Page 1: User Manual
® User Manual DES-3200-10/18/28/28F Product Model: Layer 2 Managed Ethernet Switch Release 1.1...
Page 2 © 2009 D-Link Corporation. All rights reserved. Reproduction in any manner whatsoever without the written permission of D-Link Corporation is strictly forbidden. Trademarks used in this text: D-Link and the D-LINK logo are trademarks of D-Link Corporation; Microsoft and Windows are registered trademarks of Microsoft Corporation.
Page 3: Table Of Contents
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Table of Contents Intended Readers ............................... viii Typographical Conventions..............................viii Notes, Notices, and Cautions ............................. viii Web-based Switch Configuration ....................9 Introduction ................................... 9 Login to Web Manager ................................9 ...
Page 4 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual SMTP Settings ................................35 SMTP Service Settings ................................35 SMTP Service ..................................36 MAC Notification Settings ............................36 MAC Notification Global Settings ............................. 36 ...
Page 5 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual VLAN Trunk Settings ..............................71 GVRP Settings ................................72 Asymmetric VLAN Settings ............................73 MAC-based VLAN Settings ............................73 PVID Auto Assign Settings ............................74 ...
Page 6 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Priority Mapping ................................ 112 TOS Mapping ................................113 DSCP Mapping ................................. 114 Security ............................115 Safeguard Engine ..............................115 Trusted Host ................................117 IP-MAC-Port Binding ..............................117 ...
Page 7 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual MAC-based Access Control Local Settings ........................... 148 DoS Prevention Settings ............................149 ACL ............................. 150 ACL Configuration Wizard ............................150 Access Profile List ..............................151 CPU Interface Filtering ............................. 168 ...
Page 8 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Browse Session Table .............................. 211 MAC Address Table ..............................211 System Log ................................212 Save and Tools ........................... 213 Save Configuration ..............................213 Save Log ................................... 214 ...
Page 9: Intended Readers
DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Intended Readers The DES-3200-10/18/28/28F User Manual contains information for setup and management of the Switch. This manual is intended for network managers familiar with network management concepts and terminology. Typographical Conventions...
Page 10: Web-Based Switch Configuration
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Section 1 Web-based Switch Configuration Introduction Login to Web Manager Web-based User Interface Web Pages Introduction All software functions of the Switch can be managed, configured and monitored via the embedded web-based (HTML) interface.
Page 11: Web-Based User Interface
Select the folder or window to be displayed. The folder icons can be opened to display the Area 1 hyperlinked window buttons and subfolders contained within them. Click the D-Link logo to go to the D-Link website. Presents a graphical near real-time image of the front panel of the Switch. This area displays the...
Page 12: Web Pages
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual NOTICE: Any changes made to the Switch configuration during the current session must be saved in the Save Configuration window (Save > Save Configuration) or use the command line interface (CLI) command save config.
Page 13: Configuration
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Section 2 Configuration Device Information System Information Serial Port Settings IP Address Settings IPv6 Interface Settings IPv6 Route Settings IPv6 Neighbor Settings Port Configuration Static ARP Settings User Accounts System Log Configuration...
Page 14: Device Information
This window contains the main settings for all major functions on the Switch and appears automatically when you log on. To return to the Device Information window, click the DES-3200-10/18/28/28F folder. The Device Information window shows the Switch’s MAC Address (assigned by the factory and unchangeable), the Boot PROM Version, Firmware Version, the Hardware Version, and other information about different settings on the Switch.
Page 15: Serial Port Settings
The IP address may initially be set using the console interface prior to connecting to it through the Ethernet. If the Switch IP address has not yet been changed, read the introduction of the DES-3200-10/18/28/28F CLI Reference Manual for more information.
Page 16 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual 4. If no VLANs have been previously configured on the Switch, you can use the default Management VLAN Name. The default VLAN contains all of the Switch ports as members. If VLANs have been previously configured on the Switch, the Management VLAN Name of the VLAN that contains the port connected to the management station will have to be entered to access the Switch.
Page 17: Ipv6 Address Settings
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual IPv6 Address Settings Users can display the Switch’s current IPv6 interface settings. To view the following window, click Configuration > IPv6 Interface Settings: Figure 2 - 5. IPv6 Interface Settings window To configure IPv6 interface settings, enter an IPv6 Address and click Apply.
Page 18: Ipv6 Route Settings
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Parameter Description The name of the IPv6 interface being displayed or modified. Interface Name Display the VLAN name of the IPv6 interface. VLAN Name Display the current administrator state. Admin. State Enter the IPv6 address of the interface to be modified.
Page 19: Port Configuration
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Parameter Description Enter the name of the IPv6 neighbor. To search for all the current interfaces on the Switch, go to Interface Name the second Interface Name field in the middle part of the window, tick the All check box, and then click the Find button.
Page 20 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Parameter Description Use the pull-down menus to select the port or range of ports to be configured. From Port/To Port Toggle this field to either enable or disable a given port or group of ports.
Page 21: Port Description Settings
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Port Description Settings The Switch supports a port description feature where the user may name various ports on the Switch. To view the following window, click Configuration > Port Configuration > Port Description Settings: Figure 2 - 9.
Page 22: Static Arp Settings
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Figure 2 - 10. Port Error Disabled window The following parameters are displayed: Parameter Description Displays the port that has been error disabled. Port Describes the current running state of the port, whether Enabled or Disabled.
Page 23: User Accounts
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual User Accounts Use this window to control user privileges, create new users, and view existing User Accounts. To view this window, click Configuration > User Accounts: Figure 2 - 12. User Accounts window...
Page 24: System Log Configuration
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual User Account Management Add/Update/Delete User Accounts View User Accounts Table 2 - 1. Admin and User Privileges System Log Configuration This section contains information for configuring various attributes and properties for System Log Configurations, including System Log Settings and System Log Host.
Page 25 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Parameter Description Syslog server settings index (1-4). Server ID This drop-down menu allows you to select the level of messages that will be sent. The options Severity are Warning, Informational, and All.
Page 26: Dhcp Relay
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual DHCP Relay The relay hops count limit allows the maximum number of hops (routers) that the DHCP messages can be relayed through to be set. If a packet’s hop count is equal to or more than the hop count limit, the packet is dropped. The range is between 1 and 16 hops, with a default value of 4.
Page 27 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual check and policy settings will have no effect. This field can be toggled between Enabled and Disabled using the pull-down menu. It is DHCP Relay Agent used to enable or disable the Switches ability to check the validity of the packet’s option 82 Information Option 82 field.
Page 28 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Circuit ID sub-option format: VLAN Module Port 1 byte 1 byte 1 byte 1 byte 2 bytes 1 byte 1 byte a. Sub-option type b. Length c. Circuit ID type d.
Page 29: Dhcp Relay Interface Settings
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual DHCP Relay Interface Settings This window allows the user to set up a server, by IP address, for relaying DHCP/ BOOTP information to the Switch. The user may enter a previously configured IP interface on the Switch that will be connected directly to the DHCP server using the following window.
Page 30: Dhcp Auto Configuration Settings
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual This is used to enable or disable the DHCP local relay for the specified VLAN. State DHCP Auto Configuration Settings The DHCP automatic configuration function on the Switch will load a previously saved configuration file for current use.
Page 31: Telnet Settings
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Telnet Settings Telnet configuration is Enabled by default. If you do not want to allow configuration of the system through Telnet choose Disabled. The TCP ports are numbered between 1 and 65535. The "well-known" TCP port for the Telnet protocol is 23.
Page 32: Firmware Information
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Firmware Information Information about current firmware images stored on the Switch can be viewed. To access this window, click Configuration > Firmware Information: Figure 2 - 25. Firmware Information window...
Page 33: Sntp Settings
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual SNTP Settings The SNTP Settings folder offers two windows: Time Settings and Time Zone Settings. Time Settings To configure the time settings for the Switch, click Configuration > SNTP Settings > Time Settings: Figure 2 - 26.
Page 34: Time Zone Settings
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Time Zone Settings The following window is used to configure time zones and Daylight Savings Time settings for SNTP. To configure the time zone settings for the Switch, click Configuration > SNTP Settings > Time Zone Settings: Figure 2 - 27.
Page 35 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Enter the day of the week that DST will start on. From: Day of the Week Enter the month DST will start on. From: Month Enter the time of day that DST will start on.
Page 36: Smtp Settings
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual SMTP Settings SMTP or Simple Mail Transfer Protocol is a function of the Switch that will send switch events to mail recipients based on e-mail addresses entered in the window below. The Switch is to be configured as a client of SMTP while the server is a remote device that will receive messages from the Switch, place the appropriate information into an e-mail and deliver it to recipients configured on the Switch.
Page 37: Smtp Service
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual SMTP Service This window is used to test the SMTP Service Settings configured in the previous window. To view the following window, click Configuration > SMTP Service: Figure 2 - 29. SMTP Service window To test to see if the SMTP settings are working properly, enter a Subject, Content, and then click the Send button.
Page 38: Snmp Settings
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Figure 2 - 31. MAC Notification Port Settings window The following parameters may be modified: Parameter Description Select a port or group of ports to enable for MAC notification using the pull-down menus.
Page 39: Snmp View Table
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual SNMPv3 uses a more sophisticated authentication process that is separated into two parts. The first part is to maintain a list of users and their attributes that are allowed to act as SNMP managers. The second part describes what each user on that list can do as an SNMP manager.
Page 40: Snmp Group Table
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Parameter Description Type an alphanumeric string of up to 32 characters. This is used to identify the new SNMP View Name view being created. Type the Object Identifier (OID) Subtree for the view. The OID identifies an object tree (MIB Subtree OID tree) that will be included or excluded from access by an SNMP manager.
Page 41: Snmp User Table
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual centralized and distributed network management strategies. It includes improvements in the Structure of Management Information (SMI) and adds some security features. SNMPv3 - Specifies that the SNMP version 3 will be used. SNMPv3 provides secure access to devices through a combination of authentication and encrypting packets over the network.
Page 42: Snmp Community Table
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual None - Indicates that no authorization protocol is in use. Priv-Protocol by Password DES - Indicates that DES 56-bit encryption is in use based on the CBC-DES (DES-56) standard. MD5 - Indi cates that the HMAC-MD5-96 authentication level will be used.
Page 43: Snmp Host Table
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual SNMP Host Table Use the SNMP Host Table w indow to set up SNMP trap recipients. To configure SNMP Host Table entries, click Configuration > SNMP Settings > SNMP Host Table Figure 2 - 36.
Page 44: Snmp Trap Configuration
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual SNMP Trap Configuration The following window is used to enable and disable trap settings for the SNMP function on the Switch. To view this window for configuration, click Configuration > SNMP Settings > SNMP Trap Configuration: Figure 2 - 38.
Page 45: Time Range Settings
Figure 2 - 40. Time Range Settings window Single IP Management Simply put, D-Link Single IP Management is a concept that will stack switches together over Ethernet instead of using stacking ports or modules. There are some advantages in implementing the "Single IP Management" feature: 1.
Page 46 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual It is connected to the CS through the CS management VLAN. 3. Candidate Switch (CaS) - This is a switch that is ready to join a SIM group but is not yet a member of the SIM group.
Page 47: Single Ip Settings
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Single IP Settings All switches are set as Candidate (CaS) switches as their factory default configuration and Single IP Management will be disabled. To enable SIM for the Switch using the Web interface, click Configuration > Single IP Managemnet > Single IP Settings which will reveal the following window: Figure 2 - 41.
Page 48: Topology
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual After enabling the Switch to be a Commander Switch (CS), the Single IP Management folder will then contain four added links to aid the user in configuring SIM through the Web, including Topology, Firmware Upgrade and Configuration File Backup/Restore and Upload Log File.
Page 49 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Displays the full model name of the corresponding Switch. Model Name To view the Topology Map, click the View menu in the toolbar and then Topology, which will produce the following window.
Page 50: Tool Tips
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Non-SIM devices Tool Tips In the Topology view window, the mouse plays an important role in configuration and in viewing device information. Setting the mouse cursor over a specific device in the topology window (tool tip) will display the same information about a specific device as the Tree view does.
Page 51: Right-Click
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Right-Click Right-clicking on a device will allow the user to perform various functions, depending on the role of the Switch in the SIM group and the icon associated with it.
Page 52: Commander Switch Icon
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Commander Switch Icon Figure 2 - 49. Right-Clicking a Commander Icon The following options may appear for the user to configure: Collapse - To collapse the group that will be represented by a single icon.
Page 53: Menu Bar
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Add to group - Add a candidate to a group. Clicking this option will reveal the following dialog for the user to enter a password for authentication from the Candidate Switch before being added to the SIM group.
Page 54: Firmware Upgrade
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Help About - Will display the SIM information, including the current SIM version. Figure 2 - 55. About window Firmware Upgrade This window is used to upgrade firmware from the Commander Switch to the Member Switch. Member Switches will be listed in the table and will be specified by ID and Port (port on the CS where the MS resides), MAC Address, Model Name and Firmware Version.
Page 55: Upload Log File
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Upload Log File The following window is used to upload log files from SIM member switches to a specified PC. To upload a log file, enter the Server IP address of the SIM member switch and then enter a Path\Filename on your PC where you wish to save this file.
Page 56: Gratuitous Arp Settings
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Gratuitous ARP Settings This window allows you to have more detailed settings for the Gratuitous ARP. To view this window, click Configuration > Gratuitous ARP > Gratuitous ARP Settings: Figure 2 - 60. Gratuitous ARP Settings window...
Page 57: Arp Spoofing Prevention Settings
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual ARP Spoofing Prevention Settings ARP spoofing, also known as ARP poisoning, is a method to attack an Ethernet network which may allow an attacker to sniff data frames on a LAN, modify the traffic, or stop the traffic altogether (known as a Denial of Service - DoS attack).
Page 58: L2 Features
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Section 3 L2 Features Jumbo Frame 802.1Q Static VLAN Q-in-Q 802.1v Protocol VLAN VLAN Trunk Settings GVRP Settings Asymmetric VLAN Settings MAC-based VLAN Settings PVID Auto Assign Settings Port Trunking...
Page 59: Vlans
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual VLANs Understanding IEEE 802.1p Priority Priority tagging is a function defined by the IEEE 802.1p standard designed to provide a means of managing traffic on a network where many different types of data may be transmitted simultaneously. It is intended to alleviate problems associated with the delivery of time critical data over congested networks.
Page 60: Ieee 802.1Q Vlans
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual IEEE 802.1Q VLANs Some relevant terms: Tagging - The act of putting 802.1Q VLAN information into the header of a packet. Untagging - The act of stripping 802.1Q VLAN information out of the packet header.
Page 61: Port Vlan Id
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Figure 3 - 3. IEEE 802.1Q Tag The EtherType and VLAN ID are inserted after the MAC source address, but before the original EtherType/Length or Logical Link Control. Because the packet is now a bit longer than it was originally, the Cyclic Redundancy Check (CRC) must be recalculated.
Page 62: Tagging And Untagging
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Every physical port on a switch has a PVID. 802.1Q ports are also assigned a PVID, for use within the Switch. If no VLANs are defined on the Switch, all ports are then assigned to a default VLAN with a PVID equal to 1. Untagged packets are assigned the PVID of the port on which they were received.
Page 63: Q-In-Q Vlans
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual NOTE: If no VLANs are configured on the Switch, then all packets will be forwarded to any destination port. Packets with unknown source addresses will be flooded to all ports.
Page 64 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual over 4000 VLANs can be placed, therefore greatly expanding the VLAN network and enabling greater support of customers utilizing multiple VLANs on the network. Q-in-Q VLANs are basically VLAN tags placed within existing IEEE 802.1Q VLANs which we will call SPVIDs (Service Provider VLAN IDs).
Page 65: 802.1Q Static Vlan
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual 2. All ports must be configured as Access Ports or Uplink ports. Access ports can only be Ethernet ports while Uplink ports must be Gigabit ports. 3. Provider Edge switches must allow frames of at least 1522 bytes or more, due to the addition of the SPVID tag.
Page 66 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Figure 3 - 7. 802.1Q Static VLAN window – Add/Edit VLAN tab (Add) To return to the initial 802.1Q Static VLAN window, click the VLAN List tab at the top of the window. To change an existing 802.1Q static VLAN entry, click the corresponding Edit button.
Page 67 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual VLAN Name should be no more than 32 characters in length. Enabling this function will allow the Switch to send out GVRP packets to outside sources, Advertisement notifying that they may join the existing VLAN.
Page 68: Q-In-Q
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Figure 3 - 10. 802.1Q Static VLAN window – VLAN Batch Settings tab The following fields can be set in the VLAN Batch Settings tab: Parameter Description Enter a VLAN ID List that can be added, deleted or configured.
Page 69: Q-In-Q Settings
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Q-in-Q Settings To view this window, click L2 Features > Q-in-Q > Q-in-Q Settings: Figure 3 - 11. Q-in-Q Settings window The following fields can be set: Parameter Description Click the radio button to enable or disable the Q-in-Q Global Settings.
Page 70: Vlan Translation Settings
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual VLAN Translation Settings VLAN translation translates the VLAN ID carried in the data packets it receives from private networks into those used in the Service Providers network. To view this window click L2 Features > Q-in-Q > VLAN Translation CVID Entry Settings: Figure 3 - 12.
Page 71: 802.1V Protocol Vlan Settings
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Parameter Description Select an ID number for the group, between 1 and 16. Group ID (1-16) This is used to identify the new Protocol VLAN group. Type an alphanumeric string of up to 32 Group Name characters.
Page 72: Vlan Trunk Settings
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Select the specified ports you wish to configure by entering the port number in this field, or tick Port List (e.g.: 1-6) the Select All Ports box. This function allows the user to search all previously configured port list settings and display Search Port List them on the lower half of the table.
Page 73: Gvrp Settings
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual GVRP Settings This window allows the user to determine whether the Switch will share its VLAN configuration information with other GARP VLAN Registration Protocol (GVRP) enabled switches. In addition, Ingress Checking can be used to limit traffic by filtering incoming packets whose PVID do not match the PVID of the port.
Page 74: Asymmetric Vlan Settings
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual the port to compare the VID tag of an incoming packet with the PVID number assigned to the port. If the two are different, the port filters (drops) the packet. Disabled disables ingress fil- tering.
Page 75: Pvid Auto Assign Settings
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual PVID Auto Assign Settings This enables or disables PVID Auto Assign on the Switch. PVID is the VLAN that the switch will use for forwarding and filtering purposes. If PVID Auto-Assign is Enabled, PVID will be possibly changed by previously set PVID or VLAN configurations.
Page 76 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual NOTE: If any ports within the trunk group become disconnected, packets intended for the disconnected port will be load shared among the other unlinked ports of the link aggregation group.
Page 77: Lacp Port Settings
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Choose the members of a trunked group. Up to eight ports per group can be assigned to a (Member) Ports group. These ports are designated for flooding broadcast, multicast, and DLF (unicast Destination Flooding Ports Lookup Fail) packets from the CPU in a trunk group.
Page 78: Traffic Segmentation
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Traffic Segmentation Traffic segmentation is used to limit traffic flow from a single port to a group of ports on the Switch. This method of segmenting the flow of traffic is similar to using VLANs to limit traffic, but is more restrictive. It provides a method of directing traffic that does not increase the overhead of the Switch CPU.
Page 79: Bpdu Tunneling Settings
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual BPDU Tunneling Settings To view this window, click L2 Features > BPDU Tunneling Settings: Figure 3 - 24. BPDU Tunneling Settings window IGMP Snooping Internet Group Management Protocol (IGMP) snooping allows the Switch to recognize IGMP queries and reports sent between network stations or devices and an IGMP host.
Page 80 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Figure 3 - 26. IGMP Snooping Settings (Edit) window The following fields can be set. Parameter Description This is the VLAN ID that, along with the VLAN Name, identifies the VLAN for which the user VLAN ID wishes to modify the IGMP Snooping Settings.
Page 81: Igmp Access Control Settings
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Figure 3 - 27. IGMP Snooping Router Ports Settings window Select the desired member ports and click Apply. Click <<Back to go back to the IGMP Snooping Settings window. IGMP Access Control Settings This window is used to configure IGMP Access Control settings on the Switch.
Page 82: Igmp Snooping Multicast Vlan Settings
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual IGMP Snooping Multicast VLAN Settings This window is used to configure the IGMP Snooping Multicast VLAN settings on the Switch. To view this window, click L2 Features > IGMP Snooping > IGMP Snooping Multicast VLAN Settings: Figure 3 - 29.
Page 83: Ip Multicast Profile Settings
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Figure 3 - 30. IGMP Snooping Multicast VLAN Group List Settings window Enter a Multicast Address and click Add. The new information will be displayed in the table at the bottom of the window.
Page 84 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Figure 3 - 33. Multicast Address Group List Settings window Enter the Multicast Address List starting with the lowest in the range, and click Add. To return to the IP Multicast...
Page 85: Limited Multicast Range Settings
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Limited Multicast Range Settings This window enables the user to configure the ports on the Switch that will be involved in the Limited IP Multicast Range. The user can configure the range of ports and associate an IP Multicast Profile to allow or disallow IGMP join requests to multicast groups defined in the profile.
Page 86: Mld Snooping Settings
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Figure 3 - 35. Max Multicast Group Settings window The following fields can be set: Parameter Description Use the drop-down menus to choose a range of ports. From Port/To Port Enter the maximum number of the multicast groups.
Page 87 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual 2. Multicast Listener Report, Version 1 – Comparable to the Host Membership Report in IGMPv2, and labeled as 131 in the ICMP packet header, this message is sent by the listening port to the Switch stating that it is interested in receiving multicast data from a multicast address in response to the Multicast Listener Query message.
Page 88 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual The following parameters may be viewed or modified: Parameter Description This is the VLAN ID that, along with the VLAN Name, identifies the VLAN for which the user VLAN ID wishes to modify the MLD Snooping Settings.
Page 89: Port Mirror
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Port Mirror The Switch allows you to copy frames transmitted and received on a port and redirect the copies to another port. You can attach a monitoring device to the mirrored port, such as a sniffer or an RMON probe, to view details about the packets passing through the first port.
Page 90: Loopback Detection Settings
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Loopback Detection Settings The Loopback Detection function is used to detect the loop created by a specific port. This feature is used to temporarily shutdown a port on the Switch when a CTP (Configuration Testing Protocol) packet has been looped back to the Switch.
Page 91: Spanning Tree
This Switch supports three versions of the Spanning Tree Protocol: STP, Rapid STP, and MSTP. STP will be familiar to most networking professionals. However, since RSTP and MSTP have been recently introduced to D-Link managed Ethernet switches, a brief introduction to the technology is provided below followed by a description of how to set up STP, RSTP, and MSTP.
Page 92: Port Transition States
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Port Transition States An essential difference between the three protocols is in the way ports transition to a forwarding state and in the way this transition relates to the role of the port (forwarding or not forwarding) in the topology. MSTP and RSTP combine the transition states disabled, blocking and listening used in STP and creates a single state Discarding.
Page 93: Stp Bridge Global Settings
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual STP Bridge Global Settings To open the following window, click L2 features > Spanning Tree > STP Bridge Global Settings: Figure 3 - 41. STP Bridge Global Settings window The following parameters can be set:...
Page 94: Stp Port Settings
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual NOTE: The Hello Time cannot be longer than the Max. Age. Otherwise, a configuration error will occur. Observe the following formulas when setting the above parameters: Max. Age ≤ 2 x (Forward Delay - 1 second) Max.
Page 95 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual The following fields can be set: Parameter Description A consecutive group of ports may be configured starting with the selected port. From Port/To Port External Cost - This defines a metric that indicates the relative cost of forwarding packets External Cost (0=Auto) to the specified port list.
Page 96: Mst Configuration Identification
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual MST Configuration Identification The following windows in the MST Configuration Identification section allow the user to configure a MSTI instance on the Switch. These settings will uniquely identify a multiple spanning tree instance set on the Switch. The Switch initially possesses one CIST or Common Internal Spanning Tree of which the user may modify the parameters for but cannot change the MSTI ID for, and cannot be deleted.
Page 97: Stp Instance Settings
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual STP Instance Settings The following window displays MSTIs currently set on the Switch. To view the following table, click L2 Features > Spanning Tree > STP Instance Settings: Figure 3 - 44. STP Instance Settings window...
Page 98: Mstp Port Information
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual MSTP Port Information This window displays the current MSTP Port Information and can be used to update the port configuration for an MSTI ID. If a loop occurs, the MSTP function will use the port priority to select an interface to put into the forwarding state.
Page 99: Multicast Forwarding Settings
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual To add or edit an entry, define the following parameters and then click Add/Modify: Parameter Description The VLAN ID number of the VLAN on which the above Unicast MAC address resides.
Page 100: Multicast Filtering Mode
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Multicast Filtering Mode Users can configure the multicast filtering mode. To view this window, click L2 Features > Forwarding & Filtering > Multicast Filtering Mode: Figure 3 - 49. Multicast Filtering Mode window...
Page 101: Lldp Global Settings
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual LLDP Global Settings To view this window, click L2 Features > LLDP > LLDP Global Settings: Figure 3 - 50. LLDP Global Settings window The following parameters can be set:...
Page 102: Lldp Port Settings
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual LLDP Port Settings To view this window, click L2 Features > LLDP > LLDP Port Settings: Figure 3 - 51. LLDP Port Settings window The following parameters can be set:...
Page 103: Lldp Basic Tlvs Settings
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual LLDP Basic TLVs Settings This window is used to enable the settings for the Basic TLVs Settings. To view this window, click L2 Features > LLDP > LLDP Basic TLVs Settings: Figure 3 - 52.
Page 104: Lldp Dot1 Tlvs Settings
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual LLDP Dot1 TLVs Settings LLDP Dot1 TLVs are organizationally specific TLVs which are defined in IEEE 802.1 and used to configure an individual port or group of ports to exclude one or more of the IEEE 802.1 organizational port vlan ID TLV data types from outbound LLDP advertisements.
Page 105: Lldp Dot3 Tlvs Settings
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual LLDP Dot3 TLVs Settings This window is used to configure an individual port or group of ports to exclude one or more IEEE 802.3 organizational specific TLV data type from outbound LLDP advertisements.
Page 106: Qos
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Section 4 Bandwidth Control Traffic Control 802.1p Default Priority 802.1p User Priority QoS Scheduling Settings Priority Mapping TOS Mapping DSCP Map Settings The Switch supports 802.1p priority queuing Quality of Service. The following section discusses the implementation of QoS (Quality of Service) and benefits of using 802.1p priority queuing.
Page 107: Understanding Qos
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual The previous picture shows the default priority setting for the Switch. Class 3 has the highest priority of the four priority queues on the Switch. In order to implement QoS, the user is required to instruct the Switch to examine the header of a packet to see if it has the proper identifying tag tagged.
Page 108: Bandwidth Control
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Bandwidth Control The bandwidth control settings are used to place a ceiling on the transmitting and receiving data rates for any selected port. To view this window, click QoS > Bandwidth Control: Figure 4 - 2.
Page 109 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual The Switch will also scan and monitor packets coming into the Switch by monitoring the Switch’s chip counter. This method is only viable for Broadcast and Multicast storms because the chip only has counters for these two types of packets.
Page 110 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Select the method of traffic Control from the pull-down menu. The choices are: Action Drop – Utilizes the hardware Traffic Control mechanism, which means the Switch’s hardware will determine the Packet Storm based on the Threshold value stated and drop packets until the issue is resolved.
Page 111: 802.1P Default Priority
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual NOTE: Ports that are in Shutdown rest mode will be seen as link down in all windows and screens until the user recovers these ports. 802.1p Default Priority The Switch allows the assignment of a default 802.1p priority to each port on the Switch.
Page 112: Qos Scheduling Settings
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Figure 4 - 5. 802.1p User Priority window Once a priority has been assigned to the port groups on the Switch, assign this Class to each of the eight levels of 802.1p priorities.
Page 113: Priority Mapping
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Priority Mapping This window is used to set up Priority Mapping. To view this window, click QoS > Priority Mapping: Figure 4 - 7. Priority Mapping window The following parameter may be set:...
Page 114: Tos Mapping
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual TOS Mapping This window is used to set up Type of Service (TOS) Mapping. To view this window, click QoS > ToS Mapping: Figure 4 - 8. TOS Mapping window...
Page 115: Dscp Mapping
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual DSCP Mapping This window is used to set up DSCP Mapping. To view this window, click QoS > DSCP Mapping: Figure 4 - 9. DSCP Mapping window The following parameters may be set:...
Page 116: Security
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Section 5 Security Safeguard Engine Trusted Host IP-MAC-Port Binding Port Security DHCP Server Screening Settings 802.1X SSL Settings Access Authentication Control MAC-based Access Control DoS Prevention Settings Safeguard Engine Periodically, malicious hosts on the network will attack the Switch by utilizing packet flooding (ARP storm) or other methods.
Page 117 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual In Exhausted mode, two modes can be implemented to limit the bandwidth assigned to ARP packets, “Strict” and “Fuzzy”. In Strict mode, the Switch will drop all ARP packets. The Switch will reluctantly process any packets not destined for the Switch and broadcast packets, no matter what is causing the high utilization rate on the CPU, which may not be an ARP storm.
Page 118: Trusted Host
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Trusted Host Use the Security IP Management to permit remote stations to manage the Switch. If one or more designated management stations are defined by the user, only the chosen stations, as defined by IP address, will be allowed management privilege through the Web manager, Telnet session, or SNMP manager.
Page 119: Imp Binding Port Settings
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Use the pull-down menu to enable or disable the DHCP Snooping State for IP-MAC-port DHCP Snoop State binding. When this is Enabled, the Switch will filter ARP packets which have unauthorized sender ARP Inspection MACs, IP addresses, and ingress ports.
Page 120: Imp Binding Entry Settings
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual hardware until the S/W learns the entries for the ports. The port will check ARP packets and IP packets by IP-MAC-port binding entries. When the packet is found by the entry, the MAC address will be set to dynamic.
Page 121: Dhcp Snooping Entries
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual DHCP Snooping Entries This window is used to view dynamic entries on specific ports. To view particular port settings, enter the port number and click Find. To view all entries click View All, and to delete an entry, click Clear.
Page 122 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Figure 5 - 9. Port Security Port Settings window The following parameters can be set: Parameter Description A consecutive group of ports may be configured starting with the selected port.
Page 123: Port Security Fdb Entries
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Port Security FDB Entries This window is used to clear the Port Lock Entries by individual ports. To clear entries enter the range of ports and click Clear. To view the following window click, Security > Port Security > Port Security FDB Entries: Figure 5 - 10.
Page 124 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Authentication Server The Authentication Server is a remote device that is connected to the same network as the Client and Authenticator, must be running a RADIUS Server program and must be configured properly on the Authenticator (Switch). Clients connected to a port on the Switch must be authenticated by the Authentication Server (RADIUS) before attaining any services offered by the Switch on the LAN.
Page 125: Authentication Process
Figure 5 - 16. The 802.1X Authentication Process The D-Link implementation of 802.1X allows network administrators to choose between two types of Access Control used on the Switch, which are:...
Page 126: Understanding 802.1X Port-Based And Mac-Based Network Access Control
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual 1. Port-Based Access Control – This method requires only one user to be authenticated per port by a remote RADIUS server to allow the remaining users on the same port access to the network.
Page 127: Mac-Based Network Access Control
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual MAC-Based Network Access Control RADIUS Server Ethernet Switch … 802.1X 802.1X 802.1X 802.1X 802.1X 802.1X 802.1X 802.1X 802.1X 802.1X 802.1X 802.1X Client Client Client Client Client Client Client Client Client...
Page 128: 802.1X Settings
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual 802.1X Settings To configure the 802.1X Settings, click Security > 802.1X > 802.1X Settings: Figure 5 - 19. 802.1X Settings window This window allows you to set the following features:...
Page 129: 802.1X User
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual the period of an EAP Request/Identity packet transmitted to the client. The default setting is 30 (1-65535) seconds. A constant that defines a nonzero number of seconds between periodic reauthentication of the ReAuthPeriod client.
Page 130: Authentication Radius Server
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Authentication RADIUS Server The RADIUS feature of the Switch allows you to facilitate centralized user administration as well as providing protection against a sniffing, active hacker. To configure the 802.1X User, click Security > 802.1X > Authentication RADIUS Server: Figure 5 - 21.
Page 131: Guest Vlan Configuration
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Guest VLAN Configuration On 802.1X security enabled networks, there is a need for non 802.1X supported devices to gain limited access to the network, due to lack of the proper 802.1X software or...
Page 132: Guest Vlan
Click Apply to implement the 802.1X Guest VLAN. Once properly configured, the Guest VLAN Name and associated ports will be listed in the lower part of the window. NOTE: For more information and configuration examples for the 802.1X Guest VLAN function, please refer to the Guest VLAN Configuration Example located on the D-Link Website. Initialize Port(s) Existing 802.1X port and MAC-based settings are displayed and can be configured using the two windows below.
Page 133: Reauthenticate Port(S)
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual To initialize ports, choose the range of ports in the From Port and To Port fields. Next, the user must specify the MAC address to be initialized by entering it into the MAC Address field and ticking the corresponding check box. To begin the initialization, click Apply.
Page 134: Ssl Settings
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Figure 5 - 27. Reauthenticate Port(s) window for MAC-based 802.1X To reauthenticate ports, first use the From Port and To Port drop-down menus to choose the range of ports. Then the user must specify the MAC address to be reauthenticated by entering it into the MAC Address field and ticking the corresponding check box.
Page 135: Download Certificate
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual supports SSLv3 and TLSv1. Other versions of SSL may not be compatible with this Switch and may cause problems upon authentication and transfer of messages from client to host. Download Certificate This window is used to download a certificate file for the SSL function on the Switch from a TFTP server.
Page 136: Ssh
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual This ciphersuite combines the RSA key exchange, stream cipher RC4 encryption with 128- RSA with bit keys and the MD5 Hash Algorithm. Use the pull-down menu to enable or disable this RC4_128_MD5 ciphersuite.
Page 137: Ssh Settings
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual SSH Settings The following window is used to configure and view settings for the SSH server. To view this window, click Security > SSH > SSH Settings: Figure 5 - 29. SSH Settings window...
Page 138 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Figure 5 - 30. SSH Authmode and Algorithm Settings window The following algorithms may be set: Parameter Description SSH Authentication Mode Settings This parameter may be enabled if the administrator wishes to use a locally configured Password password for authentication on the Switch.
Page 139: Ssh User Authentication Lists
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Public Key Algorithm Tick the check box to enable the HMAC (Hash for Message Authentication Code) HMAC-RSA mechanism utilizing the RSA encryption algorithm. The default is enabled. Tick the check box to enable the HMAC (Hash for Message Authentication Code) HMAC-DSA mechanism utilizing the Digital Signature Algorithm encryption.
Page 140: Access Authentication Control
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual conjunction with the Host Based choice in the Auth. Mode field. Click Apply to implement changes made. NOTE: To set the SSH User Authentication parameters on the Switch, a User Account must be previously configured.
Page 141: Authentication Policy Settings
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual the device successfully through the RADIUS server or through the local method, 3 kinds of privilege levels can be assigned to the user and the user can not use the “enable admin” command to promote to the admin privilege level.
Page 142: Authentication Server Group
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Figure 5 - 34. Application's Authentication Settings window The following parameters can be set: Parameter Description Lists the configuration applications on the Switch. The user may configure the Login Method...
Page 143: Authentication Server
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual To modify a particular group, click on its corresponding Edit button or click the Edit Server Group tab at the top of this window, the following tab will be displayed: Figure 5 - 36.
Page 144: Login Method Lists
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Parameter Description The IP address of the remote server host the user wishes to add. IP Address Enter a number between 1 and 65535 to define the virtual port number of the authentication Port (1-65535) protocol on a server host.
Page 145: Enable Method Lists
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Figure 5 - 38. Login Method Lists window The Switch contains one Method List that is set and cannot be removed, yet can be modified. To delete a Login Method List defined by the user, click the corressponding Delete button. To modify a Login Method List, click on its corresponding Edit button.
Page 146: Local Enable Password Settings
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Figure 5 - 39. Enable Method Lists window To delete an Enable Method List defined by the user, click the the Delete button. To modify an Enable Method List, click on its corresponding Edit button.
Page 147: Mac-Based Access Control
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Parameter Description If a password was previously configured for this entry, enter it here in order to change it to Old Local Enable a new password Password (Max: 15 characters)
Page 148 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Figure 5 - 41. MAC-based Access Control Settings window The following parameters may be viewed or set: Parameter Description Settings Use the radio button to globally enable or disable the MAC-based Access Control MBA Global State function on the Switch.
Page 149: Mac-Based Access Control Local Settings
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Config Guest VLAN Enter a Guest VLAN name. Clicking the hyperlinked name will send the Web manager VLAN Name to the Guest VLAN configuration window. Enter a VLAN ID number between 1 and 4094.
Page 150: Dos Prevention Settings
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual DoS Prevention Settings The Switch supports Denial of Service (DoS) prevention to mitigate DoD attacks from hackers or other malicious sources. To view this window, click Security > DoS Prevention Settings: Figure 5 - 43.
Page 151: Acl
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Section 6 ACL Configuration Wizard Access Profile List CPU Access Profile List ACL Finder ACL Flow Meter Access profiles allow the user to establish criteria to determine whether or not the Switch will forward packets based on the information contained in each packet's header.
Page 152: Access Profile List
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Use the drop-down menu to select from VLAN Name, Ethernet Type, 802.1P, or Any. Service Type Select Permit to specify that the packets that match the access profile are forwarded by the Action Switch, according to any additional rule added (see below).
Page 153 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Figure 6 - 3. Add ACL Profile window for Ethernet example There are four sets of Access Profile configuration windows; one for Ethernet (or MAC address-based) profile configuration, one for IP (IPv4) address-based profile configuration, one for the Packet Content and one for IPv6.
Page 154 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Selecting this option instructs the Switch to examine the VLAN identifier of each packet header and use this as the full or partial criterion for forwarding. Selecting this option instructs the Switch to examine the 802.1p priority value of each packet 802.1p...
Page 155 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Figure 6 - 7. Add Access Rule window for Ethernet example To set the Access Rule for Ethernet, adjust the following parameters and click Apply. Parameter Description Type in a unique identifier number for this access. This value can be set from 1 to 65535.
Page 156 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual in the config mirror port command. Port Mirroring must be enabled and a target port must be set. Enter a priority value if you want to re-write the 802.1p default priority of a packet to the value...
Page 157 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Figure 6 - 10. Add ACL Profile window for IPv4 example Click on the boxes near the top of the window, which will then turn red and reveal parameters for configuration. To create a new entry, enter the appropriate information and click Create.
Page 158 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual within the packets, by checking the boxes corresponding to the flag bits of the TCP field. Source Port Mask (0-FFFF) − Tick and specify a TCP port mask for the source port to filter, in hex form (hex 0x0-0xffff).
Page 159 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Figure 6 - 12. Access Profile Detail Information window for IPv4 example To return to the Access Profile List window, click Show All Profiles. To add a rule to a previously configured entry,...
Page 160 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual ICMP Code - Specifies that the Switch will examine each frame’s ICMP Code field. Type ____ e.g. (0-255) - Specifies that the Switch will examine each frame’s IGMP Type IGMP field.
Page 161 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual To view the configurations for a previously configured rule, click on the corresponding Show Details button, which will display the following Access Rule Detail Information window: Figure 6 - 15. Access Rule Detail Information window for IPv4 example...
Page 162 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Ticking this check box will instruct the Switch to examine the flow label field of the IPv6 IPv6 Flow Label header. The flow label field is used by a source to label sequences of packets such as non- default quality of service or real time service packets.
Page 163 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Figure 6 - 19. Add Access Rule window for IPv6 example The following parameters may be configured for IPv6: Parameter Description Type in a unique identifier number for this access. This value can be set from 1 to 65535.
Page 164 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Switch. Enter a replace priority manually if you want to re-write the 802.1p default priority of a packet Replace Priority to the value entered in the Priority field, which meets the criteria specified previously in this command, before forwarding it on to the specified CoS queue.
Page 165 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Figure 6 - 22. Add ACL Profile window for Packet Content example Click on the boxes at the top of the table, which will then turn red and reveal parameters for configuration. To create a new entry enter the correct information and click Create.
Page 166 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual With this advanced unique Packet Content Mask (also known as Packet Content Access Control ® List - ACL), the D-Link xStack switch family can effectively mitigate some network attacks like the common ARP Spoofing attack that is wide spread today.
Page 167 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Figure 6 - 25. Add Access Rule window for Packet Content example The following parameters may be configured for the Packet Content filter: Parameter Description Type in a unique identifier number for this access. This value can be set from 1 to 65535.
Page 168 (MAC Address). However, ARP is vulnerable as it can be easily spoofed and utilized to attack a LAN. For a more detailed explanation on how ARP works and how to employ D-Link’s advanced unique Packet Content ACL to prevent ARP spoofing attack, please see...
Page 169: Cpu Interface Filtering
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual CPU Interface Filtering Due to a chipset limitation and needed extra switch security, the Switch incorporates CPU Interface filtering. This added feature increases the running security of the Switch by enabling the user to create a list of access rules for packets destined for the Switch’s CPU interface.
Page 170 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Figure 6 - 29. Add CPU ACL Profile window for Ethernet example Parameter Description Use the drop-down menu to select a unique identifier number for this profile set. This value can Select Profile ID be set from 1 to 3.
Page 171 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Figure 6 - 30. CPU Access Profile List window for Ethernet example To view the settings of a previously correctly created profile, click the corresponding Show Details button on the following CPU Access Profile List window above.
Page 172 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Figure 6 - 33. (CPU) Add Access Rule window for Ethernet example To set the Access Rule for Ethernet, adjust the following parameters and click Apply. Parameter Description Type in a unique identifier number for this access. This value can be set from 1 to 5.
Page 173 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Figure 6 - 35. CPU Access Rule Detail Information window for Ethernet example To create an IPv4 ACL, click Add CPU ACL Profile in the CPU Access Profile List window. This will open the Add CPU ACL Profile window.
Page 174 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Tick either Source IP Mask and enter the IPv4 source address mask or Destination IP Mask IPv4 Address and enter the IPV4 destination address mask. Tick ICMP to specify that the Switch will examine the Internet Control Message Protocol ICMP (ICMP) field within each packet.
Page 175 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Figure 6 - 37. CPU Access Profile List window for IPv4 example To view the configurations for a previously configured entry, click on the corresponding Show Details button, which will display the following window: Figure 6 - 38.
Page 176 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Figure 6 - 39. (CPU) Add Access Rule window for IPv4 example The following parameters may be configured for the IP (IPv4) filter: Parameter Description Type in a unique identifier number for this access. This value can be set from 1 to 5.
Page 177 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual To view the configurations for a previously configured rule, click on the corresponding Show Details button, which will display the following CPU Access Rule Detail Information window: Figure 6 - 41. CPU Access Rule Detail Information window for IPv4 example To create an IPv6 ACL, click Add CPU ACL Profile in the CPU Access Profile List window and then use the drop- down menu to select a Profile ID between 1 and 3 and click the IPv6 ACL radio button.
Page 178 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual default quality of service or real time service packets. IPv6 Source Address – Enter an IPv6 address to be used as the source address. IPv6 Address IPv6 Destination Address – Enter an IPv6 address that will be used as the destination address.
Page 179 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Figure 6 - 45. (CPU) Add Access Rule window for IPv6 example The following parameters may be configured for the IPv6: Parameter Description Type in a unique identifier number for this access. This value can be set from 1 to 5.
Page 180 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Figure 6 - 47. CPU Access Rule Detail Information window for IPv6 example To create a Packet Content ACL, click Add CPU ACL Profile in the CPU Access Profile List window and then use the drop-down menu to select a Profile ID between 1 and 3 and click the Packet Content ACL radio button.
Page 181 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual common ARP Spoofing attack that is wide spread today. This is why the Packet Content ACL is able to inspect any specified content of a packet in different protocol layers.
Page 182 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Figure 6 - 51. (CPU) Add Access Rule window for Packet Content example The following parameters may be configured for the Packet Content filter: Parameter Description Select Permit to specify that the packets that match the access profile are forwarded by the Action Switch, according to any additional rule added (see below).
Page 183: Acl Finder
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Figure 6 - 52. CPU Access Rule List window for Packet Content example To view the configurations for previously configured rule click on the corresponding Show Details Button which will display the following CPU Access Rule Detail Information window.
Page 184 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Parameter Description The pre-configured Profile ID for which to configure the Flow Metering parameters. Profile ID The pre-configured Access ID for which to configure the Flow Metering parameters. Access ID (1-65535) Enter the appropriate information and click Find.
Page 185: Monitoring
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Section 7 Monitoring Cable Diagnostic CPU Utilization Port Utilization Packet Size Memory Utilization Packets Errors Port Access Control Browse ARP Table Browse VLAN IGMP Snooping LLDP MBA Authentication State Browse Session Table...
Page 186: Port Utilization
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Figure 7 - 2. CPU Utilization window To view the CPU utilization by port, use the real-time graphic of the Switch at the top of the Web page by simply clicking on a port.
Page 187: Packet Size
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Figure 7 - 3. Port Utilization window To select a port to view these statistics for, select the port by using the Port pull-down menu. The user may also use the real-time graphic of the Switch at the top of the Web page by simply clicking on a port.
Page 188 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Figure 7 - 4. Packet Size window To view the Packet Size Table window, click the link View Table, which will show the following table: Figure 7 - 5. Packet Size Table window...
Page 189: Memory Utilization
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual The total number of packets (including bad packets) received that were between 65 and 65-127 127 octets in length inclusive (excluding framing bits but including FCS octets). The total number of packets (including bad packets) received that were between 128 and 128-255 255 octets in length inclusive (excluding framing bits but including FCS octets).
Page 190 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Figure 7 - 7. Received (Rx) window (for Bytes and Packets) To view the Received (Rx) Table window, click View Table. Figure 7 - 8. Received (Rx) Table window (for Bytes and Packets)
Page 191: Umb_Cast (Rx)
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Counts the number of packets received on the port. Packets Counts the total number of good packets that were received by a unicast address. Unicast Counts the total number of good packets that were received by a multicast address.
Page 192: Transmitted (Tx)
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Figure 7 - 10. UMB_cast (Rx) Table window (for Unicast, Multicast, and Broadcast Packets) The following fields may be set or viewed: Parameter Description Use the drop-down menu to choose the port that will display statistics.
Page 193 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Figure 7 - 11. Transmitted (Tx) window (for Bytes and Packets) To view the Transmitted (Tx) Table window, click the link View Table. Figure 7 - 12. Transmitted (Tx) Table window (for Bytes and Packets)
Page 194: Errors
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Counts the number of packets successfully sent on the port. Packets Counts the total number of good packets that were transmitted by a unicast address. Unicast Counts the total number of good packets that were transmitted by a multicast address.
Page 195 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Figure 7 - 14. Received (Rx) Table window (for errors) The following fields can be set: Parameter Description Use the drop-down menu to choose the port that will display statistics.
Page 196: Transmitted (Tx)
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Transmitted (TX) To select a port to view these statistics for, select the port by using the Port pull-down menu. The user may also use the real-time graphic of the Switch at the top of the Web page by simply clicking on a port.
Page 197: Port Access Control
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Select number of times the Switch will be polled between 20 and 200. The default value is Record Number 200. Counts the number of packets for which the first transmission attempt on a particular ExDefer interface was delayed because the medium was busy.
Page 198: Radius Authentication
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual RADIUS Authentication This table contains information concerning the activity of the RADIUS authentication client on the client side of the RADIUS authentication protocol. To view the RADIUS Authentication window, click Monitoring > Port Access Control > RADIUS Authentication: Figure 7 - 17.
Page 199: Radius Account Client
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual authentication server. The number of RADIUS Access-Accept packets (valid or invalid) received from this AccessAccepts server. The number of RADIUS Access-Reject packets (valid or invalid) received from this AccessRejects server.
Page 200 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Figure 7 - 18. RADIUS Account Client window The user may also select the desired time interval to update the statistics, between 1s and 60s, where “s” stands for seconds. The default value is one second. To clear the current statistics shown, click the Clear button in the top left hand corner.
Page 201: Authenticator State
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual responses. The number of RADIUS Accounting-Response packets, which contained invalid BadAuthenticators authenticators, received from this server. The number of RADIUS Accounting-Request packets sent to this server that have PendingRequests not yet timed out or received a response. This variable is incremented when an Accounting-Request is sent and decremented due to receipt of an Accounting- Response, a timeout or a retransmission.
Page 202: Authenticator Statistics
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual This window displays the Authenticator State for individual ports on a selected device. A polling interval between 1s and 60s seconds can be set using the drop-down menu at the top of the window and clicking OK.
Page 203: Authenticator Session Statistics
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual The following fields can be viewed: Parameter Description The identification number assigned to the Port by the System in which the Port resides. Port The number of valid EAPOL frames that have been received by this Authenticator.
Page 204 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Figure 7 - 21. Authenticator Session Statistics window The user may select the desired time interval to update the statistics, between 1s and 60s, where “s” stands for seconds. The default value is one second.
Page 205: Authenticator Diagnostics
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual 1) Supplicant Logoff 2) Port Failure 3) Supplicant Restart 4) Reauthentication Failure 5) AuthControlledPortControl set to ForceUnauthorized 6) Port re-initialization 7) Port Administratively Disabled 8) Not Terminated Yet The User-Name representing the identity of the Supplicant PAE.
Page 206 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Parameter Description The identification number assigned to the Port by the System in which the Port resides. Port Counts the number of times that the state machine transitions to the CONNECTING state Connect Enter from any other state.
Page 207: Browse Arp Table
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Counts the number of times that the state machine receives a Reject message from the Bac Auth Fail Authentication Server (i.e., aFail becomes TRUE, causing a transition from RESPONSE to FAIL).
Page 208: Igmp Snooping Group
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual To view this window, click Monitoring > IGMP Snooping > Browse IGMP Router Port: Figure 7 - 25. Browse Router Port window IGMP Snooping Group This window allows the Switch’s IGMP Snooping Group Table to be searched. IGMP snooping allows the Switch to read the Multicast Group IP address and source IP address from IGMP packets that pass through the Switch.
Page 209: Igmp Snooping Host
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Enter the appropriate information and click Find. The searched entries will be shown in the IGMP Snooping Group Table. Click View All to see all the entries. Click View All Data Driven to display all the data driven groups learned in the IGMP Snooping Group Table.
Page 210: Mld Snooping Group
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Figure 7 - 28. Browse MLD Router Port window MLD Snooping Group The following window allows the user to view MLD Snooping Groups present on the Switch. MLD Snooping is an IPv6 function comparable to IGMP Snooping for IPv4.
Page 211: Lldp Local Port Information
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Figure 7 - 30. LLDP Statistics System window LLDP Local Port Information To view this window, click Monitoring > LLDP > LLDP Local Port Information: Figure 7 - 31. LLDP Local Port Information window LLDP Remote Port Information To view this window, click Monitoring >...
Page 212: Mba Authentication State
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual MBA Authentication State This window allows the user to view the MAC-based Access Control authentication information. Specify the port list to view and click Find. To remove an entry, enter the appropriate information and click Clear By Port. Click View All Hosts to see all the entries.
Page 213: System Log
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Enter a MAC address for the forwarding table to be browsed by. MAC Address Allows the user to move to a sector of the database corresponding to a user defined port, VLAN, Find or MAC address.
Page 214: Save And Tools
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Section 8 Save and Tools Save Configuration Save Log Save All Configuration File Upload & Download Upload Log File Reset Ping Test Download Firmware Reboot System The three Save windows include: Save Configuration, Save Log, and Save All. Each version of the window will aid the user in saving configurations to the Switch’s memory.
Page 215: Save Log
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Save Log Open the Save drop-down menu at the top of the Web manager and click Save Log to open the following window: Figure 8 - 2. Save Log window...
Page 216: Upload Log File
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Upload Log File To upload a log file, enter a Server IP address, use the radio button to select IPv4 and then enter a File name, or use the radio button to select IPv6, enter a Server IP, Interface Name, and File name. Click Upload.
Page 217: Ping Test
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Ping Test Users can Ping either an IPv4 address or an IPv6 address. Ping is a small program that sends ICMP Echo packets to the IP address you specify. The destination node then responds to or “echoes” the packets sent from the Switch. This is very useful to verify connectivity between the Switch and other nodes on the network.
Page 218: Download Firmware
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Download Firmware The Switch supports dual image storage for firmware file backup and restoration. The firmware images are indexed by ID number 1 or 2. To change the boot firmware image, use the Image ID drop-down menu to select the desired firmware file to backup or restore.
Page 219: Mitigating Arp Spoofing Attacks Using Packet Content Acl
IP address is known. This protocol is vulnerable because it can spoof the IP and MAC information in the ARP packets to attack a LAN (known as ARP spoofing). This document is intended to introduce ARP protocol, ARP spoofing attacks, and the counter measure brought by D-Link's switches to counter the ARP spoofing attack. •...
Page 220 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual address FF-FF-FF-FF-FF-FF 00-20-5C-01-11-11 Table-2 (Ethernet frame format) When the switch receives the frame, it will check the “Source Address” in the Ethernet frame’s header. If the address is not in its Forwarding Table, the switch will learn PC A’s MAC and the associated port into its Forwarding Table.
Page 221 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual When PC B replies to the ARP request, its MAC address will be written into “Target H/W Address” in the ARP payload shown in Table-3. The ARP reply will be then encapsulated into the Ethernet frame again and sent back to the sender.
Page 222 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual How ARP spoofing attacks a network ARP spoofing, also known as ARP poisoning, is a method to attack an Ethernet network which may allow an attacker to sniff data frames on a LAN, modify the traffic, or stop the traffic altogether (known as a Denial of Service - DoS attack).
Page 223 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Gratuitous ARP Ethernet Destination Source Ethernet H/W type Protocol Protocol Operation Sender H/W Sender Target H/W Target address address type type address address address protocol address protocol length length address...
Page 224: Example Topology
• Prevent ARP spoofing via packet content ACL Concerning the common DoS attack today caused by the ARP spoofing, D-Link managed switch can effectively mitigate it via its unique Packet Content ACL. For that reason the basic ACL can only filter ARP packets based on packet type, VLAN ID, Source and Destination MAC information, there is a need for further inspections of ARP packets.
Page 225 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Offset Offset Offset Offset Offset Offset Offset Offset Offset Offset Offset Offset Offset Offset Offset Offset Offset Chunk Chunk0 Chunk1 Chunk2 Chunk3 Chunk4 Chunk5 Chunk6 Chunk7 Chunk8 Chunk9 Chunk10 Chunk11...
Page 226 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual...
Page 227: System Log Entries
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Appendix B System Log Entries The following table lists all possible entries and their corresponding meanings that will appear in the System Log of this Switch. Category Event Description Log Information...
Page 228 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual unsuccessful (Username: <username>) Log message successfully Log message successfully uploaded by console Informational uploaded (Username: <username>) Log message upload was Log message upload by console was unsuccessful! Warning unsuccessful (Username: <username>)
Page 229 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Topology changed Topology changed Informational New Root selected New Root selected Informational BPDU Loop Back on port BPDU Loop Back on Port <unitID:portNum> Warning Spanning Tree Protocol is Spanning Tree Protocol is enabled...
Page 230 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Successful login through Successful login through Telnet from <userIP> Informational Telnet authenticated by authenticated by AAA local method (Username: AAA local method <username>) Login failed through Telnet Login failed through Telnet from <userIP> authenticated...
Page 231 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Login failed through Login failed through Web(SSL) from <userIP> due to AAA Warning Web(SSL) due to AAA server timeout or improper configuration (Username: server timeout or improper <username>) configuration Successful login through Successful login through Telnet from <userIP>...
Page 232 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Successful Enable Admin Successful Enable Admin through Console authenticated Informational through Console by AAA none method (Username: <username>) authenticated by AAA none method Successful Enable Admin Successful Enable Admin through Web from <userIP>...
Page 233 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual improper configuration. <username>) Login failed through Web Login failed through Web from <userIP> due to AAA Warning from user due to AAA server timeout or improper configuration (Username: server timeout or improper <username>)
Page 234 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Broadcast storm cleared Port <portNum> Broadcast storm has cleared Informational Multicast storm occurrence Port <portNum> Multicast storm is occurring Warning Multicast storm cleared Port <portNum> Multicast storm has cleared Informational Port shut down due to a Port <portNum>...
Page 235 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual system recover learning WAC recovers from stop learning state. Warning MAC-AC login successful (MAC: <macaddr>, Port: Login OK <[unitID:]portNum>, VID: <vid>) Information MAC-AC login rejected (MAC: <macaddr>, Port: Login fail <[unitID:]portNum>, VID: <vid>)
Page 236 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Port recover from BPDU Informational under attacking state Port <[unitID:] portNum> recover from BPDU under automatically attacking state automatically DHCP Detect untrusted DHCP Detected untrusted DHCP server(IP: <ipaddr>, Port: Informational server IP address <[unitID:]portNum>)
Page 237 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual 1.3.6.1.4.1.171.12.23.5.0.2 swIpMacBindingRecoverLearningTrap swIpMacBindingPortIndex IPMacBind-MIB Warning 1.3.6.1.4.1.171.12.23.5.0.3 swMacBasedAuthLoggedSuccess swMacBasedAuthInfoMacInd 1.3.6.1.4.1.171.12.35.11.1.0.1 swMacBasedAuthInfoPortInd MBA-MIB Warning swMacBasedAuthVID SwMacBasedAuthLoggedFail swMacBasedAuthInfoMacInd 1.3.6.1.4.1.171.12.35.11.1.0.2 swMacBasedAuthInfoPortInd MBA-MIB Warning swMacBasedAuthVID SwMacBasedAuthAgesOut swMacBasedAuthInfoMacInd 1.3.6.1.4.1.171.12.35.11.1.0.3 swMacBasedAuthInfoPortInd MBA-MIB Warning swMacBasedAuthVID swPktStormOccurred PktStormCtrl- swPktStormCtrlPortIndex Warning 1.3.6.1.4.1.171.12.25.5.0.1...
Page 238: Glossary
® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual Appendix C Glossary 1000BASE-SX: A short laser wavelength on multimode fiber optic cable for a maximum length of 2000 meters 1000BASE-LX: A long wavelength for a "long haul" fiber optic cable for a maximum length of 10 kilometers 1000BASE-T: 1000Mbps Ethernet implementation over Category 5E cable.
Page 239 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual half duplex: A system that allows packets to be transmitted and received, but not at the same time. Contrast with full duplex. IP address: Internet Protocol address. A unique identifier for a device attached to a network using TCP/IP. The address is written as four octets separated with full-stops (periods), and is made up of a network section, an optional subnet section and a host section.
Page 240 ® xStack DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual UDP - User Datagram Protocol: An Internet standard protocol that allows an application program on one device to send a datagram to an application program on another device. VLAN - Virtual LAN: A group of location- and topology-independent devices that communicate as if they are on a common physical LAN.

This manual is also suitable for:

Xstack des-3200-28f Xstack des-3200-28 Xstack des-3200-18

D-Link xStack DES-3200-10 User Manual

Web-Based Switch Configuration

Configuration

L2 Features

Qos

Security

Acl

Monitoring

Save and Tools

Mitigating ARP Spoofing Attacks Using Packet Content ACL

System Log Entries

Glossary

Quick Links

User Manual

Related Manuals for D-Link xStack DES-3200-10

Summary of Contents for D-Link xStack DES-3200-10