Page 1 ® x Stack DGS-3400 Series Layer 2 M anaged Gigabit Ethernet Sw itch Web UI Reference Guide xStack ® DGS-3400 Series Product Model: Layer 2 Managed Gigabit Ethernet Switch Release 2.7...
Page 2 Corporation. Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products. D-Link Corporation disclaims any proprietary interest in trademarks and trade names other than its own.
Page 3: Table Of Contents
Table of Contents Intended Readers ................................... ix Typographical Conventions ................................... ix Notes, Notices, and Cautions ................................ ix Web-based Switch Configuration ........................1 Introduction ....................................1 Logging in to the Web Manager ..............................1 Web-based User Interface ................................2 Areas of the User Interface ..................................2 Web Pages ......................................
Page 4 Ping Test ...................................... 50 IPv4 Ping Test ....................................... 50 IPv6 Ping Test ....................................... 51 IPv6 Neighbor ....................................52 IPv6 Neighbor Settings ....................................52 Route Redistribution Settings............................... 53 Static/Default Route Settings ............................... 54 IPv4 Static/Default Route Settings ................................54 IPv6 Static/Default Route Settings ................................56 Route Preference Settings ................................
Page 5 sFlow Sampler Settings ....................................110 sFlow Poller Settings ....................................112 IP Multicast VLAN Replication ..............................114 IP Multicast VLAN Replication Global Settings ............................114 IP Multicast VLAN Replication Settings ..............................115 Single IP Management (SIM) Overview ............................ 118 SIM Settings ....................................... 120 Topology ........................................
Page 6 Q-in-Q Settings ......................................210 VLAN Translation Settings ..................................211 ERPS ......................................212 ERPS Global Settings ....................................212 ERPS RAPS VLAN Settings ..................................213 DULD Settings ................................... 216 NLB Multicast FDB Settings ..............................218 QoS ................................220 QoS ......................................220 The Advantages of QoS ....................................220 Understanding IEEE 802.1p Priority................................
Page 7 Safeguard Engine Settings ..................................330 Traffic Segmentation .................................. 331 Secure Socket Layer (SSL) ................................ 332 SSL ......................................333 Secure Shell (SSH) ..................................334 SSH Server Configuration................................... 335 SSH Authentication Mode and Algorithm Settings ............................ 336 SSH User Authentication Mode .................................. 338 Compound Authentication .................................
Page 8 Configuration Information ..................................389 Current Configuration Settings ................................... 390 Appendix A ..............................391 Mitigating ARP Spoofing Attacks Using Packet Content ACL ........................391 Appendix B ..............................398 Switch Log Entries ...................................... 398 Appendix C ..............................409 Trap Logs ........................................409 Glossary ................................
Page 9: Intended Readers
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Intended Readers ® The xStack DGS-3400 Series User Manual contains information for setup and management of the Switch. This manual is intended for network managers familiar with network management concepts and terminology. Typographical Conventions Convention Description...
Page 10: Web-Based Switch Configuration
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Section 1 Web-based Switch Configuration Introduction Logging in to the Web Manager Web-based User Interface Web Pages Introduction ® All software functions of the xStack DGS-3400 switch series can be managed, configured and monitored via the embedded web- based (HTML) interface.
Page 11: Web-Based User Interface
Area 1 Select the menu or window to display. Open folders and click the hyperlinked menu buttons and subfolders contained within them to display menus. Click the D-Link logo to go to the D-Link website. Area 2 Presents a graphical near real-time image of the front panel of the Switch. This area displays the Switch's ports and expansion modules, showing port activity, duplex mode, or flow control, depending on the specified mode.
Page 12: Web Pages
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Web Pages When connecting to the management mode of the Switch with a Web browser, a login screen is displayed. Enter a user name and password to access the Switch's management mode. Below is a list of the main folders available in the Web interface: Administration –...
Page 13: Administration
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Section 2 Administration DGS-3400 Web Management Tool IP Address Interface Settings Stacking Port Configuration User Accounts Password Encryption Mirror System Log System Severity Settings Command Logging Settings SNTP Settings MAC Notification Settings TFTP Services...
Page 14: Device Information
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch sFlow IP Multicast VLAN Replication Single IP Management (SIM) Overview IP Tunnel Settings Device Information The Device Information window contains the main settings for all major functions for the Switch. It appears automatically when you log on to the Switch.
Page 15 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Parameter Description System Name Enter a system name for the Switch, if so desired. This name will identify it in the Switch network. System Location Enter the location of the Switch, if so desired. System Contact Enter a contact name for the Switch, if so desired.
Page 16: Ipv6
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Network RADIUS RADIUS on the Switch. The default setting is Enabled. Forward EAPOL The user may use the pull-down menu to Enable or Disable the Forward EAPOL PDU on the Switch.
Page 17 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch new option fields to be integrated into the IPv6 system without hassles and limitations. These optional headers are placed between the header and the payload of a packet, if they are necessary at all. Authentication and Privacy Extension Support –...
Page 18: Packet Format
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Packet Format As in IPv4, the IPv6 packet consists of the packet header and the payload, but the difference occurs in the packet header which has been amended and improved for better packet flow and processing. The following will outline and detail the IPv6 enhancements and parts of the IPv6 packet, with special attention to the packet header.
Page 19: Extension Headers
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Extension Headers Extension headers are used to identify optional parameters regarding IPv6 packets such as routing, fragmentation of packets or authentication parameters. The types of extension headers supported are Hop-by-Hop, Routing, Fragment, Destination Options, Authentication and Encapsulating Security Payload.
Page 20: Types
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch set of xxxx represents a 16-bit hexadecimal value (ex. 2D83:0C76:3140:0000:0000:020C:417A:3214). Although this address looks long and cumbersome, there are some compression rules that will shorten the format of the IPv6 address to make it more compatible to the user.
Page 21: Icmpv6
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch ICMPv6 Network professionals are already very familiar with ICMP for IPv4, which is an essential tool in the IPv4 network, relaying messages about network problems and the general condition of the network. ICMPv6 is the successor to the IPv4 version and performs many of the same basic functions as its precursor, yet is not compatible with ICMPv4.
Page 22: Duplicate Address Detection (Dad)
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Duplicate Address Detection (DAD) DAD messages are used to specify that there is more than one node on a local link possessing the same IP address. IPv6 addresses are only leased for a defined period of time.
Page 23: Ip Address
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch The six IP interfaces, each with an IP address (listed in the table above), and a subnet mask of 255.224.0.0 can be entered into the Setup IP Interface window. IP Address The IP Address may initially be set using the console interface prior to connecting to it through the Ethernet.
Page 24 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Parameter Description BOOTP The Switch will send out a BOOTP broadcast request when it is powered up. The BOOTP protocol allows IP addresses, network masks, and default gateways to be assigned by a central BOOTP server.
Page 25: Interface Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Successful entry of the command will produce a “Success” message, indicating that the command execution was correctly. The user may now utilize this address to configure or manage the Switch through Telnet, the Command Line Interface (CLI) or the Web-based management (GUI).
Page 26 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 5 IPv4 Interface Settings - Edit window Enter a name for the new interface to be added in the Interface Name field (if editing an IP interface, the Interface Name will already be in the top field as seen in the window above).
Page 27: Ipv6 Interface Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch IPv6 Interface Settings This window is used to set up IPv6 interfaces and addresses for the Switch. To view this window, click Administration > Interface Settings > IPv6 Interface Settings, as shown below. Figure 2 - 6 IPv6 Interface Settings window To add a new IPv6 interface, click the Add button, which will display the following window.
Page 28 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 8 IPv6 Interface Settings - Edit window The following fields may be viewed or modified. Parameter Description Interface Name This field displays the name for the IP interface, or it is used to add a new interface. The default IP interface is named “System”.
Page 29 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch VLAN Name This field states the VLAN Name directly associated with this interface. Interface Admin State Use the pull-down menu to enable or disable configuration on this interface. DHCPv6 Client State Use the pull-down menu to enable or disable the DHCPv6 client state of the interface.
Page 30: Stacking
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch RA Managed Flag Use the pull-down menu to enable or disable the Managed flag. When enabled, this will trigger the router to use a stateful autoconfiguration process to get both Global and link- local IPv6 addresses for the Switch.
Page 31 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 9 Switches stacked in a Duplex Ring Figure 2 - 10 Switches stacked in a Duplex Chain Within each of these topologies, each switch plays a role in the Switch stack. These roles can be set by the user per individual Switch, or if desired, can be automatically determined by the switch stack.
Page 32: Stacking Mode Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Once switches have been assembled in the topology desired by the user and powered on, the stack will undergo three processes until it reaches a functioning state. Initialization State –...
Page 33: Force Master Role Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch To view this window, click Administration > Stacking > Mode Settings, as shown below. Figure 2 - 11 Stacking Mode Settings window Use the pull-down menu, choose Enabled and click Apply to allow stacking of this Switch. Force Master Role Settings This window is used to ensure the master role is unchanged when adding a new device to the current stacking topology.
Page 34: Port Configuration
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch higher the priority. The box (switch) with the lowest priority number in the stack is the Primary Master switch. The Primary Master switch will be used to configure applications of the switch stack.
Page 35: Port Error Disabled
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch State Toggle the State field to either enable or disable a given port or group of ports. Flow Control Displays the flow control scheme used for the various port configurations. Ports configured for full-duplex use 802.3x flow control, half-duplex ports use backpressure flow control, and Auto ports use an automatic selection of the two.
Page 36: Port Description
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 15 Port Error Disabled window The following parameters are displayed: Parameter Description Port Displays the port that has been error disabled. State Describes the current running state of the port, whether Enabled or Disabled. Connection This field will read the uplink status of the individual ports, whether Enabled or Disabled.
Page 37: Port Auto Negotiation Information
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Parameter Description Unit Select the unit to configure. From / To These two fields are use to select a port or range of ports. Medium Type If configuring the Combo ports, this defines the type of transport medium to be used, whether Copper or Fiber.
Page 38: Port Details
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 17 Port Auto Negotiation Information Table window Port Details This window is used to view detailed port information for individual ports on a particular unit. Use the drop-down menus to select the specific port of the unit you wish to view and click Find.
Page 39: Port Media Type
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 18 Port Details window Port Media Type This window is used to display the port media type available on each unit. To view a particular switch in the stack use the drop- down menu to select the unit.
Page 40: Cable Diagnostics
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 19 Port Media Type window Cable Diagnostics This window is used to control the cable diagnostics and determine where and what kind of errors have occurred on the cable. This function is primarily used for administrators to view tests on copper cables.
Page 41: User Accounts
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 20 Cable Diagnostics window User Accounts Use the User Account Management window to control user privileges, create new users and view existing User Accounts. To view this window, click Administration >...
Page 42: Password Encryption
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 23 User Accounts - Modify window The following parameters are displayed or can be configured: Parameter Description User Name Enter a name for the account, or display the name of the selected account. Old Password Enter the original password of the existing account.
Page 43: Mirror
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch form, or if the password has been converted to encrypted form by the last enable password encryption command, the password will still be in encrypted form and cannot be reverted back to plaintext form.
Page 44 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 26 Port Mirroring window Enter an ID in the Group ID (1-4) field and click Find to see all the entry that belongs to the group in the lower half of the window.
Page 45: System Log
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Group ID (1-4) Enter or display the group ID this entry belongs to. Target Port Tick the check box and enter the port which received the copies from the source port. State Use the pull-down menu to enable or disable the mirror group function.
Page 46 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 29 System Log Host window Click to remove the corresponding entry. To add a new system log server, click the Add button, and the window below appears: Figure 2 - 30 Configure System Log Server - Add window To modify an existing system log server, click the Modify button of the corresponding entry, and the window below appears: Figure 2 - 31 Configure System Log Server - Edit window...
Page 47: System Log Save Mode Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch are Emergency, Alert, Critical, Error, Warning, Notice, Informational, Debug, All and Level. The default severity is Emergency. Facility Some of the operating system daemons and processes have been assigned Facility values. Processes and daemons that have not been explicitly assigned a Facility may use any of the “local use”...
Page 48: System Log Source Interface Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch System Log Source Interface Settings This window may be used to choose a method for which to save the switch log to the flash memory on the Switch. To view this window, click Administration >...
Page 49: Command Logging Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch System Severity Choose how the alerts are used from the drop-down menu. Select log to send the alert of the Severity Type configured to the Switch’s log for analysis. Choose trap to send it to an SNMP agent for analysis, or select all to send the chosen alert type to an SNMP agent and the Switch’s log for analysis.
Page 50: Time Zone And Dst
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 36 Time Settings window The following parameters are displayed or can be configured: Parameter Description Time Settings - Current Time System Boot Time Displays the time when the Switch was initially started for this session. Current Time Displays the Current Time.
Page 51 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch To view this window, click Administration > SNTP Settings > Time Zone and DST, as shown below. Figure 2 - 37 Time Zone and DST Settings window The following parameters can be set: Parameter Description...
Page 52 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch From: Month Enter the month DST will start on. From: Time in HH:MM Enter the time of day that DST will start on. To: Which Day Enter the week of the month the DST will end. To: Day of Week Enter the day of the week that DST will end.
Page 53: Mac Notification Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch MAC Notification Settings MAC Notification is used to monitor MAC addresses learned and entered into the forwarding database. To view this window, click Administration > MAC Notification Settings, as shown on the right. Global Settings The following parameters may be viewed and modified:...
Page 54 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch supports dual image storage for configuration and firmware. The firmware and configuration images are indexed by ID number 1 or 2. To change the boot firmware image, use the Config Firmware Image window (Administration > Multiple Image Services >...
Page 55: Multiple Image Services
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Server IPv4 Address Enter the IPv4 address of the server from which to download firmware and configuration or upload configuration and log. Server IPv6 Address Enter the IPv6 address of the server from which to download firmware and configuration or upload configuration and log.
Page 56: Config Firmware Image
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch firmware images for use. Image ID 1 will be the default boot up firmware for the Switch unless otherwise configured by the user. Version States the firmware version. Size States the size of the corresponding firmware, in bytes.
Page 57: Rcp
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch RCP (Remote Copy Protocol) is a UNIX Remote Shell service which allows files to be copied between a server and client. RCP is an application that operates above the TCP protocols, and uses port number 514 as the TCP destination port. The RCP application uses client server architecture and the client can be any machine running the RCP client application.
Page 58: Rcp Services
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 43 RCP Server Settings window The following parameters can be configured: Parameter Description Action Toggle the action between Add and Clear. Type Select to enter the information in IP Address and/or User Name fields. Available options are IP Address, User Name and Both.
Page 59: Ping Test
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Download Configuration, Upload Configuration, Upload Log, and Upload Attack Log. RCP Server IPv4 Enter the IP address of the RCP Server. Address User Name Enter the remote user name on the RCP server. Local File Name Enter the file name in the field.
Page 60: Ipv6 Ping Test
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Target IP Click the radio button and enter the Target IP Address to be pinged. Address Domain Name Click the radio button and enter the domain name of the host. Repeat Times The user may use the Infinite times radio button, in the Repeat Pinging for field, which will tell the ping program to keep sending ICMP Echo packets to the specified IP address until the...
Page 61: Ipv6 Neighbor
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Repeat Times Enter the number of times desired to attempt to ping the IPv6 address configured in this window. Users may enter a number of times between 1 and 255. Size Use this field to set the datagram size of the packet, or in essence, the number of bytes in each ping packet.
Page 62: Route Redistribution Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch State Display the running state of the corresponding IPv6 neighbor. The user may see six possible entries in this field, which are Incomplete, Stale, Probe, Reachable, Delay or Static. Link Layer MAC Display the MAC address of the corresponding IPv6 device.
Page 63: Static/Default Route Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 49 Route Redistribution Settings window The following fields can be configured: Parameter Description Dst. Protocol Use the pull-down menu to select the target protocol. Src.
Page 64 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 50 IPv4 Static/Default Route Settings window This window shows the following values: Parameter Description IP Address The IPv4 address of the Static/Default Route. Subnet Mask The corresponding Subnet Mask of the IP address entered into the table.
Page 65: Ipv6 Static/Default Route Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Backup entries cannot have the same Gateway. Click Apply to implement the changes. To return to the IPv4 Static/Default Route Settings window, click the Show All Static/Default Route Entries link.
Page 66: Route Preference Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Parameter Description IPv6 Address/Prefix Specify the address and mask information using the format as IPv6 address / prefix length Length (IPv6 address is hexadecimal number, prefix length is decimal number, for example 1234::5D7F/32).
Page 67: Gratuitous Arp Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Gratuitous ARP Settings An ARP announcement (also known as Gratuitous ARP) is a packet (usually an ARP Request) containing a valid SHA and SPA for the host which sent it, with TPA equal to SPA. Such a request is not intended to solicit a reply, but merely updates the ARP caches of other hosts which receive the packet.
Page 68: Static Arp Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch The following fields can be set or viewed: Parameter Description IP Interface Name Displays the name of the interface that is being edited. Gratuitous ARP The switch can trap and log IP conflict events to inform the administrator. By default, trap is Trap &...
Page 69: Dhcp Auto Configuration Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 59 Static ARP Settings - Edit window The following fields can be set or viewed: Parameter Description IP Address The IP address of the ARP entry. This field cannot be edited in the Static ARP Settings – Edit window.
Page 70 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 61 DHCP/ BOOTP Relay Global Settings window The following fields can be set: Parameter Description DHCP/BOOTP Relay This field can be toggled between Enabled and Disabled using the pull-down menu. It is State used to enable or disable the DHCP/BOOTP Relay service on the Switch.
Page 71 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch implement policies like restricting the number of IP addresses that can be assigned to a single remote ID or circuit ID. Then the DHCP server echoes the option 82 field in the DHCP reply.
Page 72: The Implementation Of Dhcp Information Option 82
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch The Implementation of DHCP Information Option 82 The config dhcp_relay option_82 command configures the DHCP relay agent information option 82 setting of the switch. The formats for the circuit ID sub-option and the remote ID sub-option are as follows: NOTE: For the circuit ID sub-option of a standalone switch, the module field is always zero.
Page 73: Dhcp/Bootp Relay Interface Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch DHCP/BOOTP Relay Interface Settings This window allows the user to set up a server, by IP address, for relaying DHCP/ BOOTP information. The user may enter a previously configured IP interface on the Switch that will indicate which interface is able to support the dhcp relay function.
Page 74: Dhcp Relay Option 60 Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Relay IP Address Enter the specified IP address for the DHCP relay forward. Mode Use the pull-down menu to choose either Relay or Drop. When drop is specified, the packet with no matching rules found will be dropped without further process.
Page 75: Dhcp Relay Option 61 Default Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Exact Match – The option 60 string in the packet must fully match the specified string. Partial Match – The option 60 string in the packet only needs to partially match the specified string.
Page 76: Dhcp/Bootp Local Relay Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch To remove an entry, enter the appropriate MAC Address or String information and click Delete. To delete all entries click Clear All. To add a new entry click Add the following window will appear. Figure 2 - 69 DHCP Relay Option 61 Table - Add window The following parameters can be configured: Parameter...
Page 77: Dhcpv6 Relay
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch VID List Display the VLAN list. Click Apply to implement the changes. DHCPv6 Relay This section contains information for configuring DHCPv6 relay, including DHCP v6 Relay Global Settings and DHCPv6 Relay Interface Settings.
Page 78 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch To search for an entry, enter the Interface Name and click Find. To display all current entries on the Switch click View All. To change a current entry, click the corresponding Modify button of the entry, revealing the following window to configure: Figure 2 - 73 DHCPv6 Relay Interface Settings - Edit window The following fields are displayed or can be configured: Parameter...
Page 79: Dhcp Server
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch DHCP Server For this release, the Switch now has the capability to act as a DHCP server to devices within its locally attached network. DHCP, or Dynamic Host Configuration Protocol, allows the switch to delegate IP addresses, subnet masks, default gateways and other IP parameters to devices that request this information.
Page 80: Dhcp Server Exclude Address Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch DHCP Server Exclude Address Settings The following window will allow the user to set an IP address, or a range of IP addresses that are NOT to be included in the range of IP addresses that the Switch will allot to clients requesting DHCP service.
Page 81 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 77 Create DHCP Pool window Users must first create the pool by entering a name of up to 12 alphanumeric characters into the Pool Name field and clicking Apply.
Page 82 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch The following parameters can be configured or viewed: Parameter Description Pool Name Denotes the name of the DHCP pool for which you are currently adjusting the parameters. IP Address Enter the IP address to be assigned to requesting DHCP Clients.
Page 83: Dhcp Server Dynamic Binding
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 79 DHCP Server Pool Display window To return to the Create DHCP Pool window, click the Show All DHCP Server Pool Entries link. DHCP Server Dynamic Binding The following window will allow users to view dynamically bound IP addresses of the DHCP server.
Page 84: Dhcp Server Manual Binding
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Pool Name To find the dynamically bound entries of a specific pool, enter the Pool Name into the field and click Find. Dynamically bound entries of this pool will be displayed in the table. To clear the corresponding Pool Name entries of this table, click Clear.
Page 85: Dhcpv6 Server
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 82 Create DHCP Pool Manual Binding window The following parameters may be configured or viewed. Parameter Description Pool Name Enter the name of the DHCP pool within which will be created a manual DHCP binding entry. IP Address Enter the IP address to be statically bound to a device within the local network that will be specified by entering the Hardware Address in the following field.
Page 86: Dhcpv6 Server Pool Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 83 DHCPv6 Server Global Settings window The following parameters may be configured: Parameter Description Global State Use the pull-down menu to globally enable or disable the switch as a DHCP server. Click Apply to implement the changes.
Page 87: Dhcpv6 Server Manual Binding Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch To configure the settings of a pool in the DHCPv6 Server Pool Table, click the corresponding Modify button to reveal the following window: Figure 2 - 86 DHCPv6 Pool Table - Edit window The following parameters can be configured or viewed: Parameter Description...
Page 88: Dhcpv6 Server Dynamic Binding Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 87 DHCPv6 Server Manual Biding Brief Table window To find the DHCPv6 server manual binding entries, enter the Pool Name into the field and click Find. Click View All to see all the entries.
Page 89: Dhcpv6 Server Interface Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 89 DHCPv6 Server Dynamic Biding Brief Table window To find the DHCPv6 server dynamic binding entries, enter the Pool Name into the field and click Find. Click View All to see all the entries.
Page 90: Dhcpv6 Server Excluded Address Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 92 DHCPv6 Server Dynamic Interface Table - Edit window The following fields can be configured or viewed: Parameter Description Interface Name Display the name of the interface. DHCPv6 Server State Use the pull-down menu to enable or disable the DHCPv6 server status.
Page 91: Filter Dhcp Server
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 94 DHCPv6 Server Excluded Address Brief Table - View window The following fields can be configured or viewed: Parameter Description Pool Name Display the name of the pool. Begin Address Enter the starting IP address of the range of IP addresses to be excluded from the DHCPv6 pool.
Page 92: Filter Dhcp Server Port Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch The following parameters may be configured: Parameter Description Trap/Log Enable this function to record logs and send traps when the Switch detects the illegal DHCP server packets. Illegal Server The DHCP Server Screening function filters any illegal DHCP server packets.
Page 93: Layer 2 Protocol Tunneling Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Port List Specify the ports that will enable or disable the filter DHCP server. Tick the All Ports check box to select all ports. Filter DHCP Server Port Settings Action Select Add or Delete to add or delete a filter DHCP server entry.
Page 94: Rspan
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch From / To Specify the ports on which the BPDU Tunneling will be enabled or disabled. Type Use the drop-down menu to select the configuration type. Tunnel – Specifies that the BPDU is received from a tunnel port, this packets DA will be replaced by a reserved multicast address and then sent out to a providers network through the uplink port.
Page 95: Rspan Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch RSPAN Settings This window allows the user to search for a previously created VLAN and to view the RSPAN settings for it. To view this window, click Administration > RSPAN > RSPAN Settings, as shown below. Figure 2 - 99 RSPAN Settings window The following fields can be configured: Parameter...
Page 96 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 100 RSPAN Settings – Edit Redirect window The following fields can be configured: Parameter Description VLAN Name This is the VLAN Name that, along with the VLAN ID, identifies the VLAN which will modify the RSPAN Entries.
Page 97: Dns Relay
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch modify the RSPAN Entries. VID (1-4094) This is the VLAN ID that, along with the VLAN Name, identifies the VLAN which will to modify the RSPAN Entries. Mirror Group ID (1-4) Tick the check box and enter a group ID which mirror session is used for RSPAN source function.
Page 98: Dns Relay Global Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch DNS Relay Global Settings To view this window, click Administration > DNS Relay > DNS Relay Global Settings, as shown below. Figure 2 - 102 DNS Relay Global Settings window The following fields can be set: Parameter Description...
Page 99: Dns Resolver
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch To add an entry into the DNS Relay Static Table, simply enter a Domain Name with its corresponding IP address and click Add under the Apply heading. A successful entry will be presented in the table below, as shown in the example above. To erase an entry from the table, click its corresponding under the Delete heading.
Page 100: Dns Resolver Dynamic Name Server Table
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch To remove an entry from the table, click its corresponding under the Delete heading. Click Add to reveal the following window to configure: Figure 2 - 106 DNS Resolver Static Name Server Settings window The following fields can be set: Parameter Description...
Page 101: Dns Resolver Dynamic Host Name Table
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Click Add to reveal the following window to configure: Figure 2 - 109 DNS Resolver Static Host Name Settings window The following fields can be set: Parameter Description Host Name Enter the host’s host name.
Page 102: Snmp Manager
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch SNMP Manager SNMP Settings Simple Network Management Protocol (SNMP) is an OSI Layer 7 (Application Layer) designed specifically for managing and monitoring network devices. SNMP enables network management stations to read and modify the settings of gateways, routers, switches, and other network devices.
Page 103: Snmp Trap Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch SNMP settings are configured using the menus located on the SNMP V3 folder of the web manager. Workstations on the network that are allowed SNMP privileged access to the Switch can be restricted with the Management Station IP Address menu. SNMP Trap Settings The following window is used to enable and disable trap settings for the SNMP function on the Switch.
Page 104: Snmp User Table
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch SNMP User Table This window displays all of the SNMP users currently configured on the Switch. To view this window, click Administration > SNMP Manager > SNMP User Table, as shown below. Figure 2 - 112 SNMP User Table window To delete an existing SNMP User Table entry, click the below the Delete heading corresponding to the entry you wish to...
Page 105 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 114 SNMP User Table - Add window The following parameters can be configured: Parameter Description User Name Enter an alphanumeric string of up to 32 characters. This is used to identify the SNMP user. Group Name This name is used to specify the SNMP group created can request SNMP messages.
Page 106: Snmp View Table
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch SNMP View Table This window is used to assign views to community strings that define which MIB objects can be accessed by a remote SNMP manager. To view this window, click Administration > SNMP Manager > SNMP View Table, as shown below. Figure 2 - 115 SNMP View Table window To delete an existing SNMP View Table entry, click the corresponding button in the Delete column.
Page 107: Snmp Group Table
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch can access. Select Excluded to exclude this object from the list of objects that an SNMP manager can access. To implement your new settings, click Apply. To return to the SNMP View Table window, click the Show All SNMP View Table Entries link.
Page 108: Snmp Community Table
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 119 SNMP Group Table Configuration window The following parameters can be configured: Parameter Description Group Name Type an alphanumeric string of up to 32 characters. This is used to identify the new SNMP group of SNMP users.
Page 109: Snmp Host Table
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch • Read/write or read-only level permission for the MIB objects accessible to the SNMP community. To view this window, click Administration > SNMP Manager > SNMP Community Table, as shown below. Figure 2 - 120 SNMP Community Table window The following parameters can be configured: Parameter...
Page 110 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Users now have the choice of adding an IPv4 or an IPv6 host to the SNMP host table. To add a new IPv4 entry to the Switch's SNMP Host Table, click the Add IPv4 Host button in the upper left-hand corner of the window.
Page 111: Snmp Engine Id
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch V2 – To specify that SNMP version 2 will be used. V3-NoAuth-NoPriv – To specify that the SNMP version 3 will be used, with a NoAuth-NoPriv security level. V3-Auth-NoPriv –...
Page 112: Poe
Powered Devices (PDs) over Category 5 or Category 5E UTP Ethernet cables. The DGS-3426P follows the standard PSE (Power Sourcing Equipment) pinout Alternative A, whereby power is sent out over pins 1, 2, 3 and 6. The DGS-3426P works with all D-Link 802.3af capable devices. The DGS-3426P includes the following PoE features: Auto-discovery recognizes the connection of a PD (Powered Device) and automatically sends power to it.
Page 113 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 126 PoE System Settings window The following parameters can be configured: Parameter Description Choose the switch in the switch stack for which to configure the PoE settings. Unit ®...
Page 114: Poe Port Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch PoE Port Settings This window is used to configure the PoE port settings on the Switch. To view this window, click Administration > PoE > PoE Port Settings: Figure 2 - 127 PoE Port Settings window The following parameters can be configured: Parameter...
Page 115 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Priority Use the pull-down menu to select the priority of the PoE ports. Port priority determines the priority which the system attempts to supply the power to the ports. There are three levels of priority that can be selected, Critical, High, and Low.
Page 116: Sflow
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch sFlow sFlow is a feature on the Switch that allows users to monitor network traffic running through the switch to identify network problems through packet sampling and packet counter information of the Switch.
Page 117: Sflow Global Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch sFlow Global Settings The following window is used to globally enable the sFlow feature for the Switch. Simply use the pull-down menu and click Apply to enable or disable sFlow. This window will also display the sFlow version currently being utilized by the Switch, along with the sFlow Address that is the Switch’s IP address.
Page 118 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Owner Displays the owner of the entry made here. The user that added this sFlow Analyzer configured this name. Timeout (sec) Displays the configured time, in seconds, after which the Analyzer server will time out. When the server times out, all sFlow samples and counter polls associated with this server will be deleted.
Page 119: Sflow Sampler Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 132 sFlow Analyzer Settings – Edit window The following fields can be configured or viewed: Parameter Description Analyzer Server (1- Enter an integer from 1 to 4 to denote the sFlow Analyzer to be added. Up to four entries can be added.
Page 120 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 133 sFlow Sampler Settings window The following fields are displayed: Parameter Description Port Displays the port from which packet samples are being extracted. Analyzer Server ID Displays the ID of the Analyzer Server where datagrams, containing the packet sampling information taken using this sampling mechanism, will be sent.
Page 121: Sflow Poller Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 135 sFlow Sampler Settings - Edit window The following fields can be configured or viewed: Parameter Description Unit Select the unit you wish to configure. From / To Choose the beginning and ending range of ports to be configured for packet sampling.
Page 122 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 136 sFlow Counter Poller Settings window The following fields are displayed: Parameter Description Port Displays the port from which packet counter samples are being taken. Analyzer Server ID Displays the ID of the Analyzer Server where datagrams, containing the packet counter polling information taken using this polling mechanism, will be sent.
Page 123: Ip Multicast Vlan Replication
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 138 sFlow Counter Poller Settings - Edit window The following parameters can be configured or viewed: Parameter Description Unit Select the unit you wish to configure. From / To Choose the beginning and ending range of ports to be configured for counter polling.
Page 124: Ip Multicast Vlan Replication Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Parameter Description IP Multicast VLAN Enable or Disable the IP Multicast VLAN Replication State on the Switch. Replication State TTL specifies whether to decrease the time to live of a packet, the user can choose either Decrease or No Decrease.
Page 125 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 141 IP Multicast VLAN Replication Settings - Source Edit window The following fields may be set: Parameter Description Entry Name The name of the previously created IP Multicast VLAN Replication entry will be displayed. VID / VLAN Name Select VID and enter a source VLAN ID.
Page 126 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 142 IP Multicast VLAN Replication Settings - Destination Edit window The following fields may be set: Parameter Description Entry Name The name of the previously created IP Multicast VLAN Replication entry will be displayed. VID / VLAN Name Select VID and enter an outgoing VLAN ID.
Page 127: Single Ip Management (Sim) Overview
DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Single IP Management (SIM) Overview Simply put, D-Link Single IP Management is a concept that will stack switches together over Ethernet instead of using stacking ports or modules. There are some advantages in implementing the “Single IP Management” feature: SIM can simplify management of small workgroups or wiring closets while scaling the network to handle increased bandwidth demand.
Page 128 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch • The user can manually configure a CS to become a CaS. • A MS can become a CaS by: • Being configured as a CaS through the CS. •...
Page 129: Sim Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch NOTE: SIM Management does not support IPv6. For users wishing to utilize this function, switches in the SIM group must be configured with IPv4 addresses. IPv6 for SIM management will be supported in a future release of this switch.
Page 130: Topology
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch a Commander Switch. This is the default setting for the SIM role of the DGS-3400 Series. Commander – Choosing this parameter will make the Switch a Commander Switch (CS). The user may join other switches to this Switch, over Ethernet, to be part of its SIM group.
Page 131 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch The Tree View window holds the following information under the Data tab: Parameter Description Device Name This field will display the Device Name of the switches in the SIM group configured by the user. If no device is configured by the name, it will be given the name default and tagged with the last six digits of the MAC Address to identify it.
Page 132 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch This screen will display how the devices within the Single IP Management Group connect to other groups and devices. Possible icons in this screen are as follows: Icon Description Group...
Page 133: Tool Tips
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Tool Tips In the Topology view window, the mouse plays an important role in configuration and in viewing device information. Setting the mouse cursor over a specific device in the topology window (tool tip) will display the same information about a specific device as the Tree view does.
Page 134 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 148 Port Speed Utilizing the Tool Tip...
Page 135: Group Icon
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Right-click Right-clicking on a device will allow the user to perform various functions, depending on the role of the Switch in the SIM group and the icon associated with it. Group Icon Figure 2 - 149 Right-clicking a Group Icon The following options may appear for the user to configure:...
Page 136: Commander Switch Icon
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Commander Switch Icon Figure 2 - 151 Right-clicking a Commander Icon The following options may appear for the user to configure: • Collapse – to collapse the group that will be represented by a single icon. •...
Page 137: Menu Bar
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch • Collapse – to collapse the group that will be represented by a single icon. • Expand – to expand the SIM group, in detail. • Add to group – add a candidate to a group. Clicking this option will reveal the following screen for the user to enter a password for authentication from the Candidate Switch before being added to the SIM group.
Page 138: Firmware Upgrade
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Help • About - Will display the SIM information, including the current SIM version. Figure 2 - 157 About window Firmware Upgrade This window is used to upgrade firmware from the Commander Switch to the Member Switch. Member Switches will be listed in the table and will be specified by Port (port on the CS where the MS resides), MAC Address, Model Name and Version.
Page 139: Upload Log
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Upload Log The following window is used to upload log files from SIM member switches to a specified PC. To upload a log file, enter the IP address of the SIM member switch and then enter the path on your PC to which to save this file.
Page 140: Rip
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch RIP Version 1 Message Format There are two types of RIP messages: routing information messages and information requests. Both types use the same format. The Command field specifies an operation according the following table: Command Meaning Request for partial or full routing information...
Page 141: Rip Global Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch RIP Global Settings To setup RIP for the IP interfaces configured on the Switch, the user must first globally enable RIP and then configure RIP settings for the individual IP interfaces. To globally enable RIP on the Switch, click Administration >...
Page 142: Ripng
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch IP Address The IP address corresponding to the Interface Name showing in the field above. TX Mode Toggle among Disabled, V1 Only, V1 Compatible, and V2 Only. This entry specifies which version of the RIP protocol will be used to transmit RIP packets.
Page 143: Ripng Interface Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Expire Time (1-65535) Enter the value (in seconds) of the expire time. Garbage Collection Enter the value (in seconds) of the garbage-collection timer. Time (1-65535) Click Apply to implement changes made. RIPng Interface Settings This window allows users to configure RIPng interface settings.
Page 144: Ip Tunnel Settings
IPv6, and the development of transition strategies, tools, and mechanisms has been part of the basic IPv6 design from the start. This IPv6 tunneling mechanism is one of D-Link’s strategies for solving the transition from IPv4 to IPv6. To configure the settings, click Administration > IP Tunnel Settings, as shown below.
Page 145 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch The following parameters can be configured or viewed: Parameter Description Interface Name This is the IPv6 tunnel interface name. Interface Admin Enable or disable IP tunneling. State Mode Select from Manual, 6to4, or ISATAP.
Page 146: L2 Features
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Section 3 L2 Features VLANs Trunking IGMP Snooping MLD Snooping Loop-back Detection Global Settings Spanning Tree Forwarding & Filtering LLDP Q-in-Q ERPS DULD Settings NLB Multicast FDB Settings The following section will aid the user in configuring security functions for the Switch.
Page 147 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Tagging – The act of putting 802.1Q VLAN information into the header of a packet. Untagging – The act of stripping 802.1Q VLAN information out of the packet header. Ingress port –...
Page 148: Q Vlan Tags
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 3 - 1 IEEE 802.1Q Packet Forwarding 802.1Q VLAN Tags The figure below shows the 802.1Q VLAN tag. There are four additional octets inserted after the source MAC address. Their presence is indicated by a value of 0x8100 in the EtherType field.
Page 149: Port Vlan Id
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 3 - 2 IEEE 802.1Q Tag The EtherType and VLAN ID are inserted after the MAC source address, but before the original EtherType/Length or Logical Link Control. Because the packet is now a bit longer than it was originally, the Cyclic Redundancy Check (CRC) must be recalculated.
Page 150: Tagging And Untagging
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch cerned. Tagged packets are forwarded according to the VID contained within the tag. Tagged packets are also assigned a PVID, but the PVID is not used to make packet-forwarding decisions, the VID is. Tag-aware switches must keep a table to relate PVIDs within the Switch to VIDs on the network.
Page 151: Static Vlan Entry
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch System (default) 5, 6, 7, 8, 21, 22, 23, 24 Engineering 9, 10, 11, 12 Marketing 13, 14, 15, 16 Finance 17, 18, 19, 20 Sales 1, 2, 3, 4 Table 3 - 1 VLAN Example –...
Page 152 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 3 - 4 Current Static VLAN Entries window The Current Static VLAN Entries window lists all previously configured VLANs by VLAN ID and VLAN Name. To delete an existing 802.1Q VLAN, click the corresponding button under the Delete heading.
Page 153: Vlan Trunk
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 3 - 6 Static VLAN window – Edit window The following parameters can be configured or viewed: Parameter Description Unit Select the switch in the switch stack for which to configure VLANs. Allows the entry of a VLAN ID in the Add window, or displays the VLAN ID of an existing VLAN in the Modify window.
Page 154 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 3 - 7 VLAN Trunk Global Settings window The following parameters can be configured: Parameter Description VLAN Trunk Use the pull-down menu to enable or disable VLAN trunk global status. Status State Use the pull-down menu to enable or disable VLAN trunk port state.
Page 155: Gvrp Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch GVRP Settings The GVRP Settings window allows the user to determine whether the Switch will share its VLAN configuration information with other GARP VLAN Registration Protocol (GVRP) enabled switches.
Page 156: Double Vlans
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch make VLAN forwarding decisions. If the port receives a packet, and Ingress filtering is enabled, the port will compare the VID of the incoming packet to its PVID. If the two are unequal, the port will drop the packet.
Page 157: Regulations For Double Vlans
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch the Customer can retain its normal VLAN and the Service Provider can congregate multiple Customer VLANs within one SP-VLAN, thus greatly regulating traffic and routing on the Service Provider switch. This information is then routed to the Service Provider’s main network and regarded there as one VLAN, with one set of protocols and one routing behavior.
Page 158: Double Vlan Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Double VLAN Settings This window is used to enable or disable the double VLAN State settings. To view this window, click L2 Features > VLAN > Double VLAN, as shown below. Figure 3 - 10 Double VLAN State Settings window Choose Enabled using the pull-down menu and click Apply.
Page 159 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 3 - 13 Double VLAN State Settings - View window Parameters shown in the previous window are explained below: Parameter Description SPVID The VLAN ID number of this potential Service Provider VLAN. VLAN Name The name of the VLAN on the Switch.
Page 160: Pvid Auto Assign
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch To configure the parameters for a previously created Service Provider VLAN, click the Modify button of the corresponding SPVID in the Double VLAN State Settings window. The following window will appear for the user to configure. Figure 3 - 15 Double VLAN State Settings –...
Page 161: Mac-Based Vlan Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 3 - 16 PVID Auto Assign Settings window When Enabled, PVID will be automatically assigned when adding a port to a VLAN as an untagged member port. Click Apply to implement the change.
Page 162: Protocol Vlan Group Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Protocol Type Header in Hexadecimal Form IP over Ethernet 0x0800 IPX 802.3 0xFFFF IPX 802.2 0xE0E0 IPX SNAP 0x8137 IPX over Ethernet2 0x8137 decLAT 0x6004 SNA 802.2 0x0404 netBios 0xF0F0...
Page 163: Protocol Vlan Port Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 3 - 19 Protocol VLAN Group - Add window The Add and Modify windows of the Protocol VLAN Group hold the following fields to be configured: Parameter Description Group ID (1-16)
Page 164: Subnet Vlan
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 3 - 20 Protocol VLAN Port Settings window The following fields may be configured: Parameter Description Port List Use this parameter to assign ports to a Protocol VLAN Group or remove them from the Protocol VLAN Group.
Page 165: Subnet Vlan Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Note: If the IP address of the received untagged packet is match two entries in the table. The longest-prefix match order is used. For make the subnet VLAN can work well, must add the ingress port into the VLAN member ports. The subnet VLAN maybe affects the authorization protocol, such as 802.1x, WAC, JWAC, MAC access control and Compound authentication.
Page 166 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 3 - 22 VLAN Precedence Settings window The following fields may be configured: Parameter Description Unit Select the switch in the switch stack to be modified. From / To These two fields allow the range of ports that will be included in the VLAN precedence.
Page 167: Trunking
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Trunking Understanding Port Trunk Groups Port trunk groups are used to combine a number of ports together to make a single high-bandwidth data pipeline. DGS-3400 Series supports up to 32 port trunk groups with 2 to 8 ports in each group. A potential bit rate of 8000 Mbps can be achieved. Figure 3 - 23 Example of Port Trunk Group...
Page 168: Link Aggregation
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch The Switch treats all ports in a trunk group as a single port. Data transmitted to a specific host (destination address) will always be transmitted over the same port in a trunk group. This allows packets in a data stream to arrive in the same order they were sent. NOTE: If any ports within the trunk group become disconnected, packets intended for the disconnected port will be load shared among the other linked ports of the link aggregation group.
Page 169 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 3 - 25 Link Aggregation Group Entries - Add window To edit a port trunk group, click the corresponding Modify button to see the window shown as below.
Page 170 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 3 - 26 Link Aggregation Group Entries - Edit window The user-changeable parameters are as follows: Parameter Description Group ID Select an ID number for the group, between 1 and 32. Type This pull-down menu allows users to select between Static and LACP (Link Aggregation Control Protocol).
Page 171: Lacp Port Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch unknown unicasts. After setting the previous parameters, click Apply to allow your changes to be implemented. Successfully created trunk groups will be show in the Link Aggregation Group Entries window. To return to the Link Aggregation Group Entries window, click the Show All Link Aggregation Group Entries link.
Page 172 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 3 - 27 LACP Port Settings window The user may set the following parameters: Parameter Description Unit Select the switch in the switch stack to be modified. From / To A consecutive group of ports may be configured starting with the selected port.
Page 173: Igmp Snooping
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch dynamically as needs require. In order to utilize the ability to change an aggregated port group, that is, to add or subtract ports from the group, at least one of the participating devices must designate LACP ports as active.
Page 174 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Click the corresponding Modify button in the IGMP Snooping Settings table to open the window, as shown below. Figure 3 - 29 IGMP Snooping Settings – Edit window The following parameters may be viewed or modified: Parameter Description...
Page 175: Router Port Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch (1- 25) messages, including those sent in response to leave group messages. Default = 1. Version (1-3) Configure the IGMP version of the query packet which will be sent by the router. Host Timeout (1-16711450 This is the maximum amount of time in seconds allowed for a host to continue sec)
Page 176 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch • IGMP queries (from the router port) will be flooded to all ports. All UDP multicast packets will be forwarded to the router port. Because routers do not send IGMP reports or implement IGMP snooping, a multicast router connected to the router port of a Layer 3 switch would not be able to receive UDP data streams unless the UDP multicast packets were all forwarded to the router port.
Page 177: Igmp Snooping Static Group Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch None – Click this option to not set these ports as router ports Static – Click this option to designate a range of ports as being connected to a multicast- enabled router.
Page 178: Ism Vlan Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 3 - 33 IGMP Snooping Static Group - Add window To modify an entry, click the corresponding Modify button, and the following window will be displayed. Figure 3 - 34 IGMP Static Group Modify window The following fields can be configured or viewed: Parameter...
Page 179: Restrictions And Provisos
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Regardless of other normal VLANs that are incorporated on the Switch, users may add any ports to the multicast VLAN where they wish multicast traffic to be sent. Users are to set up a source port, where the multicast traffic is entering the switch, and then set the ports where the incoming multicast traffic is to be sent.
Page 180 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch VID (2-4094) Enter a VLAN ID between 2 and 4094. Remap Priority (0-7) Enter a value between 0 and 7. The remap priority is associated with the data traffic to be forwarded on the multicast VLAN.
Page 181: Limited Ip Multicast Address Range Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Replace Source IP This field is used to replace the source IP address of incoming packets sent by the host before being forwarded to the source port. Remap Priority (0-7) Enter a value between 0 and 7.
Page 182 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 3 - 39 Limited IP Multicast Address Range window The following parameters can be configured: Parameter Description Unit Select the switch in the switch stack to be modified. From / To Enter the port range for which to begin the Limited IP Multicast Range configuration.
Page 183: Mld Snooping
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch MLD Snooping Multicast Listener Discovery (MLD) Snooping is an IPv6 function used similarly to IGMP snooping in IPv4. It is used to discover ports on a VLAN that are requesting multicast data. Instead of flooding all ports on a selected VLAN with multicast traffic, MLD snooping will only forward multicast data to ports that wish to receive this data through the use of queries and reports produced by the requesting ports and the source of the multicast traffic.
Page 184 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch The following parameters can be configured: Parameter Description MLD Multicast Router Only Use the pull-down menu to enable or disable the MLD multicast router. MLD Snooping Data Driven Enter a value between 1 and 511 for data driven max learning entry.
Page 185 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch response for MLD port listeners. The Max Response Time field allows an entry between 1 and 25 (seconds). Default = 10. Robustness Variable (1-255) Provides fine-tuning to allow for expected packet loss on a subnet. The user may choose a value between 1 and 255 with a default setting of 2.
Page 186: Mld Router Port Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch MLD Router Port Settings The following window is used to designate a port or range of ports as being connected to multicast enabled routers. When IPv6 routing control packets, such as DVMRP, OSPF or RIP, or MLD Query packets are found in an Ethernet port or specified VLAN, the Switch will set these ports as dynamic router ports.
Page 187 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch which to configure these ports: None – Click this option to not set these ports as router ports Static – Click this option to designate a range of ports as being connected to a multicast-enabled router.
Page 188: Loop-Back Detection Global Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Loop-back Detection Global Settings The Loop-back Detection function is used to identify loops occurring between the Switch and a device that is directly connected to it. This process is accomplished by the use of a Configuration Testing Protocol (CTP) packet that is generated by the switch.
Page 189 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch None – The trap will not be sent in any situation. Loopdetect Trap Loop Detected – The trap is sent when the loop condition is detected. Loop Cleared – The trap is sent when the loop condition is cleared. Both –...
Page 190: Spanning Tree
MSTP. 802.1D-1998 STP will be familiar to most networking professionals. However, since 802.1D-2004 RSTP and 802.1Q- 2005 MSTP have been recently introduced to D-Link managed Ethernet switches, a brief introduction to the technology is provided below followed by a description of how to set up 802.1D-1998 STP, 802.1D-2004 RSTP, and 802.1Q-2005 MSTP.
Page 191: Port Transition States
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Port Transition States An essential difference between the three protocols is in the way ports transition to a forwarding state and in the way this transition relates to the role of the port (forwarding or not forwarding) in the topology. MSTP and RSTP combine the transition states disabled, blocking and listening used in 802.1D-1998 and creates a single state Discarding.
Page 192: Stp Bridge Global Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch The Spanning Tree Protocol (STP) operates on two levels: On the switch level, the settings are globally implemented. On the port level, the settings are implemented on a per-user-defined group of ports basis. STP Bridge Global Settings This window is used to configure the STP Bridge Global Settings on the Switch.
Page 193 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 3 - 47 STP Bridge Global Settings window (STP Compatible) See the table below for descriptions of the STP versions and corresponding setting options. NOTE: The Hello Time cannot be longer than the Max. Age. Otherwise, a configuration error will occur.
Page 194: Mst Configuration Identification
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Forward Delay (4-30 The Forward Delay can be from 4 to 30 seconds. Any port on the Switch spends this time sec) in the listening state while moving from the blocking state to the forwarding state. Max Hops (1-40) Used to set the number of hops between devices in a spanning tree region before the BPDU (bridge protocol data unit) packet sent by the Switch will be discarded.
Page 195 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch The window above contains the following information: Parameter Description Configuration Name A previously configured name set on the Switch to uniquely identify the MSTI (Multiple Spanning Tree Instance). If a configuration name is not set, this field will show the MAC address to the device running MSTP.
Page 196 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch The user may configure the following parameters to configure the CIST on the Switch. Parameter Description MSTI ID The MSTI ID of the CIST is 0 and cannot be altered. Type This field allows the user to choose a desired method for altering the MSTI settings.
Page 197: Mstp Port Information
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch MSTP Port Information This window displays the current MSTP Port Information and can be used to update the port configuration for an MSTI ID. If a loop occurs, the MSTP function will use the port priority to select an interface to put into the forwarding state. Set a higher priority value for interfaces to be selected for forwarding first.
Page 198 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Click Apply to implement the changes. Click the Show MSTP Port Information Table-Port 1 of Unit 1 to return to the MSTP Port Information window.
Page 199: Stp Instance Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch STP Instance Settings The following window displays MSTIs currently set on the Switch. To view this window, click L2 Features > Spanning Tree > STP Instance Settings, as shown below. Figure 3 - 54 STP Instance Settings window The following information is displayed: Parameter...
Page 200: Stp Port Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch STP Port Settings STP can be set up on a port per port basis. In addition to setting Spanning Tree parameters for use on the switch level, the Switch allows for the configuration of groups of ports, each port-group of which will have its own spanning tree, and will require some of its own configuration settings.
Page 201 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch From / To A consecutive group of ports may be configured starting with the selected port. External Cost This defines a metric that indicates the relative cost of forwarding packets to the specified (0=Auto) port list.
Page 202: Forwarding & Filtering
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Click Apply to implement the changes. Forwarding & Filtering This folder contains windows for Unicast Forwarding, Multicast Forwarding and Multicast Filtering Mode. Unicast Forwarding This window is used to configure the Unicast Forwarding on the Switch.
Page 203: Multicast Filtering Mode
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 3 - 59 Setup Static Multicast Forwarding Table window The following parameters can be set: Parameter Description Unit Select the switch in the switch stack to be modified. The VLAN ID of the VLAN the corresponding MAC address belongs to.
Page 204: Lldp
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Parameter Description VLAN Name The VLAN to which the specified filtering action applies. Tick the All check box to apply the action to all VLANs on the Switch. Filtering Mode This drop-down menu allows you to select the action the Switch will take when it receives a multicast packet that requires forwarding to a port in the specified VLAN.
Page 205: Lldp Global Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch LLDP Global Settings This window is used to configure the LLDP Global Settings on the Switch. When LLDP is enabled the Switch can start to transmit, receive and process LLDP packets. The specific function of each port will depend on the per port LLDP settings. LLDP Global State is Disabled by default.
Page 206: Basic Lldp Port Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch port which will delay advertising any successive LLDP advertisements due to change in the LLDP MIB content. To change the LLDP TX Delay, enter a value in seconds (1 to 8192). Notification Interval LLDP Notification Interval is used to send notifications to configured SNMP trap receiver(s) (5-3600)
Page 207: 802.1 Extension Lldp Port Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch The following parameters can be set: Parameter Description Unit Select the unit to configure. From / To Use the pull-down menu to select a range of ports to be configured. Notification State Use the pull-down menu to Enable or Disable the status of the LLDP notification.
Page 208 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 3 - 63 802.1 Extension LLDP Port Settings window...
Page 209: Extension Lldp Port Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch The following parameters can be set: Parameter Description Unit Select the unit to configure. From / To Use the pull-down menu to select a range of ports to be configured. Port VLAN ID Use the drop-down menu to enable or disable the advertised PVID.
Page 210 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 3 - 64 802.3 Extension LLDP Port Settings window The following parameters can be set: Parameter Description Unit Select the unit you wish to configure. From / To Use the pull-down menu to select a range of ports to be configured.
Page 211: Lldp Management Address Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Power Via MDI This specifies that the LLDP agent should transmit 'Power via MDI TLV'. Three IEEE 802.3 PMD implementations (10BASE-T, 100BASE-TX, and 1000BASE-T) allow power to be supplied over the link for connected non-powered systems.
Page 212 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 3 - 65 LLDP Management Address Settings window The following parameters can be set: Parameter Description Unit Select the unit you wish to configure. From / To Use the pull-down menu to select a range of ports to be configured.
Page 213: Lldp Statistics
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch LLDP Statistics LLDP Statistics allows you an overview of neighbor detection activity, LLDP Statistics and the settings for individual ports on the Switch. Use the drop-down menu to check a specific unit the information will be displayed in the lower half of the table. To view this window, click L2 Features >...
Page 214: Lldp Management Address Table
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch LLDP Management Address Table The following window is used to set up LLDP management address settings on the Switch. To view this window, click L2 Features > LLDP > LLDP Management Address Settings, as shown below. Figure 3 - 67 LLDP Management Address window The following parameters can be set or displayed: Parameter...
Page 215 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 3 - 68 LLDP Local Port Brief Table window...
Page 216 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch To view Normal information on a per port basis click the corresponding View button, which will display the following window.cl Figure 3 - 69 LLDP Local Port Table - View Normal window To return to the previous window click the Show LLDP Local Port Brief Table link.
Page 217: Lldp Remote Port Table
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 3 - 70 LLDP Local Port Table - View Detailed window To return to the LLDP Local Port Brief Information window, click the Show LLDP Local Port Brief Table link.
Page 218 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 3 - 71 LLDP Remote Port Brief Table window Select the port you wish to view by using the drop-down menu and click Find, the information will be displayed in the lower half of the table.
Page 219: Q-In-Q
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Q-in-Q Q-in-Q is designed for service providers to carry traffic from multiple users across a network. Q-in-Q is used to maintain customer specific VLAN and Layer 2 protocol configurations even when the same VLAN ID is being used by different customers. This is achieved by inserting SP-VLAN tags into the customer’s frames when they enter the service provider’s network, and then removing the tags when the frames leave the network.
Page 220: Vlan Translation Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Parameter Description QinQ State Use the pull down menu to Enable or Disable the Q-in-Q State. When Q-in-Q is Enabled, all network port roles will have NNI ports and their outer TPID set to 0x88a8. All existing static VLANs will run as SP-VLANs.
Page 221: Erps
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch The following fields can be set: Parameter Description Unit Select the unit you wish to configure. From / To A consecutive group of ports that are part of the VLAN configuration starting with the selected port.
Page 222: Erps Raps Vlan Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Log Status Enable or disable the log state of ERPS events. The default value is Disabled. Trap Status Enable or disable the trap state of ERPS events. The default value is Disabled Click Apply to implement the changes.
Page 223 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 3 - 79 ERPS RAPS VLAN Table - Edit window The following fields can be set: Parameter Description ERPS State This is used to configure ring state of the specified ring. When both the global state and the specified ring ERPS state are enabled, the specified ring will be activated.
Page 224 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch port. RPL Owner Enable or disable the RPL owner. Enabled specifies the device as an RPL owner node. Disabled indicates the node is not an RPL owner. By default, the RPL owner is disabled. Protected VLAN This is used to configure the VLANs that are protected by the ERPS function.
Page 225: Duld Settings
Click Apply to implement changes made. DULD Settings The Switch features a D-Link Unidirectional Link Detection (DULD) module. The unidirectional link detection provides a mechanism that can be used to detect unidirectional link for Ethernet switches whose PHYs do not support unidirectional OAM operation.
Page 226 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 3 - 81 DULD Settings window The following fields can be set: Parameter Description Unit Select the unit you wish to configure.
Page 227: Nlb Multicast Fdb Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch From / To Select a range of ports. Admin State Enable or disable the administration state. This indicates these ports unidirectional link detection status. The default state is Disabled. Mode Toggle between Shutdown and Normal.
Page 228 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch VLAN Name Click the radio button and enter the VLAN of the NLB multicast FDB entry to be created. VID (1-4094) Click the radio button and enter the VLAN by the VLAN ID. MAC Address Enter the MAC address of the NLB multicast FDB entry to be created.
Page 229: Qos
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Section 4 802.1p Settings Bandwidth Control HOL Prevention Settings Schedule Settings ® The xStack DGS-3400 Series supports 802.1p priority queuing Quality of Service. The following section discusses the implementation of QoS (Quality of Service) and benefits of using 802.1p priority queuing.
Page 230: Understanding Qos
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 4 - 1 An Example of the Default QoS Mapping on the Switch The picture above shows the default priority setting for the Switch. Class-6 has the highest priority of the seven priority classes of service on the Switch.
Page 231 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch • Priority 0 is assigned to the Switch’s Q2 queue. • Priority 1 is assigned to the Switch’s Q0 queue. • Priority 2 is assigned to the Switch’s Q1 queue. •...
Page 232: Understanding Ieee 802.1P Priority
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch NOTICE: The Switch contains eight classes of service for each port on the Switch. One of these classes is reserved for internal use on the Switch and is therefore not configurable. All references in the following section regarding classes of service will refer to only the seven classes of service that may be used and configured by the administrator.
Page 233: 802.1P Default Priority Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch 802.1p Default Priority Settings The Switch allows the assignment of a default 802.1p priority to each port on the Switch. The priority tags are numbered from 0, the lowest priority, to 7, the highest priority.
Page 234: 802.1P User Priority Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch value, from 0-7 in the Priority field. Click Apply to implement the changes. 802.1p User Priority Settings ® The xStack DGS-3400 Series allows the assignment of a class of service to each of the 802.1p priorities. To view this window, click QoS >...
Page 235: Bandwidth Control
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Class ID Use the pull-down menu to select the Switch’s hardware priority queue. The switch has seven hardware priority queues available. Click Apply to implement the changes. Bandwidth Control The Bandwidth Control section includes Bandwidth Control Settings and Per Queue Bandwidth Control Settings.
Page 236 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 4 - 4 Bandwidth Settings window The following parameters can be set or are displayed: Parameter Description Unit Select the switch in the switch stack to be modified. From / To A consecutive group of ports may be configured starting with the selected port.
Page 237: Per Queue Bandwidth Control Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Effective RX Specifies the limitation of the received data rate. rate Effective TX Specifies the limitation of the transmitted data rate. rate Click Apply to set the bandwidth control for the selected ports. Results of configured Bandwidth Settings will be displayed in the Bandwidth Control Table.
Page 238 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 4 - 5 Per Queue Bandwidth Control Settings window The following parameters can be set: Parameter Description Unit Select the switch in the switch stack to be modified. From / To A consecutive group of ports may be configured starting with the selected port.
Page 239: Hol Prevention Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch HOL Prevention Settings This window is used to enable or disable Head of Line (HOL) prevention. To view the HOL Prevention Settings window, click QoS > HOL Prevention Settings, as shown below. Figure 4 - 6 Per Queue Bandwidth Control Settings window Use the drop-down menu to enable or disable head of line prevention.
Page 240 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 4 - 7 QoS Output Scheduling window The following values may be assigned to the QoS classes to set the scheduling. Parameter Description Select the unit to configure. Unit A consecutive group of ports may be configured starting with the selected port.
Page 241: Qos Scheduling Mechanism Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch NOTE: Entering a 0 for the Max Packets field in the QoS Output Scheduling window above will create a Combination Queue. For more information on implementation of this feature, see the next section, Configuring the Combination Queue.
Page 242 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 4 - 8 QoS Scheduling Mechanism window The following parameters can be configured. Parameter Description Select the unit to configure. Unit A consecutive group of ports may be configured starting with the selected port. From / To...
Page 243 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Mode Use the pull-down menu to select one of the following modes. Strict - The highest class of service is the first to process traffic. That is, the highest class of service will finish before other queues empty.
Page 244: Acl (Access Control List)
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Section 5 ACL (Access Control List) Time Range Access Profile Table ACL Flow Meter CPU Interface Filtering Time Range This window is used in conjunction with the Access Profile feature to determine a starting point and an ending point, based on days of the week, when an Access Profile configuration will be enabled on the Switch.
Page 245: Access Profile Table
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Click Apply to implement changes made. Currently configured entries will be displayed in the Time Range Information table in the bottom half of the window shown above. Access Profile Table Access profiles allow you to establish criteria to determine whether the Switch will forward packets based on the information contained in each packet's header.
Page 246 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Parameter Description Profile ID (1-6) Type in a unique identifier number for this profile set. This value can be set from 1 to 6. Type Select profile based on Ethernet (MAC Address), IP, Packet Content or IPv6 address. This will change the menu according to the requirements for the type of profile.
Page 247 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 5 - 5 Access Profile Configuration window (IP) The following parameters can be set, for IP: Parameter Description Profile ID (1-6) Type in a unique identifier number for this profile set. This value can be set from 1 to 6. Type Select profile based on Ethernet (MAC Address), IP, Packet Content or IPv6 address.
Page 248 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch • Type - Further specify that the access profile will apply an ICMP type value. • Code - Further specify that the access profile will apply an ICMP code value. Select IGMP to instruct the Switch to examine the Internet Group Management Protocol (IGMP) field in each frame's header.
Page 249 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 5 - 7 Access Profile Configuration window (IPv6) The following parameters can be set, for IP: Parameter Description Profile ID (1-6) Type in a unique identifier number for this profile set. This value can be set from 1 to 6. Type Select profile based on Ethernet (MAC Address), IP, Packet Content or IPv6 address.
Page 250 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch 0x0-0xffff) which you wish to filter. Select UDP to use the UDP port number contained in an incoming packet as the forwarding criterion. Selecting UDP requires that you specify a source port mask and/or a destination port mask.
Page 251 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Parameter Description Profile ID (1-6) Type in a unique identifier number for this profile set. This value can be set from 1 to 6. Type Select profile based on Ethernet (MAC Address), IP address, packet content mask or IPv6. This will change the menu according to the requirements for the type of profile.
Page 252 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 5 - 11 Access Rule Table window (Ehternet) To remove a previously created rule, select it and click the button. To add a new Access Rule, click the Add Rule button: Figure 5 - 12 Access Rule Configuration window (Ethernet) The following parameters can be configured: Parameter...
Page 253 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch and will be filtered. Select Mirror to specify that packets match the access profile are mirrored to a port defined in the Port Mirroring window. Port Mirroring must be enabled and a target port must be set. Access ID (1-128) Type in a unique identifier number for this access.
Page 254 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Click Apply to implement the changes. To view the settings of a previously correctly configured rule, click View in the Access Rule Table window to view the following window: Figure 5 - 13 Access Rule Display window (Ethernet) To configure the Access Rule for IP, open the Access Profile Table window and click Modify for an IP entry.
Page 255 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 5 - 15 Access Rule Configuration window (IP) Configure the following Access Rule Configuration settings for IP: Parameter Description Profile ID This is the identifier number for this profile set. Mode Select Permit to specify that the packets that match the access profile are forwarded by the Switch, according to any additional rule added (see below).
Page 256 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch forwarded by the Switch. For more information on priority queues, CoS queues and mapping for 802.1p, see the QoS section of this manual. Replace DSCP Select this option to instruct the Switch to replace the DSCP value (in a packet that meets the (0-63) selected criteria) with the value entered in the adjacent field.
Page 257 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 5 - 16 Access Rule Display window (IP) To configure the Access Rule for IPv6, open the Access Profile Table window and click Modify for an IPv6 entry. This will open the following window: Figure 5 - 17 Access Rule Table (IPv6) Click Add Rule to open the next window to configure the IPv6 entry for an access rule.
Page 258 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 5 - 18 Access Rule Configuration window (IPv6) Parameter Description Profile ID This is the identifier number for this profile set. Mode Select Permit to specify that the packets that match the access profile are forwarded by the Switch, according to any additional rule added (see below).
Page 259 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch header. This class field is a part of the packet header that is similar to the Type of Service (ToS) or Precedence bits field of IPv4. Flow Label Configuring this field, in hex form, will instruct the Switch to examine the flow label field of the IPv6 header.
Page 260 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 5 - 19 Access Rule Display window (IPv6) The following window is the Access Rule table for Packet Content. Figure 5 - 20 Access Rule Table window (Packet Content Mask) To remove a previously created rule, select it and click the button.
Page 261 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 5 - 21 Access Rule Configuration window (Packet Content) To set the Access Rule for the Packet Content Mask, adjust the following parameters and click Apply. Parameter Description Profile ID...
Page 262 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch This parameter is specified to re-write the 802.1p default priority previously set in the Switch, Priority (0-7) which is used to determine the CoS queue to which packets are forwarded to. Once this field is specified, packets accepted by the Switch that match this priority are forwarded to the CoS queue specified previously by the user.
Page 263: Acl Flow Meter
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 5 - 22 Access Rule Display window (Packet Content) NOTE: When using the ACL Mirror function, ensure that the Port Mirroring function is enabled and a target mirror port is set. ACL Flow Meter Before configuring the ACL Flow Meter, here is a list of acronyms and terms users will need to know.
Page 264 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch DSCP – Differentiated Services Code Point. The part of the packet header where the color will be added. Users may change the DSCP field of incoming packets. The ACL Flow Meter function will allow users to color code IP packet flows based on the rate of incoming packets.
Page 265 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 5 - 24 ACL Flow Meter Configuration - Add window The following fields may be configured: Parameter Description Profile ID (1-6) Enter the pre-configured Profile ID for which to configure the ACL Flow Metering parameters. Access ID (1-128) Enter the pre-configured Access ID for which to configure the ACL Flow Metering parameters.
Page 266 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch following parameters to determine the color rate of the IP packet flow. CIR – The Committed Information Rate can be set between 0 and 156249. The color rates are based on the following two fields which are used in conjunction with the CIR.
Page 267: Cpu Interface Filtering
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch CPU Interface Filtering ® Due to a chipset limitation and needed extra switch security, the xStack DGS-3400 Series switch incorporates CPU Interface filtering. This added feature increases the running security of the Switch by enabling the user to create a list of access rules for packets destined for the Switch’s CPU interface.
Page 268: Cpu Interface Filtering Table
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch CPU Interface Filtering Table This window displays the CPU Access Profile Table entries created on the Switch. To view this window, click ACL > CPU Interface Filtering > CPU Interface Filtering Table, as shown below. Figure 5 - 27 CPU Interface Filtering Table window To add an entry to this window, click the Add Profile button.
Page 269 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch VLAN Selecting this option instructs the Switch to examine the VLAN identifier of each packet header and use this as the full or partial criterion for forwarding. Source MAC Source MAC Mask - Enter a MAC address mask for the source MAC address.
Page 270 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 5 - 30 CPU Interface Filtering Configuration window (IP) The following parameters may be configured for the IP CPU filter. Parameter Description Profile ID (1-5) Type in a unique identifier number for this profile set. This value can be set from 1 to 5. Type Select profile based on Ethernet (MAC Address), IP address, IPv6 address or Packet Content Mask.
Page 271 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch or specify Code to further specify that the access profile will apply an ICMP code value. Select IGMP to instruct the Switch to examine the Internet Group Management Protocol (IGMP) field in each frame's header.
Page 272 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 5 - 32 CPU Interface Filtering Configuration window (IPv6) The following parameters may be configured for the IP CPU filter. Parameter Description Profile ID (1-5) Type in a unique identifier number for this profile set. This value can be set from 1 to 5. Type Select profile based on Ethernet (MAC Address), IP address, IPv6 address or Packet Content Mask.
Page 273 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 5 - 33 CPU Interface Filtering Entry Display window (IPv6) The window shown below is the Packet Content Mask configuration window.
Page 274 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 5 - 34 CPU Interface Filtering Configuration window (Packet Content) This screen will aid the user in configuring the Switch to mask packet headers beginning with the offset value specified. The following fields are used to configure the Packet Content Mask: Parameter Description...
Page 275 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch packet to the 15th byte. • value (16-31) – Enter a value in hex form to mask the packet from byte 16 to byte 31. • value (32-47) – Enter a value in hex form to mask the packet from byte 32 to byte 47. •...
Page 276 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 5 - 37 CPU Interface Filtering Table (Ethernet) To create a new rule set for an access profile click the Add Rule button. A new window is displayed. To remove a previously created rule, click the corresponding button.
Page 277 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Ethernet Type Specifies that the access profile will apply only to packets with this hexadecimal 802.1Q Ethernet type value (hex 0x0-0xffff) in the packet header. The Ethernet type value may be set in the form: hex 0x0-0xffff, which means the user may choose a combination of letters and numbers ranging from a-f and from 0-9.
Page 278 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 5 - 41 CPU Interface Filtering Rule Configuration window (IP) Configure the following Access Rule Configuration settings for IP: Parameter Description Profile ID This is the identifier number for this profile set. Mode Select Permit to specify that the packets that match the access profile are forwarded by the Switch, according to any additional rule added (see below).
Page 279 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 5 - 42 CPU Interface Filtering Rule Display window (IP) The following window is the CPU Interface Filtering Rule Table for IPv6. Figure 5 - 43 CPU Interface Filtering Rule Table window (IPv6) To create a new rule set for an access profile click the Add Rule button.
Page 280 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 5 - 44 CPU Interface Filtering Rule Configuration window (IPv6) Configure the following Access Rule Configuration settings for IPv6: Parameter Description Profile ID This is the identifier number for this profile set. Mode Select Permit to specify that the packets that match the access profile are forwarded by the Switch, according to any additional rule added (see below).
Page 281 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 5 - 45 CPU Interface Filtering Rule Display window (IPv6) The following window is the CPU Interface Filtering Rule Table for Packet Content. Figure 5 - 46 CPU Interface Filtering Rule Table window (Packet Content)
Page 282 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch To remove a previously created rule, select it and click the button. To add a new Access Rule, click the Add Rule button: Figure 5 - 47 CPU Interface Filtering Rule Configuration window (Packet Content)
Page 283 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch The following parameters can be configured. Parameter Description Profile ID This is the identifier number for this profile set. Mode Select Permit to specify that the packets that match the access profile are forwarded by the Switch, according to any additional rule added (see below).
Page 284: Security
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Section 6 Security Authorization Attributes State Settings Traffic Control Port Security IP-MAC-Port Binding 802.1X Web-based Access Control (WAC) Trust Host BPDU Attack Protection Settings ARP Spoofing Prevention Settings Access Authentication Control MAC-based Access Control (MAC) Safeguard Engine...
Page 285: Traffic Control
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Traffic Control On a computer network, packets such as Multicast packets Broadcast packets continually flood the network as normal procedure. At times, this traffic may increase do to a malicious endstation on the network or a malfunctioning device, such as a faulty network card.
Page 286 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch • Storm Occurred – Will send Storm Trap warning messages upon the occurrence of a Traffic Storm only. • Storm Cleared – Will send Storm Trap messages when a Traffic Storm has been cleared by the Switch only.
Page 287: Port Security
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch NOTE: Ports that are in the Shutdown (Forever) mode will be seen as Discarding in Spanning Tree windows and implementations though these ports will still be forwarding BPDUs to the Switch’s CPU. NOTE: Ports that are in Shutdown (Forever) mode will be seen as link down in all windows and screens until the user recovers these ports.
Page 288: Port Security Entries
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch From / To A consecutive group of ports may be configured starting with the selected port. Admin State This pull-down menu allows the user to enable or disable Port Security (locked MAC address table for the selected ports).
Page 289: Ip-Mac-Port Binding
Switch offers IP-MAC-Port Binding (IMPB), a D-Link security application used most often on edge switches directly connected to network hosts. IMPB is also an integral part of D-Link’s End-to-End Security Solution (E2ES). The primary purpose of IP-MAC-Port Binding is to restrict client access to a switch by enabling administrators to configure pairs of client MAC and IP addresses that are allowed to access networks through a switch.
Page 290: Arp Inspection
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Strict and Loose State Other than ACL and ARP mode, users can also configure the state on a port for granular control. There are two states: Strict and Loose, and only one state can be selected per port.
Page 291: Impb Global Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 6 - 7 ARP Cache Poisoning When the user configures strict mode and enables IMPB on a port, ARP inspection is enabled. For an ARP inspection active port: All ARP packets should be captured to the CPU (including broadcast ARP and unicast ARP packets) and the CPU will make the decision to either forward or drop.
Page 292: Impb Port Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch The DHCP Snoop State field will enable and disable the DHCP Snooping option. To view this window, click Security > IP-MAC-Port Binding > IMPB Global Settings: Figure 6 - 9 IMPB Global Settings window The following parameters can be set: Parameter Description...
Page 293 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 6 - 10 IMPB Port Settings window The following fields can be set or modified: Parameter Description Unit Choose the Switch ID number of the Switch in the switch stack to be modified. From / To Select a port or range of ports to set for IP-MAC Binding.
Page 294: Impb Entry Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch packets. An example of this is that a malicious user can perform DoS attacks by statically configuring the ARP table on their PC. In this case, the Switch cannot block such attacks because the PC will not send out ARP packets.
Page 295: Dhcp Snoop Entries
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 6 - 11 IMPB Entry Settings window The following fields can be set or modified: Parameter Description IPv4 Address Click the radio button and enter the IPv4 address to bind to the MAC address set below. IPv6 Address Click the radio button and enter the IPv6 address to bind to the MAC address set below.
Page 296: Mac Block List
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch To view particular port settings, choose the unit - port number and click Find. To view all entries on the window, click View All. To delete an entry, enter the port number , choose the Clear Type, and click Clear. MAC Block List This window is used to view unauthorized devices that have been blocked by IP-MAC binding restrictions.
Page 297: 288
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch 802.1X 802.1X Port-based and Host-based Access Control The IEEE 802.1X standard is a security measure for authorizing and authenticating users to gain access to various wired or wireless devices on a specified Local Area Network by using a Client and Server based access control model.
Page 298 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 6 - 17 The Authentication Server Authenticator The Authenticator (the Switch) is an intermediary between the Authentication Server and the Client. The Authenticator serves two purposes when utilizing 802.1X. The first purpose is to request certification information from the Client through EAPOL packets, which is the only information allowed to pass through the Authenticator before access is granted to the Client.
Page 299: Authentication Process
Figure 6 - 20 The 802.1X Authentication Process The D-Link implementation of 802.1X allows network administrators to choose between two types of Access Control used on the Switch, which are: Port-based Access Control –...
Page 300 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Port-based Network Access Control Figure 6 - 21 Example of Typical Port-based Configuration Once the connected device has successfully been authenticated, the Port then becomes Authorized, and all subsequent traffic on the Port is not subject to access control restriction until an event occurs that causes the Port to become Unauthorized.
Page 301 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch MAC-Based Network Access Control Figure 6 - 22 Example of Typical MAC-Based Configuration In order to successfully make use of 802.1X in a shared media LAN segment, it would be necessary to create “logical” Ports, one for each attached device that required access to the LAN.
Page 302: 802.1X Port Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Guest VLANs On 802.1X security enabled networks, there is a need for non 802.1X supported devices to gain limited access to the network, due to the lack of the proper 802.1X software or incompatible devices, such as computers running Windows 98 or lower operating systems, or the need for guests to gain access to the network without full authorization or local authentication on the...
Page 303 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 6 - 24 Configure 802.1X Authenticator Parameter window To configure the settings by port, click its corresponding Modify button, which will display the following table to configure:...
Page 304 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 6 - 25 Configure 802.1X Port Settings window This screen allows setting of the following features: Parameter Description Unit Choose the Switch ID number of the Switch in the switch stack to be modified. From / To Enter the port or ports to be set.
Page 305: Guest Vlan Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch TXPeriod (1-65535) This sets the TXPeriod of time for the authenticator PAE state machine. This value determines the period of an EAP Request/Identity packet transmitted to the client. The default setting is 30 seconds.
Page 306: Authentication Radius Server Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Enabled ports – Selecting this option will enable ports listed in the Port List below, as part of the Guest VLAN. Be sure that these ports are configured for this VLAN or users will be prompted with an error message.
Page 307: 802.1X User Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch IPv6 Address Click the radio button and enter the RADIUS IPv6 address. Authentic UDP Port Set the RADIUS authentic server(s) UDP port. The default port is 1812. (1-65535) Accounting UDP Port Set the RADIUS account server(s) UDP port.
Page 308: Initialize Port(S)
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Confirm Password Re-enter the password entered in the field above. Click Apply to implement the changes. The new User will be displayed in the 802.1X User Table. To remove a user click the corresponding button.
Page 309: Reauthenticate Port(S)
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch From / To Select ports to be initialized. MAC Address The MAC address of the Switch connected to the corresponding port, if any. Port A read-only field indicating a port on the Switch. Auth PAE State The Authenticator PAE State will display one of the following: Initialize, Disconnected, Connecting, Authenticating, Authenticated, Aborting, Held, ForceAuth, ForceUnauth, and N/A.
Page 310 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 6 - 32 Reauthenticate Port(s) window (MAC-based 802.1X) To reauthenticate ports, first choose the switch in the switch stack by using the pull-down menu and then choose the range of ports in the From and To field.
Page 311: Web-Based Access Control (Wac)
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Web-based Access Control (WAC) Web-Based Authentication Login is a feature designed to authenticate a user when the user is trying to access the Internet via the Switch. The authentication process uses HTTP protocol.
Page 312: Wac Global Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch WAC Global Settings This window is used to enable and configure Web-based Access Control Global State on the Switch. To view this window, click Security > Web-based Access control (WAC) > WAC Global Settings, as shown below. Figure 6 - 33 WAC Global State window The following parameters can be configured: Parameter...
Page 313: Wac Port Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch configured to be an IPv6 address that exists on the subnet. HTTP(S) Ports(1- This function specifies the TCP port that will be used to identify the HTTP or HTTPS 65535) packets to be trapped to the CPU for the authentication process.
Page 314 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 6 - 34 WAC Port Settings window The following parameters can be configured: Parameter Description Unit Use the drop-down menu to select the unit you wish to configure. From / To Enter the range of ports you wish to configure.
Page 315: Wac User Account
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Block Time (0-300 This parameter specifies the period of time a host will keep in a blocked state after it fails sec) to authenticate. Enter a value between 0 and 300 seconds. The default setting is 60 seconds.
Page 316: Wac Authentication State
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 6 - 37 User Account Modify window The following parameters can be configured: Parameter Description User Name Enter a user name for the new account. Old Password Enter the original password for the user.
Page 317: Trust Host
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 6 - 38 WAC Host Table Settings window The following parameters can be configured: Parameter Description Port List Enter the ports you wish to Find or Delete. Check the All Ports box to select all ports. State Select the state of the ports.
Page 318 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 6 - 39 Security IP window To configure secure IP addresses for trusted host management of the Switch, type the IP address of the station you are currently using in the first field as well as up to three additional IP addresses of trusted hosts.
Page 319: Bpdu Attack Protection Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch BPDU Attack Protection Settings This window is used to configure the BPDP protection function for the ports on the Switch. In generally, there are two states in BPDU protection function.
Page 320: Arp Spoofing Prevention Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch The following parameters can be configured: Parameter Description Global State Enable or disable the BPDU attack protection global state. Trap State Enable or disable the BPDU attack trap state. Log State Enable or disable the BPDU attack log state.
Page 321: Access Authentication Control
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Parameter Description Gateway IP Address Enter the gateway IP address. Gateway MAC Enter the gateway MAC address. Address Ports Enter the port or range of ports to be configured. Alternatively, tick the All Ports check box to configure all of the ports.
Page 322 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch NOTE: TACACS, XTACACS and TACACS+ are separate entities and are not compatible. The Switch and the server must be configured exactly the same, using the same protocol. (For example, if the Switch is set up for TACACS authentication, so must be the host server.)
Page 323: Authentication Policy And Parameter Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Authentication Policy and Parameter Settings This command will enable an administrator-defined authentication policy for users trying to access the Switch. When enabled, the device will check the Login Method List and choose a technique for user authentication upon login. To view this window, click Security >...
Page 324: Authentication Server Group
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Parameter Description Application Lists the configuration applications on the Switch. The user may configure the Login Method List and Enable Method List for authentication for users utilizing the Console (Command Line Interface) application, the Telnet application, SSH and the Web (HTTP) application.
Page 325: Authentication Server Host
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 6 - 45 Add a Server Host to Server Group - XTACACS window To add an Authentication Server Host to the list, enter its IP address in the IP Address field, choose the protocol associated with the IP address of the Authentication Server Host and click Add to Group to add this Authentication Server Host to the group.
Page 326 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 6 - 47 Authentication Server Host window To add an Authentication Server Host, click the Add button, revealing the following window: Figure 6 - 48 Authentication Server Host Setting - Add window Configure the following parameters to add an Authentication Server Host: Parameter Description...
Page 327: Login Method Lists
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch NOTE: More than one authentication protocol can be run on the same physical server host but, remember that TACACS/XTACACS/TACACS+ are separate entities and are not compatible with each other. Login Method Lists This command will configure a user-defined or default Login Method List of authentication techniques for users logging on to the Switch.
Page 328: Enable Method Lists
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 6 - 51 Login Method List – Add window To define a Login Method List, set the following parameters and click Apply: Parameter Description Method List Name Enter a method list name defined by the user of up to 15 characters.
Page 329 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch NOTE: To set the Local Enable Password, see the next section, entitled Local Enable Password. To view this window, click Security > Access Authentication Control > Enable Method Lists, as shown below. Figure 6 - 52 Enable Method Lists window To delete an Enable Method List defined by the user, click the under the Delete heading corresponding to the entry desired to...
Page 330: Configure Local Enable Password
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch To define an Enable Login Method List, set the following parameters: Parameter Description Method List Name Enter a method list name defined by the user of up to 15 characters. The user may add one, or a combination of up to four of the following authentication methods Method 1, 2, 3, 4 to this method list:...
Page 331: Enable Admin
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Enable Admin The Enable Admin window is for users who have logged on to the Switch on the normal user level, and wish to be promoted to the administrator level.
Page 332: Radius Accounting Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch RADIUS Accounting Settings The Accounting feature of the Switch uses a remote RADIUS server to collect information regarding events occurring on the Switch. The following is a list of information that will be sent to the RADIUS server when an event triggers the Switch to send these informational packets.
Page 333 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch There are three types of Accounting that can be enabled on the Switch. Network – When enabled, the Switch will send informational packets to a remote RADIUS server when 802.1X users connect to the physical ports on the switch to access the network.
Page 334: Mac-Based Access Control (Mac)
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch MAC-based Access Control (MAC) The MAC-based Access Control feature will allow users to configure a list of MAC addresses, either locally or on a remote RADIUS server, to be authenticated by the Switch and given access rights based on the configurations set on the Switch of the target VLAN where these authenticated users are placed.
Page 335 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 6 - 58 MAC-based Access Control Global Settings window...
Page 336 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch The following parameters may be viewed or set: Parameter Description MAC-based Access Control Global Settings State Use the pull-down menu to globally enable or disable the MAC-based Access Control function on the Switch.
Page 337: Mac-Based Access Control Local Mac Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Aging Time (1-1440 min) Specifies a time period (configurable per port) between 1-1440 minutes, during which an authenticated host will stay in an authenticated state. When the aging time has expired, the host will be moved back to an unauthenticated state.
Page 338: Safeguard Engine
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Safeguard Engine Periodically, malicious hosts on the network will attack the Switch by utilizing packet flooding (ARP Storm) or other methods. These attacks may increase the switch load beyond its capability. To alleviate this problem, the Safeguard Engine function was added to the Switch’s software.
Page 339: Safeguard Engine Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch NOTICE: When Safeguard Engine is enabled, the Switch will allot bandwidth to various traffic flows (ARP, IP) using the FFP (Fast Filter Processor) metering table to control the CPU utilization and limit traffic.
Page 340: Traffic Segmentation
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch flow to the CPU by dynamically allotting an even bandwidth to all traffic flows. Strict – If selected, this function will stop accepting all ARP packets not intended for the Switch, and will stop receiving all unnecessary broadcast IP packets, until the storm has subsided.
Page 341: Secure Socket Layer (Ssl)
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 6 - 65 Setup Forwarding Ports window ® Configuring traffic segmentation on the xStack DGS-3400 Series is accomplished in two parts. First, select a switch in the switch stack by using the Unit pull-down menu, and then specify a port from the switch, using the Port pull-down menu.
Page 342: Ssl
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch This window is used to download a certificate file for the SSL function on the Switch from a TFTP server. The certificate file is a data record used for authenticating devices on the network. It contains information on the owner, keys for authentication and digital signatures.
Page 343: Secure Shell (Ssh)
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Key File Name Enter the path and the filename of the key file to download. This file must have a .der extension (Ex. c:/pkey.der) Configuration SSL Status Use the pull-down menu to enable or disable the SSL status on the switch.
Page 344: Ssh Server Configuration
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Configure the encryption algorithm that SSH will use to encrypt and decrypt messages sent between the SSH client and the SSH server, using the SSH Authentication Mode and Algorithm Settings window. Finally, enable SSH on the Switch using the SSH Server Configuration window.
Page 345: Ssh Authentication Mode And Algorithm Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch and 60 min. The default setting is Never. Listened Port Enter the virtual port number to be used with this feature. The common port number for SSH Number is 22.
Page 346 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch default. Public Key This field may be Enabled or Disabled to choose if the administrator wishes to use a public key configuration set on a SSH server, for authentication. This field is Enabled by default.
Page 347: Ssh User Authentication Mode
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch SSH User Authentication Mode The following windows are used to configure parameters for users attempting to access the Switch through SSH. To view this window, click Security > SSH > SSH User Authentication Mode, as shown below. Figure 6 - 69 SSH User Authentication Mode window In the example above, the User Account “RG”...
Page 348: Compound Authentication
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch must be a previously configured user account on the Switch. Auth. Mode The administrator may choose one of the following to set the authorization for users attempting to access the Switch.
Page 349: Compound Authentication Global Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch 802.1X + IMPB Mode This mode adds an extra layer of security by checking the IP MAC-Binding Port Binding (IMPB) table before trying one of the supported authentication methods. The IMPB Table is used to create a “white list”...
Page 350: Compound Authentication Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Permit If Permit is selected, the client is always regarded as an authenticated. If the guest VLAN enabled, the client will stay at the guest VLAN, otherwise, it will stay at the original VLAN. Click Apply to implement the changes.
Page 351 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 6 - 78 Multiple Authentication Settings window The following parameters may be set: Parameter Description Unit Choose the Unit ID of the switch in the switch stack you wish to configure. From / To Select a port or range of ports to be configured.
Page 352: Authentication Guest Vlan Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Methods None – Specifies that multiple authentication is not enabled. Any – Specifies that a client will gain access if it passes any of the authentication methods (802.1X, MAC, or JWAC/WAC).
Page 353: Japanese Web-Based Access Control (Jwac)
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Japanese Web-based Access Control (JWAC) The JWAC folder contains six windows: JWAC Global Configuration, JWAC Port Settings, JWAC User Account, JWAC Host Information, JWAC Customize Page Language Settings and JWAC Customize Page. JWAC Global Settings Use this window to enable and configure Japanese Web-based Access Control on the Switch.
Page 354 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 6 - 81 JWAC Global State Configuration window...
Page 355 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch To set JWAC for the Switch, complete the following fields: Parameter Description JWAC Global State Settings JWAC Global State Use this drop-down menu to either enable or disable JWAC on the Switch. JWAC Configuration Forcible Logout This parameter enables or disables JWAC Forcible Logout.
Page 356: Jwac Port Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Error Timeout (5-300 This parameter is used to set the Quarantine Server Error Timeout. When the Quarantine sec) Server Monitor is enabled, the JWAC Switch will periodically check if the Quarantine works okay.
Page 357 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 6 - 82 JWAC Port Table Parameter window To configure individual JWAC port settings, click the Add button, the following window will be displayed:...
Page 358 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 6 - 83 JWAC Port Table Parameter - Add window To configure the settings by port, click the corresponding Modify button, which will display the following window: Figure 6 - 84 J JWAC Port Table Parameter - Edit window To set the JWAC on individual ports for the Switch, complete the following fields: Parameter...
Page 359: Jwac User Account
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch min) 1440 minutes. To maintain a constant Port Configuration, tick the Infinite check box. Idle Time (1-1440 This parameter specifies the period of time during which there is no traffic for an Minutes) authenticated host and the host will be moved back to the unauthenticated state.
Page 360: Jwac Authentication State
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch To view JWAC user settings for the Switch, click the Show All JWAC User Account Entries link, to view the following window: Figure 6 - 87 JWAC User Accounts window To add another JWAC user account to the Switch, click the Add button, to clear all the existing entries, click the Clear All button.
Page 361: Jwac Customize Page Language Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 6 - 89 JWAC Authentication State Table window To search for Hosts, enter the Port list information and click the Search button. To clear an entry, enter the Port list information and click the Delete button.
Page 362: Jwac Customize Page
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch JWAC Customize Page This window is used to customize fields in the JWAC Customize page. To view this window, click Security > Japanese Web-based Access Control (JWAC) > JWAC Customize Page, as shown below.
Page 363: Monitoring
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Section 7 Monitoring Device Status Stacking Information Stacking Device Module Information DRAM & Flash Utilization CPU Utilization Port Utilization Packets Errors Packet Size Browse Router Port Browse MLD Router Port VLAN Status VLAN Status Port Port Access Control...
Page 364: Stacking Information
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch The following fields may be viewed in this window: Parameter Description Specifies the Switch in the Switch Stack that is being displayed. Internal Power Displays Active if the internal power supply is powering the system. External Power (RPS) Displays Active if the RPS is powering the system.
Page 365: Stacking Device
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Exist Denotes whether a switch does or does not exist in a stack. Priority Displays the priority ID of the Switch. The lower the number, the higher the priority. The box (switch) with the lowest priority number in the stack denotes the Primary Master switch.
Page 366: Dram & Flash Utilization
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Module Name The full name of the module installed. Rev. No. The version of the installed module. Serial The serial number of the module. Description A brief description of the type of module. DRAM &...
Page 367: Cpu Utilization
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch CPU Utilization This window displays the percentage of the CPU being used, expressed as an integer percentage and calculated as a simple average by time interval. To view this window, click Monitoring > CPU Utilization, as shown below. Figure 7 - 6 CPU Utilization graph To view the CPU utilization by port, use the real-time graphic of the Switch and/or switch stack at the top of the web page by simply clicking on a port.
Page 368: Port Utilization
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Port Utilization This window displays the percentage of the total available bandwidth being used on the port. To view this window, click Monitoring > Port Utilization, as shown below. Figure 7 - 7 Port Utilization window To select a port to view these statistics for, first select the Switch in the switch stack by using the Unit pull-down menu and then select the port by using the Port pull-down menu.
Page 369: Packets
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Packets The Web Manager allows various packet statistics to be viewed as either a line graph or a table. Six windows are offered. Received (RX) This window displays the following graph of packets received on the Switch. To select a port to view these statistics for, first select the Switch in the switch stack by using the Unit pull-down menu and then select the port by using the Port pull-down menu.
Page 370 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 7 - 9 RX Packets Analysis Table window The following fields may be set or viewed: Parameter Description Time Interval Select the desired setting between 1s and 60s, where “s” stands for seconds. The default value is one second.
Page 371: Umb Cast (Rx)
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch UMB Cast (RX) To select a port to view these statistics for, first select the Switch in the switch stack by using the Unit pull-down menu and then select the port by using the Port pull-down menu.
Page 372 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 7 - 11 RX Packets Analysis window (table for Unicast, Multicast, and Broadcast Packets) The following fields may be set or viewed: Parameter Description Time Interval Select the desired setting between 1s and 60s, where “s”...
Page 373: Transmitted (Tx)
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Transmitted (TX) To select a port to view these statistics for, first select the Switch in the switch stack by using the Unit pull-down menu and then select the port by using the Port pull-down menu.
Page 374 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 7 - 13 TX Packets Analysis window (table for Bytes and Packets) The following fields may be set or viewed: Parameter Description Time Interval Select the desired setting between 1s and 60s, where “s” stands for seconds. The default value is one second.
Page 375: Errors
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Errors The Web Manager allows port error statistics compiled by the Switch's management agent to be viewed as either a line graph or a table. Four windows are offered. Received (RX) To select a port to view these statistics for, first select the Switch in the switch stack by using the Unit pull-down menu and then select the port by using the Port pull-down menu.
Page 376 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 7 - 15 RX Error Analysis window (table) The following fields can be set: Parameter Description Time Interval Select the desired setting between 1s and 60s, where “s” stands for seconds. The default value is one second.
Page 377: Transmitted (Tx)
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch VLANIngDr Incremented for each packet that is discarded by VLAN ingress checking. Show/Hide Check whether or not to display CRC Error, Under Size, Over Size, Fragment, Jabber, and Drop errors.
Page 378 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 7 - 17 TX Error Analysis window (table) The following fields may be set or viewed: Parameter Description Time Interval Select the desired setting between 1s and 60s, where “s” stands for seconds. The default value is one second.
Page 379: Packet Size
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Packet Size The Web Manager allows packets received by the Switch, arranged in six groups and classed by size, to be viewed as either a line graph or a table. Two windows are offered. To select a port to view these statistics for, first select the Switch in the switch stack by using the Unit pull-down menu and then select the port by using the Port pull down menu.
Page 380 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch To view the Packet Size Analysis Table window, click the link View Table, which will show the following table: Figure 7 - 19 RX Size Analysis window (table) The following fields can be set or viewed: Parameter Description...
Page 381: Browse Router Port
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch 512-1023 The total number of packets (including bad packets) received that were between 512 and 1023 octets in length inclusive (excluding framing bits but including FCS octets). 1024-1518 The total number of packets (including bad packets) received that were between 1024 and 1518 octets in length inclusive (excluding framing bits but including FCS octets).
Page 382: Browse Mld Router Port
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Browse MLD Router Port This displays which of the Switch’s ports are currently configured as router ports in IPv6. A router port configured by a user (using the console or Web-based management interfaces) is displayed as a static router port, designated by S. A router port that is dynamically configured by the Switch is designated by D and a Forbidden port is designated by F.
Page 383: Vlan Status Port
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch VLAN Status Port This window allows the VLAN status for each of the Switch's ports to be viewed. To view settings for a particular port, enter the port number and click Find.
Page 384: Authenticator Statistics
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch MAC Address Displays the MAC address of the client that is present when configured in mac based mode. It displays “-p” when configured in port based mode. State The Authenticator State value can be: Authenticated, Authenticating, or blocked.
Page 385: Authenticator Diagnostics
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Authenticator Diagnostics This table contains the diagnostic information regarding the operation of the Authenticator associated with each port. An entry appears in this table for each port that supports the Authenticator function. Enter the ports you wish to view and click Search. To view this window, click Monitoring >...
Page 386 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Parameter Description InvalidServerAddresses The number of RADIUS Accounting-Response packets received from unknown addresses. Identifier The NAS-Identifier of the RADIUS accounting client. (This is not necessarily the same as sysName in MIB II.) ServerAddr The (conceptual) table listing the RADIUS accounting servers with which the client shares a secret.
Page 387: Mac Address Table
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch MAC Address Table This allows the Switch's dynamic MAC address forwarding table to be viewed. When the Switch learns an association between a MAC address and a port number, it makes an entry into its forwarding table. These entries are then used to forward packets through the Switch.
Page 388: Igmp Snooping Group
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch IGMP Snooping Group This window allows the Switch’s IGMP Snooping Group Table to be viewed. IGMP Snooping allows the Switch to read the Multicast Group IP address and the corresponding MAC address from IGMP packets that pass through the Switch. To view this window, click Monitoring >...
Page 389: Mld Snooping Group
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch MLD Snooping Group The following window allows the user to view MLD Snooping Groups present on the Switch. MLD Snooping is an IPv6 function comparable to IGMP Snooping for IPv4. The user may browse this table by VLAN Name present in the switch by entering that VLAN Name in the empty field shown below, and clicking the Search button.
Page 390: Trace Route
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Trace Route The following window will aid the user in back tracing the route taken by a packet before arriving at the Switch. When initiated, the Trace Route program will display the IP addresses of the previous hops a packet takes from the Target IP Address entered in the window, until it reaches the Switch.
Page 391: Trace Ipv6 Route
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Trace IPv6 Route To view this window, click Monitoring > Trace Route > Trace IPv6 Route, as shown below. Figure 7 - 36 Trace IPv6 Route window The following parameter can be configured: Parameter Description...
Page 392: Switch Logs
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Switch Logs The Web manager allows the Switch's history log, as compiled by the Switch's management agent, to be viewed. To view this window, click Monitoring > Switch Log, as shown below. Figure 7 - 37 Switch History Logs window The information in the table is categorized as: Parameter...
Page 393: Browse Arp Table
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Browse ARP Table This window will show current ARP entries on the Switch. To search a specific ARP entry, enter an interface name into the Interface Name, an IP Address or a MAC Address, and click Find. To clear the ARP Table, click Clear All. To view this table, click Monitoring >...
Page 394: Ip Forwarding Table
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch IP Forwarding Table The IP Forwarding Table window is read-only where the user may view IP addresses discovered by the Switch. To search a specific IP address, enter it into the field labeled IP Address at the top of the window and click Find to begin your search. The view this window, click Monitoring >...
Page 395: Browse Ipv6 Routing Table
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Browse IPv6 Routing Table To view this window, click Monitoring > Routing Table > Browse IPv6 Routing Table, as shown below. Figure 7 - 42 IPv6 Routing Table window MAC-based Access Control Authentication Status To clear MAC-based Access Control Authentication entries enter the appropriate information and click Delete.
Page 396: Save, Reset And Reboot
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Section 8 Save, Reset and Reboot Reset Reboot System Save Services Logout Reset The Reset function has several options when resetting the Switch. Some of the current configuration parameters can be retained while resetting all other configuration parameters to their factory defaults.
Page 397: Save Services
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Click the No radio button for not saving the current configuration before restarting the Switch. All of the configuration information entered from the last time Save Changes was executed will be lost. Click the Restart button to restart the Switch.
Page 398: Configuration Information
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Configuration Information The following window is used to view information regarding configuration files saved in the Switch. The Switch can hold two configuration files in its memory. Configuration Files can be uploaded to the Switch using the TFTP services located in the Administration folder.
Page 399: Current Configuration Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Current Configuration Settings The following window is used to select one of the two possible configuration files that can be stored in the Switch as a boot up configuration file, or to select it for deletion from the Switch’s memory.
Page 400: Appendix A
LAN (known as ARP spoofing). This document is intended to introduce the ARP protocol, ARP spoofing attacks, and the countermeasures brought by D-Link’s switches to thwart ARP spoofing attacks. In the process of ARP, PC A will first issue an ARP request to query PC B’s MAC address. The network structure is shown in Figure 1.
Page 401 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 When the switch floods the frame of ARP request to the network, all PCs will receive and examine the frame but only PC B will reply the query as the destination IP matched (see Figure 3).
Page 402: How Arp Spoofing Attacks A Network
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Forwarding Table Port1 00-20-5C-01-11-11 Port2 00-20-5C-01-22-22 How ARP Spoofing Attacks a Network ARP spoofing, also known as ARP poisoning, is a method to attack an Ethernet network which may allow an attacker to sniff data frames on a LAN, modify the traffic, or stop the traffic altogether (known as a Denial of Service –...
Page 403: Prevent Arp Spoofing Via Packet Content Acl
Figure 5 Prevent ARP Spoofing via Packet Content ACL D-Link managed switches can effectively mitigate common DoS attacks caused by ARP spoofing via a unique Package Content ACL. For the reason that basic ACL can only filter ARP packets based on packet type, VLAN ID, Source, and Destination MAC information, there is a need for further inspections of ARP packets.
Page 404 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Example topology...
Page 405 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Configuration The configuration logic is as follows: Only if the ARP matches Source MAC address in Ethernet, Sender MAC address and Sender IP address in ARP protocol can pass through the switch.
Page 406 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch...
Page 407: Appendix B
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Appendix B Switch Log Entries The following table lists all possible entries and their corresponding meanings that will appear in the System Log of this Switch. Category Event Description Log Information Severity Remark...
Page 408 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Configuration Configuration successfully by console and “IP: <ipaddr>, successfully downloaded by console MAC: <macaddr>“ are XOR downloaded (Username: <username>, IP: shown in log string, which Informational <ipaddr>) means if user login by console, will no IP and MAC information for logging...
Page 409 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch will no IP and MAC information for logging Console Successful login Unit <unitID>, Successful login There are no IP and MAC if through Console through Console (Username: login by console.
Page 410 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch <unitID:portNum>) CIST New Root CIST New Root bridge selected selected (MAC: <macaddr>, Priority: Informational <int>) MSTI Root MSTI Regional New Root bridge Selected selected (Instance: Informational <isntanceID>, MAC: <macaddr>, Priority: <int>) BPDU Loop Back BPDU Loop Back on Ports...
Page 411 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch method <username>) Successful login Successful login through Web through Web (SSL) (SSL) from <userIP> authenticated by authenticated by AAA local Informational AAA local method method (Username: <username>) Login failed through Login failed through Web (SSL) Web (SSL)
Page 412 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Login failed through Login failed through Console Console due to due to AAA server timeout or AAA server timeout improper configuration Warning or improper (Username: <username>) configuration Successful login Successful login through Web through Web...
Page 413 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch configuration <username>) Successful Enable Successful Enable Admin Admin through through Console authenticated Console by AAA local_enable method Informational authenticated by (Username: <username>) AAA local_enable method Enable Admin failed Enable Admin failed through through Console Console authenticated by AAA...
Page 414 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Successful Enable Successful Enable Admin Admin through through Console authenticated Console by AAA none method Informational authenticated by (Username: <username>) AAA none method Successful Enable Successful Enable Admin Admin through Web through Web from <userIP>...
Page 415 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch <username>) Enable Admin failed Enable Admin failed through Web (SSL) from <userIP> through Web (SSL) authenticated by authenticated by AAA server Warning AAA server <serverIP> (Username: <username>) Enable Admin failed through Enable Admin failed Web (SSL) from <userIP>...
Page 416 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Dynamic IMPB Dynamic IMPB entry is conflict entry is in conflict with static ARP(IP: <ipaddr>, Warning with static ARP MAC: <macaddr>, Port <[unitID:]portNum>) Dynamic IMPB Dynamic IMPB entry conflicts with static IMPB: <ipaddr>, entry conflicts with Warning...
Page 417 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch The authorized number of users on Port < [unitID:]portNum> enters a port has reached Warning MBAC stop learning state. the maximum user limit. The authorized number of users on a port is below the Port <[unitID:]portNum>...
Page 418: Appendix C
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch whole device. This log will be triggered when the authorized user number is below WAC recovers from stop the max user limit Warning learning state. on whole device in a time interval (interval is project depended)
Page 419 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch VlanLoopRestart This trap is sent when a Port with a VID 1.3.6.1.4.1.171.11.70.1.2.16.1.2.0 loop restarts after the interval time. .0.6 1.3.6.1.4.1.171.11.70.2.2.16.1.2.0 .0.6 1.3.6.1.4.1.171.11.70.3.2.16.1.2.0 .0.6 1.3.6.1.4.1.171.11.70.7.2.16.1.2.0 .0.6 CpuProtectChgToExhausted This trap indicates System change 1.3.6.1.4.1.171.12.19.4.1.0.1 operation mode from normal to exhausted.
Page 420 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch SingleIPMSAuthFail The commander switch will send 1.3.6.1.4.1.171.12.8.6.0.15 swSingleIPMSAuthFail notification to the indicated host when its member generates an authentation failure notification SingleIPMSnewRoot The commander switch will send 1.3.6.1.4.1.171.12.8.6.0.16 swSingleIPMSnewRoot notification to the indicated host when its member generates...
Page 421 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch PowerRecover Power Recover notification. The notification 1.3.6.1.4.1.171.12.11.2.2.2.0.3 is issued when the swPowerStatus changes in the following cases: fail -> lowVoltage. fail -> overCurrent. fail -> working. agentGratuitousARPTrap This trap is sent when there is an IP 1.3.6.1.4.1.171.12.1.7.2.0.5 address conflict.
Page 422 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch its election. Implementation of this trap is optional. topologyChange A topologyChange trap is sent by a bridge 1.3.6.1.2.1.17.0.2 when any of its configured ports transitions from the Learning state to the Forwarding state, or from the Forwarding state to the Blocking state.
Page 423: Glossary
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Glossary 1000BASE-SX: A short laser wavelength on multimode fiber optic cable for a maximum length of 550 meters 1000BASE-LX: A long wavelength for a “long haul” fiber optic cable for a maximum length of 10 kilometers 100BASE-FX: 100Mbps Ethernet implementation over fiber.
Page 424 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch line speed: See baud rate. main port: The port in a resilient link that carries data traffic in normal operating conditions. MDI - Medium Dependent Interface: An Ethernet port connection where the transmitter of one device is connected to the receiver of another device.

This manual is also suitable for:

Dgs-3450 - xstack switch - stackable Dgs-3426p - xstack switch - stackable Xstack dgs-3400 series

D-Link DGS-3427 - xStack Switch - Stackable Product Manual

Web-Based Switch Configuration

Administration

L2 Features

Qos

ACL (Access Control List)

Security

Quick Links

Related Manuals for D-Link DGS-3427 - xStack Switch - Stackable

Summary of Contents for D-Link DGS-3427 - xStack Switch - Stackable