Download Print this page

D-Link xStack User Manual

Layer 2+ gigabit ethernet managed switch

Hide thumbs Also See for xStack:

Reference manual (1284 pages)

,

Hardware installation manual (71 pages)

,

Software manual (160 pages)

Table Of Contents

page of 357

/ 357
Contents
Table of Contents
Bookmarks

Table of Contents

Advertisement

Quick Links

Download this manual See also: Reference Manual

®

xStack

DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch

®

User Manual

®

DGS-3400 Series

Product Model:

xStack

Layer 2+ Gigabit Ethernet Managed Switch

Release 2.6

i

Table of Contents

Advertisement

Table of Contents

Need help?

Need help?

Do you have a question about the xStack and is the answer not in the manual?

Questions and answers

Summary of Contents for D-Link xStack

Page 1: User Manual
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch ® User Manual ® DGS-3400 Series Product Model: xStack Layer 2+ Gigabit Ethernet Managed Switch Release 2.6...
Page 2 Corporation. Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products. D-Link Corporation disclaims any proprietary interest in trademarks and trade names other than its own.
Page 3: Table Of Contents
Table of Contents Intended Readers................................... xi Typographical Conventions ...................................xi Notes, Notices, and Cautions ................................ xi Web-based Switch Configuration........................1 Introduction....................................1 Logging in to the Web Manager ..............................1 Web-based User Interface ................................2 Areas of the User Interface ..................................2 ...
Page 4 User Accounts ....................................29 Password Encryption..................................30 Port Mirroring ....................................31 Mirroring within the Switch Stack................................32 System Log ....................................32 System Log Host......................................32 System Log Save Mode Settings...................................34 System Severity Settings................................34 ...
Page 5 DHCP Server Screening Global Settings ..............................63 DHCP Server Screening Port Settings ................................64 Layer 2 Protocol Tunneling (L2PT) Settings ..........................65 RSPAN......................................66 RSPAN State Settings....................................66 RSPAN Settings......................................66 SNMP Manager.................................... 69 SNMP Settings......................................69 ...
Page 6 Default VLANs......................................107 Port-based VLANs......................................108 VLAN Segmentation....................................108 VLAN and Trunk Groups ...................................108 Protocol VLANs ......................................108 Static VLAN Entry .....................................109 GVRP Settings ......................................111 Double VLANs ......................................112 Regulations for Double VLANs ................................113 Double VLAN Settings....................................114 ...
Page 7 Multicast Forwarding....................................154 Multicast Filtering Mode.....................................155 LLDP......................................155 LLDP Global Settings....................................156 Basic LLDP Port Settings ...................................157 802.1 Extension LLDP Port Settings ................................158 802.3 Extension LLDP Port Settings ................................160 LLDP Management Address Settings .................................162 ...
Page 8 802.1X......................................230 Guest VLANs......................................235 Limitations Using the Guest VLAN ..............................235 Configure 802.1X Guest VLAN .................................235 Configure 802.1X Authenticator.................................237 802.1X User ........................................240 Initialize Port(s) ......................................240 Reauthenticate Port(s) ....................................242 Authentic RADIUS Server..................................243 Web-based Access Control (WAC) ............................
Page 9 JWAC User Account....................................287 JWAC Host Information .....................................288 JWAC Customize Page Language Settings..............................289 JWAC Customize Page....................................289 Monitoring ..............................290 Device Status....................................290 Stacking Information.................................. 291 Stacking Device ..................................292 Module Information ................................... 292 CPU Utilization..................................
Page 10 Appendix A ..............................322 Mitigating ARP Spoofing Attacks Using Packet Content ACL ........................322 Appendix B ..............................329 Switch Log Entries......................................329 Appendix C ..............................340 Trap Logs........................................340 Glossary ................................345 ...
Page 11: Intended Readers
DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Intended Readers ® The xStack DGS-3400 Series Manual contains information for setup and management of the Switch. This manual is intended for network managers familiar with network management concepts and terminology. Typographical Conventions...
Page 12: Web-Based Switch Configuration
Web Pages Introduction ® All software functions of the xStack DGS-3400 Series switches can be managed, configured and monitored via the embedded web-based (HTML) interface. Manage the Switch from remote stations anywhere on the network through a standard browser. The browser acts as a universal access tool and can communicate directly with the Switch using the HTTP protocol.
Page 13: Web-Based User Interface
Area 1 Select the menu or window to display. Open folders and click the hyperlinked menu buttons and subfolders contained within them to display menus. Click the D-Link logo to go to the D-Link website. Area 2 Presents a graphical near real-time image of the front panel of the Switch. This area displays the Switch's ports and expansion modules, showing port activity, duplex mode, or flow control, depending on the specified mode.
Page 14: Web Pages
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Web Pages When connecting to the management mode of the Switch with a Web browser, a login screen is displayed. Enter a user name and password to access the Switch's management mode.
Page 15: Administration
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Section 2 Administration DGS-3400 Web Management Tool IP Address Interface Settings Stacking Port Configuration User Accounts Password Encryption Port Mirroring System Log System Severity Settings SNTP Settings MAC Notification Settings...
Page 16: Device Information
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Device Information The Device Information window contains the main settings for all major functions for the Switch. It appears automatically when you log on to the Switch. To return to the Device Information window after viewing other windows, click the DGS-3400 Web Management Tool folder.
Page 17 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Aging Time without being accessed (that is, how long a learned MAC Address is allowed to remain idle). To change this, type in a different value representing the MAC address age-out time in seconds.
Page 18: Ipv6
ARP Aging time The default setting is 20 minutes. Click Apply to implement changes made. IPv6 ® The xStack DGS-3400 has the capability to support the following: • IPv6 unicast, multicast and anycast addresses • Allow for IPv6 packet forwarding •...
Page 19: Packet Format
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Packet Format As in IPv4, the IPv6 packet consists of the packet header and the payload, but the difference occurs in the packet header which has been amended and improved for better packet flow and processing. The following will outline and detail the IPv6 enhancements and parts of the IPv6 packet, with special attention to the packet header.
Page 20: Extension Headers
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Extension Headers Extension headers are used to identify optional parameters regarding IPv6 packets such as routing, fragmentation of packets or authentication parameters. The types of extension headers supported are Hop-by-Hop, Routing, Fragment, Destination Options, Authentication and Encapsulating Security Payload.
Page 21: Types
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch set of xxxx represents a 16-bit hexadecimal value (ex. 2D83:0C76:3140:0000:0000:020C:417A:3214). Although this address looks long and cumbersome, there are some compression rules that will shorten the format of the IPv6 address to make it more compatible to the user.
Page 22: Icmpv6
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch ICMPv6 Network professionals are already very familiar with ICMP for IPv4, which is an essential tool in the IPv4 network, relaying messages about network problems and the general condition of the network. ICMPv6 is the successor to the IPv4 version and performs many of the same basic functions as its precursor, yet is not compatible with ICMPv4.
Page 23: Duplicate Address Detection (Dad)
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Duplicate Address Detection (DAD) DAD messages are used to specify that there is more than one node on a local link possessing the same IP address. IPv6 addresses are only leased for a defined period of time. When that time expires, the address will become invalid and another address must be addressed to the node.
Page 24: Ip Address
The IP Address may initially be set using the console interface prior to connecting to it through the Ethernet. If the Switch IP ® address has not yet been changed, read the introduction of the xStack DGS-3400 Series CLI Manual or return to Section 4 of this manual for more information.
Page 25: Setting The Switch's Ip Address Using The Console Interface
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Description BOOTP The Switch will send out a BOOTP broadcast request when it is powered up. The BOOTP protocol allows IP addresses, network masks, and default gateways to be assigned by a central BOOTP server.
Page 26: Interface Settings
The IP address may initially be set using the console interface prior to connecting to it through the Ethernet. If the Switch IP ® address has not yet been changed, read the introduction of the xStack DGS-3400 Series CLI Manual or return to Section 4 of this manual for more information.
Page 27: Ipv6 Interface Settings
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch fields. Pull the Interface Admin State pull-down menu to Enabled and click Apply to enter to make the IP interface effective. To view entries in the IP Interface Settings, click the Show All IP Interface Entries hyperlink.
Page 28 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 2 - 8 IPv6 Interface Settings – Edit The following fields may be viewed or modified. Click Apply to set the changes made. Parameter Description This field displays the name for the IP interface or it is used to add a new interface or Interface Name change an existing interface name.
Page 29 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Use the pull-down menu to enable or disable configuration on this interface. Interface Admin State Hop Limit This field sets the number of nodes that this Router Advertisement packet will pass before being dropped.
Page 30: Stacking
Stacking ® From firmware release v2.00 of this Switch, the xStack DGS-3400 series now supports switch stacking, where a set of twelve switches can be combined to be managed by one IP address through Telnet, the GUI interface (web), the console port or through SNMP.
Page 31: Stack Switch Swapping
Stack Switch Swapping ® The stacking feature of the xStack DGS-3400 supports “hot swapping” of switches in and out of the running stack. Users may remove or add switches to the stack without powering down or largely affecting the transfer of data between switches in the stack, with a few minor provisions.
Page 32: Stacking Mode Settings
Box Information ® This window is used to configure stacking parameters associated with all switches in the xStack DGS-3400 Series. The user may configure parameters such as box ID, box priority and pre-assigning model names to switches to be entered into the switch stack.
Page 33 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 2 - 12 Box Information window Parameter Description Current Box ID The Box ID of the switch in the stack to be configured. New Box ID The new box ID of the selected switch in the stack that was selected in the Current Box ID field.
Page 34: Port Configuration
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Port Configuration To view this window, click Administration > Port Configuration > Port Configuration, as shown on the right: To configure switch ports: 1. Choose the port or sequential range of ports using the From/To port pull- down menus.
Page 35: Port Error Disabled
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch The Auto setting allows the port to automatically determine the fastest settings the device the port is connected to can handle, and then to use those settings. The other options are Auto, 10M/Half, 10M/Full, 100M/Half and 100M/Full, 1000M/Full_M and 1000M/Full_S.
Page 36: Port Description
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Port Description The Switch supports a port description feature where the user may name various ports on the Switch. First use the Unit pull-down menu to choose the switch in the stack to be configured, and then the From and To pull-down menu to choose a port or range of ports to describe.
Page 37: Port Auto Negotiation Information
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Port Auto Negotiation Information This window allows the user to view the current configurations of all the ports on the Switch. Use the drop-down menu to select which unit to view.
Page 38: Port Details
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Port Details This window is used to view detailed port information for individual ports on a particular unit. Use the drop-down menus to select the specific port of the unit you wish to view and click Find.
Page 39: Port Media Type
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Port Media Type This window is used to display the port media type available on each unit. To view a particular switch in the stack use the drop- down menu to select the unit.
Page 40: Cable Diagnostics
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Cable Diagnostics This window is used to control the cable diagnostics and determine where and what kind of errors have occurred on the cable. This function is primarily used for administrators to view tests on copper cables.
Page 41: Password Encryption
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Add a new user by typing in a User Name, and New Password and retype the same password in the Confirm New Password. Choose the level of privilege (Admin, Operator or User) from the Access Right drop-down menu.
Page 42: Port Mirroring
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Port Mirroring The Switch allows you to copy frames transmitted and received on a port and redirect the copies to another port. You can attach a monitoring device to the mirrored port, such as a sniffer or an RMON probe, to view details about the packets passing through the first port.
Page 43: Mirroring Within The Switch Stack
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Mirroring within the Switch Stack Users may configure mirroring between switches in the switch stack but certain conditions and restrictions apply. 1. When mirroring is configured in the stack, the primary master and the backup master will save and synchronize these mirroring configurations in their respective databases.
Page 44 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 2 - 27 Configure System Log Server – Edit window Configure the parameters listed below: Parameter Description Index(1-4) Syslog server settings index (1-4). Server IP The IPv4 address of the Syslog server.
Page 45: System Log Save Mode Settings
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Choose Enabled or Disabled to activate or deactivate. Status To set the System Log Server configuration, click Apply. To delete an entry from the System Log Server window, click the corresponding under the Delete heading of the entry to delete.
Page 46: Sntp Settings
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Description System Severity Choose how the alerts are used from the drop-down menu. Select log to send the alert of the Severity Type configured to the Switch’s log for analysis. Choose trap to send it to an SNMP agent for analysis, or select all to send the chosen alert type to an SNMP agent and the Switch’s log for analysis.
Page 47: Time Zone And Dst
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Description Current Time: Status System Boot Time Displays the time when the Switch was initially started for this session. Current Time Displays the Current Time. Time Source Displays the time source for the system.
Page 48 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Description Time Zone and DST Settings Daylight Saving Time Use this pull-down menu to enable or disable the DST Settings. State Daylight Saving Time Use this pull-down menu to specify the amount of time that will constitute your local DST Offset in Minutes offset - 30, 60, 90, or 120 minutes.
Page 49: Mac Notification Settings
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch MAC Notification Settings MAC Notification is used to monitor MAC addresses learned and entered into the forwarding database. To view this window, click Administration > MAC Notification Settings, as shown on the right.
Page 50: Tftp Services
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch TFTP Services Trivial File Transfer Protocol (TFTP) services allow the Switch's firmware to be upgraded by transferring a new firmware file from a TFTP server to the Switch. A configuration file can also be downloaded into the Switch from a TFTP server. Switch configuration settings can be saved and a history and attack log can be uploaded from the Switch to the TFTP server.
Page 51: Multiple Image Services
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch configuration uploads, select the Image ID of the configuration. Choosing Active will upload the Boot Up Image ID configuration to the TFTP server. And user can upload configuration of Image 1 or 2 by choosing Image ID.
Page 52: Config Firmware Image
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Console Serial Port (RS-232). T – If the IP address has this letter attached to it, it denotes a firmware upgrade through Telnet. S – If the IP address has this letter attached to it, it denotes a firmware upgrade through the Simple Network Management Protocol (SNMP).
Page 53: Ipv6 Ping Test
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 2 - 36 IPv4 Ping Test window This window allows the following parameters to be configured. Parameter Description Target IP Enter the Target IP Address to be pinged. Address...
Page 54: Ipv6 Neighbor
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 2 - 37 IPv6 Ping Test window This window allows the following parameters to be configured to ping an IPv6 address. Parameter Description IPv6 Address Enter an IPv6 address to be pinged.
Page 55 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 2 - 38 IPv6 Neighbor Settings window The following fields can be configured or viewed: Parameter Description Interface Name Enter the interface name of the IPv6 neighbor you wish to find.
Page 56: Routing Table
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch specific interface for a link-local IPv6 address. For Global IPv6 addresses, this field may be omitted. The IPv6 address of the neighbor entry. Specify the address using the hexadecimal Neighbor IPv6 Address IPv6 Address (IPv6 Address is hexadecimal number, for example 1234::5D7F/32).
Page 57: Ipv6 Static/Default Route Settings
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Displays whether the entry is Active or Inactive. Status Delete Click the button to delete this entry from the IPv4 Static/Default Route Settings table. To enter an IP Interface into the Switch’s IPv4 Static/Default Route Settings window, click the Add button, revealing the following window to configure: Figure 2 - 41 Static/Default Route Settings –...
Page 58: Gratuitous Arp Settings
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Description IPv6 Address/PrefixLen The IPv6 address and corresponding Prefix Length of the IPv6 static route entry. Interface The IP Interface where the static IPv6 route is created. Next Hop Address The corresponding IPv6 address for the next hop Gateway address in IPv6 format.
Page 59 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 2 - 44 Gratuitous ARP Settings window The following fields can be set or viewed: Parameter Description Send on IPIF status This is used to enable/disable the sending of gratuitous ARP request packets while an IPIF interface comes up.
Page 60: Static Arp Settings
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Static ARP Settings The Address Resolution Protocol (ARP) is a TCP/IP protocol that converts IP addresses into physical addresses. This table allows network managers to view, define, modify and delete ARP information for specific devices.
Page 61: Dhcp Auto Configuration Settings
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch DHCP Auto Configuration Settings This window is used to enable the DHCP Autoconfiguration feature on the Switch. When enabled, the Switch is instructed to receive a configuration file from a TFTP server, which will set the Switch to become a DHCP client automatically on boot up. To employ this method, the DHCP server must be set up to deliver the TFTP server IP address and configuration file name information in the DHCP reply packet.
Page 62 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Description Relay State This field can be toggled between Enabled and Disabled using the pull-down menu. It is used to enable or disable the DHCP/BOOTP Relay service on the Switch. The default is...
Page 63 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch DHCP Relay Agent This field can be toggled between Replace, Drop, and Keep by using the pull-down menu. Information Option 82 It is used to set the Switches policy for handling packets when the DHCP Relay Agent Policy Information Option 82 Check is set to Disabled.
Page 64: The Implementation Of Dhcp Information Option 82
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch The Implementation of DHCP Information Option 82 The config dhcp_relay option_82 command configures the DHCP relay agent information option 82 setting of the switch. The formats for the circuit ID sub-option and the remote ID sub-option are as follows: NOTE: For the circuit ID sub-option of a standalone switch, the module field is always zero.
Page 65: Dhcp/Bootp Relay Interface Settings
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch DHCP/BOOTP Relay Interface Settings This window allows the user to set up a server, by IP address, for relaying DHCP/ BOOTP information. The user may enter a previously configured IP interface on the Switch that will indicate which interface is able to support the dhcp relay function.
Page 66: Dhcp Relay Option 60 Settings
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Description Relay IP Address Enter the specified IP address for the DHCP relay forward. Mode Use the pull-down menu to choose either Relay or Drop. When drop is specified, the packet with no matching rules found will be dropped without further process.
Page 67: Dhcp Relay Option 61 Default Settings
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Partial Match – The option 60 string in the packet only needs to partially match the specified string. DHCP Relay Option 61 Default Settings This window is used to configure the DHCP Relay Option 61 Default Settings. These settings are used to determine the rule to process those packets that have no option 61 matching rules.
Page 68: Dhcp Server
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 2 - 58 DHCP Relay Option 61 Add window The following parameters may be configured. Parameter Description Use the drop down menu to select the method of identification for the Client ID either MAC Client ID Address or String.
Page 69: Dhcp Server Exclude Address Settings
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 2 - 59 DHCP Server Global Settings window The following parameters may be configured. Parameter Description DHCP Server Use the pull-down menu to globally enable or disable the switch as a DHCP server.
Page 70: Dhcp Server Pool Settings
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch DHCP Server Pool Settings The following windows will allow users to create and then set the parameters for the DHCP Pool of the switch’s DHCP server. Users must first create the pool by entering a name of up to 12 alphanumeric characters into the Pool Name field and clicking Apply.
Page 71 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch The following parameters may be configured or viewed. Parameter Description Pool Name Denotes the name of the DHCP pool for which you are currently adjusting the parameters. IP Address Enter the IP address to be assigned to requesting DHCP Clients. This address will not be chosen but the first 3 sets of numbers in the IP address will be used for the IP address of requesting DHCP Clients.
Page 72: Dhcp Server Dynamic Binding
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 2 - 63 DHCP Server Pool Display window DHCP Server Dynamic Binding The following window will allow users to view dynamically bound IP addresses of the DHCP server. These IP addresses are ones that were allotted to clients on the local network and are now bound to the device stated by its MAC address.
Page 73: Dhcp Server Manual Binding
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Pool Name This field will denote the Pool Name of the displayed dynamically bound DHCP entry. IP Address This field will display the IP address allotted to this device by the DHCP Server feature of this Switch.
Page 74: Dhcp Server Screening
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Description Pool Name Enter the name of the DHCP pool within which will be created a manual DHCP binding entry. IP Address Enter the IP address to be statically bound to a device within the local network that will be specified by entering the Hardware Address in the following field.
Page 75: Dhcp Server Screening Port Settings
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch DHCP Server Screening Port Settings This window is used to enable the settings for the Filter DHCP Server Port Settings. To view this window, click Administration > Filter DHCP Server > Filter DHCP Server Port Settings, as shown below: Figure 2 - 68 DHCP Server Screening Port State Settings window The following parameters may be configured.
Page 76: Layer 2 Protocol Tunneling (L2Pt) Settings
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Layer 2 Protocol Tunneling (L2PT) Settings The Layer 2 Protocol Tunneling (L2PT) supports traffic of multiple customers across service provider networks. L2PT enables the BPDU’s of the same customer’s network to be multicast over specific VLANs in the service provider’s network, which in turn will ensure the same geographically dispersed customer network can implement consistent spanning tree calculations across the service provider network.
Page 77: Rspan
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch RSPAN RSPAN (Remote Switched Port Analyzer) is a feature used to monitor and analyze the traffic passing through ports. The character ‘R’ is short for ‘Remote’ which means that the mirror source ports and the destination port are not on the same Switch. So a remote mirror session consists of at least two switches.
Page 78 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 2 - 71 RSPAN Settings window The following fields can be configured: Parameter Description VLAN Name Enter the name of the VLAN you wish to Add, Find or Delete.
Page 79 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Description VLAN Name This is the VLAN Name that, along with the VLAN ID, identifies the VLAN which will modify the RSPAN Entries. VID (1-4094) This is the VLAN ID that, along with the VLAN Name, identifies the VLAN which will to modify the RSPAN Entries.
Page 80: Snmp Manager
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch SNMP Manager SNMP Settings Simple Network Management Protocol (SNMP) is an OSI Layer 7 (Application Layer) designed specifically for managing and monitoring network devices. SNMP enables network management stations to read and modify the settings of gateways, routers, switches, and other network devices.
Page 81: Snmp Trap Settings
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch SNMP settings are configured using the menus located on the SNMP V3 folder of the web manager. Workstations on the network that are allowed SNMP privileged access to the Switch can be restricted with the Management Station IP Address menu.
Page 82: Snmp User Table
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch SNMP User Table This window displays all of the SNMP users currently configured on the Switch. To view this window, click Administration > SNMP Manager > SNMP User Table, as shown below:...
Page 83 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 2 - 76 SNMP User Table Configuration window The following parameters can set: Parameter Description User Name Enter an alphanumeric string of up to 32 characters. This is used to identify the SNMP user.
Page 84: Snmp View Table
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch SNMP View Table This window is used to assign views to community strings that define which MIB objects can be accessed by a remote SNMP manager. To view this window, click Administration > SNMP Manager > SNMP View Table, as shown below:...
Page 85: Snmp Group Table
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch To implement your new settings, click Apply. To return to the SNMP View Table window, click the Show All SNMP View Table Entries link. SNMP Group Table An SNMP Group created with this table maps SNMP users (identified in the SNMP User Table) to the views created in the previous menu.
Page 86: Snmp Community Table
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 2 - 81 SNMP Group Table Configuration window The following parameters can set: Parameter Description Group Name Type an alphanumeric string of up to 32 characters. This is used to identify the new SNMP group of SNMP users.
Page 87: Snmp Host Table
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch • Read/write or read-only level permission for the MIB objects accessible to the SNMP community. To view this window, click Administration > SNMP Manager > SNMP Community Table, as shown below:...
Page 88 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Users now have the choice of adding an IPv4 or an IPv6 host to the SNMP host table. To add a new IPv4 entry to the Switch's SNMP Host Table, click the Add IPv4 Host button in the upper left-hand corner of the window. This will open the SNMP Host Table Configuration window, as shown below.
Page 89: Snmp Engine Id
Powered Devices (PDs) over Category 5 or Category 5E UTP Ethernet cables. The DGS-3426P follows the standard PSE (Power Sourcing Equipment) pinout Alternative A, whereby power is sent out over pins 1, 2, 3 and 6. The DGS-3426P works with all D-Link 802.3af capable devices. The DGS-3426P includes the following PoE features: Auto-discovery recognizes the connection of a PD (Powered Device) and automatically sends power to it.
Page 90: Poe System Settings
Choose the switch in the switch stack for which to configure the PoE settings. Unit ® Users should note that not all switches in the xStack DGS-3400 Series support PoE yet, when they are configured in a stack, the Primary Master switch will display the PoE settings to be configured for the stack, whether or not the Switch is a PoE supported device.
Page 91: Poe Port Settings
Choose the switch in the switch stack for which to configure the PoE settings. Unit ® Users should note that not all switches in the xStack DGS-3400 series support PoE yet, when they are configured in a stack, the Primary Master switch will display the PoE settings to be configured for the stack, whether or not the Switch is a PoE supported device.
Page 92 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch priority which the system attempts to supply the power to the ports. There are three levels of priority that can be selected, Critical, High, and Low. When multiple ports happen to have the same level of priority, the port ID will be used to determine the priority.
Page 93: Sflow
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch sFlow sFlow is a feature on the Switch that allows users to monitor network traffic running through the switch to identify network problems through packet sampling and packet counter information of the Switch.
Page 94: Sflow Global Settings
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch sFlow Global Settings The following window is used to globally enable the sFlow feature for the Switch. Simply use the pull-down menu and click Apply to enable or disable sFlow. This window will also display the sFlow version currently being utilized by the Switch, along with the sFlow Address that is the Switch’s IP address.
Page 95 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch deleted. Countdown Time Displays the current time remaining before this Analyzer server times out. When the server times out, all sFlow samples and counter polls associated with this server will be deleted.
Page 96: Sflow Sampler Settings
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch is 6343. 65535) Max Datagram Size This field will specify the maximum number of data bytes that can be packaged into a single (300-1400) sFlow datagram. Users may select a value between 300 and 1400 bytes with a default setting of 1400 bytes.
Page 97: Sflow Poller Settings
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 2 - 94 sFlow Sampler Add window The following fields may be set: Parameter Description Select the unit you wish to configure. Unit From… To Choose the beginning and ending range of ports to be configured for packet sampling.
Page 98 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 2 - 95 sFlow Counter Poller Settings window The following fields are displayed: Parameter Description Port Displays the port from which packet counter samples are being taken. Analyzer Server ID Displays the ID of the Analyzer Server where datagrams, containing the packet counter polling information taken using this polling mechanism, will be sent.
Page 99: Ip Multicast Vlan Replication
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch every time this interval reaches 0, and this information will be included in the sFlow datagrams 120 sec) that will be sent to the sFlow Analyzer for examination. Ticking the Disabled check box will disable the counter polling for this entry.
Page 100 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 2 - 98 IP Multicast VLAN Replication Settings window Enter a name for the IP Multicast Replication entry and click Apply. The new entry will appear in the IP Multicast VLAN Replication Entries Table.
Page 101 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Multicast IP A multicast IP address list can be entered. Address List Source IP Address A source IP Address can be specified. The following table is used to set the Destination settings, to view this window click the corresponding View button in the IP...
Page 102: Single Ip Management (Sim) Overview
DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Single IP Management (SIM) Overview Simply put, D-Link Single IP Management is a concept that will stack switches together over Ethernet instead of using stacking ports or modules. There are some advantages in implementing the "Single IP Management" feature: 1.
Page 103: The Upgrade To V1.61
The CaS can be configured through the CS to become a MS. ® After configuring one switch to operate as the CS of a SIM group, additional xStack DGS-3400 Series switch may join the group by manually configuring the Switch to be a MS. The CS will then serve as the in band entry point for access to the MS. The CS’s IP address will become the path to all MS's of the group and the CS’s Administrator's password, and/or authentication will control...
Page 104: Single Ip Vs. Switch Stacking
Single IP Group. SIM Using the Web Interface ® All xStack DGS-3400 Series Switches are set as Candidate (CaS) switches as their factory default configuration and Single IP Management will be disabled.
Page 105: Topology
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Commander – Choosing this parameter will make the Switch a Commander Switch (CS). The user may join other switches to this Switch, over Ethernet, to be part of its SIM group.
Page 106 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Description Device Name This field will display the Device Name of the switches in the SIM group configured by the user. If no device is configured by the name, it will be given the name default and tagged with the last six digits of the MAC Address to identify it.
Page 107 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Icon Description Group Layer 2 commander switch Layer 3 commander switch Commander switch of other group Layer 2 member switch. Layer 3 member switch Member switch of other group Layer 2 candidate switch...
Page 108: Tool Tips
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Tool Tips In the Topology view window, the mouse plays an important role in configuration and in viewing device information. Setting the mouse cursor over a specific device in the topology window (tool tip) will display the same information about a specific device as the Tree view does.
Page 109 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 2 - 106 Port Speed Utilizing the Tool Tip...
Page 110: Group Icon
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Right-click Right-clicking on a device will allow the user to perform various functions, depending on the role of the Switch in the SIM group and the icon associated with it.
Page 111: Commander Switch Icon
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Commander Switch Icon Figure 2 - 109 Right-clicking a Commander Icon The following options may appear for the user to configure: • Collapse – to collapse the group that will be represented by a single icon.
Page 112: Menu Bar
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch • Collapse – to collapse the group that will be represented by a single icon. • Expand – to expand the SIM group, in detail. • Add to group – add a candidate to a group. Clicking this option will reveal the following screen for the user to enter a password for authentication from the Candidate Switch before being added to the SIM group.
Page 113: Firmware Upgrade
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Help • About - Will display the SIM information, including the current SIM version. Figure 2 - 115 About window Firmware Upgrade This window is used to upgrade firmware from the Commander Switch to the Member Switch. Member Switches will be listed in the table and will be specified by Port (port on the CS where the MS resides), MAC Address, Model Name and Version.
Page 114: Upload Log
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Upload Log The following window is used to upload log files from SIM member switches to a specified PC. To upload a log file, enter the IP address of the SIM member switch and then enter the path on your PC to which to save this file. Click Upload to initiate the file transfer.
Page 115: L2 Features
VLANs without a network device performing a routing function between the VLANs. ® The xStack DGS-3400 Series supports IEEE 802.1Q VLANs and Port-Based VLANs. The port untagging function can be used to remove the 802.1Q tag from packet headers to maintain compatibility with devices that are tag-unaware.
Page 116 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Egress port – A port on a switch where packets are flowing out of the Switch, either to another switch or to an end station, and tagging decisions must be made.
Page 117: 802.1Q Vlan Tags
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch 802.1Q VLAN Tags The figure below shows the 802.1Q VLAN tag. There are four additional octets inserted after the source MAC address. Their presence is indicated by a value of 0x8100 in the EtherType field. When a packet's EtherType field is equal to 0x8100, the packet carries the IEEE 802.1Q/802.1p tag.
Page 118: Tagging And Untagging
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Prior to the adoption of 802.1Q VLANs, port-based and MAC-based VLANs were in common use. These VLANs relied upon a Port VLAN ID (PVID) to forward packets. A packet received on a given port would be assigned that port's PVID and then be forwarded to the port that corresponded to the packet's destination address (found in the Switch's forwarding table).
Page 119: Port-Based Vlans
Protocol VLANs ® The xStack DGS -3400 Switch Series incorporates the idea of protocol-based VLANs. This standard, defined by the IEEE 802.1v standard maps packets to protocol-defined VLANs by examining the type octet within the packet header to discover the type of protocol associated with it.
Page 120: Static Vlan Entry
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch classification. The Switch supports fourteen pre-defined protocols for configuration. The user may also choose a protocol that is not one of the fourteen defined protocols by properly configuring the userDefined protocol VLAN. The supported protocols for the protocol VLAN function on this switch include IP, IPX, DEC LAT, SNAP, NetBIOS, AppleTalk, XNS, SNA, IPv6, RARP and VINES.
Page 121 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch NOTE: The Switch supports up to 4k static VLAN entries. Figure 3 - 6 Static VLAN window – Modify The following fields can then be set in either the Add or Modify 802.1Q Static VLANs windows:...
Page 122: Gvrp Settings
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch GVRP Settings The GVRP Settings window allows the user to determine whether the Switch will share its VLAN configuration information with other GARP VLAN Registration Protocol (GVRP) enabled switches. In addition, Ingress Checking...
Page 123: Double Vlans
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch forwarded to the port for transmission, the port will add an 802.1Q tag using the PVID to write the VID in the tag. When the packet arrives at its destination, the receiving device will use the PVID to make VLAN forwarding decisions.
Page 124: Regulations For Double Vlans
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Network and therefore belong to one VLAN on the Service Provider’s network, thus being a member of two VLANs. In this way, the Customer can retain its normal VLAN and the Service Provider can congregate multiple Customer VLANs within one SP-VLAN, thus greatly regulating traffic and routing on the Service Provider switch.
Page 125: Double Vlan Settings
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Double VLAN Settings This window is used to enable or disable the double VLAN State settings. To view this window click, L2 Features > VLAN > Double VLAN, as shown below: Figure 3 - 9 Double VLAN State Settings window Choose Enabled using the pull-down menu and click Apply.
Page 126 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 3 - 12 Double VLAN Information window Parameters shown in the previous window are explained below: Parameter Description SPVID The VLAN ID number of this potential Service Provider VLAN.
Page 127: Pvid Auto Assign
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Click Apply to implement changes made. To configure the parameters for a previously created Service Provider VLAN, click the button of the corresponding SPVID in the Double VLAN State Settings window. The following window will appear for the user to configure.
Page 128: Mac-Based Vlan Settings
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 3 - 15 PVID Auto Assign Settings window When Enabled, PVID will be automatically assigned when adding a port to a VLAN as an untagged member port. MAC-based VLAN Settings This table is used to create new MAC-based VLAN entries and search, edit and delete existing entries.
Page 129: Protocol Vlan Group Settings
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Protocol Type Header in Hexadecimal Form IP over Ethernet 0x0800 IPX 802.3 0xFFFF IPX 802.2 0xE0E0 IPX SNAP 0x8137 IPX over Ethernet2 0x8137 decLAT 0x6004 SNA 802.2 0x0404 netBios 0xF0F0...
Page 130: Protocol Vlan Port Settings
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 3 - 18 Protocol VLAN Group – Add window The Add and Modify windows of the Protocol VLAN Group hold the following fields to be configured: Parameter Description Group ID (1-16) Enter an integer from 1 to 16 to identify the protocol VLAN group being created here.
Page 131 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 3 - 19 Protocol VLAN Port Settings window The following fields may be configured: Parameter Description Port List Use this parameter to assign ports to a Protocol VLAN Group or remove them from the Protocol VLAN Group.
Page 132: Trunking
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Trunking Understanding Port Trunk Groups Port trunk groups are used to combine a number of ports together to make a single high-bandwidth data pipeline. DGS-3400 Series supports up to 32 port trunk groups with 2 to 8 ports in each group. A potential bit rate of 8000 Mbps can be achieved.
Page 133: Link Aggregation
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch The Switch treats all ports in a trunk group as a single port. Data transmitted to a specific host (destination address) will always be transmitted over the same port in a trunk group. This allows packets in a data stream to arrive in the same order they were sent.
Page 134 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 3 - 22 Link Aggregation Group Configuration window...
Page 135 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 3 - 23 Link Aggregation Group Configuration window (Modify) The user-changeable parameters are as follows: Parameter Description Select an ID number for the group, between 1 and 32. Group ID State Trunk groups can be toggled between Enabled and Disabled.
Page 136: Lacp Port Settings
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch After setting the previous parameters, click Apply to allow your changes to be implemented. Successfully created trunk groups will be show in the Link Aggregation Group Entries window. NOTE: To configure the Algorithm for Link Aggregation, please refer back to the DGS- 3400 Web Management Tool and select the Link Aggregation Algorithm located on that web page.
Page 137 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 3 - 24 LACP Port Settings window The user may set the following parameters: Parameter Description Unit Select the switch in the switch stack to be modified. From…To A consecutive group of ports may be configured starting with the selected port.
Page 138: Igmp Snooping
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch dynamically as needs require. In order to utilize the ability to change an aggregated port group, that is, to add or subtract ports from the group, at least one of the participating devices must designate LACP ports as active.
Page 139 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 3 - 26 IGMP Snooping Settings – Edit window The following parameters may be viewed or modified: Parameter Description VLAN ID This is the VLAN ID that, along with the VLAN Name, identifies the VLAN the user wishes to modify the IGMP Snooping Settings for.
Page 140: Router Port Settings
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch table without receiving a membership report. Default = 260. This specifies the maximum amount of time in seconds between the Switch receiving Leave Timer a leave group message from a host, and the Switch issuing a group membership query.
Page 141: Igmp Snooping Static Group Settings
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 3 - 28 Router Port window (Modify) The following parameters can be set: Parameter Description Unit Select the switch in the switch stack to be modified. VID (VLAN ID) This is the VLAN ID that, along with the VLAN Name, identifies the VLAN where the multicast router is attached.
Page 142 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 3 - 29 IGMP Snooping Static Group Settings window The following parameters can be configured: Parameter Description The list of the VLAN IDs for which to create IGMP snooping static group information.
Page 143: Ism Vlan Settings
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch To modify an entry, click the corresponding Modify button, the following window will be displayed. Figure 3 - 31 IGMP Static Group Modify window The following fields can be configured:...
Page 144 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch The following windows will allow users to create and configure multicast VLANs for the switch. To view this windows, click L2 Features > IGMP Snooping > ISM VLAN Settings, as shown below.
Page 145: Limited Ip Multicast (Igmp Filtering) Address Range Settings
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch 2 and 4094. State Use the pull-down menu to enable or disable the selected Multicast VLAN. Enter a port or list of ports to be added to the Multicast VLAN. Member ports will become the Member Port untagged members of the multicast VLAN.
Page 146 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 3 - 36 Limited IP Multicast Address Range window Click Apply to implement the new settings on the Switch. Click Delete to remove the configured range from the settings. Click Delete All to delete all Limited IP Multicast settings.
Page 147: Mld Snooping
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch MLD Snooping Multicast Listener Discovery (MLD) Snooping is an IPv6 function used similarly to IGMP snooping in IPv4. It is used to discover ports on a VLAN that are requesting multicast data. Instead of flooding all ports on a selected VLAN with multicast traffic, MLD snooping will only forward multicast data to ports that wish to receive this data through the use of queries and reports produced by the requesting ports and the source of the multicast traffic.
Page 148 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 3 - 38 MLD Snooping Settings – Edit window The following parameters may be viewed or modified: Parameter Description This is the VLAN ID that, along with the VLAN Name, identifies the VLAN for which VLAN ID to modify the MLD Snooping Settings.
Page 149: Mld Router Port Settings
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Specifies the maximum amount of time a router can remain in the Switch’s routing Router Timeout table as a listening node of a multicast group without the Switch receiving a node listener report.
Page 150 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 3 - 40 Router Port window (Modify) The following parameters can be set: Parameter Description This is the VLAN ID that, along with the VLAN Name, identifies the VLAN where the MLD VID (VLAN ID) multicast router is attached.
Page 151: Loop-Back Detection Global Settings
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Loop-back Detection Global Settings The Loop-back Detection function is used to identify loops occurring between the Switch and a device that is directly connected to it. This process is accomplished by the use of a Configuration Testing Protocol (CTP) packet that is generated by the switch.
Page 152 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch None – The trap will not be sent in any situation. Loopdetect Trap Loop Detected – The trap is sent when the loop condition is detected. Loop Cleared – The trap is sent when the loop condition is cleared.
Page 153: Spanning Tree
STP will be familiar to most networking professionals. However, since 802.1w RSTP and 802.1s MSTP has been recently introduced to D-Link managed Ethernet switches, a brief introduction to the technology is provided below followed by a description of how to set up 802.1D STP, 802.1w RSTP and 802.1s MSTP.
Page 154: Edge Port
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch All three protocols calculate a stable topology in the same way. Every segment will have a single path to the root bridge. All bridges listen for BPDU packets. However, BPDU packets are sent more frequently - with every Hello packet. BPDU packets are sent even if a BPDU packet was not received.
Page 155: Stp Bridge Global Settings
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch STP Bridge Global Settings This window is used to configure the STP Bridge Global Settings on the Switch. To view this window, click L2 Features > Spanning Tree > STP Bridge Global Settings, as shown below:...
Page 156 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 3 - 44 STP Bridge Global Settings window (STP Compatible) See the table below for descriptions of the STP versions and corresponding setting options. NOTE: The Hello Time cannot be longer than the Max. Age. Otherwise, a configuration error will occur.
Page 157 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch The Forward Delay can be from 4 to 30 seconds. Any port on the Switch spends this time Forward Delay (4-30 sec) in the listening state while moving from the blocking state to the forwarding state.
Page 158: Mst Configuration Identification
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch MST Configuration Identification The following windows allow the user to configure a MSTI instance on the Switch. These settings will uniquely identify a multiple spanning tree instance set on the Switch. The Switch initially possesses one CIST or Common Internal Spanning Tree of which the user may modify the parameters for but cannot change the MSTI ID for, and cannot be deleted.
Page 159 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Description MSTI ID Enter a number between 1 and 15 to set a new MSTI on the Switch. Create is selected to create a new MSTI. No other choices are available for this field when Type creating a new MSTI.
Page 160: Mstp Port Information
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch The user may configure the following parameters for a MSTI on the Switch. Parameter Description MSTI ID Displays the MSTI ID previously set by the user. Type This field allows the user to choose a desired method for altering the MSTI settings. The user has four choices.
Page 161 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch The user may configure the following parameters: Parameter Description Instance ID Displays the MSTI ID of the instance being configured. An entry of 0 in this field denotes the CIST (default MSTI).
Page 162: Stp Instance Settings
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch STP Instance Settings The following window displays MSTIs currently set on the Switch. To view this window, click L2 Features > Spanning Tree > STP Instance Settings, as shown below:...
Page 163: Stp Port Settings
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch STP Port Settings STP can be set up on a port per port basis. In addition to setting Spanning Tree parameters for use on the switch level, the Switch allows...
Page 164: Forwarding & Filtering
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch similar to edge ports, however they are restricted in that a P2P port must operate in full duplex. Like edge ports, P2P ports transition to a forwarding state rapidly thus benefiting from RSTP.
Page 165: Multicast Forwarding
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Multicast Forwarding The following window describes how to set up Multicast Forwarding on the Switch. To view this window, click, L2 Features > Forwarding & Filtering >Multicast Forwarding, as shown below:...
Page 166: Multicast Filtering Mode
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Multicast Filtering Mode This window allows users to configure the Switch to forward or filter the Unregistered Groups per VLAN. To view this window click, L2 Features > Forwarding & Filtering >Multicast Filtering Mode, as shown below:...
Page 167: Lldp Global Settings
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch LLDP Global Settings This window is used to configure the LLDP Global Settings on the Switch. When LLDP is enabled the Switch can start to transmit, receive and process LLDP packets. The specific function of each port will depend on the per port LLDP settings. LLDP Global State is Disabled by default.
Page 168: Basic Lldp Port Settings
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Notification LLDP Notification Interval is used to send notifications to configured SNMP trap receiver(s) when Interval (5-3600) an LLDP change is detected in an advertisement received on the port from an LLDP neighbor.
Page 169: 802.1 Extension Lldp Port Settings
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Description Unit Select the unit to configure. From Port/To Use the pull-down menu to select a range of ports to be configured. Port Notification State Use the pull-down menu to Enable or Disable the status of the LLDP notification. This function controls the SNMP trap, however it cannot implement traps on SNMP when the notification is disabled.
Page 170 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 3 - 60 802.1 Extension LLDP Port Settings window The following parameters can be set:...
Page 171: Extension Lldp Port Settings
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Description Unit Select the unit to configure. From/To Use the pull-down menu to select a range of ports to be configured. Port VLAN ID Use the drop-down menu to enable or disable the advertised PVID. This TLV optional datatype determines whether the IEEE 802.1 organizationally defined port VLAN TLV transmission is...
Page 172 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 3 - 61 802.3 Extension LLDP Port Settings window The following parameters can be set: Parameter Description Unit Select the unit you wish to configure. From/To Use the pull-down menu to select a range of ports to be configured.
Page 173: Lldp Management Address Settings
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch The default state is disable Power Via MDI This specifies that the LLDP agent should transmit 'Power via MDI TLV'. Three IEEE 802.3 PMD implementations (10BASE-T, 100BASE-TX, and 1000BASE-T) allow power to be supplied over the link for connected non-powered systems.
Page 174 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 3 - 62 LLDP Management Address Settings window The following parameters can be set: Parameter Description Unit Select the unit you wish to configure. From/To Port Use the pull-down menu to select a range of ports to be configured.
Page 175: Lldp Statistics
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch LLDP Statistics LLDP Statistics allows you an overview of neighbor detection activity, LLDP Statistics and the settings for individual ports on the Switch. Use the drop-down menu to check a specific unit the information will be displayed in the lower half of the table.
Page 176: Lldp Management Address Table
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch LLDP Management Address Table The following window is used to set up LLDP management address settings on the Switch. To view this window, click L2 Features > LLDP > LLDP Management Address Settings, as shown below:...
Page 177 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 3 - 65 LLDP Local Port Table window To view Normal or Detailed information on a per port basis click the corresponding View button, which will display the following...
Page 178 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 3 - 66 LLDP Local Port Table (View Normal) window To return to the previous window click the Show LLDP Local Port Brief Table button. To view details of individual parameters...
Page 179: Lldp Remote Port Table
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 3 - 67 LLDP Local Port Table (Show Detail) window To return to the LLDP Local Port Information window click the Show LLDP Local Port Normal Table button. LLDP Remote Port Table This window displays port information learned from the neighbor.
Page 180 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 3 - 68 LLDP Remote Port Table window Select the port you wish to view by using the drop-down menu and click Find, the information will be displayed in the lower half of the table.
Page 181: Q-In-Q
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Q-in-Q Q-in-Q is designed for service providers to carry traffic from multiple users across a network. Q-in-Q is used to maintain customer specific VLAN and Layer 2 protocol configurations even when the same VLAN ID is being used by different customers. This is achieved by inserting SP-VLAN tags into the customer’s frames when they enter the service provider’s network, and then...
Page 182: Vlan Translation Settings
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch The following fields can be set: Parameter Description QinQ State Use the pull down menu to Enable or Disable the Q-in-Q State. When Q-in-Q is Enabled, all network port roles will have NNI ports and their outer TPID set to 0x88a8. All existing static VLANs will run as SP-VLANs.
Page 183 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch The following fields can be set: Parameter Description Unit Select the unit you wish to configure. From/To A consecutive group of ports that are part of the VLAN configuration starting with the selected port.
Page 184: Qos
802.1p Default Priority 802.1p User Priority ® The xStack DGS-3400 Series supports 802.1p priority queuing Quality of Service. The following section discusses the implementation of QoS (Quality of Service) and benefits of using 802.1p priority queuing. The Advantages of QoS QoS is an implementation of the IEEE 802.1p standard that allows network administrators a method of reserving bandwidth for...
Page 185: Understanding Qos
Understanding QoS ® The xStack DGS-3400 Series supports 802.1p priority queuing. The Switch has 8 priority queues. These priority queues are numbered from 6 (Class 6) — the highest priority queue — to 0 (Class 0) — the lowest priority queue. The eight priority tags...
Page 186 CoS. The other CoS queues that have been given a nonzero value, and depending upon the weight, will follow a common weighted round-robin scheme. ® Remember that the xStack DGS-3400 switch series has 7 configurable priority queues (and seven Classes of Service) for each port on the Switch.
Page 187: Understanding Ieee 802.1P Priority
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch NOTICE: The Switch contains eight classes of service for each port on the Switch. One of these classes is reserved for internal use on the Switch and is therefore not configurable. All references in the following section regarding classes of service will refer to only the seven classes of service that may be used and configured by the administrator.
Page 188 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 4 - 2 Bandwidth Settings window The following parameters can be set or are displayed: Parameter Description Unit Select the switch in the switch stack to be modified. From/To A consecutive group of ports may be configured starting with the selected port.
Page 189: Qos Scheduling Mechanism
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch This field allows the input of the data rate that will be the limit for the selected port. The user may Rate (64- 10000000) choose a rate between 64 and 10000000 units, where each unit is defined a 1Kbit/s.
Page 190: Qos Output Scheduling
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch QoS Output Scheduling QoS can be customized by changing the output scheduling used for the hardware classes of service in the Switch. As with any changes to QoS implementation, careful consideration should be given to how network traffic in lower priority classes of service is affected.
Page 191: Configuring The Combination Queue
DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Configuring the Combination Queue ® Utilizing the QoS Output Scheduling window shown above, the xStack DGS-3400 Series can implement a combination queue for forwarding packets. This combination queue allows for a combination of strict and weight-fair (weighted round-robin, or WRR) scheduling for emptying given classes of service.
Page 192: 802.1P Default Priority
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch 802.1p Default Priority The Switch allows the assignment of a default 802.1p priority to each port on the Switch. The priority tags are numbered from 0, the lowest priority, to 7, the highest priority.
Page 193: 802.1P User Priority
Click Apply to implement changes made. 802.1p User Priority ® The xStack DGS-3400 Series allows the assignment of a class of service to each of the 802.1p priorities. To view this window click, QoS > 802.1p User Priority, as shown below: Figure 4 - 7 802.1p User Priority window...
Page 194: Acl (Access Control List)
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Section 5 ACL (Access Control List) Time Range Access Profile Table ACL Flow Meter CPU Interface Filtering Time Range This window is used in conjunction with the Access Profile feature to determine a starting point and an ending point, based on days of the week, when an Access Profile configuration will be enabled on the Switch.
Page 195: Access Profile Table
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch enabled. Tick the Select All Days check box to configure this time range for every day of the week. Click Apply to implement changes made. Currently configured entries will be displayed in the Time Range Information table in the bottom half of the window shown above.
Page 196 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch The following parameters can be set, for the Ethernet type: Parameter Description Profile ID (1-6) Type in a unique identifier number for this profile set. This value can be set from 1 to 6.
Page 197 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 5 - 5 Access Profile Configuration window (IP) The following parameters can be set, for IP: Parameter Description Profile ID (1-6) Type in a unique identifier number for this profile set. This value can be set from 1 to 6.
Page 198 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch • Code - Further specify that the access profile will apply an ICMP code value. Select IGMP to instruct the Switch to examine the Internet Group Management Protocol (IGMP) field in each frame's header.
Page 199 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 5 - 7 Access Profile Configuration window (IPv6) The following parameters can be set, for IP: Parameter Description Profile ID (1-6) Type in a unique identifier number for this profile set. This value can be set from 1 to 6.
Page 200 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 5 - 8 Access Profile Entry Display for IPv6 The window shown below is the Access Profile Configuration window for Packet Content Mask: Figure 5 - 9 Access Profile Configuration window (Packet Content Mask) This window will aid the user in configuring the Switch to mask packet headers beginning with the offset value specified.
Page 201 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch b126 b114 b118 b122 b127 b115 b119 b123 b116 b120 b124 b117 b121 b125 Check the box of the chunk, from 1 to 4, you wish to examine and then enter the hexadecimal value in the mask field.
Page 202 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch To remove a previously created rule, select it and click the button. To add a new Access Rule, click the Add Rule button: Figure 5 - 12 Access Rule Configuration window (Ethernet) To set the Access Rule for Ethernet, adjust the following parameters and click Apply.
Page 203 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Switch. For more information on priority queues, CoS queues and mapping for 802.1p, see the QoS section of this manual. Replace DSCP (0- Select this option to instruct the Switch to replace the DSCP value (in a packet that meets the selected criteria) with the value entered in the adjacent field.
Page 204 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 5 - 13 Access Rule Display window (Ethernet) To configure the Access Rule for IP, open the Access Profile Table window and click Modify for an IP entry. This will open the...
Page 205 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 5 - 15 Access Rule Configuration window (IP) Configure the following Access Rule Configuration settings for IP: Parameter Description Profile ID This is the identifier number for this profile set.
Page 206 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch selected criteria) with the value entered in the adjacent field. (0-63) VLAN Name Allows the entry of a name for a previously configured VLAN. Source IP Source IP Address – Enter an IP Address mask for the source IP address.
Page 207 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 5 - 16 Access Rule Display window (IP) To configure the Access Rule for IPv6, open the Access Profile Table window and click Modify for an IPv6 entry. This will open...
Page 208 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 5 - 18 Access Rule Configuration window (IPv6) Parameter Description Profile ID This is the identifier number for this profile set. Mode Select Permit to specify that the packets that match the access profile are forwarded by the Switch, according to any additional rule added (see below).
Page 209 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch default quality of service or real time service packets. The user may specify an IP address mask for the source IPv6 address by entering the IP Source IPv6 Address address mask, in hex form.
Page 210 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 5 - 20 Access Rule Table window (Packet Content Mask) To remove a previously created rule, select it and click the button. To add a new Access Rule, click the Add button: Figure 5 - 21 Access Rule Configuration window (Packet Content Mask) To set the Access Rule for the Packet Content Mask, adjust the following parameters and click Apply.
Page 211 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch in the Port Mirroring window. Port Mirroring must be enabled and a target port must be set. Access ID (1-128) Type in a unique identifier number for this access. This value can be set from 1 to 128.
Page 212: Acl Flow Meter
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 5 - 22 Access Profile Entry Display window (Packet Content Mask) NOTE: When using the ACL Mirror function, ensure that the Port Mirroring function is enabled and a target mirror port is set.
Page 213 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Green – When an IP flow is in the green mode, its configurable parameters can be set in the Conform field, where the packets can have their DSCP field changed. This is an acceptable flow rate for the ACL Flow Meter function.
Page 214 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 5 - 24 ACL Flow Meter Configuration window (Add) The following fields may be configured: Parameter Description Profile ID (1-6) Enter the pre-configured Profile ID for which to configure the ACL Flow Metering parameters.
Page 215 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch CIR – The Committed Information Rate can be set between 1 and 156249. The color rates are based on the following two fields which are used in conjunction with the CIR.
Page 216: Cpu Interface Filtering
Ethernet, IP and Packet Content Mask packet headers destined for the CPU and will either forward ® them or filter them, based on the user’s implementation. As an added feature for the CPU Filtering, the xStack DGS-3400 Series switch allows the CPU filtering mechanism to be enabled or disabled globally, permitting the user to create various lists of rules without immediately enabling them.
Page 217: Cpu Interface Filtering Table
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch CPU Interface Filtering Table This window displays the CPU Access Profile Table entries created on the Switch. To view this window, click ACL > CPU Interface Filtering > CPU Interface Filtering Table, as shown below: Figure 5 - 27 CPU Interface Filtering Table window To add an entry to this window, click the Add Profile button.
Page 218 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Source MAC Mask - Enter a MAC address mask for the source MAC address. Source MAC Destination MAC Destination MAC Mask - Enter a MAC address mask for the destination MAC address.
Page 219 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch The following parameters may be configured for the IP CPU filter. Parameter Description Profile ID (1-5) Type in a unique identifier number for this profile set. This value can be set from 1 to 5.
Page 220 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 5 - 31 CPU Interface Filtering Entry Display window (IP) The window shown below is the Packet Content Mask configuration window. Figure 5 - 32 CPU Interface Filtering Configuration window (Packet Content)
Page 221 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch This screen will aid the user in configuring the Switch to mask packet headers beginning with the offset value specified. The following fields are used to configure the Packet Content Mask:...
Page 222 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 5 - 34 CPU Interface Filtering Table window In this window, the user may add a rule to a previously created CPU access profile by clicking the corresponding Modify button of the entry to configure, Ethernet, IP, IPv6 or Packet Content.
Page 223 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch To set the CPU Interface Filtering Rule for Ethernet, adjust the following parameters and click Apply. Parameter Description Profile ID This is the identifier number for this profile set. Select Permit to specify that the packets that match the access profile are forwarded by the Switch, Mode according to any additional rule added (see below).
Page 224 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 5 - 38 CPU Interface Filtering Rule Table window (IP) To create a new rule set for an access profile click the Add Rule button. A new window is displayed. To remove a previously created rule, click the corresponding button.
Page 225 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch the criterion for forwarding. The user may choose a value between 0 and 63. Enter a port or range of ports. Port Time Range Click the check box and enter the name of the Time Range settings that has been previously configured in the Time Range Settings window.
Page 226 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch To remove a previously created rule, select it and click the button. To add a new Access Rule, click the Add Rule button: Figure 5 - 42 CPU Interface Filtering Rule Configuration window (Packet Content)
Page 227 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch To set the Access Rule for Packet Content, adjust the following parameters and click Apply. Parameter Description Profile ID This is the identifier number for this profile set. Select Permit to specify that the packets that match the access profile are forwarded by the Mode Switch, according to any additional rule added (see below).
Page 228 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 5 - 44 CPU Interface Filtering Rule Table window (IPv6) To remove a previously created rule, select it and click the button. To add a new Access Rule, click the Add Rule button:...
Page 229 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch To set the Access Rule for IPv6, adjust the following parameters and click Apply. Parameter Description Profile ID This is the identifier number for this profile set. Select Permit to specify that the packets that match the access profile are forwarded by the Mode Switch, according to any additional rule added (see below).
Page 230: Security
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Section 6 Security Authorization Network State Settings Traffic Control Port Security IP-MAC-Port Binding 802.1X Web-based Access Control (WAC) Trust Host Access Authentication Control MAC-based Access Control (MAC) Safeguard Engine Traffic Segmentation...
Page 231: Traffic Control
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Traffic Control On a computer network, packets such as Multicast packets Broadcast packets continually flood the network as normal procedure. At times, this traffic may increase do to a malicious endstation on the network or a malfunctioning device, such as a faulty network card.
Page 232 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Traffic Storm only. • Storm Cleared – Will send Storm Trap messages when a Traffic Storm has been cleared by the Switch only. • Both – Will send Storm Trap messages when a Traffic Storm has been both detected and cleared by the Switch.
Page 233: Port Security
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch NOTE: Ports that are in Shutdown (Forever) mode will be seen as link down in all windows and screens until the user recovers these ports. Port Security A given port’s (or a range of ports') dynamic...
Page 234: Port Security Entries
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Permanent – The locked addresses will only age out after the Switch has been reset. DeleteOnTimeout – The locked addresses will age out after the aging timer expires. DeleteOnReset – The locked addresses will not age out until the Switch has been reset or rebooted.
Page 235: Ip-Mac-Port Binding
DGS-3400 Series switches offer IP-MAC-Port Binding (IMPB), a D-Link security application used most often on edge switches directly connected to network hosts. IMPB is also an integral part of D-Link’s End-to-End Security Solution (E2ES). The primary purpose of IP-MAC-Port Binding is to restrict client access to a switch by enabling administrators to configure pairs of client MAC and IP addresses that are allowed to access networks through a switch.
Page 236: Imp Global Settings
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch ACL Mode is that it ensures better security by checking both ARP Packets and IP Packets. However, doing so requires the use of ACL rules. ACL Mode can be viewed as an enhanced version of ARP Mode because ARP Mode is enabled by default when ACL Mode is selected.
Page 237: Imp Port Settings
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 5 IMP Global Settings window The following parameters can be set: Parameter Description Trap/Log This field will enable and disable the sending of trap log messages for IP-MAC binding. When enabled, the Switch will send a trap log message to the SNMP agent and the Switch log when an ARP packet is received that doesn’t match the IP-MAC binding configuration set on the Switch.
Page 238 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 6 IMP Port Settings window The following fields can be set or modified: Parameter Description From Port/To Port Select a port or range of ports to set for IP-MAC Binding.
Page 239: Imp Entry Settings
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch because the PC will not send out ARP packets. Allow Zero IP Use the pull-down menu to enable or disable this feature. Once enabled, the Switch will allow ARP packets with a Source IP of 0.0.0.0 to pass through.
Page 240: Dhcp Snooping Entries
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 7 IMP Entry Settings window The following fields can be set or modified: Parameter Description IP Address Enter the IP address to bind to the MAC address set below.
Page 241: 230
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 9 MAC Blocked List window To find an unauthorized device MAC address that has been blocked by the IP-MAC binding restrictions, enter the VLAN Name and MAC Address in the appropriate fields and click Find. To delete an entry, click the Delete button next to the entry’s port. To delete all the entries in this window, click Delete All.
Page 242 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Authentication Server The Authentication Server is a remote device that is connected to the same network as the Client and Authenticator, must be running a RADIUS Server program and must be configured properly on the Authenticator (Switch). Clients connected to a port on the Switch must be authenticated by the Authentication Server (RADIUS) before attaining any services offered by the Switch on the LAN.
Page 243: Authentication Process
Figure 6 - 15 The 802.1X Authentication Process The D-Link implementation of 802.1X allows network administrators to choose between two types of Access Control used on the Switch, which are: 1.
Page 244 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Port-Based Network Access Control RADIUS Server Ethernet Switch … 802.1X 802.1X 802.1X 802.1X 802.1X 802.1X 802.1X 802.1X 802.1X Client Client Client Client Client Client Client Client Client Network access controlled port...
Page 245 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch MAC-Based Network Access Control RADIUS Server Ethernet Switch … 802.1X 802.1X 802.1X 802.1X 802.1X 802.1X 802.1X 802.1X 802.1X 802.1X 802.1X 802.1X Client Client Client Client Client Client Client Client Client...
Page 246: Guest Vlans
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Guest VLANs On 802.1X security enabled networks, there is a need for non 802.1X supported devices to gain limited access to the network, due to the lack of the proper 802.1X software or incompatible...
Page 247 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch The following fields may be modified to enable the guest 802.1X VLAN: Parameter Description VLAN Name Enter the pre-configured VLAN name to create as a Guest 802.1X VLAN. Operation The user has four choices in configuring the Guest 802.1X VLAN, which are: Enabled ports –...
Page 248: Configure 802.1X Authenticator
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Configure 802.1X Authenticator This window is used to configure the 802.1X authenticator settings on the Switch. The user may toggle between switches in the switch stack by using the Unit pull-down menu.
Page 249 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 21 802.1X Authenticator Settings window of Unit 1 – Modify This screen allows setting of the following features: Parameter Description Choose the Switch ID number of the Switch in the switch stack to be modified.
Page 250 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch The default setting is Auto. TxPeriod(1-65535) This sets the TxPeriod of time for the authenticator PAE state machine. This value determines the period of an EAP Request/Identity packet transmitted to the client. The default setting is 30 seconds.
Page 251: 802.1X User
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch 802.1X User This window allows the user to set different local users on the Switch and set a global limitation on the maximum number of users that can be learned via 802.1X authentication.
Page 252 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 23 Initialize Port window (Port-based 802.1X) This window allows initialization of a port or group of ports. The Initialize Port Table in the bottom half of the window displays the current status of the port(s).
Page 253: Reauthenticate Port(S)
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch NOTE: The user must first globally enable 802.1X in the DGS-3400 Web Management Tool window before initializing ports. Information in the Initialize Ports Table cannot be viewed before enabling 802.1X.
Page 254: Authentic Radius Server
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch This window displays the following information: Parameter Description Port The port number of the reauthenticated port. MAC Address Displays the physical address of the Switch where the port resides. Auth PAE State The Authenticator State will display one of the following: Initialize, Disconnected, Connecting, Authenticating, Authenticated, Aborting, Held, ForceAuth, ForceUnauth, and N/A.
Page 255 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Description Succession Choose the desired RADIUS server to configure: First, Second or Third. RADIUS Server Set the RADIUS server IP. Authentic Port Set the RADIUS authentic server(s) UDP port. The default port is 1812.
Page 256: Web-Based Access Control (Wac)
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Web-based Access Control (WAC) Web-based Access Control (WAC), also known as Web-based Authentication Login, is a feature designed to authenticate a user when the user is trying to access the Internet via the Switch.
Page 257 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 28 WAC Global State window The following parameters can be configured: Parameter Description WAC Global State Use this drop-down menu to either enable or disable WAC on the Switch.
Page 258: Wac Port Settings
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch is 443. HTTPS cannot run at TCP port 80. If no protocol is specified the protocol used is HTTP. WAC Authorization Network Configuration RADIUS Authorization Specifies to Enable or Disable RADIUS Authorization.
Page 259 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 29 WAC Port Settings window The following parameters can be configured: Parameter Description Unit Use the drop-down menu to select the unit you wish to configure. From/To Enter the range of ports you wish to configure.
Page 260: Wac User Account
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch This parameter specifies the period of time during which there is no traffic for an Idle Time (1-1440 min) authenticated host and the host will be moved back to the unauthenticated state. Enter a value between 1 and 1440 minutes.
Page 261: Wac Host Table Settings
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 32 User Account Modify window The following parameters can be configured: Parameter Description User Name Enter a user name for the new account. Password Enter the password for the user. This field is case-sensitive and must be a complete alphanumeric string.
Page 262: Trust Host
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 33 WAC Host Table Settings window The following parameters can be configured: Parameter Description Enter the ports you wish to Find or Delete. Check the All Ports box to select all ports.
Page 263: Access Authentication Control
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Access Authentication Control The TACACS / XTACACS / TACACS+ / RADIUS commands allow users to secure access to the Switch using the TACACS / XTACACS / TACACS+ / RADIUS protocols. When a user logs in to the Switch or tries to access the administrator level privilege, he or she is prompted for a password.
Page 264: Authentication Policy & Parameter Settings
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Authentication Policy & Parameter Settings This command will enable an administrator-defined authentication policy for users trying to access the Switch. When enabled, the device will check the Login Method List and choose a technique for user authentication upon login.
Page 265: Authentication Server Group
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch The following parameters can be set: Parameter Description Application Lists the configuration applications on the Switch. The user may configure the Login Method List and Enable Method List for authentication for users utilizing the Console (Command Line Interface) application, the Telnet application, SSH and the Web (HTTP) application.
Page 266: Authentication Server Host
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 38 Add a Server Host to Server Group (XTACACS) window To add an Authentication Server Host to the list, enter its IP address in the IP Address field, choose the protocol associated with the IP address of the Authentication Server Host and click Add to add this Authentication Server Host to the group.
Page 267 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 40 Authentication Server Host window To add an Authentication Server Host, click the Add button, revealing the following window: Figure 6 - 41 Authentication Server Host Setting - Add window...
Page 268: Login Method Lists
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch NOTE: More than one authentication protocol can be run on the same physical server host but, remember that TACACS/XTACACS/TACACS+ are separate entities and are not compatible with each other. Login Method Lists This command will configure a user-defined or default Login Method List of authentication techniques for users logging on to the Switch.
Page 269: Enable Method Lists
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 44 Login Method List – Add window To define a Login Method List, set the following parameters and click Apply: Parameter Description Method List Name Enter a method list name defined by the user of up to 15 characters.
Page 270 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch NOTE: To set the Local Enable Password, see the next section, entitled Local Enable Password. To view this window, click Security > Access Authentication Control > Enable Method Lists, as shown below:...
Page 271: Configure Local Enable Password
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch To define an Enable Login Method List, set the following parameters and click Apply: Parameter Description Method List Name Enter a method list name defined by the user of up to 15 characters.
Page 272: Enable Admin
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Enable Admin The Enable Admin window is for users who have logged on to the Switch on the normal user level, and wish to be promoted to the administrator level. After logging on to the Switch, users will have only user level privileges. To gain access to administrator level privileges, the user will open this window and will have to enter an authentication password.
Page 273: Radius Accounting Settings
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch RADIUS Accounting Settings The Accounting feature of the Switch uses a remote RADIUS server to collect information regarding events occurring on the Switch. The following is a list of information that will be sent to the RADIUS server when an event triggers the Switch to send these informational packets.
Page 274 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch There are three types of Accounting that can be enabled on the Switch. Network – When enabled, the Switch will send informational packets to a remote RADIUS server when 802.1X users connect to the physical ports on the switch to access the network.
Page 275: Mac-Based Access Control (Mac)
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch MAC-based Access Control (MAC) The MAC-based Access Control feature will allow users to configure a list of MAC addresses, either locally or on a remote RADIUS server, to be authenticated by the Switch and given access rights based on the configurations set on the Switch of the target VLAN where these authenticated users are placed.
Page 276 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 51 MAC-based Access Control Global Settings window...
Page 277 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch The following parameters may be viewed or set: Parameter Description MAC-based Access Control Global Settings State Use the pull-down menu to globally enable or disable the MAC-based Access Control function on the Switch.
Page 278: Mac-Based Access Control Local Mac Settings
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Aging Time (1-1440 min) Specifies a time period (configurable per port) between 1-1440 minutes, during which an authenticated host will stay in an authenticated state. When the aging time has expired, the host will be moved back to an unauthenticated state.
Page 279: Safeguard Engine
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Safeguard Engine Periodically, malicious hosts on the network will attack the Switch by utilizing packet flooding (ARP Storm) or other methods. These attacks may increase the switch load beyond its capability. To alleviate this problem, the Safeguard Engine function was added to the Switch’s software.
Page 280: Safeguard Engine Settings
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch NOTICE: When Safeguard Engine is enabled, the Switch will allot bandwidth to various traffic flows (ARP, IP) using the FFP (Fast Filter Processor) metering table to control the CPU utilization and limit traffic. This may limit the speed of routing traffic over the network.
Page 281: Traffic Segmentation
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Switch, and will stop receiving all unnecessary broadcast IP packets, until the storm has subsided. The default setting is Fuzzy mode. Safeguard Displays the current mode of the CPU Utilization Settings.
Page 282: Secure Socket Layer (Ssl)
Figure 6 - 58 Setup Forwarding Ports window ® Configuring traffic segmentation on the xStack DGS-3400 Series is accomplished in two parts. First, select a switch in the switch stack by using the Unit pull-down menu, and then specify a port from the switch, using the Port pull-down menu. Next, specify which ports on the switch that are able to receive packets from the switch and port specified in the first part.
Page 283: Ssl
Both the server and the client must have consistent certificate files for optimal use of the SSL function. The ® Switch only supports certificate files with .der file extensions. Currently, all xStack DGS-3400 Series switch come with a certificate pre-loaded though the user may need to download more, depending on user circumstances.
Page 284: Secure Shell (Ssh)
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Key File Name Enter the path and the filename of the key file to download. This file must have a .der extension (Ex. c:/pkey.der) Configuration SSL Status Use the pull-down menu to enable or disable the SSL status on the switch. The default is Disabled.
Page 285: Ssh Server Configuration
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch After completing the preceding steps, a SSH Client on a remote PC can be configured to manage the Switch using a secure, in band connection. SSH Server Configuration The following window is used to configure and view settings for the SSH server.
Page 286: Ssh Authentication Mode And Algorithm Settings
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch SSH Authentication Mode and Algorithm Settings This window allows the configuration of the desired types of SSH algorithms used for authentication encryption. There are three categories of algorithms listed and specific algorithms of each may be enabled or disabled by using their corresponding pull-down menus.
Page 287 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch with a SSH program previously installed. This field is Enabled by default. Encryption Algorithm 3DES-CBC Use the pull-down to enable or disable the Triple Data Encryption Standard encryption algorithm with Cipher Block Chaining. The default is Enabled.
Page 288: Ssh User Authentication Mode
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch SSH User Authentication Mode The following windows are used to configure parameters for users attempting to access the Switch through SSH. To view this window, click Security > SSH > SSH User Authentication Mode, as shown below: Figure 6 - 62 SSH User Authentication Mode window In the example above, the User Account “RG”...
Page 289: Compound Authentication
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Description User Name Enter a User Name of no more than 15 characters to identify the SSH user. This User Name must be a previously configured user account on the Switch.
Page 290 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 66 Compound Authentication Settings window The following parameters may be set: Parameter Description Unit Choose the Unit ID of the switch in the switch stack you wish to configure.
Page 291: Authentication Guest Vlan Settings
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch same port will be granted access to the network. If the user fails the authorization, this port will keep trying until the next authentication. Host Based – Each user can be authenticated individually.
Page 292: Jwac (Japanese Web-Based Access Control)
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch JWAC (Japanese Web-based Access Control) The JWAC folder contains six windows: JWAC Global Configuration, JWAC Port Settings, JWAC User Account, JWAC Host Information, JWAC Customize Page Language Settings and JWAC Customize Page.
Page 293 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 69 JWAC Global State Configuration window...
Page 294 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch To set JWAC for the Switch, complete the following fields: Parameter Description JWAC Global State Settings JWAC Global State Use this drop-down menu to either enable or disable JWAC on the Switch.
Page 295: Jwac Port Settings
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch attempts to the JWAC Login Page forcibly if the Redirect is enabled and the Redirect Destination is configured to be a Quarantine Server. This parameter is used to set the Quarantine Server Error Timeout. When the Quarantine...
Page 296 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 70 JWAC Port Table Parameter window To configure individual JWAC port settings, click the Add button, the following window will be displayed:...
Page 297 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 71 JWAC Port Configuration window To configure the settings by port, click on the corresponding Modify button, which will display the following window: Figure 6 - 72 JWAC Port Configuration window (modify)
Page 298: Jwac User Account
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Idle Time This parameter specifies the period of time during which there is no traffic for an authenticated host and the host will be moved back to the unauthenticated state. Enter a (1-1440 Minutes) value between 1 and 1440 minutes.
Page 299: Jwac Host Information
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 75 JWAC User Accounts window To add another JWAC user account to the Switch, click the Add button, to clear all the existing entries, click the Clear All button.
Page 300: Jwac Customize Page Language Settings
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 77 JWAC Host Table Settings window To search for Hosts, enter the Port list information and click the Search button. To clear an entry, enter the Port list information and click the Delete button.
Page 301: Monitoring
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Section 7 Monitoring Device Status Stacking Information Stacking Device Module Information CPU Utilization Port Utilization Packets Errors Packet Size Browse Router Port Browse MLD Router Port VLAN Status VLAN Status Port...
Page 302: Stacking Information
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Right Fan Displays the status of the Right Fans. Back Fan Displays the status of the Back Fans. CPU Fan Displays the status of the CPU Fans. Stacking Information To change a switch’s default stacking configuration (for example, the order in the stack), see Box Information in the Configuration folder.
Page 303: Stacking Device
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch PROM Version Shows the PROM in use for the Switch. This may be different from the values shown in the illustration. Runtime Version Shows the firmware version in use for the Switch. This may be different from the values shown in the illustrations.
Page 304: Cpu Utilization
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch CPU Utilization This window displays the percentage of the CPU being used, expressed as an integer percentage and calculated as a simple average by time interval. To view this window, click Monitoring > CPU Utilization, as shown below:...
Page 305: Port Utilization
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Port Utilization This window displays the percentage of the total available bandwidth being used on the port. To view this window, click Monitoring > Port Utilization, as shown below: Figure 7 - 6 Port Utilization window To select a port to view these statistics for, first select the Switch in the switch stack by using the Unit pull-down menu and then select the port by using the Port pull-down menu.
Page 306: Packets
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Packets The Web Manager allows various packet statistics to be viewed as either a line graph or a table. Six windows are offered. Received (Rx) This window displays the following graph of packets received on the Switch. To select a port to view these statistics for, first select the Switch in the switch stack by using the Unit pull-down menu and then select the port by using the Port pull-down menu.
Page 307 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 7 - 8 Rx Packets Analysis Table window The following fields may be set or viewed: Parameter Description Time Interval Select the desired setting between 1s and 60s, where "s" stands for seconds. The default value is one second.
Page 308: Umb Cast (Rx)
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch UMB Cast (RX) To select a port to view these statistics for, first select the Switch in the switch stack by using the Unit pull-down menu and then select the port by using the Port pull-down menu. The user may also use the real-time graphic of the Switch and/or switch stack at the top of the window by simply clicking on a port.
Page 309 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 7 - 10 Rx Packets Analysis window (table for Unicast, Multicast, and Broadcast Packets) The following fields may be set or viewed: Parameter Description Time Interval Select the desired setting between 1s and 60s, where "s" stands for seconds. The default value is one second.
Page 310: Transmitted (Tx)
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Transmitted (TX) To select a port to view these statistics for, first select the Switch in the switch stack by using the Unit pull-down menu and then select the port by using the Port pull-down menu. The user may also use the real-time graphic of the Switch and/or switch stack at the top of the web page by simply clicking on a port.
Page 311 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 7 - 12 Tx Packets Analysis window (table for Bytes and Packets) The following fields may be set or viewed: Parameter Description Time Interval Select the desired setting between 1s and 60s, where "s" stands for seconds. The default value is one second.
Page 312: Errors
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Errors The Web Manager allows port error statistics compiled by the Switch's management agent to be viewed as either a line graph or a table. Four windows are offered. Received (RX) To select a port to view these statistics for, first select the Switch in the switch stack by using the Unit pull-down menu and then select the port by using the Port pull-down menu.
Page 313 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 7 - 14 Rx Error Analysis window (table) The following fields can be set: Parameter Description Time Interval Select the desired setting between 1s and 60s, where "s" stands for seconds. The default value is one second.
Page 314: Transmitted (Tx)
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch VLANIngDr Incremented for each packet that is discarded by VLAN ingress checking. Show/Hide Check whether or not to display CRC Error, Under Size, Over Size, Fragment, Jabber, and Drop errors.
Page 315 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 7 - 16 Tx Error Analysis window (table) The following fields may be set or viewed: Parameter Description Time Interval Select the desired setting between 1s and 60s, where "s" stands for seconds. The default value is one second.
Page 316: Packet Size
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Packet Size The Web Manager allows packets received by the Switch, arranged in six groups and classed by size, to be viewed as either a line graph or a table. Two windows are offered. To select a port to view these statistics for, first select the Switch in the switch stack by using the Unit pull-down menu and then select the port by using the Port pull down menu.
Page 317 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch To view the Packet Size Analysis Table window, click the link View Table, which will show the following table: Figure 7 - 18 Rx Size Analysis window (table) The following fields can be set or viewed:...
Page 318: Browse Router Port
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch View Line Chart Clicking this button instructs the Switch to display a line graph rather than a table. Browse Router Port This displays which of the Switch’s ports are currently configured as router ports. A router port configured by a user (using the console or Web-based management interfaces) is displayed as a static router port, designated by S.
Page 319: Vlan Status
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 7 - 20 Browse MLD Snooping Router Port window VLAN Status This allows the VLAN status for each of the Switch's ports to be viewed by VLAN. This window displays the ports on the Switch that are currently Egress (E) or Tag (T) ports.
Page 320: Port Access Control
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 7 - 22 VLAN Status Port window Port Access Control The following screens are used to monitor 802.1X statistics of the Switch, on a per port basis. To view the Port Access Control windows, open the monitoring folder and click the Port Access Control folder.
Page 321 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch State The Authenticator State value can be: Authenticated, Authenticating, or blocked. VLAN ID Displays the assigned VLAN ID. If a port/host is authenticated and the authorization Network is enabled, the assigned VLAN is determined by the VLAN assigned from RADIUS server. If there is no target VLAN information or invalid VLAN information embedded in RADIUS message it will be ignored.
Page 322: Authenticator Statistics
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Authenticator Statistics This table contains the statistics objects for the Authenticator PAE associated with each port. An entry appears in this table for each port that supports the Authenticator function. Enter the ports you wish to view and click Search.
Page 323: Radius Authentication
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch RADIUS Authentication This table contains information concerning the activity of the RADIUS authentication client on the client side of the RADIUS authentication protocol. To view this window, click Monitoring > Port Access Control > RADIUS Authentication, as shown below:...
Page 324 The number of RADIUS packets, which were received from this server on the accounting port and dropped for some other reason. ® Note: To configure 802.1X features for the xStack switch, go to the Administration folder and select Port Access Entity.
Page 325: Mac Address Table
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch MAC Address Table This allows the Switch's dynamic MAC address forwarding table to be viewed. When the Switch learns an association between a MAC address and a port number, it makes an entry into its forwarding table.
Page 326: Igmp Snooping Group
The user may search the IGMP Snooping Group Table by VLAN name by entering it in the top left hand corner and clicking Find. To view all entries click View All Entry. ® NOTE: To configure IGMP snooping for the xStack DGS-3400 Series switch, go to the L2 Features folder and select IGMP Snooping. Configuration and other information concerning IGMP snooping may be found in Section 7 of this manual under IGMP Snooping.
Page 327: Switch Logs
DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch ® NOTE: To configure MLD snooping for the xStack DGS-3400 Series switch, go to the L2 Features folder and select MLD Snooping. Configuration and other information concerning MLD snooping may be found in Section 7 of this manual under MLD Snooping.
Page 328: Browse Arp Table
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Browse ARP Table This window will show current ARP entries on the Switch. To search a specific ARP entry, enter an interface name into the Interface Name or an IP Address and click Find. To clear the ARP Table, click Clear All.
Page 329: Save, Reset And Reboot
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Section 8 Save, Reset and Reboot Reset Reboot System Save Services Logout Reset The Reset function has several options when resetting the Switch. Some of the current configuration parameters can be retained while resetting all other configuration parameters to their factory defaults.
Page 330: Save Services
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Clicking the Yes click-box will instruct the Switch to save the current configuration to non-volatile RAM before restarting the Switch. Clicking the No click-box instructs the Switch not to save the current configuration before restarting the Switch. All of the configuration information entered from the last time Save Changes was executed will be lost.
Page 331: Configuration Information
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Configuration Information The following window is used to view information regarding configuration files saved in the Switch. The Switch can hold two configuration files in its memory. Configuration Files can be uploaded to the Switch using the TFTP services located in the Administration folder.
Page 332: Current Configuration Settings
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Current Configuration Settings The following window is used to select one of the two possible configuration files that can be stored in the Switch as a boot up configuration file, or to select it for deletion from the Switch’s memory.
Page 333: Appendix A
LAN (known as ARP spoofing). This document is intended to introduce the ARP protocol, ARP spoofing attacks, and the countermeasures brought by D-Link’s switches to thwart ARP spoofing attacks. In the process of ARP, PC A will first issue an ARP request to query PC B’s MAC address. The network structure is shown in Figure 1.
Page 334 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Figure 2 When the switch floods the frame of ARP request to the network, all PCs will receive and examine the frame but only PC B will reply the query as the destination IP matched (see Figure 3).
Page 335 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Forwarding Table Port1 00-20-5C-01-11-11 Port2 00-20-5C-01-22-22...
Page 336: How Arp Spoofing Attacks A Network
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch How ARP Spoofing Attacks a Network ARP spoofing, also known as ARP poisoning, is a method to attack an Ethernet network which may allow an attacker to sniff data frames on a LAN, modify the traffic, or stop the traffic altogether (known as a Denial of Service – DoS attack). The principle of ARP spoofing is to send the fake, or spoofed ARP messages to an Ethernet network.
Page 337: Prevent Arp Spoofing Via Packet Content Acl
Figure 5 Prevent ARP Spoofing via Packet Content ACL D-Link managed switches can effectively mitigate common DoS attacks caused by ARP spoofing via a unique Package Content ACL. For the reason that basic ACL can only filter ARP packets based on packet type, VLAN ID, Source, and Destination MAC information, there is a need for further inspections of ARP packets.
Page 338 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Configuration The configuration logic is as follows: 1. Only if the ARP matches Source MAC address in Ethernet, Sender MAC address and Sender IP address in ARP protocol can pass through the switch. (In this example, it is the gateway’s ARP.) 2.
Page 339 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch...
Page 340: Appendix B
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Appendix B Switch Log Entries The following table lists all possible entries and their corresponding meanings that will appear in the System Log of this Switch. Category Event Description Log Information...
Page 341 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Firmware upgrade Unit <unitID>, Firmware by console and "IP: <ipaddr>, was unsuccessful upgrade by console was MAC: <macaddr>" are XOR unsuccessful! (Username: shown in log string, which Warning <username>, IP: <ipaddr>, means if user login by console, MAC: <macaddr>)
Page 342 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch for logging Firmware upgraded Firmware upgraded by console by console and "IP: <ipaddr>, to slave unsuccessfully (Username: MAC: <macaddr>" are XOR unsuccessfully <username>, IP: <ipaddr>, shown in log string, which Warning MAC: <macaddr>)
Page 343 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch invalid community community string! string Topology changed Topology changed (Instance: <instanceID>, Port: Informational <unitID:portNum>) CIST New Root CIST New Root bridge selected selected (MAC: <macaddr>, Priority: Informational <int>) MSTI Root...
Page 344 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Login failed through Login failed through Web from Web authenticated <userIP> authenticated by AAA Warning by AAA local local method (Username: method <username>, MAC: <macaddr>) Successful login Successful login through Web through Web (SSL) (SSL) from <userIP>...
Page 345 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch AAA server <username>) Login failed through Login failed through Console Console due to due to AAA server timeout or AAA server timeout improper configuration Warning or improper (Username: <username>) configuration...
Page 346 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Login failed through Login failed through SSH from SSH authenticated <userIP> authenticated by AAA Warning by AAA server server <serverIP> (Username: <username>, MAC: <macaddr>) Login failed through Login failed through SSH from SSH due to AAA <userIP>...
Page 347 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Successful Enable Successful Enable Admin Admin through SSH through SSH from <userIP> authenticated by authenticated by AAA Informational AAA local_enable local_enable method method (Username: <username>, MAC: <macaddr>) Enable Admin failed...
Page 348 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Enable Admin failed Enable Admin failed through through Web Web from <userIP> authenticated by authenticated by AAA server Warning AAA server <serverIP> (Username: <username>, MAC: <macaddr>) Enable Admin failed Enable Admin failed through through Web due to Web from <userIP>...
Page 349 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch AAA server timed AAA server <serverIP> <protocol> is one of TACACS, (Protocol: <protocol>) Warning XTACACS, TACACS+, connection failed RADIUS AAA server ACK <protocol> is one of TACACS, AAA server <serverIP>...
Page 350 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch VRRP disabled VRRP is disabled Informational Invalid version VRRP receives an invalid Warning packet received version packet Invalid virtual ID VRRP receives an invalid virtual Warning packet received ID packet...
Page 351: Appendix C
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Appendix C Trap Logs This table lists the trap logs found on the DGS-3400 Series Switches. MACNotifyTrap This trap indicates the MAC address 1.3.6.1.4.1.171.11.70.1.2.16.1.2.0 variations in the address table. 1.3.6.1.4.1.171.11.70.2.2.16.1.2.0 1.3.6.1.4.1.171.11.70.3.2.16.1.2.0...
Page 352 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch SafeGuardChgToNormal This trap indicates System change 1.3.6.1.4.1.171.12.19.4.1.0.2 operation mode from exhausted to normal. PktStormOccurred This trap is sent when a packet storm is 1.3.6.1.4.1.171.12.25.5.0.1 detected by the packet storm mechanism and takes shutdown as an action.
Page 353 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch generates a topology change notification. PowerStatusChg Power Status change notification. The 1.3.6.1.4.1.171.12.11.2.2.2.0.1 notification is issued when the swPowerStatus changes in the following cases: lowVoltage -> overCurrent. owVoltage -> working. lowVoltage -> disconnect.
Page 354 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch FanFailure Fan Failure notification. 1.3.6.1.4.1.171.12.11.2.2.3.0.1 FanRecover Fan Recover notification. 1.3.6.1.4.1.171.12.11.2.2.3.0.2 coldStart A coldStart trap signifies that the sending 1.3.6.1.6.3.1.1.5.1 protocol entity is reinitializing itself such that the agent's configuration or the protocol entity implementation may be altered.
Page 355 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch lldpRemTablesChange A lldpRemTablesChange notification is sent 1.0.8802.1.1.2.0.0.1 when the value of lldpStatsRemTableLastChangeTime changes. It can be utilized by an NMS to trigger LLDP remote systems table maintenance polls.
Page 356: Glossary
® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch Glossary 1000BASE-SX: A short laser wavelength on multimode fiber optic cable for a maximum length of 550 meters 1000BASE-LX: A long wavelength for a "long haul" fiber optic cable for a maximum length of 10 kilometers 100BASE-FX: 100Mbps Ethernet implementation over fiber.
Page 357 ® xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch line speed: See baud rate. main port: The port in a resilient link that carries data traffic in normal operating conditions. MDI - Medium Dependent Interface: An Ethernet port connection where the transmitter of one device is connected to the receiver of another device.

This manual is also suitable for:

Xstack dgs-3400 series