Page 1: User Manual
® User Manual ® DES-3528/DES-3552 Series Product Model: xStack Layer 2 Managed Stackable Fast Ethernet Switch Release 2.0...
Page 2 © 2009 D-Link Corporation. All rights reserved. Reproduction in any manner whatsoever without the written permission of D-Link Corporation is strictly forbidden. Trademarks used in this text: D-Link and the D-LINK logo are trademarks of D-Link Corporation; Microsoft and Windows are registered trademarks of Microsoft Corporation.
Page 3: Table Of Contents
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Table of Contents Web-based Switch Configuration ....................11 Introduction ................................. 11 Login to Web Manager ................................11 Web-based User Interface ............................... 12 Web Pages ....................................13 Configuration ..........................14 Device Information ..............................
Page 4 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Time Settings ................................... 38 TimeZone Settings ................................... 39 MAC Notification Settings ............................40 MAC Notification Global Settings ............................. 40 MAC Notification Port Settings ..............................41 PoE ..................................... 42 PoE System Settings ................................
Page 5 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Voice VLAN Port Settings ................................ 80 Voice VLAN OUI Settings ................................ 81 Subnet-based VLAN ..............................82 Subnet-based VLAN Settings ..............................83 VLAN Precedence Settings..............................84 Q-in-Q ..................................85 Q-in-Q Settings ..................................
Page 6 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual STP Bridge Global Settings ..............................118 STP Port Settings .................................. 120 MST Configuration Identification ............................121 STP Instance Settings ................................122 MSTP Port Information ................................123 Forwarding & Filtering ............................... 124 Unicast Forwarding ................................
Page 7 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual DHCP Server Global Settings ..............................148 DHCP Server Excluded Address Settings ..........................149 DHCP Server Pool Settings ..............................149 DHCP Server Manual Binding ..............................151 Policy Route Settings ..............................152 QoS .............................
Page 8 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual RADIUS Attributes Assignment .............................. 191 Guest VLAN Configuration ..............................193 Guest VLAN ................................... 194 SSL Settings ................................194 Download Certificate ................................195 Ciphersuite ..................................... 195 SSH ................................... 197 SSH Settings ..................................
Page 9 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Monitoring ..........................259 Device Status ................................259 Cable Diagnostics ..............................260 CPU Utilization ................................261 Port Utilization ................................262 Packet Size ................................263 Packets ..................................265 Received (RX) ..................................265 UMB_cast (RX) ..................................
Page 10 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual WAC Authentication State ............................290 ARP & FDB Table ..............................291 MAC Address Table ..............................292 System Log ................................293 Save Services and Tools ......................294 Save Configuration ID 1 ............................294 Save Configuration ID 2 ............................
Page 11: Intended Readers
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Intended Readers The DES-3528/DES-3552 Series Manual contains information for setup and management of the Switch. This manual is intended for network managers familiar with network management concepts and terminology. Typographical Conventions Convention Description...
Page 12: Web-Based Switch Configuration
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Section 1 Web-based Switch Configuration Introduction Login to Web manager Web-Based User Interface Web Pages Introduction All software functions of the Switch can be managed, configured and monitored via the embedded web-based (HTML) interface.
Page 13: Web-Based User Interface
Function Area 1 Select the folder or window to be displayed. The folder icons can be opened to display the hyperlinked window buttons and subfolders contained within them. Click the D-Link logo to go to the D-Link website. Area 2 Presents a graphical near real-time image of the front panel of the Switch.
Page 14: Web Pages
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Area 3 Presents switch information based on your selection and the entry of configuration data. NOTICE: Any changes made to the Switch configuration during the current session must be saved in the Save Changes web menu (explained below) or use the command line interface (CLI) command save.
Page 15: Configuration
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Section 2 Configuration Device Information System Information Serial Port Settings IP Address Port Configuration Static ARP Settings User Accounts System Log Configuration System Severity Settings DHCP Relay DHCP Local Relay Settings DHCP Auto Configuration Settings MAC Address Aging Time...
Page 16: Device Information
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Device Information This window contains the main settings for all major functions on the Switch and appears automatically when you log on. To return to the Device I nformation window, click the DES-3528 W eb M anagement T ool folder. The Device Information window shows the Switch’s MAC Address (assigned by the factory and unchangeable), the Boot PROM Version, Firmware V ersion, Hardware Ve rsion and Serial N umber as well as other information about different settings on the Switch.
Page 17: Serial Port Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Click Apply to implement changes made. Serial Port Settings The following window contains information about the Serial Port Settings to view this window click Configuration > Serial Port Settings. Figure 2 - 3 Serial Port Settings window Parameter Description...
Page 18 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual you will need to enter the Management VLAN Name of the VLAN that contains the port connected to the management station that will access the Switch. The Switch will allow management access from stations with the same VID listed here.
Page 19 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual...
Page 20: Port Configuration
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Port Configuration This section contains information for configuring various attributes and properties for individual physical ports, including port speed and flow control. Port Settings Click Configuration > Port Configuration > Port Settings to display the following window: To configure switch ports: Choose the port or sequential range of ports using the From Port and To Port pull-down menus.
Page 21 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual a 1000BASE-T cable for connection between the Switch port and other device capable of a gigabit connection. The master setting (1000M/Full_M) will allow the port to advertise capabilities related to duplex, speed and physical layer type.
Page 22: Port Description
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Port Description The Switch supports a port description feature where the user may name various ports on the Switch. To assign names to various ports, click Configuration > Port Configuration > Port Description to view the following window: Use the From Port and To Port pull-down menus to choose a port or range of ports to describe, and then enter a description of the port(s).
Page 23: Static Arp Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Figure 2 - 7 Port Error Disabled window The following parameters are displayed: Parameter Description Port Displays the port that has been error disabled. Port State Describes the current running state of the port, whether Enabled or Disabled. Connection Status This field will read the uplink status of the individual ports, whether Enabled or Disabled.
Page 24: User Accounts
Edit button for that user. NOTICE: In case of lost passwords or password corruption, please refer to the D-Link website and the White Paper entitled “Password Recovery Procedure”, which will guide you through the steps necessary to resolve this issue.
Page 25: System Log Configuration
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual the Access Authentication Control feature, discussed later in this document. Once the user has logged in to the Switch in the Operator level, certain security screens and windows will not be made available to view, or to configure. Only Admin level users have access to these features.
Page 26: System Log Server
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual System Log Server The Switch can send Syslog messages to up to four designated servers using the System Log Server. To configure the system log settings click Configuration > System Log Configuration > System Log Server Figure 2 - 11 System Log Server window The following parameters can be set: Parameter...
Page 27: System Severity Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual System Severity Settings The Switch can be configured to allow alerts be logged or sent as a trap to an SNMP agent or both. The level at which the alert triggers either a log entry or a trap message can be set as well.
Page 28: Dhcp Relay
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual DHCP Relay The relay hops count limit allows the maximum number of hops (routers) that the DHCP messages can be relayed through to be set. If a packet’s hop count is equal to or more than the hop count limit, the packet is dropped. The range is between 1 and 16 hops, with a default value of 4.
Page 29 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual check and policy settings will have no effect. DHCP Relay Agent This field can be toggled between Enabled and Disabled using the pull-down menu. It is Information Option 82 used to enable or disable the Switches ability to check the validity of the packet’s option 82 Check field.
Page 30 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual NOTE: For the circuit ID sub-option of a standalone switch, the module field is always zero. Circuit ID sub-option format: VLAN Module Port 1 byte 1 byte 1 byte 1 byte 2 bytes...
Page 31: Dhcp Relay Interface Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual DHCP Relay Interface Settings This window allows the user to set up a server, by IP address, for relaying DHCP/ BOOTP information to the DHCP server. The user may enter a previously configured IP interface on the Switch that will be connected directly to the DHCP server using the following window.
Page 32: Dhcp Relay Option 60 Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual DHCP Relay Option 60 Settings This window is used to configure option 60 relay rules on the Switch. Different strings can be specified for the same relay server, and the same string can be specified with multiple relay servers. The system will relay the packet to all the matching servers.
Page 33: Dhcp Relay Option 61 Default Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual DHCP Relay Option 61 Default Settings This window is used to configure the DHCP Relay Option 61 Default Settings. These settings are used to determine the rule to process those packets that have no option 61 matching rules. To view this window, click Configuration >...
Page 34: Dhcp Local Relay Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual appropriate information into the box provided. Click Add to create a new entry. To remove an entry, enter the appropriate Client ID information and click Delete. To delete all entries click Delete All.
Page 35: Mac Address Aging Time
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual MAC Address Aging Time This table specifies the length of time a learned MAC Address will remain in the forwarding table without being accessed (that is, how long a learned MAC Address is allowed to remain idle). To change this, enter a value representing the MAC address age-out time in seconds.
Page 36: Clipaging Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Figure 2 - 25 Password Encryption window Clipaging Settings Clipaging Status can be Enabled or Disabled in this window, it is Enabled by default. Clipaging settings are used when issuing a command which causes the console screen to rapidly scroll through several pages.
Page 37: Dual Configuration Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual downloaded to the Switch. R – If the IP address has this letter attached, it denotes a firmware upgrade through the serial port RS232. T - If the IP address has this letter attached to it, it denotes a firmware upgrade through Telnet. S - If the IP address has this letter attached to it, it denotes a firmware upgrade through the Simple Network Management Protocol (SNMP).
Page 38: Pppoe Circuit Id Insertion Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Boot Click the Set Boot button under this heading to use this configuration file as the boot up firmware for the Switch. This will apply upon the next reboot of the Switch. Active Click the Active button to enable the configuration file settings.
Page 39: Sntp Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual SNTP Settings The Simple Network Time Protocol (SNTP) is a protocol for synchronizing computer clocks through the Internet. It provides comprehensive mechanisms to access national time and frequency dissemination services, organize the SNTP subnet of servers and clients, and adjust the system clock in each participant.
Page 40: Timezone Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual TimeZone Settings The following window is used to configure time zones and Daylight Savings time settings for SNTP. To configure the time Zone Settings for the Switch, click Configuration > SNTP Settings > TimeZone Settings Figure 2 - 32 Time Zone and DST Settings window The following parameters can be set: Parameter...
Page 41: Mac Notification Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual From: Day of the Enter the day of the week that DST will start on. Week From: Month Enter the month DST will start on. From: Time in Enter the time of day that DST will start on.
Page 42: Mac Notification Port Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual The following parameters may be viewed and modified: Parameter Description State Enable or disable MAC notification globally on the Switch. Interval The time in seconds between notifications. (1-2147483647 sec) History Size The maximum number of entries listed in the history log used for notification.
Page 43: Poe
UTP Ethernet cables. The DES-3528P follows the standard PSE (Power Sourcing Equipment) pinout Alternative A, whereby power is sent out over pins 1, 2, 3 and 6. The DES-3528P works with all D-Link 802.3af capable devices. The DES-3528P includes the following PoE features: •...
Page 44: Poe System Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual PoE System Settings To configure PoE for the Switch, click Configuration > PoE > PoE System Settings, which will reveal the following window for the user to configure: Figure 2 - 35 PoE System Settings window The following parameters can be configured: Parameter...
Page 45: Poe Port Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual PoE Port Settings To configure the PoE port settings on the Switch, click Configuration > PoE > PoE Port Settings, which will reveal the following window for the user to configure: Figure 2 - 36 PoE Port Settings window The following parameters can be configured: Parameter...
Page 46: Snmp Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual SNMP Settings Simple Network Management Protocol (SNMP) is an OSI Layer 7 (Application Layer) designed specifically for managing and monitoring network devices. SNMP enables network management stations to read and modify the settings of gateways, routers, switches, and other network devices.
Page 47: Snmp Global Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual SNMP settings are configured using the menus located on the SNMP V3 folder of the web manager. Workstations on the network that are given SNMP access privileged to the Switch can be restricted with the Security > Trusted Host window.
Page 48: Snmp Group Table
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual SNMP Group Table An SNMP Group created with this table maps SNMP users (identified in the SNMP User Table) to the views created in the previous menu. To view this window, click Configuration > SNMP Settings > SNMP Group Table: Figure 2 - 39 SNMP Group Table window To delete an existing SNMP Group Table entry, click the corresponding Delete button.
Page 49: Snmp User Table
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual SNMP User Table This window displays all of the SNMP User's currently configured on the Switch and also allows you to add new users. To view this window, click Configuration > SNMP Settings > SNMP User Table: Figure 2 - 40 SNMP User Table window To delete an existing SNMP User Table entry, click the corresponding Delete button.
Page 50: Snmp Community Table
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual To implement changes made, click Apply. SNMP Community Table Use this table to view existing SNMP Community Table configurations and to create a SNMP community string to define the relationship between the SNMP manager and an agent.
Page 51: Snmp Host Table
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual SNMP Host Table Use the SNMP H ost T able window to set up SNMP trap recipients. To configure SNMP Host Table entries, click Configuration > SNMP Settings > SNMP Host Table Figure 2 - 42 SNMP Host Table window The following parameters can set: Parameter...
Page 52: Snmp Trap Configuration
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual SNMP Trap Configuration The following window is used to enable and disable trap settings for the SNMP function on the Switch. To view this window for configuration, click Configuration > SNMP Settings > SNMP Trap Configuration Figure 2 - 44 SNMP Trap Configuration window To enable or disable the Traps State and/or the Authenticate Traps State, use the corresponding pull-down menu to change and click Apply.
Page 53: Sflow Analyzer Server Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual sFlow Analyzer Server Settings This window is used to configure the sFlow analyzer server settings. You can specify more than one analyzer server with the same IP address but with different UDP port numbers. You can have up to four unique combinations of IP address and UDP port numbers.
Page 54: Sflow Counter Poller Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Figure 2 - 47 sFlow Flow Sampler Settings window The following parameters can be configured: Parameter Description From Port / To Port Specifies the port or list of ports to be configured. Analyzer Server I D (1- The analyzer server id specifies the ID of a server analyzer where the packet will be forwarded.
Page 55: Stacking
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Stacking From firmware release v2.00 of this Switch, the DES-3528/DES-3552 Series now supports switch stacking, where a set of eight switches can be combined to be managed by one IP address through Telnet, the GUI interface (web), the console port or through SNMP.
Page 56: Stack Switch Swapping
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual which determines the second lowest MAC address and then will assign that switch as the Backup Master, if all priorities are the same. Slave – Slave switches constitute the rest of the switch stack and although not Primary or Backup Masters, they can be placed into these roles when these other two roles fail or are removed from the stack.
Page 57: Stacking Mode Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual NOTE: If there is a Box ID conflict when the stack is in the discovery phase, the device will enter a special standalone topology mode. Users can only get device information, configure Box IDs, save and reboot.
Page 58: Single Ip Management
DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Single IP Management Simply put, D-Link Single IP Management is a concept that will stack switches together over Ethernet instead of using stacking ports or modules. There are some advantages in implementing the "Single IP Management" feature: 1.
Page 59: Single Ip Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual The Upgrade to v1.6 To better improve SIM management, the DES-3528/DES-3552 Series has been upgraded to version 1.6 in this release. Many improvements have been made, including: 1.
Page 60: Topology
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Figure 2 - 54 Single IP Settings window (enabled) The following parameters can be set: Parameters Description SIM State Use the pull-down menu to either enable or disable the SIM state on the Switch. Disabled will render all SIM functions on the Switch inoperable.
Page 61 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Figure 2 - 55 Single IP Management window - Tree View The Tree View window holds the following information under the Data tab: Parameter Description Device Name This field will display the Device Name of the switches in the SIM group configured by the user.
Page 62 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Figure 2 - 56 Topology view This window will display how the devices within the Single IP Management Group are connected to other groups and devices. Possible icons in this screen are as follows: Icon Description Group...
Page 63: Tool Tips
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Tool Tips In the Topology view window, the mouse plays an important role in configuration and in viewing device information. Setting the mouse cursor over a specific device in the topology window (tool tip) will display the same information about a specific device as the Tree view does.
Page 64: Right-Click
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Right-Click Right-clicking on a device will allow the user to perform various functions, depending on the role of the Switch in the SIM group and the icon associated with it. Group Icon Figure 2 - 59 Right-Clicking a Group Icon Figure 2 - 60 Figure 6- 7.
Page 65: Commander Switch Icon
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Click Close to close the Property window. Commander Switch Icon Figure 2 - 61 Right-Clicking a Commander Icon The following options may appear for the user to configure: Collapse - To collapse the group that will be represented by a single icon.
Page 66: Menu Bar
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Collapse - To collapse the group that will be represented by a single icon. Expand - To expand the SIM group, in detail. Add to group - Add a candidate to a group. Clicking this option will reveal the following dialog for the user to enter a password for authentication from the Candidate Switch before being added to the SIM group.
Page 67: Firmware Upgrade
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Topology - Display the Topology view. Help About - Will display the SIM information, including the current SIM version. Figure 2 - 67 About window Firmware Upgrade This screen is used to upgrade firmware from the Commander Switch to the Member Switch.
Page 68 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual save this file. Click Upload to initiate the file transfer. To view this window click Configuration > Single IP Management > Upload Log File Figure 2 - 70 Upload Log File window...
Page 69: L2 Features
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Section 3 L2 Features Jumbo Frame 802.1Q VLAN Voice VLAN Subnet VLAN QinQ 802.1v Protocol VLAN RSPAN Settings GVRP Settings GVRP Timer Settings Asymmetric VLAN Settings MAC-based VLAN Settings PVID Auto Assign Settings VLAN Trunk Settings Port Trunking...
Page 70: Vlans
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Click Apply to implement changes made. VLANs Understanding IEEE 802.1p Priority Priority tagging is a function defined by the IEEE 802.1p standard designed to provide a means of managing traffic on a network where many different types of data may be transmitted simultaneously.
Page 71: Ieee 802.1Q Vlans
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual IEEE 802.1Q VLANs Some relevant terms: Tagging - The act of putting 802.1Q VLAN information into the header of a packet. Untagging - The act of stripping 802.1Q VLAN information out of the packet header. Ingress p ort - A port on a switch where packets are flowing into the Switch and VLAN decisions must be made.
Page 72: Port Vlan Id
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Figure 3 - 3 IEEE 802.1Q Tag The EtherType and VLAN ID are inserted after the MAC source address, but before the original EtherType/Length or Logical Link Control. Because the packet is now a bit longer than it was originally, the Cyclic Redundancy Check (CRC) must be recalculated.
Page 73: Tagging And Untagging
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Every physical port on a switch has a PVID. 802.1Q ports are also assigned a PVID, for use within the Switch. If no VLANs are defined on the Switch, all ports are then assigned to a default VLAN with a PVID equal to 1. Untagged packets are assigned the PVID of the port on which they were received.
Page 74: Vlan Segmentation
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual NOTE: If no VLANs are configured on the Switch, then all packets will be forwarded to any destination port. Packets with unknown source addresses will be flooded to all ports. Broadcast and multicast packets will also be flooded to all ports.
Page 75: Regulations For Double Vlans
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual now has over 4000 VLANs that can be placed, and this greatly expands the VLAN network and enables greater support of customers utilizing multiple VLANs on the network. Double VLANs are basically VLAN tags placed within existing IEEE 802.1Q VLANs which we will call SPVIDs (Service Provider VLAN IDs).
Page 76: 802.1Q Vlan
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual 2. All ports must be configured as Access Ports or Uplink ports. Access ports can only be Ethernet ports while Uplink ports must be Gigabit ports. 3. Provider Edge switches must allow frames of at least 1522 bytes or more, due to the addition of the SPVID tag.
Page 77 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Figure 3 - 7 802.1Q VLAN window – Add/Edit VLAN Tab window To return to the 802.1Q V LAN window, click the VLAN L ist Tab at the top of the window. To change an existing 802.1Q VLAN entry, click the corresponding Edit button.
Page 78 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Advertisement Enabling this function will allow the Switch to send out GVRP packets to outside sources, notifying that they may join the existing VLAN. Port Settings Allows an individual port to be specified as member of a VLAN. Tagged Specifies the port as 802.1Q tagged.
Page 79 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Figure 3 - 10 802.1Q VLAN window – VLAN Batch Settings window The following fields can be set in the VLAN Batch Settings window: Parameter Description VID List (e.g 2-5) Enter a VLAN ID List that can be added, deleted or configured.
Page 80: Voice Vlan
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Voice VLAN Voice VLAN is a VLAN used to carry voice traffic from IP phones. Because the sound quality of an IP phone call will be deteriorated if the data is unevenly sent, the quality of service (QoS) for voice traffic shall be configured to ensure the transmission priority of voice packet is higher than normal traffic.
Page 81: Voice Vlan Port Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Voice VLAN Name Click the radio button and enter a name for a voice VLAN. Voice VLAN ID Click the radio button and enter a VLAN ID for a voice VLAN. (1-4094) Priority Use the pull down menu to set the priority of the voice VLAN.
Page 82: Voice Vlan Oui Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Mode Select the mode between Auto and Manual. If the mode is Auto, the port may become the voice VLAN member port by auto-learning. If the MAC address of the the received packet matches the configured OUI (Organizationally Unique Identifier) addresses, the port will be learned as dynamic member port.
Page 83: Subnet-Based Vlan
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Subnet-based VLAN The Switches uses IP subnet-based VLAN claasification to group devices. Figure 3 - 15 Application of Subnet VLAN The above figure is an example of subnet-based VLAN. The IP address of customer A is 172.18.0.1 and IP address of customer B is 172.18.0.2.
Page 84: Subnet-Based Vlan Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Subnet-based VLAN Settings The subnet-based VLAN settings are used to create, find or delete a subnet-based VLAN entry. A subnet-based VLAN entry is an IP subnet-based VLAN classification rule. If an untagged or priority-tagged IP packet is received on a port, its source IP address will be used to match the subnet-based VLAN entries.
Page 85: Vlan Precedence Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual VLAN Precedence Settings The VLAN precedence settings are used to configure VLAN classification precedence on each port. You can specify the order of MAC-based VLAN classifications and subnet-based VLAN classifications. If a port’s VLAN classificataion is a MAC-based precedence, MAC-based VLAN classification will be processed first.
Page 86: Q-In-Q
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Q-in-Q Q-in-Q Settings This function allows the user to enable or disable the Q-in-Q function. Q-in-Q is designed for service providers to carry traffic from multiple users across a network. Q-in-Q is used to maintain customer specific VLAN and Layer 2 protocol configurations even when the same VLAN ID is being used by different customers.
Page 87: Vlan Translation Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual From Port / To Port A consecutive group of ports that are part of the VLAN configuration starting with the selected port. Role The user can choose between UNI or NNI role. UNI –...
Page 88: Q-In-Q And Vlan Translation Rules
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Q-in-Q and VLAN Translation Rules For ingress untagged packets at UNI ports: 1. The Switch does not reference the VLAN translation table. 2. Check the switch VLAN tables. The sequence is MAC-based VLAN -> subnet-based VLAN -> protocol-based VLAN ->...
Page 89: 802.1V Protocol Vlan Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual 802.1v Protocol VLAN Settings The table allows the user to configure Protocol VLAN settings. The lower half of the table displays any previously created settings. To view this window click L2 Features > 802.1v Protocol VLAN > 802.1v Protocol VLAN Settings Figure 3 - 21 Protocol VLAN Settings window The following fields can be set: Parameter...
Page 90: Rspan Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual RSPAN Settings This table controls the RSPAN function. The purpose of the RSPAN function is to mirror the packets to a remote switch. The packet travels from the switch where the monitored packet is received, through the intermediate switch, then to the switch where the sniffer is attached.
Page 91: Gvrp Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual GVRP Settings The GARP VLAN Registration Protocol (GVRP) is a mechanism that dynamically maintain VLAN information on the Switch, share the information to other GVRP-enabled switches and update switch information for other modules such as interface.
Page 92: Gvrp Timer Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Ingress Checking This field can be toggled using the space bar between Enabled and Disabled. Enabled enables the port to compare the VID tag of an incoming packet with the PVID number assigned to the port.
Page 93: Mac-Based Vlan Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Figure 3 - 26 Asymmetric VLAN Settings window Click Apply to implement changes. MAC-based VLAN Settings This table is used to create MAC-based VLAN entries on the switch. A MAC Address can be mapped to any existing static VLAN and multiple MAC addresses can be mapped to the same VLAN.
Page 94: Vlan Trunk Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual VLAN Trunk Settings This window allows the user to configure the VLAN trunk on the port of the Switch. When the VLAN trunk function is enabled, the VLAN trunk ports shall be able to forward all tagged frames with any VID. To view this window click L2 Features >...
Page 95: Port Trunking
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Port Trunking Understanding Port Trunk Groups Port trunk groups are used to combine a number of ports together to make a single high-bandwidth data pipeline. DES-3528/DES-3552 Series supports up to 8 port trunk groups with 2 to 8 ports in each group. A potential bit rate of 4400 Mbps can be achieved.
Page 96 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual ports, which can only belong to a single link aggregation group. All of the ports in the group must be members of the same VLAN, and their STP status, static multicast, traffic control; traffic segmentation and 802.1p default priority configurations must be identical.
Page 97: Lacp Port Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual LACP Port Settings The LACP P ort S ettings window is used to create port trunking groups on the Switch. Using the following window, the user may set which ports will be active and passive in processing and sending LACP control frames. To view the Trunking Settings window click L2 Features >...
Page 98: Traffic Segmentation
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Traffic Segmentation Traffic segmentation is used to limit traffic flow from a single port to a group of ports on either a single switch or a group of ports on another switch in a switch stack. This method of segmenting the flow of traffic is similar to using VLANs to limit traffic, but is more restrictive.
Page 99: Igmp Snooping
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual IGMP Snooping Internet Group Management Protocol (IGMP) snooping allows the Switch to recognize IGMP queries and reports sent between network stations or devices and an IGMP host. When enabled for IGMP snooping, the Switch can add or remove a port to a specific device based on IGMP messages passing through the Switch.
Page 100 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual The following fields can be set. Parameter Description VLAN ID This is the VLAN ID that, along with the VLAN Name, identifies the VLAN for which the user wishes to modify the IGMP Snooping Settings.
Page 101: Igmp Snooping Rate Limit Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Figure 3 - 35 IGMP Snooping Router IP Settings – Edit window IGMP Snooping Rate Limit Settings This table allows the user to configure the rate of IGMP snooping control packets that are allowed per port or VLAN. To view this window, click L2 Features >...
Page 102: Igmp Snooping Static Group Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual IGMP Snooping Static Group Settings This table is used to configure the current IGMP snooping static group information on the Switch. To view this window, click L2 Features > IGMP Snooping > IGMP Snooping Static Group Settings as shown below: Figure 3 - 37 IGMP Snooping Static Group Settings window Parameter Description...
Page 103: Igmp Snooping Multicast Vlan Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Figure 3 - 40 IGMP Multicast Group Profile Settings window – Group List Enter the Multicast Address List and click Add the new information will be displayed in the table. Click <<Back to return to the IGMP Multicast Group Profile Settings window and click Delete to remove an entry.
Page 104: Ipv4 Multicast Profile Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Untagged Source Select the untagged source port to add to the multicast VLAN. Port (e.g.:1-4,6) Remap Priority The remap priority is associated with the data traffic to be forwarded on the multicast VLAN. If None is selected, the packet’s original priority will be used.The default setting is none.
Page 105: Ipv4 Limited Multicast Range Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Figure 3 - 44 IPv4 Multicast Profile Settings – Edit window To configure the Group List Settings click the hyperlinked Group List. Figure 3 - 45 IPv4 Multicast Address Group List Settings – Group List window Enter the multicast Address List starting with the lowest in the range, and click Add.
Page 106: Multicast Filtering Mode
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Figure 3 - 47 IPv4 Max Multicast Group Settings window The following fields can be set: Parameter Description Ports / VLAN ID Use the drop-down menu to choose Ports or VLAN ID. Max Group (1-1024) Enter the maximum number of the multicast groups.
Page 107: Cpu Filter L3 Control Packet Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual To add a new Multicast Filter enter the information and click Apply. To view all the VLANs, click the View All button. CPU Filter L3 Control Packet Settings The CPU Filter L3 Control Packet Settings is used to discard the Layer 3 control packets sent to CPU from specific ports.
Page 108: Mld Snooping Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual From Port / To Port Check the corresponding boxes for the port(s) to filter control packets. State Use the drop-down menu to enable or disable the filtering function. IGMP Query Tick the check box to set IGMP query packets as the control packets.
Page 109 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Figure 3 - 51 MLD Snooping Settings window The following parameters may be viewed or modified: Parameter Description MLD Snooping Click the redio button to enable or disable the MLD snooping function for the chosen VLAN. State Max Learned Entry Enter a number for the maximum value of MLD Snooping data driven learning.
Page 110 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Query Interval The Query Interval field is used to set the time (in seconds) between transmitting MLD queries. (1-65535) Entries between 1 and 65535 seconds are allowed. Default = 125. Max Response This determines the maximum amount of time in seconds allowed before sending an MLD Time (1-25)
Page 111: Mld Snooping Rate Limit Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual MLD Snooping Rate Limit Settings This window is used to configure the rate of MLD control packets that are allowed per port or per VLAN. To view this window, click L2 Features > MLD Snooping > MLD Snooping Rate Limit Settings, as shown below: Figure 3 - 54 MLD Snooping Rate Limit Settings window The following parameters may be viewed or modified: Parameter...
Page 112: Mld Snooping Static Group Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual MLD Snooping Static Group Settings This window is used to configure the MLD Snooping static group information on the Swtich: To view this window, click L2 Features > MLD Snooping > MLD Snooping Static Group Settings, as shown below: Figure 3 - 55 MLD Snooping Static Group Settings window The following parameters may be viewed or modified: Parameter...
Page 113: Mld Snooping Multicast Vlan Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual MLD Snooping Multicast VLAN Settings This window is used to configure the MLD Snooping Multicast VLAN settings on the Switch. To view this window, click L2 F eatures > M LD S nooping > MLD S nooping Multicast V LAN S ettings as shown below: Figure 3 - 58 MLD Snooping Multicast VLAN Settings window The following fields can be set:...
Page 114: Port Mirror
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Port Mirror The Switch allows you to copy frames transmitted and received on a port and redirect the copies to another port. You can attach a monitoring device to the mirrored port, such as a sniffer or an RMON probe, to view details about the packets passing through the first port.
Page 115: Loopback Detection Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Loopback Detection Settings The Loopback Detection function is used to detect the loop created by a specific port. This feature is used to temporarily shutdown a port on the Switch when a CTP (Configuration Testing Protocol) packet has been looped back to the switch.
Page 116: Bpdu Attack Protection Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual BPDU Attack Protection Settings The Bridge Protocol Data Unit (BPDU) Protection Settings is to protect a port from receiving STP packets. Certain ports on the Switch do not need to receive STP packets. With BPDU attack protection enabled for these ports, it could prevent misconfigured or malicious end devices from disturbing the STP networks, and the method for dealing with those packets can be choosen in the Mode drop-down menu.
Page 117: Spanning Tree
802.1D STP will be familiar to most networking professionals. However, since 802.1w RSTP has been recently introduced to D-Link managed Ethernet switches, a brief introduction to the technology is provided below followed by a description of how to set up 802.1D STP and 802.1w RSTP.
Page 118: Edge Port
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Edge Port The edge port is a configurable designation used for a port that is directly connected to a segment where a loop cannot be created. An example would be a port connected directly to a single workstation. Ports that are designated as edge ports transition to a forwarding state immediately without going through the listening and learning states.
Page 119: Stp Bridge Global Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual STP Bridge Global Settings To open the following window, click L2 features > Spanning Tree > STP Bridge Global Settings Figure 3 - 62 STP Bridge Global Settings window The following parameters can be set: Parameter Description...
Page 120 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Max Hops (6-40) Used to set the number of hops between devices in a spanning tree region before the BPDU (bridge protocol data unit) packet sent by the Switch will be discarded. Each switch on the hop count will reduce the hop count by one until the value reaches zero.
Page 121: Stp Port Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual STP Port Settings STP can be set up on a port per port basis. To view the following window click L2 Features > Spanning Tree > STP Port Settings Figure 3 - 63 STP Port Settings window In addition to setting Spanning Tree parameters for use on the switch level, the Switch allows for the configuration of groups of ports, each port-group of which will have its own spanning tree, and will require some of its own...
Page 122: Mst Configuration Identification
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Migrate Setting this parameter as Yes will set the ports to send out BPDU packets to other bridges, requesting information on their STP setting If the Switch is configured for RSTP, the port will be capable to migrate from 802.1D STP to 802.1w RSTP.
Page 123: Stp Instance Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual The window above contains the following information: Parameter Description Configuration Name A previously configured name set on the Switch to uniquely identify the MSTI (Multiple Spanning Tree Instance). If a configuration name is not set, this field will show the MAC address to the device running MSTP.
Page 124: Mstp Port Information
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Figure 3 - 66 STP Instance Settings - View window MSTP Port Information This window displays the current MSTP Port Information and can be used to update the port configuration for an MSTI ID.
Page 125: Forwarding & Filtering
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Forwarding & Filtering This folder contains windows for Unicast Forwarding and Multicast Forwarding. Unicast Forwarding To view this window, Click L2 Features > Forwarding & Filtering > Unicast Forwarding: Figure 3 - 68 Unicast Forwarding window To add or edit an entry, define the following parameters and then click Add/Modify: Parameter...
Page 126: Lldp
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Port Settings Allows the selection of ports that will be members of the static multicast group and ports either that are forbidden from joining dynamically, or that can join the multicast group dynamically, using GMRP.
Page 127: Lldp Port Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Delay (1-10) reinitializing after receiving an LLDP disable command. To change the LLDP Reinit Delay, enter a value in seconds (1 to 10). LLDP TX Delay LLDP TX Delay allows the user to change the minimum time delay interval for any LLDP port (1-8192) which will delay advertising any successive LLDP advertisements due to change in the LLDP MIB content.
Page 128: Lldp Management Address List
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual TX And RX: the local LLDP agent can both transmit and receive LLDP frames. Disabled: the local LLDP agent can neither transmit nor receive LLDP frames. The defaut value is TX And RX. IPv4 Address The address must be the management IP-address.
Page 129: Lldp Basic Tlvs Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual LLDP Basic TLVs Settings TLV stands for Type-length-value, which allows the specific sending information as a TLV element within LLDP packets. This window is used to enable the settings for the Basic TLVs Settings. An active LLDP port on the Switch always included mandatory data in its outbound advertisements.
Page 130: Lldp Dot1 Tlvs Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual LLDP Dot1 TLVs Settings LLDP Dot1 TLVs are organizationally specific TLVs which are defined in IEEE 802.1 and used to configure an individual port or group of ports to exclude one or more of the IEEE 802.1 organizational port vlan ID TLV data types from outbound LLDP advertisements.
Page 131: Lldp Dot3 Tlvs Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual LLDP Dot3 TLVs Settings This window is used to configure an individual port or group of ports to exclude one or more IEEE 802.3 organizational specific TLV data type from outbound LLDP advertisements. To view this window, click L2 Features >...
Page 132: Lldp Statistics System
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual LLDP Statistics System LLDP Statistics System allows you an overview of neighbor detection activity, LLDP Stastics and the settings for individual ports on the Switch. Use the drop-down menu to check a specific port and click Find the information will be displayed in the lower half of the table.
Page 133: Lldp Remote Port Information
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Figure 3 - 78 LLDP Local Port Information (Show Normal) window Use the drop-down menu to select a port and click Find the information will be displayed on the lower half of the window.
Page 134: Cfm
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Connectivity Fault Management (CFM) is defined by IEEE 802.1ag, which is a standard for detecting, isolating and reporting connectivity faults in a network. CFM is an end-to-end per-service-instance Ethernet layer operation, administration, and management (OAM) function.
Page 135: Cfm Mps Reply Ltrs
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Figure 3 - 83 CFM CCM PDUs Forwarding Mode window Use the drop-down menu to forward by Software or Hardware and click Apply. CFM MPs Reply LTRs This window is used to enable the CFM maintenance point reply Linktrace Response on the Switch.
Page 136: Connectivity Fault Management Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Connectivity Fault Management Settings This window is used to configure the CFM settings on the Switch. To view this window, click L2 Features > CFM > Connectivity Fault Management Settings as shown below: Figure 3 - 86 Connectivity Fault Management Settings window The following parameters can be set or are displayed: Parameter...
Page 137: Cfm Loopback Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual CFM Loopback Settings This window is used to configure the CFM Loopback settings on the Switch. To view this window, click L2 Features > CFM > CFM Loopback Settings as shown below: Figure 3 - 87 CFM Loopback Settings window The following parameters can be configured: Parameter...
Page 138: Cfm Linktrace Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual CFM Linktrace Settings This window is used to configure the CFM linktrace settings on the Switch. To view this window, click L2 Features > CFM > CFM Linktrace Settings as shown below: Figure 3 - 88 CFM Linktrace Settings window The following parameters can be configured: Parameter...
Page 139: Cfm Packet Counter List
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual CFM Packet Counter List This window is used to show the CFM Packet Counter List on the Switch. To view this window, click L2 Features > CFM > CFM Packet Counter List as shown below: Figure 3 - 89 CFM Packet Counter List window The following parameters can be configured: Parameter...
Page 140: Browse Cfm Fault Mep
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Browse CFM Fault Mep This window is used to display the CFM Fault Mep on the Switch. To view this window, click L2 Features > CFM > Browse CFM Fault Mep as shown below: Figure 3 - 91 Broose CFM Fault Mep window The following parameters can be configured: Parameter...
Page 141: Ethernet Oam Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual The major features of Ethernet OAM are: OAM discovery, link monitoring, remote fault indication and remote loopbacks. Ethernet OAM Settings This window is used to configure the ports Ethernet OAM mode. In Active mode the ports can initiate OAM discovery and start or stop remote loopback.
Page 142: Ethernet Oam Configuration Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Ethernet OAM Configuration Settings This window is used to configure and display the primary controls and status information for Ethernet OAM on the Switch. To view this window, click L2 Features > Ethernet OAM > Ethernet OAM Configuration Settings as shown below: Figure 3 - 94 Ethernet OAM Configuration Settings window The following parameters can be configured: Parameter...
Page 143: L3 Features
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Section 4 L3 Features IPv4 Interface Settings IPv4 Default Route Settings Gratuitous ARP ARP Spoofing Prevention Settings DNS Relay DHCP Server Policy Route Settings The following section will aid the user in configuring Layer 3 functions for the Switch. The Switch includes various functions all discussed in detail in the following section.
Page 144: Ipv4 Default Route Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Figure 4 - 3 IPv4 Interface Settings window - Edit The following parameters can be configured: Parameter Description Get IP From Select Static, BOOTP, or DHCP protocols to assign IPv4 address, subnet mask, and default gateway address: This appears in Edit window.
Page 145: Gratuitous Arp
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Parameter Description IP Address The IPv4 address of the Default Route. Subnet Mask The corresponding Subnet Mask of the IP address entered into the table. Gateway The corresponding Gateway of the IP address entered into the table. Metric (1-655635) Represents the metric value of the IP interface entered into the table.
Page 146: Gratuitous Arp Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Gratuitous ARP Settings This window allows you to have more detailed settings for the Gratuitous ARP. To view this window, click L3 Features > Gratuitous ARP > Gratuitous ARP Settings as shown below: Figure 4 - 6 Gratuitous ARP Settings window The following fields can be set or viewed: Parameter...
Page 147: Dns Relay
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Parameter Description Gateway IP Address Enter the IP address of the gateway. Gateway MAC Enter the MAC address of the gateway. Address Ports Specify the switch ports for which to configure this ARP Spoofing Prevention settings. Click the All Ports check box to configure this entry for all ports on the Switch.
Page 148: Dns Relay Static Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Figure 4 - 8 DNS Relay Global Settings window The following fields can be configured: Parameter Description DNSR Status This field can be toggled between Disabled and Enabled using the pull-down menu, and is used to enable or disable the DNS Relay service on the Switch.
Page 149: Dhcp Server Global Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual receives this request, it returns a response to the client, containing the previously mentioned IP information that the DHCP client then utilizes and sets on its local configurations. The user can configure many DHCP related parameters that it will utilize on its locally attached network, to control and limit the IP settings of clients desiring an automatic IP configuration, such as the lease time of the allotted IP address, the range of IP addresses that will be allowed in its DHCP pool, the ability to exclude various IP addresses within the...
Page 150: Dhcp Server Excluded Address Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual DHCP Server Excluded Address Settings The following window will allow the user to set an IP address, or a range of IP addresses that are NOT to be included in the range of IP addresses that the Switch will allot to clients requesting DHCP service.
Page 151 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Parameter Description Pool Name Denotes the name of the DHCP pool for which you are currently adjusting the parameters. IP Address Enter the IP address to be assigned to requesting DHCP Clients. The IP address is a network address working with its netmask.
Page 152: Dhcp Server Manual Binding
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual DHCP Server Manual Binding The following windows will allow users to view and set manual DHCP entries. Manual DHCP entries will bind an IP address with the MAC address of a device within a DHCP pool. These entries are necessary for special devices on the local network that will always require a static IP address that cannot be changed.
Page 153: Policy Route Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Policy Route Settings Policy Based routing is a method used by the Switch to give specified devices a cleaner path to the destination network. Used in conjunction with the Access Profile feature, the Switch will identify traffic originating from a device using the Access Profile feature and forward it on to a next hop router that has...
Page 154 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual To add a new Policy Route, enter a name in Policy Route Name field and click the Create button. Click the corresponding Edit button of the entry to see the following window. Figure 4 - 17 Policy Route Settings window - Edit Adjust the following parameters and click Apply to set the new Policy Route, which will be displayed in the Policy Routing Settings window.
Page 155: Qos
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Section 5 HOL Blocking Pevention Bandwidth Control Traffic Control 802.1p Default Priority 802.1p User Priority QoS Scheduling Mechanism QoS Scheduling CoS Bandwidth Control Settings SRED The DES-3528/DES-3552 Series supports 802.1p priority queuing Quality of Service. The following section discusses the implementation of QoS (Quality of Service) and benefits of using 802.1p priority queuing.
Page 156: Understanding Qos
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Figure 5 - 1 Mapping QoS on the Switch The picture above shows the default priority setting for the Switch. Class-7 has the highest priority of the eight priority queues on the Switch.
Page 157: Hol Blocking Pevention
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Priority 5 is assigned to the Switch's Q5 queue. Priority 6 is assigned to the Switch's Q6 queue. Priority 7 is assigned to the Switch's Q6 queue. NOTE: In the DES-3528/DES-3552 Series, the Q7 is reserved for future use.
Page 158: Bandwidth Control
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Bandwidth Control The bandwidth control settings are used to place a ceiling on the transmitting and receiving data rates for any selected port. The transmitting rate (TX rate) and receiving rate (RX rate) can be configured separately. To view this table click QoS >...
Page 159 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual until the storm has subsided. This method can be utilized by selecting the Drop option of the Action field in the window below. The Switch will also scan and monitor packets coming into the Switch by monitoring the Switch’s chip counter. This method is only viable for Broadcast and Multicast storms because the chip only has counters for these two types of packets.
Page 160 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Action Select the method of traffic Control from the pull-down menu. The choices are: Drop – Utilizes the hardware Traffic Control mechanism, which means the Switch’s hardware will determine the Packet Storm based on the Threshold value stated and drop packets until the issue is resolved.
Page 161: 802.1P Default Priority
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual NOTE: Ports that are in Shutdown Forever mode will be seen as link down in all windows and screens until the user recovers these ports. 802.1p Default Priority The Switch allows the assignment of a default 802.1p priority to each port on the Switch.
Page 162: 802.1P User Priority
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual 802.1p User Priority The Switch allows the assignment of a user priority to each of the 802.1p priorities. To view this window click QoS > 802.1p User Priority. Figure 5 - 6 802.1p User Priority window Once you have assigned a priority to the port groups on the Switch, you can then assign this Class to each of the 8 levels of 802.1p priorities.
Page 163: Qos Scheduling Mechanism
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual QoS Scheduling Mechanism Changing the output scheduling used for the hardware queues in the Switch can customize QoS. As with any changes to QoS implementation, careful consideration should be given to how network traffic in lower priority queues are affected.
Page 164: Qos Scheduling
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual QoS Scheduling This window allows the user to configure the way the Switch will map an incoming packet per port based on its 802.1p user priority, to one of the eight available hardware priority queues available on the Switch. To view this window, click QoS >...
Page 165: Cos Bandwidth Control Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual CoS Bandwidth Control Settings This window allows to set the bandwidth control for specific CoS on specific port. To view this window, click QoS > CoS Bandwidth Control Settings as shown below: Figure 5 - 9 CoS Bandwidth Control Settings window The following parameters can be configured: Parameter...
Page 166: Sred
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual SRED Simple random early detection (sRED) is a simplified RED mechanism based on ASIC capability. Random Early Detection (RED) is a congestion avoidance mechanism at the gateway in packet switched networks. RED gateways keep the average queue size low while allowing occasional bursts of packets in the queue.
Page 167: Sred Drop Counter
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual and probabilistic drop yellow colored packets if the queue depth is above the upper threshold. Green packets will not be dropped even it reach the threshold. Threshold Low Threshold Low refers to the drop red packets it might also include yellow packets.
Page 168: Dscp Trust Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual DSCP Trust Settings This window is used to enable DSCP Trust Settings. To view this window click QoS > SRED > DSCP Trust Settings Figure 5 - 12 DSCP Trust Settings window...
Page 169: Dscp Map Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual DSCP Map Settings The DSCP-to- priority mapping is used to determine the priority of the packet (which will then be used to determine the scheduling queue) when the port is in DSCP trust state. The DSCP-to-DSCP mapping is used to change the DSCP in the packet when the packet is ingressed to the port.
Page 170 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Figure 5 - 15 DSCP Map Settings window – DSCP to Color The following parameters may be set: Parameter Description From port / To port A consecutive group of ports may be configured starting with the selected port. DSCP Map Use the drop-down menu to choose a DSCP Map, the user can choose among DSCP Priority, DSCP DSCP and DSCP Color.
Page 171: 802.1P Map Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual 802.1p Map Settings This window is used to enable 802.1p Map Settings. To view this window click QoS > SRED > 802.1p Map Settings Figure 5 - 16 DSCP Map Settings window The following parameters may be set: Parameter Description...
Page 172: Security
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Section 6 Security Safeguard Engine Trusted Host IP-MAC-Port Binding Port Security DHCP Server Screening Settings 802.1X Guest VLAN Configuration SSL Settings Access Authentication Control MAC-based Access Control Web Authentication JWAC NetBIOS Filtering Settings...
Page 173 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual If the second checking third checking If the fourth interval reveals If the Switch detects interval reveals there are interval reveals there are the packet flooding has too many packets, it still too many ingress still too many ingress...
Page 174: Trusted Host
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual To configure the Switch’s Safeguard Engine, change the State to Enabled when the Safeguard Engine is enabled a green light will show on the gray bar at the top of this window, next to Safeguard. To set the Safeguard Engine for the Switch, complete the following fields: Parameter Description...
Page 175: Imp Binding Global Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual IMP Binding Global Settings This window is used to enable or disable the Trap Log State and DHCP Snoop state on the switch. The Trap/Log field will enable and disable the sending of trap log messages for IP-MAC binding. When enabled, the Switch will send a trap message to the SNMP agent and the Switch log when an ARP packet is received that doesn’t match the IP-MAC binding configuration set on the Switch.
Page 176: Imp Binding Port Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual IMP Binding Port Settings Select a port or a range of ports with the From Port and To Port fields. Enable or disable the port with the State, Allow Zero IP and Forward DHCP packet field, and configure the port’s Max entry.
Page 177: Imp Binding Entry Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual DHCP Packet By default, the DHCP packet with broadcast DA will be flooded. When set to disable, the broadcast DHCP packet received by the specified port will not be forwarded. Mode The user may set the mode for this IP-MAC binding settings by choosing one of the following: ARP −...
Page 178: Dhcp Snooping Entries
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual DHCP Snooping Entries This table is used to view dynamic entries on specific ports. To view particular port settings, enter the port number and click Find. To view all entries click View All, and to delete an entry, click Clear. To view this window click, Security >...
Page 179 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Figure 6 - 9 Port Security Settings window The following parameters can be set: Parameter Description From Port/To Port A consecutive group of ports may be configured starting with the selected port. Admin State This pull-down menu allows you to enable or disable Port Security (locked MAC address table for the selected ports).
Page 180: Port Security Fdb Entries
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Port Security FDB Entries This table is used to clear the Port Lock Entries by individual ports, to clear entries enter the range of ports and click Clear.
Page 181: Dhcp Screening Port Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual DHCP Screening Port Settings The following window will allow users to enable ports on the switch to be used in DHCP Server Screening. To view this window, click Security > DHCP Server Screening > DHCP Screening Port Settings: Figure 6 - 11 DHCP Screening Port Settings window The user may set the following parameters: Parameter...
Page 182: Dhcp Offer Filtering
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual DHCP Offer Filtering The following window will allow users to configure the DHCP Server Settings on the switch. To view this window, click Security > DHCP Server Screening > DHCP Offer Filtering: Figure 6 - 12 DHCP Offer Filtering window The user may set the following parameters: Parameter...
Page 183 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Figure 6 - 14 The three roles of 802.1X The following section will explain the three roles of Client, Authenticator and Authentication Server in greater detail. Authentication Server The Authentication Server is a remote device that is connected to the same network as the Client and Authenticator, must be running a RADIUS Server program and must be configured properly on the Authenticator (Switch).
Page 184: Authentication Process
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Figure 6 - 16 The Authenticator NOTE: When configuring the Authentication Protocol as local, the Switch has two roles: Authenticator and Authentication Server. Client The Client is simply the endstation that wishes to gain access to the LAN or switch services. All endstations must be running software that is compliant with the 802.1X protocol.
Page 185 DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Figure 6 - 18 The 802.1X Authentication Process The D-Link implementation of 802.1X allows network administrators to choose between two types of Access Control used on the Switch, which are: Port-Based Access Control –...
Page 186 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Port-Based Network Access Control Figure 6 - 19 Example of Typical Port-Based Configuration Once the connected device has been successfully authenticated, the Port then becomes Authorized, and all subsequent traffic on the Port is not subject to access control restriction until an event occurs that causes the Port to become Unauthorized.
Page 187: 802.1X Force Disconnect
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Host-Based Network Access Control Figure 6 - 20 Example of Typical Host-Based Configuration In order to successfully make use of 802.1X in a shared media LAN segment, it would be necessary to create “logical” Ports, one for each attached device that requires access to the LAN.
Page 188 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual To view this window, click Security > 802.1X > 802.1X Global Settings as shown below: Figure 6 - 22 802.1X Global Settings window This window allows you to set the following features: Parameter Description The Auth Mode allows the user to choose among, Disabled, Port Based or MAC Based...
Page 189: 802.1X Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual 802.1X Settings To configure the 802.1X Settings, click Security > 802.1X > 802.1X Settings Figure 6 - 23 802.1X Settings window This window allows you to set the following features: Parameter Description From Port / To...
Page 190: 802.1X User
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual PortControl This allows you to control the port authorization state. Select forceAuthorized to disable 802.1X and cause the port to transition to the authorized state without any authentication exchange required. This means the port transmits and receives normal traffic without 802.1X-based authentication of the client.
Page 191: Authentication Radius Server
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Authentication RADIUS Server The RADIUS feature of the Switch allows you to facilitate centralized user administration as well as providing protection against a sniffing, active hacker. To configure the 802.1X User, click Security > 802.1X > Authentication RADIUS Server Figure 6 - 25 Authentic RADIUS Server window This window displays the following information: Parameter...
Page 192: Radius Attributes Assignment
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual RADIUS Attributes Assignment The RADIUS Attributes Assignment is used in the following modules: 802.1X (Port-based and Host-based), MAC- based Access Control, Web-based Access Control, and JWAC (Japanese Web-based Access Control). 1.
Page 193 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Note: it is RFC description. Tunnel-Medium-Type The transport medium 6(802) Required is used Tunnel-Private-Group-ID The group ID for a A string (VLAN name or VID) Required particular tunneled Session.
Page 194: Guest Vlan Configuration
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Guest VLAN Configuration On 802.1X security enabled networks, there is a need for non 802.1X supported devices to gain limited access to the network, due to lack of the proper 802.1X software or incompatible devices, such as computers running Windows 98 or lower operating systems, or the need for guests to gain access to the network without full authorization.
Page 195: Guest Vlan
Click Apply to implement the 802.1X Guest VLAN. Once properly configured, the Guest VLAN Name and associated ports will be listed in the lower part of the window. NOTE: For more information and configuration examples for the 802.1X Guest VLAN function, please refer to the Guest VLAN Configuration Example located on the D-Link website. SSL Settings Secure Sockets Layer or SSL is a security feature that will provide a secure communication path between a host and client through the use of authentication, digital signatures and encryption.
Page 196: Download Certificate
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual and implementation of the certificate file and can be downloaded to the Switch by utilizing a TFTP server. The Switch supports SSLv3 and TLSv1. Other versions of SSL may not be compatible with this Switch and may cause problems upon authentication and transfer of messages from client to host.
Page 197 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual RSA with This ciphersuite combines the RSA key exchange, stream cipher RC4 encryption with 128- RC4_128_MD5 bit keys and the MD5 Hash Algorithm. Use the pull-down menu to enable or disable this ciphersuite.
Page 198: Ssh
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual SSH is an abbreviation of Secure Shell, which is a program allowing secure remote login and secure network services over an insecure network. It allows a secure login to remote host computers, a safe method of executing commands on a remote end node, and will provide secure encrypted and authenticated communication between two non-trusted hosts.
Page 199: Ssh Authmode And Algorithm Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual TCP Port Number Specifies the TCP port used to communication between SSH client and server. The default (1-65535) value is 22. Rekey Timeout Using the pull-down menu uses this field to set the time period that the Switch will change the security shell encryptions.
Page 200: Ssh User Authentication Lists
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual AES256-CBC Check the box to enable the Advanced Encryption Standard AES-256 encryption algorithm with Cipher Block Chaining. The default is enabled. ARC4 Check the box to enable the Arcfour encryption algorithm with Cipher Block Chaining. The default is enabled.
Page 201 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Auth. Mode The administrator may choose one of the following to set the authorization for users attempting to access the Switch. Host Based – This parameter should be chosen if the administrator wishes to use a remote SSH server for authentication purposes.
Page 202: Access Authentication Control
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Access Authentication Control The TACACS/XTACACS/TACACS+/RADIUS commands allow users to secure access to the Switch using the TACACS/XTACACS/TACACS+/RADIUS protocols. When a user logs in to the Switch or tries to access the administrator level privilege, he or she is prompted for a password.
Page 203: Authentication Policy Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Authentication Policy Settings This command will enable an administrator-defined authentication policy for users trying to access the Switch. When enabled, the device will check the Login Method List and choose a technique for user authentication upon login. To access the following window, click Security >...
Page 204: Authentication Server Group
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Login Method List Using the pull-down menu, configure an application for normal login on the user level, utilizing a previously configured method list. The user may use the default Method List or other Method List configured by the user.
Page 205: Authentication Server
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Figure 6 - 36 Authentication Server Group Settings Edit window To add an Authentication Server Host to the list, enter its IP address in the IP Address field, choose the protocol associated with the IP address of the Authentication Server Host and click Add to add this Authentication Server Host to the group.
Page 206: Login Method Lists
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Configure the following parameters to add an Authentication Server Host: Parameter Description IP Address The IP address of the remote server host the user wishes to add. Port (1-65535) Enter a number between 1 and 65535 to define the virtual port number of the authentication protocol on a server host.
Page 207: Enable Method Lists
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Figure 6 - 38 Login Method Lists window The Switch contains one Method List that is set and cannot be removed, yet can be modified. To delete a Login Method List defined by the user, click the corressponding Delete button.
Page 208: Local Enable Password Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Figure 6 - 39 Enable Method List window To delete an Enable Method List defined by the user, click the the Delete button. To modify an Enable Method List, click on its corresponding Edit button.
Page 209: Radius Accounting Services
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Parameter Description Old Local Enable If a password was previously configured for this entry, enter it here in order to change it to Password a new password New Local Enable Enter the new password that you wish to set on the Switch to authenticate users Password...
Page 210: Mac-Based Access Control
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual MAC-based Access Control MAC-based Access Control is a method to authenticate and authorize access using either a port or host. For port- based MAC, the method decides port access rights, while for host-based MAC, the method determines the MAC access rights.
Page 211 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Figure 6 - 42 MAC-based Access Control Settings The following parameters may be viewed or set: Parameter Description Settings State Use the pull-down menu to globally enable or disable the MAC-based Access Control function on the Switch.
Page 212: Mac-Based Access Control Local Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual RADIUS Authorization Used to enable or disable the accepting of authorized configuration. When this is enabled, the authorized data assigned by the RADUIS server will be accepted if the global authorization network is enabled.
Page 213: Web Authentication
WAC by attempting to gain Web access. D-Link’s implementation of WAC uses a virtual IP that is exclusively used by the WAC function and is not known by any other modules of the Switch. In fact, to avoid affecting a Switch’s other features, WAC will only use a virtual IP address to communicate with hosts.
Page 214 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual...
Page 215: Web-Based Access Control Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Conditions and Limitations 1. If the client is utilizing DHCP to attain an IP address, the authentication VLAN must provide a DHCP server or a DHCP relay function so that client may obtain an IP address. 2.
Page 216: Web-Based Access Control User Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual virtual IP is enabled, the TCP packets sent to the virtual IP or physical IPIF’s IP address will both get a reply. When the virtual IP is set to 0.0.0.0 the fuction will be disabled. To ensure that this fuction works correctly, the virtual IP address must not have an IP address that exists on the subnet.
Page 217: Web-Based Access Control Port Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Password Enter the password the administrator has chosen for the selected user. This field is case sensitive and must be a complete alphanumeric string. This field is for administrators who have selected local as their web based authenticator.
Page 218: Jwac (Japanese Web-Based Access Control)
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Enter a value between 1 and 1440 minutes. A value of Infinite indicates the Idle state of the authenticated host on the port will never be checked. The default setting is Infinite.
Page 219 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Virtual IP This parameter specifies the JWAC Virtual IP address that is used to accept authentication requests from an unauthenticated host. Only requests sent to this IP will get a correct response.
Page 220: Jwac Port Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual the JWAC Switch will monitor the Quarantine Server to ensure the server is okay. If the Switch detects no Quarantine Server, it will redirect all unauthenticated HTTP access attempts to the JWAC Login Page forcibly if the Redirect is enabled and the Redirect Destination is configured to be a Quarantine Server.
Page 221: Jwac User Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Session Timeout This parameter specifies the period of time a host will keep in authenticated state after it successes to authenticate. Enter a value between 1 and 1440 minutes. The default setting is (1-1440 Minutes) 1440 minutes.
Page 222: Jwac Customize Page
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Figure 6 - 50 JWAC Customize Page Language window JWAC Customize Page To view JWAC customize page for the Switch, go to the Security > JWAC > JWAC Customize page Figure 6 - 51 JWAC Customize Page window NetBIOS Filtering Settings NetBIOS is an application programming interface, providing a set of functions that applications use to communicate...
Page 223: Multiple Authentication
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Figure 6 - 52 NetBIOS Filtering Settings window Multiple Authentication Multiple Authentication setting allows for multiple authentication to be supported on the Switch. Previously 802.1X, MAC-based Access Control (MAC), Japan Web-based Access Control (JWAC) and IP-MAC-Port Binding (IMPB) could not coexist with other modules on a port.
Page 224 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual 802.1X & IMPB Mode Figure 6 - 54 802.1X & IMPB Mode This mode adds an extra layer of security by checking the IP MAC-Port Binding (IMPB) table before trying one of the supported authentication methods.
Page 225: Multiple Authentication Settings
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual IMPB & JWAC Mode Figure 6 - 55 IMPB & JWAC Mode This mode adds an extra layer of security by checking the IP MAC-Port Binding (IMPB) table before trying one of the supported authentication methods.
Page 226: Guest Vlan
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Figure 6 - 56 Multiple Authentication Settings window Guest VLAN This window is used to display and configure the Guest VLAN settings on the Switch. To view this window, click Security > Multiple Authentication > Guest VLAN, as shown below: Figure 6 - 57 Guest VLAN window The following parameters may be set: Parameter...
Page 227: Acl
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Section 7 ACL Configuration Wizard Access Profile List CPU Access Profile List ACL Finder ACL Flow Meter Access profiles allow you to establish criteria to determine whether or not the Switch will forward packets based on the information contained in each packet's header.
Page 228 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Figure 7 - 1 ACL Configuration Wizard The following parameters can be configured. Parameter Description Type Select the type of ACL you wish to create, either normal or CPU. Profile Name Select a unique Profile Name for this profile set.
Page 229: Access Profile List
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Access Profile List Creating an access profile is divided into two basic parts. The first is to specify which part or parts of a frame the Switch will examine, such as the MAC source address or the IP destination address. The second part is entering the criteria the Switch will use to determine what to do with the frame.
Page 230 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Figure 7 - 4 Add Ethernet ACL Profile window Click on the boxes at the top of the table, which will then turn red and reveal parameters for configuration. To create a new entry enter the correct information and click Create.
Page 231 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Ethernet type Selecting this option instructs the Switch to examine the Ethernet type value in each frame's header. Click Create to view the new Access Profile List entry in the Access Profile List table shown below. To add another Access Profile click Add ACL P rofile.
Page 232 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Figure 7 - 7 Access Profile Ethernet To set the Access Rule for Ethernet, adjust the following parameters and click Apply. Parameter Description Access ID (1-128) Type in a unique identifier number for this access. This value can be set from 1 to 128. Auto Assign –...
Page 233 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual the value entered in the Priority field, which meets the criteria specified previously in this command, before forwarding it on to the specified CoS queue. Otherwise, a packet will have its incoming 802.1p user priority re-written to its original value before being forwarded by the Switch Replace DSCP (0- Select this option to instruct the Switch to replace the DSCP value (in a packet that meets the...
Page 234 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Figure 7 - 10 Add IPv4 ACL Profile Click on the boxes at the top of the table, which will then turn red and reveal parameters for configuration. To create a new entry enter the correct information and click Create.
Page 235 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual code value. Select IGMP to instruct the Switch to examine the Internet Group Management Protocol (IGMP) field in each frame's header. Select Type to further specify that the access profile will apply an IGMP type value Select TCP to use the TCP port number contained in an incoming packet as the forwarding criterion.
Page 236 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Figure 7 - 12 Access Profile Details (IPv4) To return to the Access Profile List click Show All Profiles, to add a rule to a previously configured entry click on the corresponding Add/View Rules and then Add Rule, which will reveal the following window;...
Page 237 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Switch and will be filtered. Select Mirror to specify that packets that match the access profile are mirrored to a port defined in the config mirror port command. Port Mirroring must be enabled and a target port must be set.
Page 238 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual To configure the IPv6 AC L select IPv6 in the Add ACL Profile window, enter the Profile ID and Profile Name into the top half of the screen in the Add ACL Profile window and click Select, the following window will appear. Figure 7 - 16 Add IPv6 ACL Profile Click on the boxes at the top of the table, which will then turn red and reveal parameters for configuration.
Page 239 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Click Create to view the new Access Profile List entry in the Access Profile List table shown below. To add another Access Profile click Add ACL P rofile. To delete a profile click the corresponding Delete button, to view the specific configurations for an entry click the Show D etails button.
Page 240 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Figure 7 - 19 Access Profile (IPv6) The following parameters may be configured for the IP (IPv4) filter. Parameter Description Access ID (1-128) Type in a unique identifier number for this access. This value can be set from 1 to 128. Class Entering a class will instruct the Switch to examine the class field of the IPv6 header.
Page 241 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Precedence header. Rx Rate (1-15624) Use this to limit Rx bandwidth for the profile being configured. This rate is implemented using the following equation: 1 value = 64Kbit/sec. (ex. If the user selects an Rx rate of 10 then the ingress rate is 640Kbit/sec.) The user many select a value between 1 and 15624 or tick the No Limit check box.
Page 242 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Figure 7 - 22 Add Packet Content ACL Profile Click on the boxes at the top of the table, which will then turn red and reveal parameters for configuration. To create a new entry enter the correct information and click Create.
Page 243 With this advanced unique Packet Content Mask (also known as Packet Content Access Control ® List - ACL), the D-Link xStack switch family can effectively mitigate some network attacks like the common ARP Spoofing attack that is wide spread today. This is why the Packet Content ACL is able to inspect any specified content of a packet in different protocol layers.
Page 244 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Figure 7 - 25 Access Profile (Packet Content) The following parameters may be configured for the Packet Content filter. Parameter Description Access ID (1-128) Type in a unique identifier number for this access. This value can be set from 1 to 128. Action Select Permit to specify that the packets that match the access profile are forwarded by the Switch, according to any additional rule added (see below).
Page 245: Cpu Interface Filtering
(MAC Address). However, ARP is vulnerable as it can be easily spoofed and utilized to attack a LAN. For a more detailed explanation on how ARP works and how to employ D-Link’s advanced unique Packet Content ACL to prevent ARP spoofing attack, please see Appendix B, at the end of this manual.
Page 246: Cpu Access Profile List
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual CPU Access Profile List In the following window, the user may globally enable or disable the CPU Interface Filtering State mechanism by using the radio buttons to change the running state. To access this window, click ACL >...
Page 247 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Figure 7 - 29 Add CPU ACL Profile window for Ethernet Parameter Description Select Profile ID Use the drop-down menu to select a unique identifier number for this profile set. This value can (1-5) be set from 1 to 5.
Page 248 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Figure 7 - 30 CPU Access Profile Detail Information window for Ethernet The window shown below is the Add CPU ACL Profile window for IP (IPv4). Figure 7 - 31 Add CPU ACL Profile window for IP (IPv4) The following parameters may be configured for the IP (IPv4) filter.
Page 249 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Protocol Selecting this option instructs the Switch to examine the protocol type value in each frame's header. You must then specify what protocol(s) to include according to the following guidelines: Select ICMP to instruct the Switch to examine the Internet Control Message Protocol (ICMP) field in each frame's header.
Page 250 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Figure 7 - 33 Add CPU ACL Profile window for IPv6 The following parameters may be configured for the IPv6 filter. Parameter Description Select Profile ID Use the drop-down menu to select a unique identifier number for this profile set. This value can be set from 1 to 5.
Page 251 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Figure 7 - 34 CPU Access Profile Detail Information window for IPv6 The window shown below is the Add CPU ACL Profile window for Packet Content. Figure 7 - 35 Add CPU ACL Profile window for Packet Content The following parameters may be configured for the Packet Content filter.
Page 252 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual • 48-63 – Enter a value in hex form to mask the packet from byte 48 to byte 63. • 64-79 – Enter a value in hex form to mask the packet from byte 64 to byte 79. Click Apply to set this entry in the Switch’s memory.
Page 253 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual VLAN ID Allows the entry of a VLAN ID for a previously configured VLAN. 802.1P (0-7) Enter a value from 0 to 7 to specify that the access profile will apply only to packets with this 802.1p priority value.
Page 254 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Figure 7 - 41 Add Access Rule window for IPv4 To set the Access Rule for IP, adjust the following parameters and click Apply Parameter Description Access ID (1-100) Type in a unique identifier number for this access.
Page 255 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual To establish the rule for a previously created CPU Access Profile: To configure the Access Rules for IP, open the CPU Access P rofile L ist window and click Add/View R ules for an IPv6 entry.
Page 256 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Name configured in the Time Range Settings window. This will set specific times when this access rule will be implemented on the Switch. Ports Specifies the access rule can take effect on one port or a range of ports. To view the settings of a previously correctly configured rule, click the corresponding Show Details button on the CPU Access Rule List window to view the following window: Figure 7 - 45 CPU Access Rule Detail Information window for IPv6...
Page 257: Acl Finder
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Parameter Description Access ID (1-100) Type in a unique identifier number for this access. This value can be set from 1 to 100. Action Select Permit to specify that the packets that match the access profile are forwarded by the Switch, according to any additional rule added (see below).
Page 258 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual To open this window, click ACL > ACL Flow Meter Figure 7 - 50 ACL Flow Meter window The following fields may be configured: Parameter Description Profile ID / Profile The pre-configured Profile ID/Name for which to configure the Flow Metering parameters.
Page 259 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual • PIR (64Kbps) – Specifies the Peak Information Rate of the packet. Tha range is from 0 to 15624. The unit is 64Kbps. That is to say, 1 means 64Kbps. •...
Page 260: Monitoring
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Section 8 Monitoring Device Status Cable Diagnostics CPU Utilization Port Utilization Packet Size Packets Errors Port Access Control Browse ARP Table Browse Route Table Browse VLAN Show VLAN Ports Browse Voice VLAN Device Browse DHCP Server Dynamic Binding Brwose DHCP Conflict IP...
Page 261: Cable Diagnostics
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Cable Diagnostics This window displays the details of copper cables attached to specific ports on the Switch. If there is an error in the cable this feature can determine the type of error and the position where the error has occurred. To view this window, click Monitoring >...
Page 262: Cpu Utilization
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Figure 8 - 2 Cable Diagnostics window – Various Status Enter the port number you wish to test and click Test, the results will be display on the lower half of the table. CPU Utilization The CPU U tilization window displays the percentage of the CPU being used, expressed as an integer percentage and calculated as a simple average by time interval.
Page 263: Port Utilization
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Port Utilization The Port Utilization window displays the percentage of the total available bandwidth being used on the port. To view this window, click Monitoring > Port Utilization: Figure 8 - 4 Port Utilization window To select a port to view these statistics for, select the port by using the Port pull-down menu.
Page 264: Packet Size
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Packet Size The Web Manager allows packets received by the Switch, arranged in six groups and classed by size, to be viewed as either a line graph or a table. Two windows are offered. To select a port to view these statistics for, select the port by using the Port pull-down menu.
Page 265 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual value is one second. Record Number Select number of times the Switch will be polled between 20 and 200. The default value is 200. The total number of packets (including bad packets) received that were 64 octets in length (excluding framing bits but including FCS octets).
Page 266: Packets
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Packets The Web Manager allows various packet statistics to be viewed as either a line graph or a table. Six windows are offered. Received (RX) This table displays the RX packets on the Switch. To select a port to view these statistics for, select the port by using the Port pull-down menu.
Page 267 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual The following fields may be set or viewed: Parameter Description Port Use the drop-down menu to choose the port that will display statistics. Time Interval Select the desired setting between 1s and 60s, where "s" stands for seconds. The default value is one second.
Page 268: Umb_Cast (Rx)
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual UMB_cast (RX) This table displays the UMB_cast RX Packets on the Switch. To select a port to view these statistics for, select the port by using the Port pull-down menu. The user may also use the real-time graphic of the Switch at the top of the web page by simply clicking on a port.
Page 269: Transmitted (Tx)
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Parameter Description Port Use the drop-down menu to choose the port that will display statistics. Time Interval Select the desired setting between 1s and 60s, where "s" stands for seconds. The default value is one second.
Page 270 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Figure 8 - 12 Transmitted (TX) Table window (for Bytes and Packets) The following fields may be set or viewed: Parameter Description Port Use the drop-down menu to choose the port that will display statistics. Time Interval Select the desired setting between 1s and 60s, where "s"...
Page 271: Errors
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Errors The Web Manager allows port error statistics compiled by the Switch's management agent to be viewed as either a line graph or a table. Four windows are offered. Received (RX) To select a port to view these statistics for, select the port by using the Port pull-down menu.
Page 272 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual The following fields can be set: Parameter Description Port Use the drop-down menu to choose the port that will display statistics. Time Interval Select the desired setting between 1s and 60s, where "s" stands for seconds. The default value is one second.
Page 273: Transmitted (Tx)
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Transmitted (TX) To select a port to view these statistics for, select the port by using the Port pull-down menu. The user may also use the real-time graphic of the Switch at the top of the web page by simply clicking on a port. To view the following graph of error packets received on the Switch Click the Monitoring >...
Page 274: Port Access Control
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Record Number Select number of times the Switch will be polled between 20 and 200. The default value is 200. ExDefer Counts the number of packets for which the first transmission attempt on a particular interface was delayed because the medium was busy.
Page 275: Radius Authentication
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual RADIUS Authentication This table contains information concerning the activity of the RADIUS authentication client on the client side of the RADIUS authentication protocol. To view the RADIUS Authentication window, click Monitoring > Port Access Control > RADIUS Authentication Figure 8 - 17 RADIUS Authentication window The user may also select the desired time interval to update the statistics, between 1s and 60s, where “s”...
Page 276: Radius Account Client
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual authentication server. AccessAccepts The number of RADIUS Access-Accept packets (valid or invalid) received from this server. AccessRejects The number of RADIUS Access-Reject packets (valid or invalid) received from this server.
Page 277 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Figure 8 - 18 RADIUS Account Client window The user may also select the desired time interval to update the statistics, between 1s and 60s, where “s” stands for seconds.
Page 278: Authenticator State
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual responses. BadAuthenticators The number of RADIUS Accounting-Response packets, which contained invalid authenticators, received from this server. PendingRequests The number of RADIUS Accounting-Request packets sent to this server that have not yet timed out or received a response.
Page 279 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Figure 8 - 20 Authenticator Statistics window The user may also select the desired time interval to update the statistics, between 1s and 60s, where “s” stands for seconds.
Page 280: Authenticator Session Statistics
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Authenticator Session Statistics This window contains the session statistics objects for the Authenticator PAE associated with each port. An entry appears in this table for each port that supports the Authenticator function. To view the Authenticator S ession Statistics window, click Monitoring >...
Page 281: Authenticator Diagnostics
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Terminate Cause The reason for the session termination. There are eight possible reasons for termination. 1) Supplicant Logoff 2) Port Failure 3) Supplicant Restart 4) Reauthentication Failure 5) AuthControlledPortControl set to ForceUnauthorized 6) Port re-initialization 7) Port Administratively Disabled...
Page 282 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual DISCONNECTED as a result of receiving an EAPOL-Logoff message. Auth Enter Counts the number of times that the state machine transitions from CONNECTING to AUTHENTICATING, as a result of an EAP-Response/Identity message being received from the Supplicant.
Page 283: Browse Arp Table
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Browse ARP Table This window displays current ARP entries on the Switch. To search a specific ARP entry, enter an Interface Name or an IP Address at the top of the window and click Find. Click the Show S tatic button to display static ARP table entries.
Page 284: Show Vlan Ports
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Show VLAN Ports This window allows the VLAN status for each of the Switch's ports to be viewed by VLAN. Select a port from the drop- down menu at the top of the window and click the Find button. To view the Browse VLAN click, Monitoring >...
Page 285: Browse Dhcp Conflict Ip
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Life Time (sec) This field will display, in seconds, the time remaining on the lease for this IP address. Browse DHCP Conflict IP This window displays DHCP conflict IP address on the Switch. To view the Browse DHCP Conflict IP window, click Monitoring >...
Page 286: Mld Snooping Group
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual MLD Snooping Group The following window allows the user to view MLD Snooping Groups present on the Switch. MLD Snooping is an IPv6 function comparable to IGMP Snooping for IPv4. The user may browse this table by VLAN Name present in the Switch by entering that VLAN Name in the empty field shown below, and clicking the Find button.
Page 287: Browse Mld Snooping Counter
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Browse MLD Snooping Counter This window is used to display the current MLD snooping counter information on the Switch. To view this window, click Monitoring > MLD Snooping > Browse MLD Snooping Counter as shown below: Figure 8 - 34 Browse MLD Snooping Counter window IGMP Snooping The following windows are used to configure the IGMP Snooping settings of the Switch.
Page 288: Igmp Snooping Group
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual IGMP Snooping Group This window allows the Switch’s IGMP Snooping Group Table to be viewed. IGMP Snooping allows the Switch to read the Multicast Group IP address and the souce IP address from IGMP packets that pass through the Switch. The information of the IGMP snooping group will display in the MLD Snooping Group Table.
Page 289: Igmp Snooping Forwarding
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual IGMP Snooping Forwarding This window will display the current IGMP forwarding information on the Switch. To view this window, click Monitoring > IGMP Snooping > IGMP Snooping Forwarding as shown below: Figure 8 - 37 IGMP Snooping Forwarding Table window Enter the VLAN Name or VLAN ID you wish to view and click Find, the information will be displayed in the lower half of the window.
Page 290: Browse Ethernet Oam Statistics
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Figure 8 - 39 Browse Ethernet OAM Event Log window Browse Ethernet OAM Statistics This window displays the Ethernet OAM Statistic information on each port of the Switch. To clear information for a particular port or list of ports enter the ports and click Clear.
Page 291: Jwac Authentication State
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual JWAC Authentication State This window allows the user to view the Japanese Web Access Control authentication information. Specify the port list you wish to view and click Find. To remove an entry, enter the appropriate information and click Clear. Click View All Hosts to see all the entries.
Page 292: Arp & Fdb Table
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual ARP & FDB Table This window displays current ARP & FDP entries on the Switch. To search a specific ARP or FDB entry, select a port from the pull down menu, or enter a(n) MAC/IP Address at the top of the window. The view this window, click Monitoring >...
Page 293: Mac Address Table
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual MAC Address Table This allows the Switch's dynamic MAC address forwarding table to be viewed. When the Switch learns an association between a MAC address and a port number, it makes an entry into its forwarding table. These entries are then used to forward packets through the Switch.
Page 294: System Log
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual System Log The web manager allows the Switch's history log, as compiled by the Switch's management agent, to be viewed. To view the Switch history log, Click Monitoring > System Log Figure 8 - 46 System Log window The Switch can record event information in its own logs, to designated SNMP trap receiving stations, and to the PC connected to the console manager.
Page 295: Save Services And Tools
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Section 9 Save Services and Tools Save Configuration ID 1 Save Configuration ID 2 Save Log Save All Configuration File Backup & Restore Upload Log File Reset Download Firmware Reboot System The four Save windows include: Save C onfiguration 1 , Save C onfiguration 2 , Save L og, and Save A ll.
Page 296: Save Configuration Id 2
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Save Configuration ID 2 Open the Save drop-down menu at the top of the Web manager and click Save C onfiguration I D 2 to open the following window: Figure 9 - 2 Save Configuration ID 2 window Save Log...
Page 297: Configuration File Backup & Restore
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Configuration File Backup & Restore The Switch supports dual image storage for configuration file backup and restoration. The firmware and configuration images are indexed by ID number 1 or 2. To change the boot firmware image, use the Configuration ID drop-down menu to select the desired configuration file to backup or restore.
Page 298: Download Firmware
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Figure 12- 3. Reset System window Download Firmware The following window is used to download firmware for the Switch. Figure 12- 4. Download Firmware window Enter the Server IP address in the first field and and specify the path/file name of the firmware in the second field. Click Download to initiate the file transfer.
Page 299: Mitigating Arp Spoofing Attacks Using Packet Content Acl
IP address is known. This protocol is vulnerable because it can spoof the IP and MAC information in the ARP packets to attack a LAN (known as ARP spoofing). This document is intended to introduce ARP protocol, ARP spoofing attacks, and the counter measure brought by D-Link's switches to counter the ARP spoofing attack. •...
Page 300 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual address FF-FF-FF-FF-FF-FF 00-20-5C-01-11-11 Table-2 (Ethernet frame format) When the switch receives the frame, it will check the “Source Address” in the Ethernet frame’s header. If the address is not in its Forwarding Table, the switch will learn PC A’s MAC and the associated port into its Forwarding Table.
Page 301 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual When PC B replies to the ARP request, its MAC address will be written into “Target H/W Address” in the ARP payload shown in Table-3. The ARP reply will be then encapsulated into the Ethernet frame again and sent back to the sender. The ARP reply is in a form of Unicast communication.
Page 302 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual How ARP spoofing attacks a network ARP spoofing, also known as ARP poisoning, is a method to attack an Ethernet network which may allow an attacker to sniff data frames on a LAN, modify the traffic, or stop the traffic altogether (known as a Denial of Service - DoS attack).
Page 303 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Gratuitous ARP Ethernet Destination Source Ethernet H/W type Protocol Protocol Operation Sender H/W Sender Target H/W Target address address type type address address address protocol address protocol length length address...
Page 304: Example Topology
• Prevent ARP spoofing via packet content ACL Concerning the common DoS attack today caused by the ARP spoofing, D-Link managed switch can effectively mitigate it via its unique Packet Content ACL. For that reason the basic ACL can only filter ARP packets based on packet type, VLAN ID, Source and Destination MAC information, there is a need for further inspections of ARP packets.
Page 305 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Offset Offset Offset Offset Offset Offset Offset Offset Offset Offset Offset Offset Offset Offset Offset Offset Offset Chunk Chunk0 Chunk1 Chunk2 Chunk3 Chunk4 Chunk5 Chunk6 Chunk7 Chunk8 Chunk9 Chunk10 Chunk11...
Page 306 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual...
Page 307: System Log And Trap List
® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Appendix B System Log and Trap List System Log Entries The following table lists all possible entries and their corresponding meanings that will appear in the System Log of this Switch.
Page 308 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Configuration upload was Configuration upload by console was unsuccessful! Warning unsuccessful (Username: <username>) Log message successfully Log message successfully uploaded by console Informational uploaded (Username: <username>) Log message upload was Log message upload by console was unsuccessful! Warning unsuccessful...
Page 309 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual string Topology changed Topology changed Informational New Root selected New Root selected Informational BPDU Loop Back on port BPDU Loop Back on Port <unitID:portNum> Warning Spanning Tree Protocol is Spanning Tree Protocol is enabled Informational enabled...
Page 310 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual AAA local method <username>) Successful login through Successful login through Telnet from <userIP> Informational Telnet authenticated by authenticated by AAA local method (Username: AAA local method <username>) Login failed through Telnet Login failed through Telnet from <userIP>...
Page 311 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Login failed through Login failed through Web(SSL) from <userIP> due to AAA Warning Web(SSL) due to AAA server timeout or improper configuration (Username: server timeout or improper <username>) configuration Successful login through...
Page 312 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Successful Enable Admin Successful Enable Admin through Console authenticated Informational through Console by AAA none method (Username: <username>) authenticated by AAA none method Successful Enable Admin Successful Enable Admin through Web from <userIP> Informational through Web authenticated authenticated by AAA none method (Username:...
Page 313 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual improper configuration. <username>) Login failed through Web Login failed through Web from <userIP> due to AAA Warning from user due to AAA server timeout or improper configuration (Username: server timeout or improper <username>) configuration.
Page 314 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Broadcast storm cleared Port <portNum> Broadcast storm has cleared Informational Multicast storm occurrence Port <portNum> Multicast storm is occurring Warning Multicast storm cleared Port <portNum> Multicast storm has cleared Informational Port shut down due to a Port <portNum>...
Page 315 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual system recover learning WAC recovers from stop learning state. Warning MAC-AC login successful (MAC: <macaddr>, Port: Login OK <[unitID:]portNum>, VID: <vid>) Information MAC-AC login rejected (MAC: <macaddr>, Port: Login fail <[unitID:]portNum>, VID: <vid>) Warning...
Page 316 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual Port recover from BPDU Port <[unitID:] portNum> recover from BPDU under Informational under attacking state attacking state automatically automatically DHCP Detect untrusted DHCP Detected untrusted DHCP server(IP: <ipaddr>, Port: Informational server IP address <[unitID:]portNum>)
Page 317 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual swIpMacBindingStopLearningTrap swIpMacBindingNotifyPrefix IPMacBind-MIB Warning 1.3.6.1.4.1.171.12.23.5.0.2 swIpMacBindingRecoverLearningTrap swIpMacBindingNotifyPrefix IPMacBind-MIB Warning 1.3.6.1.4.1.171.12.23.5.0.3 swMacBasedAuthLoggedSuccess swMBANotifyPrefix MBA-MIB Warning 1.3.6.1.4.1.171.12.35.11.1.0.1 SwMacBasedAuthLoggedFail swMBANotifyPrefix MBA-MIB Warning 1.3.6.1.4.1.171.12.35.11.1.0.2 SwMacBasedAuthAgesOut swMBANotifyPrefix MBA-MIB Warning 1.3.6.1.4.1.171.12.35.11.1.0.3 swHighTemperature swEquipTemperatureNotifyPr Equipment-MIB Warning efix...
Page 318 ® xStack DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual agentGratuitousARPTrap agentNotifyPrefix Genmgmt-MIB Warning 1.3.6.1.4.1.171.12.1.7.2.0.5...
Page 319: Glossary
Appendix C Glossary 1000BASE-SX: A short laser wavelength on multimode fiber optic cable for a maximum length of 2000 meters 1000BASE-LX: A long wavelength for a "long haul" fiber optic cable for a maximum length of 10 kilometers 1000BASE-T: 1000Mbps Ethernet implementation over Category 5E cable. 100BASE-FX: 100Mbps Ethernet implementation over fiber.
Page 320 half duplex: A system that allows packets to be transmitted and received, but not at the same time. Contrast with full duplex. IP ad dress: Internet Protocol address. A unique identifier for a device attached to a network using TCP/IP. The address is written as four octets separated with full-stops (periods), and is made up of a network section, an optional subnet section and a host section.
Page 321 UDP - User D atagram Protocol: An Internet standard protocol that allows an application program on one device to send a datagram to an application program on another device. VLAN - Virtual L AN: A group of location- and topology-independent devices that communicate as if they are on a common physical LAN.
Page 322: Password Recovery Procedure
This document will explain how the Password Recovery feature can help network administrators reach this goal. The following steps explain how to use the Password Recovery feature on D-Link devices to easily recover passwords.

This manual is also suitable for:

Xstack des-3552 series

D-Link xStack DES-3528 series User Manual

Web-Based Switch Configuration

Configuration

L2 Features

L3 Features

Qos

Security

Acl

Monitoring

Quick Links

User Manual

Related Manuals for D-Link xStack DES-3528 series

Summary of Contents for D-Link xStack DES-3528 series