the SIM group and the icon associated with it.

  • Page 61: Commander Switch Icon

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 2 - 55. Property window Parameter Description Device Name This field will display the Device Name of the switches in the SIM group configured by the user. If no Device Name is configured by the name, it will be given the name default and tagged with the last six digits of the MAC Address to identify it.

  • Page 62: Member Switch Icon

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Member Switch Icon Figure 2 - 57. Right-Clicking a Member icon The following options may appear for the user to configure: Collapse – To collapse the group that will be represented by a single icon. •...

  • Page 63: Menu Bar

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Menu Bar The Single IP Management window contains a menu bar for device configurations, as seen below. Figure 2 - 60. Menu Bar of the Topology View The five menus on the menu bar are as follows. File •...

  • Page 64: Firmware Upgrade

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Firmware Upgrade The Commander Switch may be used for firmware upgrades of member switches. Member Switches will be listed in the table and will be specified by Port (port on the CS where the MS resides), MAC Address, Model Name and Version. To specify a certain Switch for firmware download, click its corresponding check box under the Port heading.

  • Page 65: Layer 2 Features

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Section 3 Layer 2 Features Jumbo Frame Egress Filter Settings 802.1Q VLAN 802.1V Protocol VLAN MAC Based VLAN Settings GVRP Settings PVID Auto Assign Settings Trunking VLAN Trunk Settings LACP Port Settings Traffic Segmentation IGMP Snooping MLD Snooping Settings...

  • Page 66: Egress Filter Settings

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Egress Filter Settings Users can configure an egress filter on specific ports for unknown unicast and unregistered multicast packets. The Switch drops all unknown unicast/multicast packets on egress ports when it detects unknown unicast/multicast packets for egress ports.

  • Page 67: Vlan Description

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch VLAN Description A Virtual Local Area Network (VLAN) is a network topology configured according to a logical scheme rather than the physical layout. VLANs can be used to combine any collection of LAN segments into an autonomous user group that appears as a single LAN.

  • Page 68: Q Vlan Tags

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch • Forwarding rules between ports – decides whether to filter or forward the packet. • Egress rules – determines if the packet must be sent tagged or untagged. Figure 3 - 3. IEEE 802.1Q Packet Forwarding 802.1Q VLAN Tags The figure below shows the 802.1Q VLAN tag.

  • Page 69: Port Vlan Id

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 3 - 4. IEEE 802.1Q Tag The EtherType and VLAN ID are inserted after the MAC source address, but before the original EtherType/Length or Logical Link Control. Because the packet is now a bit longer than it was originally, the Cyclic Redundancy Check (CRC) must be recalculated.

  • Page 70: Tagging And Untagging

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Tagged packets are forwarded according to the VID contained within the tag. Tagged packets are also assigned a PVID, but the PVID is not used to make packet-forwarding decisions, the VID is. Tag-aware switches must keep a table to relate PVIDs within the Switch to VIDs on the network.

  • Page 71: Vlan Segmentation

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch VLAN Name Switch Ports System (default) 5, 6, 7 Engineering 9, 10 Sales 1, 2, 3, 4 Table 3 - 1. VLAN Example – Assigned Ports Port-based VLANs Port-based VLANs limit traffic that flows into and out of switch ports. Thus, all devices connected to a port are members of the VLAN(s) the port belongs to, whether there is a single computer directly connected to a switch, or an entire department.
  • Page 72 ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch The VLAN List tab lists all previously configured VLANs by VLAN ID and VLAN Name. To delete an existing 802.1Q VLAN, click the corresponding Delete button. To create a new 802.1Q VLAN or modify an existing 802.1Q VLAN, click the Add/Edit VLAN tab. A new tab will appear, as shown below, to configure the port settings and to assign a unique name and number to the new VLAN.
  • Page 73 ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 3 - 8. Find VLAN tab of the 802.1Q VLAN window To create a VLAN Batch entry click the VLAN Batch Settings tab, as shown below. Figure 3 - 9. VLAN Batch Settings tab of the 802.1Q VLAN window The following fields can be set in the VLAN Batch Settings windows: Parameter Description...
  • Page 74 ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Untagged Specifies the port as 802.1Q untagged. Use the drop-down menu to designate the port as untagged. Forbidden Specifies the port as not being a member of the VLAN and that the port is forbidden from becoming a member of the VLAN dynamically.

  • Page 75: 802.1V Protocol Vlan

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch 802.1v Protocol VLAN The 802.1v Protocol VLAN folder contains two windows: 802.1v Protocol Group Settings and 802.1v Protocol VLAN Settings. 802.1v Protocol Group Settings The user can create Protocol VLAN groups and add protocols to that group. The 802.1v Protocol VLAN Group Settings support multiple VLANs for each protocol and allows the user to configure the untagged ports of different protocols on the same physical port.
  • Page 76 ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 3 - 11. 802.1v Protocol VLAN Settings window The following fields can be set: Parameter Description Group ID Highlight the corresponding RADIUS button to select a previously configured Group ID from the drop-down menu.

  • Page 77: Mac Based Vlan Settings

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch MAC Based VLAN Settings Users can create new MAC-based VLAN entries and search, edit, and delete existing entries. When an entry is created for a port, the port will automatically become the untagged member port of the specificed VLAN. When a static MAC-based VLAN entry is created for a user, the traffic from this user will be able to be serviced under the specified VLAN regardless of the authentication function operating on this port.

  • Page 78: Pvid Auto Assign Settings

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Description From Port This drop-down menu allows the selection of the beginning port for a range of ports that will be included in the Port-based VLAN. To Port This drop-down menu allows the selection of the ending port for a range of ports that will be included in the Port-based VLAN.

  • Page 79: Trunking

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Trunking Understanding Port Trunk Groups Port trunk groups are used to combine a number of ports together to make a single high-bandwidth data pipeline. The Switch supports up to five port trunk groups with two to eight ports in each group. A potential bit rate of 8000 Mbps can be achieved. Figure 3 - 15.
  • Page 80 ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch The Switch allows the creation of up to five link aggregation groups, each group consisting of 2 to 8 links (ports). The (optional) Gigabit ports can only belong to a single link aggregation group. All of the ports in the group must be members of the same VLAN, and their STP status, static multicast, traffic control;...

  • Page 81: Vlan Trunk Settings

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch VLAN Trunk Settings Enable VLAN on a port to allow frames belonging to unknown VLAN groups to pass through that port. This is useful if you want to set up VLAN groups on end devices without having to configure the same VLAN groups on intermediary devices. Refer to the following figure for an illustrated example.

  • Page 82: Lacp Port Settings

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch LACP Port Settings In conjunction with the Trunking window, users can create port trunking groups on the Switch. Using the following window, the user may set which ports will be active and passive in processing and sending LACP control frames. To view the following window, click L2 Features >...

  • Page 83: Traffic Segmentation

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Traffic Segmentation Traffic segmentation is used to limit traffic flow from a single or group of ports, to a group of ports. This method of segmenting the flow of traffic is similar to using VLANs to limit traffic, but is more restrictive. It provides a method of directing traffic that does not increase the overhead of the Master switch CPU.

  • Page 84: Data Driven Learning Settings

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch The following parameters may be viewed or modified: Parameter Description VID (VLAN ID) This is the VLAN ID that, along with the VLAN Name, identifies the VLAN the user wishes to modify the IGMP Snooping Settings for. VLAN Name This is the VLAN Name that, along with the VLAN ID, identifies the VLAN the user wishes to modify the IGMP Snooping Settings for.

  • Page 85: Ism Vlan Settings

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Description VLAN Name Click this button and enter the VLAN to be configured (or use the VID List). Click this button and enter the VID List to be configured (or use the VLAN Name). VID List Enable or disable data driven learning of IGMP snooping groups.

  • Page 86: Ism Profile Settings

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Description ISM VLAN Global State Enable or disable the IGMP Snooping Multicast (ISM) VLAN Global State. Enter the name of the new Multicast VLAN to be created. This name can be up to 32 VLAN Name characters in length.

  • Page 87: Limited Multicast Address Range Settings

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 3 - 24. IP Multicast Profile Settings window The following fields can be set: Parameter Description Profile ID Enter a Profile ID between 1 and 24. Profile Name Enter a name for the IP Multicast Profile. To change an entry, click the corresponding Modify button in the Multicast Address List column.

  • Page 88: Max Multicast Group Settings

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch To add a new range, enter the appropriate information and then click Add. To delete an entry, enter the information and click Delete. Max Multicast Group Settings Users can configure the ports on the switch that will be a part of the maximum filter group, up to a maximum of 256. To view the following window, click L2 Features >...
  • Page 89 ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch 4. Multicast Listener Report, Version 2 - Comparable to the Host Membership Report in IGMPv3, and labeled as 143 in the ICMP packet header, this message is sent by the listening port to the Switch stating that it is interested in receiving multicast data from a multicast address in response to the Multicast Listener Query message.

  • Page 90: Port Mirroring

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Port Mirroring The Switch allows you to copy frames transmitted and received on a port and redirect the copies to another port. You can attach a monitoring device to the mirrored port, such as a sniffer or an RMON probe, to view details about the packets passing through the first port.

  • Page 91: Loopback Detection Settings

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Loopback Detection Settings The Loopback Detection function is used to detect the loop created by a specific port. This feature is used to temporarily shutdown a port on the Switch when a CTP (Configuration Testing Protocol) packet has been looped back to the Switch. When the Switch detects CTP packets received from a port or a VLAN, this signifies a loop on the network.

  • Page 92: Spanning Tree

    MSTP. 802.1D-1998 STP will be familiar to most networking professionals. However, since 802.1D-2004 RSTP and 802.1Q- 2005 MSTP have been recently introduced to D-Link managed Ethernet switches, a brief introduction to the technology is provided below followed by a description of how to set up 802.1D-1998 STP, 802.1D-2004 RSTP, and 802.1Q-2005 MSTP.

  • Page 93: Port Transition States

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch The IEEE 802.1D-2004 Rapid Spanning Tree Protocol (RSTP) evolved from the 802.1D-1998 STP standard. RSTP was developed in order to overcome some limitations of STP that impede the function of some recent switching innovations, in particular, certain Layer 3 functions that are increasingly handled by Ethernet switches.

  • Page 94: Stp Bridge Global Settings

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch STP Bridge Global Settings Use the STP Status radio buttons to enable or disable STP globally, and use the STP Version drop-down menu to choose the STP method. To view the following windows, click L2 Features > Spanning Tree > STP Bridge Global Settings: Figure 3 - 32.

  • Page 95: Stp Port Settings

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Description STP Status Use the radio button to globally enable or disable STP. Use the pull-down menu to choose the desired version of STP: STP Version STP - Select this parameter to set the Spanning Tree Protocol (STP) globally on the switch.
  • Page 96 ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 3 - 35. STP Port Settings window It is advisable to define an STP Group to correspond to a VLAN group of ports. The following STP Port Settings fields can be set: Parameter Description From Port...

  • Page 97: Mst Configuration Identification

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch received, it automatically loses edge port status. Choosing the False parameter indicates that the port does not have edge port status. Alternatively, the Auto option is available. Restricted Role Use the drop-down menu to toggle Restricted Role between True and False. If set to True, the port will never be selected to be the Root port.

  • Page 98: Stp Instance Settings

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch STP Instance Settings This window displays MSTIs currently set on the Switch and allows users to change the Priority of the MSTIs. To view the following window, click L2 Features > Spanning Tree > STP Instance Settings: Figure 3 - 37.

  • Page 99: Mstp Port Information

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch MSTP Port Information This window displays the current MSTI configuration information and can be used to update the port configuration for an MSTI ID. If a loop occurs, the MSTP function will use the port priority to select an interface to put into the forwarding state. Set a higher priority value for interfaces to be selected for forwarding first.

  • Page 100: Forwarding & Filtering

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Forwarding & Filtering The Forwarding & Filtering folder contains three windows: Unicast Forwarding, Multicast Forwarding, and Multicast Filtering Mode. Unicast Forwarding Users can set up unicast forwarding on the Switch. To view the following window, click L2 Features >...

  • Page 101: Multicast Filtering Mode

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Description The VLAN ID of the VLAN the corresponding MAC address belongs to. The static destination MAC address of the multicast packets. This must be a multicast MAC Multicast MAC address.

  • Page 102: Qos

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Section 4 Bandwidth Control Traffic Control 802.p Default Priority 802.1p User Priority QoS Scheduling Mechanism QoS is an implementation of the IEEE 802.1p standard that allows network administrators a method of reserving bandwidth for important functions that require a large bandwidth or have a high priority, such as VoIP (voice-over Internet Protocol), web browsing applications, file server applications or video conferencing.

  • Page 103: Understanding Qos

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch see if it has the proper identifying tag. Then the user may forward these tagged packets to designated classes of service on the Switch where they will be emptied, based on priority. For example, let’s say a user wishes to have a video conference between two remotely set computers.

  • Page 104: Bandwidth Control

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Bandwidth Control The bandwidth control settings are used to place a ceiling on the transmitting and receiving data rates for any selected port. To view the following window, click QoS > Bandwidth Control: Figure 4 - 2.

  • Page 105: Traffic Control

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Traffic Control On a computer network, packets such as Multicast packets and Broadcast packets continually flood the network as normal procedure. At times, this traffic may increase do to a malicious endstation on the network or a malfunctioning device, such as a faulty network card.
  • Page 106 ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch and is no longer operational until the user manually resets the port using the Port Settings window (Configuration > Port Configuration> Port Settings). Choosing this option obligates the user to configure the Time Interval setting as well, which will provide packet count samplings from the Switch’s chip to determine if a Packet Storm is occurring.

  • Page 107: 802.1P Default Priority

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch 802.1p Default Priority The Switch allows the assignment of a default 802.1p priority to each port on the Switch. To view the following window, click QoS > 802.1p Default Priority: Figure 4 - 4.

  • Page 108: Qos Scheduling Mechanism

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch QoS Scheduling Mechanism The Scheduling Mechanism drop-down menu allows a selection between a Weight Fair and a Strict mechanism for emptying the priority classes. To view the following window, click QoS > QoS Scheduling Mechanism: Figure 4 - 6.

  • Page 109: Security

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Section 5 Security Safeguard Engine Trusted Host IP-MAC-Port Binding Port Security DHCP Server Screening Guest VLAN 802.1X SSL Settings Access Authentication Control MAC Based Access Control Web Authentication (Web-based Access Control) JWAC Multiple Authentication IGMP Access Control Settings...
  • Page 110 ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 5 - 1. Safeguard Engine example For every consecutive checking interval that reveals a packet flooding issue, the Switch will double the time it will discard ingress ARP and IP broadcast packets and packets from untrusted IP addresses. In the example above, the Switch doubled the time for dropping ARP and IP broadcast packets when consecutive flooding issues were detected at 5-second intervals.

  • Page 111: Trusted Host

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Description Safeguard Use the radio button to globally enable or disable Safeguard Engine settings for the Switch. Engine State Used to configure the acceptable level of CPU utilization before the Safeguard Engine mechanism Rising Threshold is enabled.

  • Page 112: Ip-Mac-Port Binding

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch IP-MAC-Port Binding The IP network layer uses a four-byte address. The Ethernet link layer uses a six-byte MAC address. Binding these two address types together allows the transmission of data between the layers. The primary purpose of IP-MAC-port binding is to restrict the access to a switch to a number of authorized users.
  • Page 113 ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 5 - 5. IMP Port Settings window The following fields can be set or modified: Parameter Description From Port/To Port Select a range of ports to set for IP-MAC-port binding. State Use the pull-down menu to enable or disable these ports for IP-MAC-port binding.

  • Page 114: Imp Entry Settings

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch IMP Entry Settings This table is used to create static IP-MAC-binding port entries and view all IMP entries on the Switch. Click Find to search for an entry. Click View All for the table to display all entries and click Delete All to remove all static entries. To view the following window, click Security >...

  • Page 115: Mac Block List

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Description Port Use the drop-down menu to select the desired port. Ports (e.g.: 1, 7-12) Specify the ports for which to view DHCP snooping entries. Tick the All check box to configure this entry for all ports on the Switch.

  • Page 116: Port Security

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Port Security The Port Security folder contains two windows: Port Security Settings and Port Lock Entries. Port Security Settings A given port’s (or a range of ports') dynamic MAC address learning can be locked such that the current source MAC addresses entered into the MAC address forwarding table can not be changed once the port lock is enabled.

  • Page 117: Port Lock Entries

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Port Lock Entries Users can remove an entry from the port security entries learned by the Switch and entered into the forwarding database. To view the following window, click Security > Port Security > Port Lock Entries: Figure 5 - 10.

  • Page 118: Dhcp Server Screening

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch DHCP Server Screening The DHCP Server Screening folder contains two windows: DHCP Screening Port Settings and DHCP Offer Filtering. DHCP Screening Port Settings The Switch supports DHCP Server Screening, a feature that denies access to rogue DHCP servers. When the DHCP server filter function is enabled, all DHCP server packets will be filtered from a specific port.
  • Page 119 ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 5 - 12. DHCP Offer Filtering window The user may set the following parameters: Parameter Description Server IP Address The IP address of the DHCP server to be filtered. Client’s MAC Address The MAC address of the DHCP client.

  • Page 120: Guest Vlan

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Guest VLAN On 802.1X security-enabled networks, there is a need for non- 802.1X supported devices to gain limited access to the network, due to lack of the proper 802.1X software or incompatible devices, such as computers running Windows 98 or older operating systems, or the need for guests to gain access to the network without full authorization or local authentication on the...

  • Page 121: Port-Based And Host-Based Access Control)

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Description VLAN Name Enter the pre-configured VLAN name to create as an 802.1X guest VLAN. Port Set the ports to be enabled for the 802.1X guest VLAN. Click Apply to implement the 802.1X guest VLAN settings entered. Only one VLAN may be assigned as the 802.1X guest VLAN.

  • Page 122: Authentication Server

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Authentication Server The Authentication Server is a remote device that is connected to the same network as the Client and Authenticator, must be running a RADIUS Server program and must be configured properly on the Authenticator (Switch). Clients connected to a port on the Switch must be authenticated by the Authentication Server (RADIUS) before attaining any services offered by the Switch on the LAN.

  • Page 123: Client

    Figure 5 - 20. The 802.1X Authentication Process The D-Link implementation of 802.1X allows network administrators to choose between two types of Access Control used on the Switch, which are: 1.

  • Page 124: Understanding 802.1X Port-Based And Host-Based Network Access Control

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Understanding 802.1X Port-based and Host-based Network Access Control The original intent behind the development of 802.1X was to leverage the characteristics of point-to-point in LANs. As any single LAN segment in such infrastructures has no more than two devices attached to it, one of which is a Bridge Port. The Bridge Port detects events that indicate the attachment of an active device at the remote end of the link, or an active device becoming inactive.

  • Page 125: 802.1X Settings

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Host-Based Network Access Control RADIUS Server Ethernet Switch … 802.1X 802.1X 802.1X 802.1X 802.1X 802.1X 802.1X 802.1X 802.1X 802.1X 802.1X 802.1X Client Client Client Client Client Client Client Client Client Client Client Client...
  • Page 126 ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 5 - 23. 802.1X Settings window Use the From Port and To Port drop-down menus to configure the settings by port(s): This window allows setting of the following features: Parameter Description Auth Mode...

  • Page 127: 802.1X User

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch attempts by the client to authenticate. The Switch cannot provide authentication services to the client through the interface. If Auto is selected, it will enable 802.1X and cause the port to begin in the unauthorized state, allowing only EAPOL frames to be sent and received through the port.

  • Page 128: Initialize Port(S)

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Initialize Port(s) Existing 802.1X port and host settings are displayed and can be configured using the two windows below. To initialize ports for the port side of 802.1X, the user must first enable 802.1X by port in the 802.1X Settings window. To view the following window, click Security >...

  • Page 129: Reauthenticate Port(S)

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Reauthenticate Port(s) Users can display and configure reauthenticate ports for 802.1X port and host using the two windows below. To reauthenticate ports for the port side of 802.1X, the user must first enable 802.1X by port in the 802.1X Settings window To view the following window, click Security >...

  • Page 130: Authentic Radius Server

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Authentic RADIUS Server The RADIUS feature of the Switch allows the user to facilitate centralized user administration as well as providing protection against a sniffing, active hacker. The Web manager offers three windows. To view the following window, click Security >...

  • Page 131: Ssl Settings

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch SSL Settings Secure Sockets Layer, or SSL, is a security feature that will provide a secure communication path between a host and client through the use of authentication, digital signatures and encryption. These security functions are implemented through the use of a ciphersuite, which is a security string that determines the exact cryptographic parameters, specific encryption algorithms and key sizes to be used for an authentication session and consists of three levels: 1.
  • Page 132 ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 5 - 30. SSL Settings window To set up the SSL function on the Switch, configure the parameters in the SSL Settings section described below and click Apply. To set up the SSL ciphersuite function on the Switch, configure the parameters in the SSL Ciphersuite Settings section described below and click Apply.

  • Page 133: Ssh

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Key File Name Enter the path and the filename of the key file to download. This file must have a .der extension (Ex. c:/pkey.der) Click Apply to implement changes made. NOTE: Certain implementations concerning the function and configuration of SSL are not available on the web-based management of this Switch and need to be configured using the command line interface.

  • Page 134: Ssh Authmode And Algorithm Settings

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 5 - 31. SSH Configuration window To configure the SSH server on the Switch, modify the following parameters and click Apply: Parameter Description SSH Server Status Use the radio buttons to enable or disable SSH on the Switch. The default is Disabled. Max Session (1-8) Enter a value between 1 and 8 to set the number of users that may simultaneously access the Switch.
  • Page 135 ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Description SSH Authentication Mode Settings This may be enabled or disabled to choose if the administrator wishes to use a locally Password configured password for authentication on the Switch. This parameter is enabled by default.

  • Page 136: Ssh User Authentication Mode

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch SSH User Authentication Mode Users can configure parameters for users attempting to access the Switch through SSH. To view the following window, click Security > SSH > SSH User Authentication Mode: Figure 5 - 33.

  • Page 137: Access Authentication Control

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Access Authentication Control The TACACS / XTACACS / TACACS+ / RADIUS commands allow users to secure access to the Switch using the TACACS / XTACACS / TACACS+ / RADIUS protocols. When a user logs in to the Switch or tries to access the administrator level privilege, he or she is prompted for a password.

  • Page 138: Authentication Policy And Parameter Settings

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Authentication Policy and Parameter Settings Users can enable an administrator-defined authentication policy for users trying to access the Switch. When enabled, the device will check the Login Method List and choose a technique for user authentication upon login. To view the following window, click Security >...

  • Page 139: Authentication Server Group

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch section, for more information. Enable Method List Using the pull-down menu, configure an application for normal login on the user level, utilizing a previously configured method list. The user may use the default Method List or other Method List configured by the user.

  • Page 140: Authentication Server Host

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 5 - 37. Edit Server Group tab of the Authentication Server Group window To add an Authentication Server Host to the list, enter its name in the Group Name field, IP address in the IP Address field, use the drop-down menu to choose the Protocol associated with the IP address of the Authentication Server Host, and then click Add to add this Authentication Server Host to the group.
  • Page 141 ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 5 - 38. Authentication Server Host window Configure the following parameters to add an Authentication Server Host: Parameter Description IP Address The IP address of the remote server host to add. Protocol The protocol used by the server host.

  • Page 142: Login Method Lists

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Login Method Lists User-defined or default Login Method List of authentication techniques can be configured for users logging on to the Switch. The sequence of techniques implemented in this command will affect the authentication result. For example, if a user enters a sequence of techniques, for example TACACS - XTACACS- local, the Switch will send an authentication request to the first TACACS host in the server group.

  • Page 143: Enable Method Lists

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Enable Method Lists Users can set up Method Lists to promote users with user level privileges to Administrator (Admin) level privileges using authentication methods on the Switch. Once a user acquires normal user level privileges on the Switch, he or she must be authenticated by a method on the Switch to gain administrator privileges on the Switch, which is defined by the Administrator.

  • Page 144: Configure Local Enable Password

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Configure Local Enable Password Users can configure the locally enabled password for Enable Admin. When a user chooses the "local_enable" method to promote user level privileges to administrator privileges, he or she will be prompted to enter the password configured here that is locally set on the Switch.

  • Page 145: Mac-Based Access Control

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch MAC-based Access Control MAC-based Access Control is a method to authenticate and authorize access using either a port or host. For port-based MAC, the method decides port access rights, while for host-based MAC, the method determines the MAC access rights. A MAC user must be authenticated before being granted access to a network.
  • Page 146 ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Description MBA Global State Toggle to globally enable or disable the MAC-based Access Control function on the Switch. Use this drop-down menu to choose the type of authentication to be used when Method authentication MAC addresses on a given port.

  • Page 147: Mac-Based Access Control Local Settings

    WAC by attempting to gain Web access. D-Link’s implementation of WAC uses a virtual IP that is exclusively used by the WAC function and is not known by any other modules of the Switch. In fact, to avoid affecting a Switch’s other features, WAC will only use a virtual IP address to communicate with hosts.
  • Page 148 ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 5 - 45. Six Basic Steps in a Successful Web Authentication Process...

  • Page 149: Wac Global Settings

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Conditions and Limitations 1. If the client is utilizing DHCP to attain an IP address, the authentication VLAN must provide a DHCP server or a DHCP relay function so that client may obtain an IP address. 2.

  • Page 150: Wac User Settings

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Click Apply to implement changes made. NOTE: To enable the Web Authentication function, the redirection path field must have the URL of the website that users will be directed to once they enter the limited resource, pre-configured VLAN.

  • Page 151: Wac Port Settings

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Confirmation Retype the password entered in the previous field. VLAN Name Click the button and enter a VLAN Name in this field. VLAN ID (1-4094) Click the button and enter a VID in this field. Config WAC User User Name Enter the user name that has been guest-authenticated through this process, to be mapped...

  • Page 152: Jwac

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch hours). Use this drop-down menu to enable the configured ports as WAC ports. State Idle Time (1-1440) If there is no traffic during the Idle Time parameter, the host will be moved back to the unauthenticated state.
  • Page 153 ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch correct response. NOTE: This IP does not respond to ARP requests or ICMP packets. HTTP(s) Port (1- This parameter specifies the TCP port that the JWAC Switch listens to and uses to finish the authenticating process.

  • Page 154: Jwac Port Settings

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Click Apply to implement changes made. JWAC Port Settings Users can configure JWAC port settings for the Switch. To view the following window, click Security > JWAC > JWAC Port Settings: Figure 5 - 50.

  • Page 155: Jwac User Settings

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch JWAC User Settings Users can configure JWAC user settings for the Switch. To view the following window, click Security > JWAC > JWAC User Settings: Figure 5 - 51. JWAC User Settings window To set the User Account settings for the JWAC by the Switch, complete the following fields and then click the Add button.

  • Page 156: Jwac Customize Page

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch JWAC Customize Page Users can configure JWAC page settings for the Switch. To view the following window, click Security > JWAC > JWAC Customize Page: Figure 5 - 53. JWAC Customize Page window Complete the JWAC authentication information on this window to set the JWAC page settings.
  • Page 157 ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Any (MAC, 802.1X or WAC) Mode Figure 5 - 54. Any (MAC, 802.1X or WAC) Mode In the diagram above the Switch port has been configured to allow clients to authenticate using 802.1X, MBAC, or WAC. When a client tries to connect to the network, the Switch will try to authenticate the client using one of these methods and if the client passes they will be granted access to the network.
  • Page 158 ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch 802.1X & IMPB Mode Figure 5 - 56. 802.1X & IMPB Mode This mode adds an extra layer of security by checking the IP MAC-Binding Port Binding (IMPB) table before trying one of the supported authentication methods.

  • Page 159: Authorization Network State Settings

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch This mode adds an extra layer of security by checking the IP MAC-Binding Port Binding (IMPB) table before trying one of the supported authentication methods. The IMPB Table is used to create a ‘white-list’ that checks if the IP streams being sent by authorized hosts have been granted or not.

  • Page 160: Guest Vlan

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch can be enabled on a port at the same time. In Any (MAC, 802.1X or WAC/JWAC mode, whether an individual security module is active on a port depends on its system state.

  • Page 161: Igmp Access Control Settings (Igmp Authentication)

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch IGMP Access Control Settings (IGMP Authentication) Users can set IGMP authentication, otherwise known as IGMP access control, on individual ports on the Switch. When the Authentication State is Enabled, and the Switch receives an IGMP join request, the Switch will send the access request to the RADIUS server to do the authentication.

  • Page 162: Acl

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Section 6 Access Profile List CPU Access Profile List Time Range Settings Access Profile List Access profiles allow you to establish criteria to determine whether the Switch will forward packets based on the information contained in each packet's header.
  • Page 163 ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 2. Add ACL Profile window for Ethernet ACL The following parameters can be set for the Ethernet ACL type: Parameter Description Select Profile ID Use the drop-down menu to select a unique identifier number for this profile set. This value can be set from 1 to 200.
  • Page 164 ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch To view the setting details for a created profile, click the Show Details button for the corresponding entry on the Access Profile List window, revealing the following window: Figure 6 - 3. Access Profile Detail Information window for Ethernet The window shown below is the Add ACL Profile window for IPv4: Figure 6 - 4.
  • Page 165 ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch 802.1Q VLAN Selecting this option instructs the Switch to examine the 802.1Q VLAN identifier of each packet header and use this as the full or partial criterion for forwarding. IPv4 DSCP Selecting this option instructs the Switch to examine the DiffServ Code part of each packet header and use this as the, or part of the criterion for forwarding.
  • Page 166 ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 6. Add ACL Profile window for IPv6 The following parameters can be set for the IPv6 ACL type: Parameter Description Select Profile ID Use the drop-down menu to select a unique identifier number for this profile set. This value can be set from 1 to 200.
  • Page 167 ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch To view the setting details for a created profile, click the Show Details button for the corresponding entry on the Access Profile List window, revealing the following window: Figure 6 - 7. Access Profile Detail Information window for IPv6 The window shown below is the Add ACL Profile window for Packet Content: Figure 6 - 8.
  • Page 168 0 0x0000ffff will match packet byte offset, 0,1 Note: Only one packet content mask profile can be created at a time. Use of the D-Link xStack switch family’s advanced Packet Content Mask (also known as Packet Content Access Control List – ACL) feature can effectively mitigate common network attacks such as ARP Spoofing.
  • Page 169 ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 10. Access Rule List window for Ethernet To remove a previously created rule, click the corresponding Delete Rules button. To add a new Access Rule, click the Add Rule button: Figure 6 - 11.
  • Page 170 ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Replace DSCP (0- Select this option to instruct the Switch to replace the DSCP value (in a packet that meets the selected criteria) with the value entered in the adjacent field. When an ACL rule is added to change both the priority and DSCP of an IPv4 packet, only one of them can be modified due to a chip limitation.
  • Page 171 ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 14. Add Access Rule window for IPv4 To set the Access Rule for IP, adjust the following parameters and click Apply. Parameter Description Access ID (1-200) Type in a unique identifier number for this access. This value can be set from 1 to 200. Auto Assign –...
  • Page 172 ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch check box. The default setting is No Limit. Time Range Tick the check box and enter the name of the Time Range settings that has been previously Name configured in the Time Range Settings window. This will set specific times when this access rule will be implemented on the Switch.
  • Page 173 ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 17. Add Access Rule window for IPv6 To set the Access Rule for IPv6, adjust the following parameters and click Apply. Parameter Description Access ID (1-200) Type in a unique identifier number for this access. This value can be set from 1 to 200. Auto Assign –...
  • Page 174 ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch rate is 640kbit/sec.) The user many select a value between 1 and 156249 or tick the No Limit check box. The default setting is No Limit. Time Range Tick the check box and enter the name of the Time Range settings that has been previously configured in the Time Range Settings window.
  • Page 175 ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 20. Add Access Rule window for Packet Content To set the Access Rule for Packet Content, adjust the following parameters and click Apply. Parameter Description Access ID (1- Type in a unique identifier number for this access.

  • Page 176: Cpu Access Profile List

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch 156249) rate is 640kbit/sec.) The user many select a value between 1 and 156249 or tick the No Limit check box. The default setting is No Limit. Time Range Tick the check box and enter the name of the Time Range settings that has been previously configured in the Time Range Settings window.
  • Page 177 ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 22. CPU Access Profile List window This window displays the CPU Access Profile List entries created on the Switch (one CPU access profile of each type has been created for explanatory purposes).
  • Page 178 ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 23. Add CPU ACL Profile window for Ethernet Parameter Description Select Profile ID Use the drop-down menu to select a unique identifier number for this profile set. This value can (1-5) be set from 1 to 5.
  • Page 179 ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch To view the settings of a previously correctly created profile, click the corresponding Show Details button on the CPU Access Profile List window to view the following window: Figure 6 - 24. CPU Access Profile Detail Information window for Ethernet The window shown below is the Add CPU ACL Profile window for IP (IPv4).
  • Page 180 ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch and use this as the, or part of the criterion for forwarding. IPv4 DSCP Selecting this option instructs the Switch to examine the DiffServ Code part of each packet header and use this as the, or part of the criterion for forwarding. Enter an IP address mask for the source IP address.
  • Page 181 ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 27. Add CPU ACL Profile window for IPv6 The following parameters may be configured for the IPv6 filter. Parameter Description Use the drop-down menu to select a unique identifier number for this profile set. This value Select Profile ID can be set from 1 to 5.
  • Page 182 ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch To view the settings of a previously correctly created profile, click the corresponding Show Details button on the CPU Access Profile List window to view the following window: Figure 6 - 28. CPU Access Profile Detail Information window for IPv6 The window shown below is the Add CPU ACL Profile window for Packet Content.
  • Page 183 ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch specified: • 0-15 - Enter a value in hex form to mask the packet from the beginning of the packet to the 15th byte. • 16-31 – Enter a value in hex form to mask the packet from byte 16 to byte 31. •...
  • Page 184 ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 32. Add Access Rule window for Ethernet To set the Access Rule for Ethernet, adjust the following parameters and click Apply. Parameter Description Access ID (1-100) Type in a unique identifier number for this access. This value can be set from 1 to 100. Action Select Permit to specify that the packets that match the access profile are forwarded by the Switch, according to any additional rule added (see below).
  • Page 185 ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch To establish the rule for a previously created CPU Access Profile: To configure the Access Rules for IP, open the CPU Access Profile List window and click Add/View Rules for an IP entry. This will open the following window.
  • Page 186 ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Ports Ticking the All Ports check box will denote all ports on the Switch. To view the settings of a previously correctly configured rule, click the corresponding Show Details button on the CPU Access Rule List window to view the following window: Figure 6 - 36.
  • Page 187 ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch To set the Access Rule for IPv6, adjust the following parameters and click Apply. Parameter Description Access ID (1-100) Type in a unique identifier number for this access. This value can be set from 1 to 100. Action Select Permit to specify that the packets that match the access profile are forwarded by the Switch, according to any additional rule added (see below).
  • Page 188 ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 41. Add Access Rule window for Packet Content To set the Access Rule for Packet Content, adjust the following parameters and click Apply. Parameter Description Access ID (1-100) Type in a unique identifier number for this access.

  • Page 189: Time Range Settings

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 42. CPU Access Rule Detail Information window for Packet Content Time Range Settings In conjunction with the Access Profile feature, the time range settings determine a starting point and an ending point, based on days of the week, when an Access Profile configuration will be enabled on the Switch.

  • Page 190: Monitoring

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Section 7 Monitoring Device Environment Cable Diagnostic CPU Utilization Port Utilization Packet Size Packets Errors Port Access Control Browse ARP Table Browse VLAN Browse Router Port Browse MLD Router Port Browse Session Table IGMP Snooping Group MLD Snooping Group...

  • Page 191: Cable Diagnostic

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Cable Diagnostic The cable diagnostics feature is designed primarily for administrators or customer service representatives to verify and test copper cables; it can rapidly determine the quality of the cables and the types of error. To view the following window, click Monitoring >...
  • Page 192 ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 7 - 3. CPU Utilization window To view the CPU utilization by port, use the real-time graphic of the Switch and/or switch stack at the top of the web page by simply clicking on a port.

  • Page 193: Port Utilization

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Port Utilization Users can display the percentage of the total available bandwidth being used on the port. To view the following window, click Monitoring > Port Utilization: Figure 7 - 4. Port Utilization window To select a port to view these statistics for, select the port by using the Port pull-down menu.

  • Page 194: Packet Size

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Packet Size Users can display packets received by the Switch, arranged in six groups and classed by size, as either a line graph or a table. Two windows are offered. To select a port to view these statistics for, select the port by using the Port pull-down menu. The user may also use the real-time graphic of the Switch at the top of the web page by simply clicking on a port.
  • Page 195 ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Description Port Use the drop-down menu to choose the port that will display statistics. Time Interval Select the desired set ting between 1s and 60s, where "s" stands for seconds. The default value is one second.

  • Page 196: Packets

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Packets The Web manager allows various packet statistics to be viewed as either a line graph or a table. Six windows are offered. Received (RX) To select a port to view these statistics for, select the port by using the Port pull-down menu. The user may also use the real-time graphic of the Switch at the top of the web page by simply clicking on a port.
  • Page 197 ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch The following fields may be set or viewed: Parameter Description Port Use the drop-down menu to choose the port that will display statistics. Time Interval Select the desired setting between 1s and 60s, where "s" stands for seconds. The default value is one second.

  • Page 198: Umb_Cast (Rx)

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch UMB_cast (RX) To select a port to view these statistics for, select the port by using the Port pull-down menu. The user may also use the real-time graphic of the Switch at the top of the web page by simply clicking on a port. To view the following windows, click Monitoring >...

  • Page 199: Transmitted (Tx)

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Description Port Use the drop-down menu to choose the port that will display statistics. Time Interval Select the desired setting between 1s and 60s, where "s" stands for seconds. The default value is one second.
  • Page 200 ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 7 - 12. Transmitted (TX) Table window (for Bytes and Packets) The following fields may be set or viewed: Parameter Description Port Use the drop-down menu to choose the port that will display statistics. Time Interval Select the desired setting between 1s and 60s, where "s"...

  • Page 201: Errors

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Errors The Web manager allows port error statistics compiled by the Switch's management agent to be viewed as either a line graph or a table. Four windows are offered. Received (RX) To select a port to view these statistics for, select the port by using the Port pull-down menu.
  • Page 202 ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch The following fields can be set: Parameter Description Port Use the drop-down menu to choose the port that will display statistics. Time Interval Select the desired setting between 1s and 60s, where "s" stands for seconds. The default value is one second.

  • Page 203: Transmitted (Tx)

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Transmitted (TX) To select a port to view these statistics for, select the port by using the Port pull-down menu. The user may also use the real-time graphic of the Switch at the top of the web page by simply clicking on a port. To view the following windows, click Monitoring >...
  • Page 204 ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Description Port Use the drop-down menu to choose the port that will display statistics. Time Interval Select the desired setting between 1s and 60s, where "s" stands for seconds. The default value is one second.

  • Page 205: Port Access Control

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Port Access Control The following windows are used to monitor 802.1X statistics of the Switch, on a per port basis. To view the Port Access Control windows, open the Monitoring folder and click Port Access Control. There are seven monitoring windows in this section. Authenticator State The following section describes the 802.1x Status on the Switch.
  • Page 206 ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 7 - 18. Authenticator State window – MAC-Based 802.1X This window displays the Authenticator State for individual ports on a selected device. A polling interval between 1 and 60 seconds can be set using the drop-down menu at the top of the window and clicking OK.

  • Page 207: Authenticator Statistics

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Authenticator Statistics Users can display tatistics objects for the Authenticator PAE associated with each port. An entry appears in this table for each port that supports the Authenticator function. To view the following window, click Monitoring > Port Access Control > Authenticator Statistics: Figure 7 - 19.
  • Page 208 ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Tx Req The number of EAP Request frames (other than Rq/Id frames) that have been transmitted by this Authenticator. Rx RespId The number of EAP Resp/Id frames that have been received by this Authenticator. Rx Resp The number of valid EAP Response frames (other than Resp/Id frames) that have been received by this Authenticator.

  • Page 209: Authenticator Session Statistics

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Authenticator Session Statistics Users can display session statistics objects for the Authenticator PAE associated with each port. An entry appears in this table for each port that supports the Authenticator function. To view the following window, click Monitoring >...
  • Page 210 ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Frames Tx The number of user data frames transmitted on this port during the session. A unique identifier for the session, in the form of a printable ASCII string of at least three characters.

  • Page 211: Authenticator Diagnostics

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Authenticator Diagnostics Users can display diagnostic information regarding the operation of the Authenticator associated with each port. An entry appears in this table for each port that supports the Authenticator function. To view the following window, click Monitoring >...
  • Page 212 ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch successful authentication of the Supplicant (authSuccess = TRUE). Auth Timeout Counts the number of times that the state machine transitions from AUTHENTICATING to ABORTING, as a result of the Backend Authentication state machine indicating authentication timeout (authTimeout = TRUE).

  • Page 213: Radius Authentication

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch RADIUS Authentication Users can display information concerning the activity of the RADIUS authentication client on the client side of the RADIUS authentication protocol. To view the following window, click Monitoring > Port Access Control > RADIUS Authentication: Figure 7 - 22.

  • Page 214: Radius Account Client

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch server. AccessResponses The number of malformed RADIUS Access-Response packets received from this server. Malformed packets include packets with an invalid length. Bad authenticators or Signature attributes or known types are not included as malformed access responses. BadAuthenticators The number of RADIUS Access-Response packets containing invalid authenticators or Signature attributes received from this server.
  • Page 215 ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch addresses. Identifier The NAS-Identifier of the RADIUS accounting client. (This is not necessarily the same as sysName in MIB II.) ServerAddr The (conceptual) table listing the RADIUS accounting servers with which the client shares a secret.

  • Page 216: Browse Arp Table

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Browse ARP Table Users can display current ARP entries on the Switch. To search a specific ARP entry, enter an Interface Name or an IP Address at the top of the window and click Find. Click the Show Static button to display static ARP table entries. To clear the ARP Table, click Clear All.

  • Page 217: Browse Router Port

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Browse Router Port Users can display which of the Switch’s ports are currently configured as router ports. A router port configured by a user (using the console or Web-based management interfaces) is displayed as a static router port, designated by S. A router port that is dynamically configured by the Switch is designated by D, while a Forbidden port is designated by F.

  • Page 218: Browse Session Table

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Browse Session Table Users can display the management sessions since the Switch was last rebooted. To view the following window, click Monitoring > Browse Session Table: Figure 7 - 28. Browse Session Table window IGMP Snooping Group Users can view the Switch’s IGMP Snooping Group Table.

  • Page 219: Mld Snooping Group

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch MLD Snooping Group Users can view MLD Snooping Groups present on the Switch. MLD Snooping is an IPv6 function comparable to IGMP Snooping for IPv4. To view the following window, click Monitoring > MLD Snooping Group: Figure 7 - 30.

  • Page 220: Wac Authenticating State

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch WAC Authenticating State Users can display the current WAC authentication state and delete WAC authentication state settings. To view the following window, click Monitoring > WAC Authenticating State: Figure 7 - 31. WAC Authenticating State window The following fields and settings can be viewed: Parameter Description...

  • Page 221: Jwac Host Table

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch JWAC Host Table Users can display Japanese Web-based Access Control Host Table information. To view the following window, click Monitoring > JWAC Host Table: Figure 7 - 32. JWAC Host Table window The following fields and settings can be viewed: Parameter Description...

  • Page 222: Mac Address Table

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch MAC Address Table This allows the Switch's dynamic MAC address forwarding table to be viewed. When the Switch learns an association between a MAC address and a port number, it makes an entry into its forwarding table. These entries are then used to forward packets through the Switch.

  • Page 223: System Log

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch System Log Users can view the history log as compiled by the Switch's management agent. To view the following window, click Monitoring > System Log: Figure 7 - 34. System Log window The Switch can record event information in its own logs, to designated SNMP trap receiving stations, and to the PC connected to the console manager.

  • Page 224: Mac-Based Access Control Authentication State

    ® xStack DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch MAC-based Access Control Authentication State Users can display MAC-based Access Control Authentication State information. To view the following window, click Monitoring > MAC-based Access Control Authentication State: Figure 7 - 35. MAC-based Access Control Authentication State window To display MAC-based Access Control Authentication State information, select a port using the Port drop-down menu and then click Apply.

  • Page 225: Save Services And Tools

    Section 8 Save Services and Tools Save Configuration ID 1 Save Configuration ID 2 Save Log Save All Configuration File Backup & Restore Upload Log File Reset Download Firmware Reboot System The four Save windows include: Save Configuration 1, Save Configuration 2, Save Log, and Save All. Each version of the window will aid the user in saving configurations to the Switch’s memory.

  • Page 226: Save Configuration Id 2

    Save Configuration ID 2 Open the Save drop-down menu at the top of the Web manager and click Save Configuration ID 2 to open the following window: Figure 8 - 2. Save Configuration ID 2 window Save Log Open the Save drop-down menu at the top of the Web manager and click Save Log to open the following window: Figure 8 - 3.

  • Page 227: Configuration File Backup & Restore

    Configuration File Backup & Restore The Switch supports dual image storage for configuration file backup and restoration. The firmware and configuration images are indexed by ID number 1 or 2. To change the boot firmware image, use the Configuration ID drop-down menu to select the desired configuration file to backup or restore.

  • Page 228: Download Firmware

    Download Firmware The following window is used to download firmware for the Switch. Figure 8 - 8. Download Firmware window Enter the Server IP address in the first field and and specify the path/file name of the firmware in the third field. Select either IPv4 or IPv6.

  • Page 229: Appendix A - Mitigating Arp Spoofing Attacks Using Packet Content Acl

    LAN (known as ARP spoofing). This document is intended to introduce the ARP protocol, ARP spoofing attacks, and the countermeasures brought by D-Link’s switches to thwart ARP spoofing attacks. In the process of ARP, PC A will first issue an ARP request to query PC B’s MAC address. The network structure is shown in Figure 1.
  • Page 230 Figure 2 When the switch floods the frame of ARP request to the network, all PCs will receive and examine the frame but only PC B will reply the query as the destination IP matched (see Figure 3). Figure 3 When PC B replies to the ARP request, its MAC address will be written into “Target H/W Address”...
  • Page 231 The switch will also examine the “Source Address” of the Ethernet frame and find that the address is not in the Forwarding Table. The switch will learn PC B’s MAC and update its Forwarding Table. Forwarding Table Port1 00-20-5C-01-11-11 Port2 00-20-5C-01-22-22...

  • Page 232: How Arp Spoofing Attacks A Network

    How ARP Spoofing Attacks a Network ARP spoofing, also known as ARP poisoning, is a method to attack an Ethernet network which may allow an attacker to sniff data frames on a LAN, modify the traffic, or stop the traffic altogether (known as a Denial of Service – DoS attack). The principle of ARP spoofing is to send the fake, or spoofed ARP messages to an Ethernet network.

  • Page 233: Prevent Arp Spoofing Via Packet Content Acl

    Figure 5 Prevent ARP Spoofing via Packet Content ACL D-Link managed switches can effectively mitigate common DoS attacks caused by ARP spoofing via a unique Package Content ACL. For the reason that basic ACL can only filter ARP packets based on packet type, VLAN ID, Source, and Destination MAC information, there is a need for further inspections of ARP packets.
  • Page 234 Configuration The configuration logic is as follows: 1. Only if the ARP matches Source MAC address in Ethernet, Sender MAC address and Sender IP address in ARP protocol can pass through the switch. (In this example, it is the gateway’s ARP.) 2.

  • Page 236: Appendix B - Switch Log Entries

    Appendix B – Switch Log Entries The following table lists all possible entries and their corresponding meanings that will appear in the System Log of this Switch. Category Event Description Log Information Severity Remark System started up Unit <unitID>, System started System Critical Configuration saved to...
  • Page 237 Configuration successfully Configuration "by console" and "IP": <ipaddr>, successfully uploaded uploaded by console MAC: <macaddr>" are XOR (Username: <username>, IP: shown in log string, which Informational <ipaddr>, MAC: <macaddr>) means if user login by console, will no IP and MAC information for logging Configuration upload Configuration upload by...
  • Page 238 Login failed through Web Login failed through Web (SSL) (SSL) (Username: Warning <username>, IP: <ipaddr>, MAC: <macaddr>) Logout through Web (SSL) Logout through Web (Username: <username>, IP: (SSL) Informational <ipaddr>, MAC: <macaddr>) Web (SSL) session Web (SSL) session timed out (Username: <username>, IP: timed out Informational...
  • Page 239 SSH server is enabled SSH server is enabled Informational SSH server is disabled SSH server is disabled Informational Authentication Policy is Authentication Policy Informational enabled (Module: AAA) is enabled Authentication Policy Authentication Policy is Informational is disabled disabled (Module: AAA) Successful login through Successful login through Console...
  • Page 240 AAA local method AAA local method (Username: <username>, MAC: <macaddr>) Successful login Successful login through through Console Console authenticated by Informational authenticated by AAA AAA none method (Username: none method <username>) Successful login through Web Successful login from <userIP> authenticated through Web authenticated by AAA by AAA none method...
  • Page 241 <macaddr>) Successful login Successful login through through Web (SSL) Web(SSL) from <userIP> authenticated by AAA server authenticated by AAA Informational <serverIP> (Username: server <username>, MAC: <macaddr>) Login failed through Login failed through Web (SSL) from <userIP> Web (SSL) authenticated by AAA server authenticated by AAA Warning <serverIP>...
  • Page 242 (Username: <username>, MAC: <macaddr>) Successful Enable Successful Enable Admin Admin through Telnet through Telnet from <userIP> authenticated by AAA authenticated by AAA Informational local_enable method local_enable method (Username: <username>, MAC: <macaddr>) Successful Enable Successful Enable Admin through SSH from <userIP> Admin through SSH authenticated by AAA authenticated by AAA...
  • Page 243 Enable Admin failed through Enable Admin failed through Console Console authenticated by Warning authenticated by AAA AAA server <serverIP> server (Username: <username>) Enable Admin failed through Enable Admin failed Console due to AAA server through Console due to AAA server timeout or timeout or improper Warning improper configuration...
  • Page 244 Enable Admin failed through Enable Admin failed through Telnet due to Telnet from <userIP> due to AAA server timeout or AAA server timeout or Warning improper configuration improper configuration (Username: <username>, MAC: <macaddr>) Successful Enable Successful Enable Admin Admin through SSH through SSH from <userIP>...
  • Page 245 Safeguard Safeguard Engine is in Safeguard Engine enters Informational normal mode Engine NORMAL mode Safeguard Engine is in Safeguard Engine enters Warning filtering packet mode EXHAUSTED mode Port <unitID:portNum> Packet Broadcast strom Warning Broadcast storm is occurring Storm occurrence Broadcast storm Port <unitID:portNum>...
  • Page 246 stand-alone device port Ingress bandwidth assigned from <portNum> RADIUS server after Radius server <ipaddr> stackable device Port: RADIUS client assigned ingress <unitID:portNum> authenticated by bandwith :<ingressBandwidth Informational > to port <[unitID:]portNum> RADIUS server (account : <username>) successfully. This Ingress bandwidth will assign to the port.

  • Page 247: Appendix C - Trap Logs

    Appendix C – Trap Logs This table lists the trap logs found on the DGS-3200 Series Switches. MACNotifyTrap This trap indicates the MAC address 1.3.6.1.4.1.171.11.101.1.2.100.1.2.0.1 variations in the address table. PortSecVioTrap When the port security trap is 1.3.6.1.4.1.171.11.101.1.2.100.1.2.0.2 enabled, new MAC addresses that violate the pre-defined port security configuration will...
  • Page 248 This trap is sent when an illegal 1.3.6.1.4.1.171.12.37.100.0.1 FilterDetectedTrap DHCP server is detected. The same illegal DHCP server IP address detected is just sent once to the trap receivers within the log ceasing unauthorized duration. SingleIPMSColdStart The commander switch will send 1.3.6.1.4.1.171.12.8.6.0.11 swSingleIPMSColdStart notification...
  • Page 249 A linkDown trap signifies that the 1.3.6.1.6.3.1.1.5.3 linkDown sending protocol entity recognizes a failure in one of the communication links represented in the agent's configuration. A linkUp trap signifies that the 1.3.6.1.6.3.1.1.5.4 linkUp sending protocol entity recognizes that one of the communication links represented agent's configuration has come up.

  • Page 250: Appendix D - Password Recovery Procedure

    This document will explain how the Password Recovery feature can help network administrators reach this goal. The following steps explain how to use the Password Recovery feature on D-Link devices to easily recover passwords. Complete these steps to reset the password: For security reasons, the Password Recovery feature requires the user to physically access the device.

  • Page 251: Appendix E - Glossary

    Appendix E – Glossary 1000BASE-SX: A short laser wavelength on multimode fiber optic cable for a maximum length of 2 kilometers. 1000BASE-LX: A long wavelength for a "long haul" fiber optic cable for a maximum length of 10 kilometers. 100BASE-FX: 100Mbps Ethernet implementation over fiber. 100BASE-TX: 100Mbps Ethernet implementation over Category 5 and Type 1 Twisted Pair cabling.
  • Page 252 latency: The delay between the time a device receives a packet and the time the packet is forwarded out of the destination port. line speed: See baud rate. main port: The port in a resilient link that carries data traffic in normal operating conditions. MDI - Medium Dependent Interface: An Ethernet port connection where the transmitter of one device is connected to the receiver of another device.

  • Page 253: Warranty & Support

    The customer must submit with the product as part of the claim a written description of the Hardware defect or Software nonconformance in sufficient detail to allow D-Link to confirm the same, along with proof of purchase of the product (such as a copy of the dated purchase invoice for the product).
  • Page 254 D-Link Corporation/D-Link Systems, Inc., as stipulated by the United States Copyright Act of 1976 and any amendments thereto. Contents are subject to change without prior notice. Copyright 2009 by D-Link Corporation/D-Link Systems, Inc.

  • Page 255: Product Registration

    Product Registration Register your D-Link product online at http://support.dlink.com/register/ Product registration is entirely voluntary and failure to complete or return this form will not diminish your warranty rights.
  • Page 256 Such repair or replacement will be rendered by D-Link at an Authorized D-Link Service Office. The replacement Hardware need not be new or of an identical make, model or part; D-Link may in its discretion replace the defective Hardware (or any part thereof) with any reconditioned product that D- Link reasonably determines is substantially equivalent (or superior) in all material respects to the defective Hardware.
  • Page 257 Submitting A Claim. Any claim under this limited warranty must be submitted in writing before the end of the Warranty Period to an Authorized D-Link Service Office. The claim must include a written description of the Hardware defect or Software nonconformance in sufficient detail to allow D-Link to confirm the same.

  • Page 258: Fcc Warning

    DEFECTIVE OR NON-CONFORMING PRODUCT. GOVERNING LAW: This Limited Warranty shall be governed by the laws of the state of Singapore. Trademarks D-Link is a registered trademark of D-Link Corporation/ D-Link International Ptd Ltd. All other trademarks belong to their respective proprietors. Copyright Statement...

  • Page 259: Tech Support

    You can find software updates and user documentation on the D- Link website. D-Link provides free technical support for customers within the United States and within Canada for the duration of the service period, and warranty confirmation service, during the warranty period on this product.

  • Page 260: Technical Support

    Technical Support United Kingdom (Mon-Fri) Home Wireless/Broadband 0871 873 3000 (9.00am–06.00pm, Sat 10.00am-02.00pm) Managed, Smart, & Wireless Switches, or Firewalls 0871 873 0909 (09.00am – 05.30pm) (BT 10ppm, other carriers may vary.) Ireland (Mon-Fri) All Products 1890 886 899 (09.00am-06.00pm, Sat 10.00am-02.00pm) €0.05ppm peak, €0.045ppm off peak Times Internet http://www.dlink.co.uk...

  • Page 261: Assistance Technique

    Assistance technique Assistance technique D-Link par téléphone : 0 820 0803 03 0,12 €/min la minute : Lundi – Vendredi de 9h à 13h et de 14h à 19h Samedi 9h à 13h et de 14h à 16h Assistance technique D-Link sur internet : http://www.dlink.fr...

  • Page 262: Pomoc Techniczna

    Pomoc techniczna Telefoniczna pomoc techniczna firmy D-Link: 0 801 022 021 Pomoc techniczna firmy D-Link świadczona przez Internet: URL: http://www.dlink.pl e-mail: serwis@dlink.pl Technická podpora Web: http://www.dlink.cz/suppport/ E-mail: support@dlink.cz Telefon: 225 281 553 Telefonická podpora je v provozu: PO- PÁ od 09.00 do 17.00 Land Line 1,78 CZK/min - Mobile 5.40 CZK/min...
  • Page 263 Teknistä tukea asiakkaille Suomessa: Arkisin klo. 9 - 21 numerosta : 06001 5557 Internetin kautta : http://www.dlink.fi Teknisk Support D-Link Teknisk Support via telefon: 0900-100 77 00 Vardagar 08.00-20.00 D-Link Teknisk Support via Internet: http://www.dlink.se Assistência Técnica Assistência Técnica da D-Link na Internet: http://www.dlink.pt...
  • Page 264 D-Link - ovo spletno stran www.dlink.eu www.dlink.biz/sl Suport tehnica Vă mulţumim pentru alegerea produselor D-Link. Pentru mai multe informaţii, suport şi manuale ale produselor vă rugăm să vizitaţi site-ul D-Link www.dlink.eu www.dlink.ro...
  • Page 265 Technical Support You can find software updates and user documentation on the D-Link website. Tech Support for customers in Australia: Tel: 1300-766-868 24/7(24Hrs, 7days a week) technical support http://www.dlink.com.au e-mail: support@dlink.com.au India: Tel: 1800-222-002 9.00 AM to 9.00 PM. All days http://www.dlink.co.in/support/productsupport.aspx...
  • Page 266 Technical Support You can find software updates and user documentation on the D-Link website. Tech Support for customers in Egypt: Tel: +202-2919035 or +202-2919047 Sunday to Thursday 9:00am to 5:00pm http://support.dlink-me.com Email: support.eg@dlink-me.com Iran: Te: +98-21-88880918,19 Saturday to Thursday 9:00am to 5:00pm http://support.dlink-me.com...
  • Page 267 Техническая поддержка Обновления программного обеспечения и документация доступны на Интернет-сайте D-Link. D-Link предоставляет бесплатную поддержку для клиентов в течение гарантийного срока. Клиенты могут обратиться в группу технической поддержки D-Link по телефону или через Интернет. Техническая поддержка D-Link: +7(495) 744-00-99 Техническая поддержка через Интернет...
  • Page 268 SOPORTE TÉCNICO Usted puede encontrar actualizaciones de softwares o firmwares y documentación para usuarios a través de nuestro sitio www.dlinkla.com SOPORTE TÉCNICO PARA USUARIOS EN LATINO AMERICA Soporte técnico a través de los siguientes teléfonos de D-Link PAIS NUMERO HORARIO...
  • Page 269 Você pode encontrar atualizações de software e documentação de usuário no site da D-Link Brasil. A D-Link fornece suporte técnico gratuito para clientes no Brasil durante o período de vigência da garantia deste produto. Suporte Técnico para clientes no Brasil: Telefone São Paulo +11-2185-9301...
  • Page 270 D-Link D-Link...
  • Page 271 Dukungan Teknis Update perangkat lunak dan dokumentasi pengguna dapat diperoleh pada situs web D-Link. Dukungan Teknis untuk pelanggan: Dukungan Teknis D-Link melalui telepon: Tel: +62-21-5731610 Dukungan Teknis D-Link melalui Internet: Email : support@dlink.co.id Website : http://support.dlink.co.id...
  • Page 272 Technical Support この度は弊社製品をお買い上げいただき、誠にありがとうご ざいます。 下記弊社 Web サイトからユーザ登録及び新製品登録を 行っていただくと、ダウンロードサービスにて サポート情報、ファームウェア、ユーザマニュアルを ダウンロードすることができます。 ディーリンクジャパン Web サイト URL:http://www.dlink-jp.com...
  • Page 273 技术支持 您可以在 D-Link 的官方網站找到產品的軟件升級和使用手冊 办公地址:北京市东城区北三环东路 36 号 环球贸易中心 B 座 26F 02-05 室 邮编: 100013 技术支持中心电话:8008296688/ (028)66052968 技术支持中心传真:(028)85176948 维修中心地址:北京市东城区北三环东路 36 号 环球贸易中心 B 座 26F 02-05 室 邮编: 100013 维修中心电话:(010) 58257789 维修中心传真:(010) 58257790 网址:http://www.dlink.com.cn 办公时间:周一到周五,早09:00到晚18:00...

This manual is also suitable for:

Dgs-3200-24 - xstack switch - stackableXstack dgs-3200-10Xstack dgs-3200 series

Table of Contents