Page 2
Microsoft Corporation. Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products. D-Link Computer Corporation disclaims any proprietary interest in trademarks and trade names other than its own.
Command Line Console Interface Through the Serial Port ... 17 Connecting the Console Port (RS-232 DCE)... 18 First Time Connecting to The Switch ... 19 Password Protection ... 20 SNMP Settings ... 21 Traps ... 22 D-Link DES-3250TG Standalone Layer 2 Switch Table of Contents...
Page 4
Link Aggregation ... 76 LACP Port ... 79 Configuring the Access Profile Table ... 80 System Log Hosts ... 97 Port Access Entity (802.1X)... 97 802.1x Port-Based and MAC-Based Access Control... 97 Authentication Server ... 98 D-Link DES-3250TG Standalone Layer 2 Switch...
Page 5
Download Settings from TFTP Server... 146 Upload Settings to TFTP Server ... 146 Upload Log to TFTP Server ... 146 Switch History ... 147 Ping Test... 147 Save Changes ... 148 Reboot Services ... 148 Reboot ... 149 D-Link DES-3250TG Standalone Layer 2 Switch...
Page 6
Reset System ... 149 Reset Config ... 150 Logout... 150 Appendix A ... 150 Technical Specifications... 150 Appendix B ... 153 Understanding and Troubleshooting the Spanning Tree Protocol ... 153 Warranty and Registration ... 162 D-Link DES-3250TG Standalone Layer 2 Switch...
Appendix B, Understanding and Troubleshooting Spanning Tree Protocol - Intended Readers The DES-3250 User’s Guide contains information for setup and management and of the DES-3250TG switch. This guide is intended for network managers familiar with network management concepts and terminology.
• To help avoid damaging your system, be sure the voltage selection switch (if provided) on the power supply is set to match the power available at your location: –...
Page 9
Install front and side stabilizers on a single rack or front stabilizers for joined multiple racks before working on the rack. D-Link DES-3250TG Standalone Layer 2 Switch CAUTION: Installing systems in a rack without the front and side stabilizers installed could cause the rack to tip over, potentially resulting in bodily injury under certain circumstances.
3. Handle all sensitive components in a static-safe area. If possible, use antistatic floor pads and workbench pads and an antistatic grounding strap. D-Link DES-3250TG Standalone Layer 2 Switch NOTE: A qualified electrician must perform all connections to DC power and to safety grounds.
Switch Stacking The DES-3250TG can be used as a standalone or a stacked Switch by using the optional stacking module. Up to 12 Switches may be stacked and managed as a unit with a single IP address. Management for the entire stack is done through the Master Switch.
Features The DES-3250TG Switch was designed for easy installation and high performance in an environment where traffic on the network and the number of users increase continuously. Switch features include: • Store and forward switching scheme. • Full and half-duplex for both 10Mbps and 100Mbps connections. The front-port Gigabit Ethernet module operates at full duplex only.
GBIC module, port 49x is not available on the 1000BASE-T module, and vice versa. • RS-232 DCE Diagnostic port (console port) for setting up and managing the Switch via a connection to a console terminal or PC using a terminal emulation program.
Desktop or Shelf Installation When installing the Switch on a desktop or shelf, the rubber feet included with the device should first be attached. Attach these cushioning feet on the bottom at each corner of the device. Allow adequate space for ventilation between the device and the objects around it.
Rack Installation The DES-3250TG can be mounted in an EIA standard-sized, 19-inch rack, which can be placed in a wiring closet with other equipment. To install, attach the mounting brackets on the switch’s side panels (one on each side) and secure them with the screws provided.
Power on The DES-3250TG switch can be used with AC power supply 100 - 240 VAC, 50 - 60 Hz. The power switch is located at the rear of the unit adjacent to the AC power connector and the system fan. The switch’s power supply will adjust to the local power source automatically and may be turned on without having any or all LAN segment cables connected.
The system fans are used to dissipate heat. The sides of the system also provide heat vents to serve the same purpose. Do not block these openings, and leave at least 6 inches of space at the rear and sides of the switch for proper ventilation. Be reminded that without proper heat dissipation and air circulation, system components might overheat, which could lead to system failure.
The system fans are used to dissipate heat. The sides of the system also provide heat vents to serve the same purpose. Do not block these openings, and leave at least 6 inches of space at the rear and sides of the switch for proper ventilation. Be reminded that without proper heat dissipation and air circulation, system components might overheat, which could lead to system failure.
Page 19
2 seconds after the switch is powered on to indicate the ready state of the device. ● Console – This indicator is lit green when the switch is being managed via local console management through the RS-232 console port.
End nodes include PCs outfitted with a 10, 100, or 10/100 Mbps RJ-45 Ethernet/Fast Ethernet Network Interface Card (NIC) and most routers. An end node can be connected to the Switch via a two-pair Category 3, 4, or 5 UTP/STP cable. The end node should be connected to any of the ports (1x - 48x) on the switch.
Auto: This is the default stacking mode setting for the DES-3250TG. In auto stacking mode, the Switch is eligible for stacking or it can operate as a standalone device. If a DES-3250TG Switch stack is connected and all units are configured to operate in...
Multiple DES-3250TG Switches equipped with stacking modules may be connected in a stacking arrangement so that up to twelve Switches are managed as a single unit with a single IP address. The Release 4 DES-3250TG can connect to the DGS- 3312SR via the stacking port in a star topology.
Changes to Switch Stack Structure If Switches are added to or taken out of a stacked group of DES-3250TG Switches it is necessary to change the composition of a Switch stack and rearrange the stacking connections. If a stacking link fails or if a member of a stacked group fails, the composition of the stack will necessarily change also.
Power off both devices and place Switch B under Switch A in the rack. It is not actually required that the slave device be placed under the master in the stack but it may be easier so that the master Switch may be instantly recognized. This may prove especially convenient where multiple Switch stacks are installed so it is always clear which unit should be used to uplink.
Power on the entire stack. The new stacking arrangement is recognized and the new relationship is negotiated. Switch A retains status as the master of the stack, Switch C is in auto mode and therefore functions as a slave. The stack is ready for operation.
Stacking with DGS-3312SR The DES-3250TG Release 4 Switch can be arranged in a star topology and managed as slave devices through the DGS- 3312SR Master Switch. Up to twelve Switches can be connected to the DGS-3312SR Switch in this arrangement.
The SNMP agent updates the MIB objects to generate statistics and counters. Command Line Console Interface Through the Serial Port You can also connect a computer or terminal to the serial console port to access the Switch. The command-line-driven interface provides complete access to all Switch management features.
HyperTerminal's VT100 emulation. See www.microsoft.com for information on Windows 2000 service packs. 9. After you have correctly set up the terminal, plug the power cable into the power receptacle on the back of the Switch. The boot sequence appears in the terminal.
First Time Connecting to The Switch The Switch supports user-based security that can allow you to prevent unauthorized users from accessing the Switch or changing its settings. This section tells how to log onto the Switch. NOTE: The passwords used to access the Switch are case-sensitive;...
Password Protection The DES-3250TG does not have a default user name and password. One of the first tasks when settings up the Switch is to create user accounts. If you log in using a predefined administrator-level user name, you have privileged access to the Switch's management software.
After your initial login, define new passwords for both default user names to prevent unauthorized access to the Switch, and record the passwords for future reference. To create an administrator-level account for the Switch, do the following: At the CLI login prompt, enter create account admin followed by the <user name> and press the Enter key.
The DES-3250TG supports SNMP versions 1, 2c, and 3. You can specify which version of SNMP you want to use to monitor and control the Switch. The three versions of SNMP vary in the level of security provided between the management station and the network device.
Page 33
IP interface named System and the z represents the corresponding number of subnets in CIDR notation. The IP interface named System on the Switch can be assigned an IP address and subnet mask that can then be used to connect a management station to the Switch's Telnet or Web-based management agent.
Connecting Devices to the Switch After you assign IP addresses to the Switch, you can connect devices to the Switch. To connect a device to an SFP transceiver port: Use your cabling requirements to select an appropriate SFP transceiver type.
Web Pages Introduction The DES-3250TG offers an embedded Web-based (HTML) interface allowing users to manage the switch from anywhere on the network through a standard browser such as Netscape Navigator/Communicator or Microsoft Internet Explorer. The Web browser acts as a universal access tool and can communicate directly with the Switch using the HTTP protocol.
Apply is executed. Click Show All User Account Entries to access this window. 4. Please remember that Apply makes changes to the switch configuration for the current session only. All changes (including User additions or updates) must be entered into non-volatile ram using the Save Changes command on the Main Menu - if you want these changes to be permanent.
Save Changes The DES-3250TG has two levels of memory; normal RAM and non-volatile or NV-RAM. Configuration changes are made effective by clicking the Apply button. When this is done, the settings will be immediately applied to the switching software in RAM, and will immediately take effect.
Once the switch configuration settings have been saved to NV-RAM, they become the default settings for the switch. These settings will be used every time the switch is rebooted. Areas of the User Interface The user interface provides access to various switch configuration and management screens, allows you to view performance statistics, and permits you to graphically monitor the system status.
Web Pages hen you connect to the management mode of the Switch with a web browser, a login window is displayed. Enter a user name and password to access the Switch's management mode. Below is a list and description of the main folders available in the web interface: Configuration –...
Forwarding Filtering VLANs Port Bandwidth SNTP Settings Port Security LACP Access Profile Table System Log Hosts PAE Access Entity This section, arranged by topic, describes how to perform common monitoring and configuration tasks on the DES-3250TG switch using the Web-based Manager.
Enter the appropriate IP address and subnet mask. If you want to access the switch from a different subnet from the one it is installed on, enter the IP address of the gateway. If you will manage the switch from the subnet on which it is installed, you can leave the default address in this field.
Page 42
D-Link DES-3250TG Standalone Layer 2 Switch provide it with this information before using the default or previously entered settings. DHCP The switch will send out a DHCP broadcast request when it is powered up. The DHCP protocol allows IP addresses, network masks, and default gateways to be assigned by a DHCP server.
Figure 7- 2. Switch Information (Basic Settings) window This window shows which (if any) external modules are installed, and the switch’s MAC Address (assigned by the factory and unchangeable). In addition, the Boot PROM Version and Firmware Version numbers are shown. This information is helpful to keep track of PROM and firmware updates and to obtain the switch’s MAC address for entry into another network device’s...
Page 44
<Disabled> Web Status <Disabled> Link Aggregation Algorithm <Mac Source> D-Link DES-3250TG Standalone Layer 2 Switch Description The MAC Address Aging Time specifies the length of time a learned MAC Address will remain in the forwarding table without being accessed (that is, how long a learned MAC Address is allowed to remain idle).
The Serial Port Settings window is used to change and view the Console settings for your switch. The default Baud Rate for this switch is set at 9600 and may be altered from 119200, 38400, to 115200 to perform different functions. The Data Bits (8), Parity Bits (none) and Stop Bits (1) are read only fields and cannot be changed using the web-based manager.
To enable or disable MAC Notification on specific ports, click either Enable or Disable under the desired port(s). To save the changes, click Apply. Port Configuration Click the Port Configuration link in the Configuration menu: D-Link DES-3250TG Standalone Layer 2 Switch Figure 7- 5. MAC Notification window Description Enable or disable MAC notification globally on the Switch.
Page 47
Use the Speed/Duplex pull-down menu to select the speed and duplex/half-duplex state of the port. The Auto setting allows the port to automatically determine the fastest settings the port on the device connected to the DES-3250TG can handle, and then use those settings.
Speed/Duplex <Auto> Port Description The Switch supports a port description feature where the user may name various ports on the Switch. To assign names to various ports, click the Port Description on the Configuration menu: D-Link DES-3250TG Standalone Layer 2 Switch...
Figure 7- 7. Port Description Settings window Use the From and To pull down menu to choose a port or range of ports to describe and Unit to choose the Switch in the switch stack, and then enter a description of the port(s). Click Apply to set the descriptions in the Port Description Settings...
Page 50
Source Port None Ingress Egress Both D-Link DES-3250TG Standalone Layer 2 Switch Figure 7- 8. Setup Port Mirroring window Description Allows multiple ports to be mirrored. These ports are the sources of the packets to be duplicated and forwarded to the Target port.
Target Port Status Stack Setting When DES-3250TG Switches are properly interconnected in a stacked group, information about the stack is displayed in the Stack Setting menu. Click Stack Setting on the Configuration menu: If stacking has been disabled, the Switch will operate as a standalone device regardless of whether or not it has been stacked with another switch.
Static entries can be defined in the ARP Table. When static entries are defined, a permanent entry is entered and is used to translate IP address to MAC addresses. To open the Static ARP Settings window, open the Configuration, menu. D-Link DES-3250TG Standalone Layer 2 Switch numerical value of their respective MAC addresses.
The user may globally set the maximum amount of time, in minutes, that an Address Resolution Protocol (ARP) entry can remain in the Switch’s ARP table, without being accessed, before it is dropped from the table. The value may be set in the range of 0-65535 minutes with a default setting of 20 minutes.
Page 54
Query Interval Max Response Time Robustness Value Last Member Query Interval D-Link DES-3250TG Standalone Layer 2 Switch Figure 7- 13. IGMP Snooping Settings window Description Allows the entry of the VLAN ID for which IGMP Snooping is to be configured.
All UDP multicast packets will be forwarded to the router port. Because routers do not send IGMP reports or implement IGMP snooping, a multicast router connected to the router port of the Layer 2 switch would not be able to receive UDP data streams unless the UDP multicast packets were all forwarded to the router port.
Member Ports Spanning Tree The Spanning Tree Protocol (STP) operates on two levels: on the switch level, the settings are globally implemented. On the port level, the settings are implemented on a user-defined Group of ports basis. D-Link DES-3250TG Standalone Layer 2 Switch Figure 7- 15.
802.1w Rapid Spanning Tree The Switch implements two versions of the Spanning Tree Protocol, the Rapid Spanning Tree Protocol (RSTP) as defined by the IEEE 802.1w specification and a version compatible with the IEEE 802.1d STP. RSTP can operate with legacy equipment implementing IEEE 802.1d, however the advantages of using RSTP will be lost.
RSTP. STP Switch Settings In the Configuration folder open the Spanning Tree folder, then click on the STP Switch Settings link. Figure 7- 16. Switch Spanning Tree Settings window Note: The factory default setting should cover the majority of installations. It is advisable to keep the default settings as set at...
Page 59
Forwarding BPDU <Enabled> Note: The Hello Time cannot be longer than the Max. Age. Otherwise, a configuration error will occur. D-Link DES-3250TG Standalone Layer 2 Switch Description This field can be toggled between Enabled and Disabled using the pull-down menu. This will enable or disable the Spanning Tree Protocol (STP), globally, for the switch.
Max. Age ≥ 2 x (Hello Time + 1 second) STP Port Settings The Spanning Tree Protocol (STP) operates on two levels: on the switch level, the settings are globally implemented. On the port level, the settings are implemented on a user-defined Group of ports basis.
Page 61
Figure 7- 17. STP Port Settings window In addition to setting Spanning Tree parameters for use on the switch level, the switch allows for the configuration of a group of ports. This STP Group will use the switch-level parameters entered above, with the addition of Port Priority and Port Cost.
Page 62
Redundant links will be blocked, just as redundant links are blocked on the switch level. The STP on the switch level blocks redundant links between switches (and similar network devices). The port level STP will block redundant links within the STP Group.
MAC addresses can be statically entered into the switch’s MAC Address Forwarding Table. These addresses will never age out. Unicast Forwarding To enter a MAC address into the switch’s forwarding table, click on the Forwarding Filtering folder on the Configuration menu and then click Unicast Forwarding: Figure 7- 18. Setup Static Unicast Forwarding Table window...
Page 64
Figure 7- 19. Static Multicast Forwarding Settings window To add a new multicast MAC address to the switch’s forwarding table, click the Add button: Figure 7- 20. Setup Static Multicast Forwarding Table window The following fields can be set: Parameter...
VLANs on the DES-3250TG The DES-3250TG supports IEEE 802.1Q VLANs. The port untagging function can be used to remove the 802.1Q tag from packet headers to maintain compatibility with devices that are tag-unaware (that is, network devices that do not support IEEE 802.1Q VLANs or tagging).
D-Link DES-3250TG Standalone Layer 2 Switch Figure 7- 21. IEEE 802.1Q Packet Forwarding 802.1Q VLAN Tags The figure below shows the 802.1Q VLAN tag. There are four additional octets inserted after the source MAC address. Their presence is indicated by a value of 0x8100 in the EtherType field. When a packet’s EtherType field is equal to 0x8100, the packet carries the IEEE 802.1Q/802.1p tag.
D-Link DES-3250TG Standalone Layer 2 Switch Figure 7- 23. Adding an IEEE 802.1Q Tag Static VLAN Entry The VLAN menu adds an entry to edit the VLAN definitions and to configure the port settings for IEEE 802.1Q VLAN support. Go to the Configuration menu, select the VLANs folder, and click Static VLAN Entry to open the following window: Figure 7- 24.
Page 68
D-Link DES-3250TG Standalone Layer 2 Switch Figure 7- 25. (Add) 802.1Q Static VLAN window To edit an existing 802.1Q VLAN, click the corresponding Modify button on the 802.1Q Static VLANs window. The following window will open:...
Page 69
VLAN ID (VID) VLAN Name Advertisement Port Settings Tagged/None D-Link DES-3250TG Standalone Layer 2 Switch Figure 4- 7. (Modify) 802.1Q Static VLAN window Description Allows the entry of a VLAN ID in the Add window, or displays the VLAN ID of an existing VLAN in the Modify window.
Tag-aware switches must keep a table to relate PVIDs within the switch to VIDs on the network. The switch will compare the VID of a packet to be transmitted to the VID of the port that is to transmit the packet. If the two VIDs are different, the switch will drop the packet.
If the packet is tagged with VLAN information, the ingress port will first determine if the ingress port itself is a member of the tagged VLAN. If it is not, the packet will be dropped. If the ingress port is a member of the 802.1Q VLAN, the switch then determines if the destination port is a member of the 802.1Q VLAN.
Page 72
D-Link DES-3250TG Standalone Layer 2 Switch Figure 7- 26. 802.1Q Port Settings window The following fields can be set:...
Disabled. Click Apply to let your change take effect. Port Bandwidth The Bandwidth Settings window allows you to set and display the Ingress bandwidth and Egress bandwidth of specified ports on the switch. D-Link DES-3250TG Standalone Layer 2 Switch Description Enter the desired ports in these two fields.
Page 74
To use the bandwidth feature, enter the port or range of ports in the From and To fields. The third field allows you to set the type of packets being received and/or transmitted by the Switch. Toggle the no_limit setting to Enabled in the fourth field, or...
D-Link DES-3250TG Standalone Layer 2 Switch if you prefer, manually enter a value in the Rate field, and then click Apply. Please note that if no_limit is Enabled, the Switch will not permit you to set the bandwidth rate manually.
D-Link DES-3250TG Standalone Layer 2 Switch To complete SNTP configuration, fill in the desired values in the Current Time: Set Current Time section and then click Apply. Time Zone and DST To make time zone and Daylight Savings Time changes to the SNTP configuration, click SNTP Settings in the Configuration folder and then click Time Zone and DST: Figure 7- 29.
Admin State pull-down menu to Enabled, and clicking Apply. The following fields can be set: Parameter From & To D-Link DES-3250TG Standalone Layer 2 Switch Figure 7- 30. Port Security Settings window Description Use this to specify a consecutively numbered...
Port Security Clear The Port Security Clear window is used to remove entries from the port security entries learned by the switch and entered into the forwarding database. This function is only operable if the Mode in the Port Security window is selected as Permanent or DeleteOnReset (only addresses that are permanently learned by the Switch can be deleted).
Page 79
Delete. Clear Port_security port is used to clear a range of ports from the port security entries learned by the switch and entered into the forwarding database. Enter the port or range of...
The possible range for maximum packets is: 0 to 255 packets. The possible range for maximum latency is: 0 to 255 (in increments of 16 microseconds each). Remember that the DES-3250TG has four priority queues (and thus four Classes of Service) for each port on the switch. Traffic Control This window allows you to manage traffic control on the switch.
Page 81
Multicast Storm <Disabled> Destination Lookup Fail <Disabled> Threshold <128> D-Link DES-3250TG Standalone Layer 2 Switch Figure 7- 32. Traffic Control Setting window Description Select the desired group of ports from the drop-down menu. This field can be toggled between Enabled and Disabled using the drop-down menu.
802.1p Default Priority The switch allows the assignment of a default 802.1p priority to each port on the switch. Click 802.1p default_priority in the QoS folder on the Configuration menu: D-Link DES-3250TG Standalone Layer 2 Switch Lookup Fail packets. The counters are cleared every second.
Page 83
Figure 7- 33. 802.1p default_priority Settings window This window allows you to assign a default 802.1p priority to any given port on the switch. The priority queues are numbered from 0 − the lowest priority − to 7 − the highest priority.
Figure 7- 34. QoS Class of Traffic window Once you have assigned a maximum number of packets and a maximum latency to a given Class of Service on the switch, you can then assign this Class to each of the eight levels of 802.1p priorities.
D-Link DES-3250TG Standalone Layer 2 Switch Traffic Segmentation This window allows you to manage traffic segmentation on the switch. Click Traffic Segmentation in the QoS folder on the Configuration menu: Figure 7- 36. Traffic Segmentation Setting window...
The DES-3250TG supports link aggregation groups, which may include from two to eight switch ports each, except for a Gigabit link aggregation group which consists of the two (optional) Gigabit Ethernet ports of the front panel.
Page 87
Port in the calculation of port cost and in determining the state of the link aggregation group. If two redundant link aggregation groups are configured on the switch, STP will block one entire group – in the same way STP will block a single port that has a redundant link.
Page 88
D-Link DES-3250TG Standalone Layer 2 Switch Figure 7- 39. Port Link Aggregation Settings (Add) window Figure 7- 40. Port Link Aggregation Settings (Modify) window The following fields can be set: Parameter Description Allows the entry of a number used to Group ID(1-6) identify the link aggregation group −...
LACP Port The DES-3250TG supports Link Aggregation Control Protocol. LACP allows you to bundle several physical ports together to form one logical port. After the LACP negotiation, these candidates for trunking ports can be trunked as a logical port. If any one of the connected port pairs does not have LACP capability, these two ports will stand as regular ports until the LACP negotiation is successfully completed.
Configuring the Access Profile Table Access profiles allow you to establish criteria to determine whether the Switch will forward packets based on the information contained in each packet's header. These criteria can be specified on a basis of VLAN, MAC address or IP address.
Page 91
D-Link DES-3250TG Standalone Layer 2 Switch Creating an access profile is divided into two basic parts. The first is to specify which part or parts of a frame the Switch will examine, such as the MAC source address or the IP destination address. The second part is entering the criteria the Switch will use to determine what to do with the frame.
Page 92
802.1p Ethernet type Port The page shown below is the IP Access Profile Configuration page. D-Link DES-3250TG Standalone Layer 2 Switch Description Type in a unique identifier number for this profile set. This value can be set from 1 - 255.
Page 93
The following parameters can be set, for IP: Parameter Profile ID (1-255) Type D-Link DES-3250TG Standalone Layer 2 Switch Figure 7- 44. Access Profile Configuration (IP) Description Type in a unique identifier number for this profile set. This value can be set from 1 - 255.
Page 94
D-Link DES-3250TG Standalone Layer 2 Switch header. Select IP to instruct the Switch to examine the IP address in each frame's header. Select Packet Content Mask to specify a mask to hide the content of the packet header. Selecting this option instructs the Switch...
Page 95
D-Link DES-3250TG Standalone Layer 2 Switch (urgent), ack (acknowledgement), psh (push), rst (reset), syn (synchronize), fin (finish). src port mask - Specify a TCP port mask for the source port in hex form (hex 0x0-0xffff), which you wish to filter.
Page 96
Figure 7- 45. Access Profile Configuration window (Packet Content Mask) This screen will aid the user in configuring the Switch to mask packet headers beginning with the offset value specified. The following fields are used to configure the Packet Content Mask:...
Page 97
Offset Port Click Apply to implement changes made. To establish the rule for a previously created Access Profile: D-Link DES-3250TG Standalone Layer 2 Switch according to the requirements for the type of profile. Select Ethernet to instruct the Switch to examine the layer 2 part of each packet header.
Page 98
D-Link DES-3250TG Standalone Layer 2 Switch Part 2 In the Configuration folder, click the Access Profile Table link opening the Access Profile Table. Under the heading Access Rule, clicking Modify, will open the following window. Figure 7- 46. Access Rule Table window (IP) To create a new rule set for an access profile click the Add button.
Page 99
Parameter Profile ID Mode Access ID Type Priority (0-7) Replace Dscp (0-63) D-Link DES-3250TG Standalone Layer 2 Switch Description This is the identifier number for this profile set. Select Permit to specify that the packets that match forwarded by the Switch, according to any additional rule added (see below).
Page 100
To configure the Access Rule for Ethernet, open the Access Profile Table and click Modify for an Ethernet entry. This will open the following screen: D-Link DES-3250TG Standalone Layer 2 Switch Allows the entry of a name for a previously configured VLAN.
Page 101
To set the Access Rule for Ethernet, adjust the following parameters and click Apply. Parameter Profile ID Access ID Mode D-Link DES-3250TG Standalone Layer 2 Switch Figure 7- 49. Access Rule Table (Ethernet) button. To add a new Access Rule, click the Add button: Description This is the identifier number for this profile set.
Page 102
802.1p (0-7) Ethernet Type To view the settings of a previously correctly configured rule, click screen: D-Link DES-3250TG Standalone Layer 2 Switch forwarded by the Switch, according to any additional rule added (see below). Select Deny to specify that packets that...
Page 103
D-Link DES-3250TG Standalone Layer 2 Switch Figure 7- 51. Access Rule Display window (Ethernet) Packet Content Mask To configure the Access Rule for Packet Content Mask, open the Access Profile Table and click Modify for a Packet Content Mask entry. This will open the following screen: Figure 7- 52.
Page 104
To set the Access Rule for the Packet Content Mask, adjust the following parameters and click Apply. Parameter Profile ID Mode D-Link DES-3250TG Standalone Layer 2 Switch Description This is the identifier number for this profile set. Select Permit to specify that the packets...
Page 105
Type Offset To view the settings of a previously correctly configured rule, click screen: D-Link DES-3250TG Standalone Layer 2 Switch forwarded by the Switch, according to any additional rule added (see below). Type in a unique identifier number for this access. This value can be set from 1 - 50.
D-Link DES-3250TG Standalone Layer 2 Switch System Log Hosts Figure 7- 55. System Log Servers window Click Add to add an entry to the table in the window above. Figure 7- 56. System Log Server window Enter the desired system log server information and then click Apply to let your changes take effect.
Authentication Server can be on a different subnet). Regardless, the Authentication Server must be running a RADIUS Server program, and must be configured properly on the Authenticator Switch. Clients connected to a port on the Switch must be authenticated by the Authentication Server (RADIUS) before attaining any services offered by the Switch on the LAN. The...
2. The 802.1x settings must be implemented by port (Configuration / Port Access Entity / Configure Authenticator) 3. A RADIUS server must be configured on the Switch. (Configuration / Port Access Entity / RADIUS Server) D-Link DES-3250TG Standalone Layer 2 Switch Figure 7- 59.
Client The Client is simply the endstation that wishes to gain access to the LAN or switch services. All endstations must be running software that is compliant with the 802.1x protocol. For users running Windows XP, that software is included within the operating system.
The following figure displays a more detailed explanation of how the authentication process is completed between the three roles stated above. The D-Link implementation of 802.1x allows network administrators to choose between two types of Access Control used on the Switch, which are: 1.
In order to successfully make use of 802.1X in a shared media LAN segment, it would be necessary to create “logical” Ports, one for each attached device that required access to the LAN. The Switch would regard the single physical Port connecting it to the shared media segment as consisting of a number of distinct logical Ports, each logical Port being independently controlled from the point of view of EAPOL exchanges and authorization state.
Page 114
D-Link DES-3250TG Standalone Layer 2 Switch Figure 7- 65. First 802.1X Authenticator Settings window Click the selection button on the far left that corresponds to the port you want to configure...
Page 115
Configure the following 802.1x port settings: Parameter Port AdmDir Ctl Stat PortControl TxPeriod QuietPeriod D-Link DES-3250TG Standalone Layer 2 Switch Description Port being configured for 802.1x settings. From pull-down whether controlled unauthorized will exert control over communication in both receiving and...
Click Port Capability Settings on the PAE Access Entity folder on the Configuration menu to open the 802.1X Capability Settings window: D-Link DES-3250TG Standalone Layer 2 Switch Select the time to wait for a response from a supplicant (user) for all EAP packets, except for the Request/Identity packets.
Page 117
Figure 7- 67. 802.1X Capability Settings window To set up the switch’s 802.1x port-based authentication, select which ports are to be configured in the From and To fields. Next, enable the ports by selecting Authenticator from the drop-down menu under Capability. Click Apply to let your change take effect.
Parameter Port MAC Address Auth PAE State Backend_State Oper Dir PortStatus D-Link DES-3250TG Standalone Layer 2 Switch Ports being configured settings. Two role choices can be selected: Authenticator − A user must pass the authentication process to gain access to the network.
Figure 7- 69. Initialize Ports for MAC Based 802.1x window To initialize ports, first choose the switch in the switch stack by using the Unit pull-down menu, then the range of ports in the From and To field. Then the user must specify the MAC address to be initialized by entering it into the MAC Address field and checking the corresponding check box.
Figure 7- 71. Reauthenticate Port(s) for MAC-based 802.1x window To reauthenticate ports, first choose the switch in the switch stack by using the Unit pull-down menu, then the range of ports in the From and To field. Then the user must specify the MAC address to be reauthenticated by entering it into the MAC Address field and checking the corresponding check box.
Page 121
<0.0.0.0> Authentic Port <0> Accounting Port <0> Confirm Key Accounting Method D-Link DES-3250TG Standalone Layer 2 Switch Description Choose the desired RADIUS server to configure: First, Second or Third. Set the RADIUS server IP. Set the RADIUS authentic server(s) UDP port.
IP addresses. If the eight IP Address fields contain all zeros (“0”), then any station with any IP address can access the switch to manage and configure it. If there is one or more IP addresses entered in the IP Address fields, then only stations with the IP addresses entered will be allowed to access the switch to manage or configure it.
SNMPV3 The DES-3250TG supports the Simple Network Management Protocol (SNMP) versions 1, 2c, and 3. The SNMP version used to monitor and control the switch can be specified by the administrator. The three versions of SNMP vary in the level of security provided between the management station and the network device.
Page 124
D-Link DES-3250TG Standalone Layer 2 Switch Figure 8- 4. SNMP User Table window To delete an existing entry, click the selection button in the Delete column on the far right that corresponds to the port you want to configure. To create a new entry, click the Add button, a separate window will appear.
The SNMP View Table is used to assign views to community strings that define which MIB objects can be accessed by an SNMP manager. D-Link DES-3250TG Standalone Layer 2 Switch Type in the new SNMP V3 user name or community string for V1 or V2. This can be...
Page 126
To create a new entry, click the Add button, a separate window will appear. Parameter View Name Subtree OID View Type D-Link DES-3250TG Standalone Layer 2 Switch Figure 8- 7. SNMP View Table window Figure 8- 8. SNMP View Table Configuration window Description Type an alphanumeric string of up to 32 characters.
D-Link DES-3250TG Standalone Layer 2 Switch manager can access. SNMP Group Table The SNMP Group created with this table maps SNMP users (identified in the SNMP User Table) to the views created in the previous menu. Figure 8- 9. SNMP Group Table window To delete an existing entry, click the selection button in the Delete column on the far right that corresponds to the port you want to remove.
Page 128
Write View Name Notify View Name Security Model Security Level D-Link DES-3250TG Standalone Layer 2 Switch Figure 8- 11. SNMP Group Table Display window Description Type an alphanumeric string of up to 32 characters. This is used to identify the new SNMP group of SNMP users.
Use this table to create an SNMP community string to define the relationship between the SNMP manager and an agent. The community string acts like a password to permit access to the agent on the switch. One or more of the following characteristics can be associated with the community string: •...
To delete an existing entry, click the selection button in the Delete column on the far right that corresponds to the port you want to remove. To create a new entry, click the Add button, a separate window will appear. D-Link DES-3250TG Standalone Layer 2 Switch managers access to MIB objects in the switch’s SNMP agent.
The Engine ID is a unique identifier used for SNMP V3 implementations. This is an alphanumeric string used to identify the SNMP engine on the switch. To change the Engine ID, type the new Engine ID in the space provided and click the Apply button. D-Link DES-3250TG Standalone Layer 2 Switch Description Type the IP address of the remote management station that will serve as the SNMP host for the switch.
Router Port Port Access Control The DES-3250TG provides extensive network monitoring capabilities that can be viewed under the Monitoring menu. CPU Utilization The CPU Utilization displays the percentage of the CPU being used, expressed as an integer percentage and calculated as a simple average by time interval.
To select a port to view these statistics for, first select the Switch in the switch stack by using the Unit pull-down menu. To view the CPU utilization by port, use the real-time graphic of the Switch and/or switch stack at the top of the web page by simply clicking on a port.
Page 134
Parameter Time Interval [1s ] Record Number [200] Show/Hide Clear D-Link DES-3250TG Standalone Layer 2 Switch Figure 9- 2. Utilization window Description Select the desired setting between 1s and 60s, where “s” stands for seconds. The default value is one second.
D-Link DES-3250TG Standalone Layer 2 Switch Packets The Web Manager allows various packet statistics to be viewed as either a line graph or a table. Six windows are offered. Received (RX) Figure 9- 3. Rx Packets Analysis window (line graph for Bytes and Packets)
Page 136
Bytes Packets Show/Hide Clear View Table D-Link DES-3250TG Standalone Layer 2 Switch Description Select the desired setting between 1s and 60s, where “s” stands for seconds. The default value is one second. Select number of times the Switch will be polled between 20 and 200.
D-Link DES-3250TG Standalone Layer 2 Switch View Line Chart Clicking this button instructs the Switch to display a line graph rather than a table. UMB-cast (RX) Figure 9- 5. Rx Packets Analysis window (line graph for Unicast, Multicast, and Broadcast Packets)
Page 138
Record Number [200] Unicast Multicast Broadcast Show/Hide Clear D-Link DES-3250TG Standalone Layer 2 Switch Description Select the desired setting between 1s and 60s, where “s” stands for seconds. The default value is one second. Select number of times the Switch will be polled between 20 and 200.
View Line Chart Transmitted (TX) Figure 9- 7. Tx Packets Analysis window (line graph for Bytes and Packets) D-Link DES-3250TG Standalone Layer 2 Switch Clicking this button instructs the Switch to display a table rather than a line graph. Clicking this button instructs the Switch to...
Page 140
Bytes Packets Show/Hide Clear View Table D-Link DES-3250TG Standalone Layer 2 Switch Description Select the desired setting between 1s and 60s, where “s” stands for seconds. The default value is one second. Select number of times the Switch will be polled between 20 and 200.
View Line Chart Errors The Web Manager allows port error statistics compiled by the Switch’s management agent to be viewed as either a line graph or a table. Four windows are offered. Received (RX) D-Link DES-3250TG Standalone Layer 2 Switch Clicking this button instructs the Switch to display a line graph rather than a table.
Page 142
Record Number [200] CrcError UnderSize OverSize Fragment D-Link DES-3250TG Standalone Layer 2 Switch Figure 9- 10. Rx Error Analysis window (table) Description Select the desired setting between 1s and 60s, where “s” stands for seconds. The default value is one second.
Show/Hide Clear View Table View Line Chart Transmitted (TX) D-Link DES-3250TG Standalone Layer 2 Switch The number of frames with lengths more than the MAX_PKT_LEN bytes. Internally, MAX_PKT_LEN is equal to 1522. The number of frames that are dropped by this port since the last Switch reboot.
Page 144
ExDefer LateColl Show/Hide Clear View Table D-Link DES-3250TG Standalone Layer 2 Switch Figure 9- 12. Tx Error Analysis window (table) Description Select the desired setting between 1s and 60s, where “s” stands for seconds. The default value is one second.
View Line Chart Size Packet Size The Web Manager allows packets received by the Switch, arranged in six groups, to be viewed as either a line graph or a table. Two windows are offered. D-Link DES-3250TG Standalone Layer 2 Switch Clicking this button instructs the Switch to display a line graph rather than a table.
Page 146
Time Interval [1s ] Record Number [200] 65-127 128-255 256-511 D-Link DES-3250TG Standalone Layer 2 Switch Figure 9- 14. Rx Size Analysis window (table) Description Select the desired setting between 1s and 60s, where “s” stands for seconds. The default value is one second.
MAC Address This allows the switch’s dynamic MAC address forwarding table to be viewed. When the switch learns an association between a MAC address and a port number, it makes an entry into its forwarding table. These entries are then used to forward packets through the switch.
Page 148
The following fields can be set: Parameter VLAN ID MAC Address D-Link DES-3250TG Standalone Layer 2 Switch Figure 9- 15. MAC Address Table window Description Enter a VLAN ID for the forwarding table to be browsed by. Enter a MAC address for the forwarding...
The ARP Table window may be found in the Monitoring menu in the Size folder. This window will show current ARP entries on the Switch. D-Link DES-3250TG Standalone Layer 2 Switch Enter a port number for the forwarding table to be browsed by.
IGMP Snooping Group This allows the switch’s IGMP Snooping table to be viewed. IGMP Snooping allows the switch to read the Multicast Group IP address and the corresponding MAC address from IGMP packets that pass through the switch. The number of IGMP reports that were snooped is displayed in the Reports field.
Reports IGMP Snooping Forwarding To view the IGMP Snooping Forwarding Table, click IGMP Snooping Forwarding on the Monitoring menu: D-Link DES-3250TG Standalone Layer 2 Switch Figure 9- 17. IGMP Snooping Table window Description The IP address of the multicast group.
D-Link DES-3250TG Standalone Layer 2 Switch Figure 9- 18. IGMP Snooping Forwarding Table window Enter the VLAN ID for the desired IGMP Snooping Forwarding Table and click Search. VLAN Status To view the VLAN Status, click VLAN Status on the Monitoring menu:...
Router Port This displays which of the switch’s ports are currently configured as router ports. A router port configured by a user (using the console or Web-based management interfaces) is displayed as a static router port in the first two rows of the Router Port window.
Trivial File Transfer Protocol (TFTP) services allow the switch firmware to be upgraded by transferring a new firmware file from a TFTP server to the switch. A configuration file can also be loaded into the switch from a TFTP server, switch settings can be saved to the TFTP server, and a history log can be uploaded from the switch to the TFTP server.
Download Settings from TFTP Server link: Figure 10- 2. Download Settings from TFTP Server window Enter the IP address of the TFTP server and specify the location of the switch configuration file on the TFTP server and click Start to initiate the file transfer.
Switch History This allows the Switch History log to be viewed. The switch records all traps, in sequence, that identify events on the switch. The time since the last cold start of the switch is also recorded.
Save Changes The DES-3250TG has two levels of memory, normal RAM and non-volatile or NV-RAM. To retain any configuration changes permanently, highlight Save Changes on the Maintenance menu. The following screen will appear to verify that your new settings have been saved to NV-RAM.
Click Apply if you want to logout of the Web configuration program and return to the main page. Appendix A Technical Specifications Standards: D-Link DES-3250TG Standalone Layer 2 Switch Figure 10- 11. Reset Config window Figure 10- 12. Logout Web Setup window General...
D-Link DES-3250TG Standalone Layer 2 Switch General IEEE 802.3u 100BASE-TX Fast Ethernet IEEE 802.3z 1000BASE-SX Gigabit Ethernet IEEE 802.3ab 1000BASE-T Gigabit Ethernet IEEE 802.1 P/Q VLAN IEEE 802.3x Full-duplex Flow Control ANSI/IEEE 802.3 Nway auto-negotiation Protocols: CSMA/CD Data Transfer Rates:...
Page 162
D-Link DES-3250TG Standalone Layer 2 Switch Physical and Environmental Weight: 4.4 kg EMI: FCC Class A, CE Class A, C-Tick, VCCI Class A Safety: CSA International Performance Transmission Store-and-forward Method: RAM Buffer: 64M Bytes per device Filtering 8K MAC address per device...
Blocking State A port in the blocking state does not forward packets. When the switch is booted, a BPDU is sent to each port in the switch putting these ports into the blocking state. A switch initially assumes it is the root, and then begins the exchange of BPDUs with other switches.
Listening State The listening state is the first transition for a port from the blocking state. Listening is an opportunity for the switch to receive BPDUs that may tell the switch that the port should not continue to transition to the forwarding state, but should return to the blocking state (that is, a different port is a better choice).
Discards packets sent from another port on the switch for forwarding. • Adds addresses to its forwarding database. • Receives BPDUs and directs them to the CPU. • Processes and transmits BPDUs received from the CPU. • Receives and responds to network management messages. D-Link DES-3250TG Standalone Layer 2 Switch...
A port in the forwarding state does the following: • Forwards packets received from the network segment to which it is attached. • Forwards packets sent from another port on the switch for forwarding. • Incorporates station location information into its address database. •...
Does not add addresses to its forwarding database. • Receives BPDUs, but does not direct them to the system CPU. • Does not receive BPDUs for transmission from the system CPU. • Receives and responds to network management messages. D-Link DES-3250TG Standalone Layer 2 Switch...
Troubleshooting STP Spanning Tree Protocol Failure A failure in the STA generally leads to a bridging loop. A bridging loop in an STP environment comes from a port that should be in the blocking state, but is forwarding packets.
D-Link DES-3250TG Standalone Layer 2 Switch In this example, B has been elected as the designated bridge and port 2 on C is in the blocking state. The election of B as the designated bridge is determined by the exchange of BPDUs between B and C. B had a better BPDU than C. B continues sending BPDUs advertising its superiority over the other bridges on this LAN.
Resource Errors The DES-3250TG Layer 2 switch performs its switching and routing functions primarily in hardware, using specialized ASICs. STP is implemented in software and is thus reliant upon the speed of the CPU and other factors to converge. If the CPU is over-utilized, it is possible that BPDUs may not be sent in a timely fashion.
Page 171
D-Link DES-3250TG Standalone Layer 2 Switch The priority for most cases is to restore connectivity as soon as possible. The simplest remedy is to manually disable all of the ports that provide redundant links. Disabling ports one at a time, and then checking for a restoration of the user’s connectivity will identify the link that is causing the problem, if time allows.
Warranty and Registration FCC Warning This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment.
Warranty and Registration Information (All countries and regions excluding USA) Wichtige Sicherheitshinweise Bitte lesen Sie sich diese Hinweise sorgfältig durch. Heben Sie diese Anleitung für den spätern Gebrauch auf. Vor jedem Reinigen ist das Gerät vom Stromnetz zu trennen. Vervenden Sie keine Flüssig- oder Aerosolreiniger. Am besten dient ein angefeuchtetes Tuch zur Reinigung.
Page 174
Warranty service may be obtained by contacting a D-Link office within the applicable warranty period, and requesting a Return Material Authorization (RMA) number. If a Registration Card for the product in question has not been returned to D-Link, then a proof of purchase (such as a copy of the dated purchase invoice) must be provided.
Page 175
The customer must submit with the product as part of the claim a written description of the Hardware defect or Software nonconformance in sufficient detail to allow D-Link to confirm the same, along with proof of purchase of the product (such as a copy of the dated purchase invoice for the product) if the product is not registered.
Page 176
Trademarks: D-Link is a registered trademark of D-Link Systems, Inc. Other trademarks or registered trademarks are the property of their respective owners. Copyright Statement: No part of this publication or documentation accompanying this product may be reproduced in any form or by any means or used to make any derivative such as translation, transformation, or adaptation without permission from D-Link Corporation/D-Link Systems, Inc., as...
Product Registration: Register online your D-Link product at Product registration is entirely voluntary and failure to complete or return this form will not diminish your warranty rights. Trademarks http://support.dlink.com/register/...
Page 178
Product Warranty Period set forth below ("Limited Product Warranty Period"), if the product is used and serviced in accordance with the user manual and other documentation provided to the purchaser at the time of purchase (or as amended from time to time). D-LINK does not warrant that the products will operate uninterrupted or error-free or that all deficiencies, errors, defects or non-conformities will be corrected.
Page 179
Edgware Road Colindale London NW9 5 AB United Kingdom Telephone: +44-020-8731-5555 Facsimile: +44-020-8731-5511 www.dlink.co.uk...
Page 180
Laufzeit der eingeschränkten Garantie Die Laufzeit der eingeschränkten Garantie beginnt mit dem Zeitpunkt, zu dem das Produkt von D-LINK gekauft wurde. Als Nachweis für den Zeitpunkt des Kaufs gilt der datierte Kauf- oder Lieferbeleg. Es kann von Ihnen verlangt werden, dass Sie zur Inanspruchnahme von Garantiediensten den Kauf des Produkts nachweisen. Wenn Ihre Hardware-Produkte der Marke D-LINK innerhalb der Laufzeit der eingeschränkten Garantie eine Reparatur benötigen, so sind Sie berechtigt, gemäß...
Page 181
Période de Garantie Produit Limitée La Période de Garantie Produit Limitée court à compter de la date d’achat auprès de D-LINK. La date de votre reçu ou bon de livraison correspond à la date d’achat du produit et constitue la date de votre preuve d’achat. Il est possible que le service de garantie ne vous soit accordé que sur production de votre preuve d’achat. Vous avez droit à un service de garantie conforme aux modalités énoncées dans les présentes dès lorsque que votre matériel de marque D-LINK nécessite une réparation pendant la Période de...
Page 182
Período de la garantía limitada del producto El período de la garantía limitada del producto se inicia en la fecha en que se realizó la compra a D-LINK. Para el comprador, el comprobante de la fecha de la compra es el recibo de la venta o de la entrega, en el que figura la fecha de la compra del producto. Puede ser necesario tener que presentar el comprobante de la compra a fin de que se preste el servicio de garantía.
Page 183
(c) movimentazione impropria; (d) guasto di prodotti o servizi non forniti da D-LINK o non soggetti a una garanzia successiva di D-LINK o a un accordo di manutenzione; (e) impiego o conservazione impropri;...
Page 184
1 Giffnock Avenue, North Ryde, NSW 2113 Australia TEL: 61-2-8899-1800 FAX: 61-2-8899-1868 URL: www.dlink.com.au India D-Link House, Kurla Bandra Complex Road, Off CST Road, Santacruz (East), Mumbai - 400098. India TEL: 91-022-26526696/56902210 FAX: 91-022-26528914 URL: www.dlink.co.in Middle East (Dubai) P.O.Box: 500376 Office No.:103, Building:3...
Others_____________________________________________________________________________________ 8. What category best describes your company? Aerospace Engineering Education Retail/Chainstore/Wholesale Government Other_________________________________________________________________________ 9. Would you recommend your D-Link product to a friend? Don't know yet 10.Your comments on this product? _____________________________________________________________ ______________________________________________________________________________________________________ ______________________________________________________________________________________________________ ______________________________________________________________________________________________________ Registration Card Telephone:_____________________ Fax:___________ * Product installed in type of computer (e.g., Compaq 486)