Page 1: User Manual
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch ® User Manual ® DGS-3426G Product Model : xStack Layer 2+ Gigabit Ethernet Managed Switch Release 2.61...
Page 2 Corporation. Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products. D-Link Corporation disclaims any proprietary interest in trademarks and trade names other than its own.
Page 3: Table Of Contents
Table of Contents Intended Readers ................................... xi Typographical Conventions ................................... xi Notes, Notices, and Cautions ................................ xi Web-based Switch Configuration ........................1 Introduction ....................................1 Logging in to the Web Manager ..............................1 Web-based User Interface ................................2 Areas of the User Interface ..................................2 Web Pages ......................................
Page 4 User Accounts ....................................30 Password Encryption ..................................31 Port Mirroring ....................................32 Mirroring within the Switch Stack ................................33 System Log ....................................33 System Log Host ......................................33 System Log Save Mode Settings ................................... 35 System Severity Settings ................................35 SNTP Settings ....................................
Page 5 Layer 2 Protocol Tunneling (L2PT) Settings ..........................66 RSPAN ......................................67 RSPAN State Settings ....................................67 RSPAN Settings ......................................67 SNMP Manager .................................... 70 SNMP Settings ......................................70 SNMP Trap Settings ..................................... 71 SNMP User Table ......................................72 SNMP View Table ......................................74 SNMP Group Table ......................................
Page 6 VLAN Segmentation ..................................... 108 VLAN and Trunk Groups ..................................108 Protocol VLANs ....................................108 Static VLAN Entry ..................................... 109 GVRP Settings ......................................111 Double VLANs ......................................112 Regulations for Double VLANs ................................113 Double VLAN Settings ....................................114 PVID Auto Assign ...................................... 116 MAC-based VLAN Settings ..................................
Page 7 LLDP ......................................155 LLDP Global Settings ....................................156 Basic LLDP Port Settings ................................... 157 802.1 Extension LLDP Port Settings ................................158 802.3 Extension LLDP Port Settings ................................160 LLDP Management Address Settings ................................. 162 LLDP Statistics ......................................164 LLDP Management Address Table ................................165 LLDP Local Port Table ....................................
Page 8 IMP Global Settings ....................................226 IMP Port Settings ......................................228 IMP Entry Settings ...................................... 229 DHCP Snooping Entries ..................................... 230 MAC Block List ......................................230 802.1X ......................................231 Guest VLANs......................................236 Limitations Using the Guest VLAN ..............................236 Configure 802.1X Guest VLAN ................................. 236 Configure 802.1X Authenticator Parameter ..............................
Page 9 Multiple Authentication Settings ................................277 Authentication Guest VLAN Settings ................................. 279 JWAC (Japanese Web-based Access Control) ........................... 280 JWAC Global Configuration ..................................280 JWAC Port Settings ....................................283 JWAC User Account ....................................286 JWAC Host Information ..................................... 287 JWAC Customize Page Language Settings ..............................288 JWAC Customize Page ....................................
Page 10 Save, Reset and Reboot ..........................318 Reset ......................................318 Reboot System ................................... 318 Save Services ..................................... 319 Save Changes ......................................319 Configuration Information ..................................320 Current Configuration Settings ................................... 321 Appendix A ..............................322 Mitigating ARP Spoofing Attacks Using Packet Content ACL ........................322 Appendix B ..............................
Page 11: Intended Readers
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Intended Readers ® The xStack DGS-3426G Manual contains information for setup and management of the Switch. This manual is intended for network managers familiar with network management concepts and terminology. Typographical Conventions Convention Description In a command line, square brackets indicate an optional entry.
Page 12: Web-Based Switch Configuration
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Section 1 Web-based Switch Configuration Introduction Logging on to the Web Manager Web-Based User Interface Basic Setup Web Pages Introduction ® All software functions of the xStack DGS-3426G Switch can be managed, configured and monitored via the embedded web- based (HTML) interface.
Page 13: Web-Based User Interface
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 1- 1 Enter Network Password dialog box Leave both the User Name field and the Password field blank and click OK. This will open the Web-based user interface. The Switch management features available in the Web-based manager are explained below. Web-based User Interface The user interface provides access to various Switch configuration and management windows, allows the user to view performance statistics, and permits graphical monitoring of the system status.
Page 14 Area 1 Select the menu or window to display. Open folders and click the hyperlinked menu buttons and subfolders contained within them to display menus. Click the D-Link logo to go to the D-Link website. Area 2 Presents a graphical near real-time image of the front panel of the Switch. This area displays the Switch's ports and expansion modules, showing port activity, duplex mode, or flow control, depending on the specified mode.
Page 15: Web Pages
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Web Pages When connecting to the management mode of the Switch with a web browser, a login screen is displayed. Enter a user name and password to access the Switch's management mode. Below is a list of the main folders available in the Web interface: Administration –...
Page 16: Administration
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Section 2 Administration DGS-3426G Web Management Tool IP Address Interface Settings Stacking Port Configuration User Accounts Password Encryption Port Mirroring System Log System Severity Settings SNTP Settings MAC Notification Settings TFTP Services Multiple Image Services Ping Test IPv6 Neighbor...
Page 17: Device Information
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Device Information The Device Information window contains the main settings for all major functions for the Switch. It appears automatically when you log on to the Switch. To return to the Device Information window after viewing other windows, click the DGS-3426G Web Management Tool folder.
Page 18 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch MAC Address This field specifies the length of time a learned MAC Address will remain in the forwarding table Aging Time without being accessed (that is, how long a learned MAC Address is allowed to remain idle). To change this, type in a different value representing the MAC address age-out time in seconds.
Page 19: Ipv6
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Forward EAPOL The user may use the drop-down menu to Enable or Disable the Forward EAPOL PDU on the Switch. The default setting is Disabled. HOL Prevention If this option is enabled it prevents the forwarding of data to a port that is blocked. Traffic that would normally be sent to the buffer memory of the Switch’s TX queue is dropped so that memory usage is conserved and performance across all ports remains high.
Page 20 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Flow Labeling – This new capability allows packets to be streamlined into certain traffic “flows” if labeled by the sender. In this way, services such as “real time services or non-default quality of service can receive special attention for improved flow quality.
Page 21: Packet Format
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Packet Format As in IPv4, the IPv6 packet consists of the packet header and the payload, but the difference occurs in the packet header which has been amended and improved for better packet flow and processing. The following will outline and detail the IPv6 enhancements and parts of the IPv6 packet, with special attention to the packet header.
Page 22: Extension Headers
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Extension Headers Extension headers are used to identify optional parameters regarding IPv6 packets such as routing, fragmentation of packets or authentication parameters. The types of extension headers supported are Hop-by-Hop, Routing, Fragment, Destination Options, Authentication and Encapsulating Security Payload.
Page 23: Types
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch set of xxxx represents a 16-bit hexadecimal value (ex. 2D83:0C76:3140:0000:0000:020C:417A:3214). Although this address looks long and cumbersome, there are some compression rules that will shorten the format of the IPv6 address to make it more compatible to the user.
Page 24: Icmpv6
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch ICMPv6 Network professionals are already very familiar with ICMP for IPv4, which is an essential tool in the IPv4 network, relaying messages about network problems and the general condition of the network. ICMPv6 is the successor to the IPv4 version and performs many of the same basic functions as its precursor, yet is not compatible with ICMPv4.
Page 25: Duplicate Address Detection (Dad)
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Duplicate Address Detection (DAD) DAD messages are used to specify that there is more than one node on a local link possessing the same IP address. IPv6 addresses are only leased for a defined period of time. When that time expires, the address will become invalid and another address must be addressed to the node.
Page 26: Ip Address
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch The six IP interfaces, each with an IP address (listed in the table above), and a subnet mask of 255.224.0.0 can be entered into the Setup IP Interface window. IP Address The IP Address may initially be set using the console interface prior to connecting to it through the Ethernet.
Page 27: Setting The Switch's Ip Address Using The Console Interface
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Parameter Description BOOTP The Switch will send out a BOOTP broadcast request when it is powered up. The BOOTP protocol allows IP addresses, network masks, and default gateways to be assigned by a central BOOTP server.
Page 28: Interface Settings
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Interface Settings The IP address may initially be set using the console interface prior to connecting to it through the Ethernet. If the Switch IP ® address has not yet been changed, read the introduction of the xStack DGS-3426G CLI Manual for more information.
Page 29: Ipv6 Interface Settings
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch fields. Pull the Interface Admin State drop-down menu to Enabled and click Apply to enter to make the IP interface effective. To view entries in the IP Interface Settings, click the Show All IP Interface Entries hyperlink.
Page 30 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 2 - 8 IPv6 Interface Settings – Edit The following fields may be viewed or modified. Click Apply to set the changes made. Parameter Description This field displays the name for the IP interface or it is used to add a new interface or Interface Name change an existing interface name.
Page 31 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Use the drop-down menu to enable or disable configuration on this interface. Interface Admin State IPv6 Address Use this field to set a Global Unicast Address for the Switch. This address will be used to access the network outside of the local link.
Page 32: Stacking
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch RA Other Configure Use the drop-down menu to enable or disable the Managed flag. When enabled, this will Flag trigger the router to use a stateful autoconfiguration process to get configuration information that is not address information, yet is important to the IPv6 settings of the Switch.
Page 33: Stack Switch Swapping
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch priorities are the same. The Primary master is physically displayed by the seven segment LED to the far right on the front panel of the switch where this LED will flash between its given Box ID and ‘H’. Backup Master –...
Page 34: Stacking Mode Settings
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch If both the Primary Master and the Backup Master are removed, the election process is immediately processed and a new Primary Master and Backup Master are determined. Switches in the stack will clear the configurations of the units removed, and dynamically learned databases, such as ARP, will be cleared as well.
Page 35: Port Configuration
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch NOTE: Configured box priority settings will not be implemented until users physically save it using the Web GUI or the CLI. Port Configuration To view this window, click Administration > Port Configuration > Port Configuration, as shown on the right: To configure switch ports: 1.
Page 36: Port Error Disabled
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Enabled. Medium Type If configuring the Combo ports, this defines the type of transport medium to be used, whether copper or fiber. Speed/Duplex Toggle the Speed/Duplex field to either select the speed and duplex/half-duplex state of the port.
Page 37: Port Description
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Port Description The Switch supports a port description feature where the user may name various ports on the Switch. First use the Unit drop-down menu to choose the switch in the stack to be configured, and then the From and To drop-down menu to choose a port or range of ports to describe.
Page 38: Port Details
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 2 - 16 Port Auto Negotiation Information Table window Port Details This window is used to view detailed port information for individual ports on a particular unit. Use the drop-down menus to select the specific port of the unit you wish to view and click Find.
Page 39: Port Media Type
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 2 - 17 Port Details window Port Media Type This window is used to display the port media type available on each unit. To view a particular switch in the stack, use the drop- down menu to select the unit.
Page 40: Cable Diagnostics
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 2 - 18 Port Media window Cable Diagnostics This window is used to control the cable diagnostics and determine where and what kind of errors have occurred on the cable. This function is primarily used for administrators to view tests on copper cables.
Page 41: User Accounts
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 2 - 19 Cable Diagnostics window User Accounts Use the User Account Management window to control user privileges, create new users and view existing User Accounts. To view this window, click Administration > User Accounts, as shown below: Figure 2 - 20 User Accounts window To add a new user, click on the Add button.
Page 42: Password Encryption
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 2 - 22 User Accounts Modify Table window - Modify Modify or delete an existing user account in this window. Enter the Old Password for the account, the New Password you wish to use, and retype the new password in the Confirm Password field.
Page 43: Port Mirroring
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Port Mirroring The Switch allows you to copy frames transmitted and received on a port and redirect the copies to another port. You can attach a monitoring device to the mirrored port, such as a sniffer or an RMON probe, to view details about the packets passing through the first port.
Page 44: Mirroring Within The Switch Stack
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Mirroring within the Switch Stack Users may configure mirroring between switches in the switch stack but certain conditions and restrictions apply. 1. When mirroring is configured in the stack, the primary master and the backup master will save and synchronize these mirroring configurations in their respective databases.
Page 45 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 2 - 27 Configure System Log Server – Edit window Configure the parameters listed below: Parameter Description Index(1-4) Syslog server settings index (1-4). Server IP The IPv4 address of the Syslog server. Severity This drop-down menu allows you to select the level of messages that will be sent.
Page 46: System Log Save Mode Settings
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Choose Enabled or Disabled to activate or deactivate. Status To set the System Log Server configuration, click Apply. To delete an entry from the System Log Server window, click the corresponding under the Delete heading of the entry to delete.
Page 47: Sntp Settings
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Parameter Description System Severity Choose how the alerts are used from the drop-down menu. Select log to send the alert of the Severity Type configured to the Switch’s log for analysis. Choose trap to send it to an SNMP agent for analysis, or select all to send the chosen alert type to an SNMP agent and the Switch’s log for analysis.
Page 48: Time Zone And Dst
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Parameter Description Current Time: Status System Boot Time Displays the time when the Switch was initially started for this session. Current Time Displays the Current Time. Time Source Displays the time source for the system. Current Time: SNTP Settings SNTP State Use this drop-down menu to Enabled or Disabled SNTP.
Page 49 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Parameter Description Time Zone and DST Settings Daylight Saving Time Use this drop-down menu to enable or disable the DST Settings. State Daylight Saving Time Use this drop-down menu to specify the amount of time that will constitute your local DST Offset in Minutes offset - 30, 60, 90, or 120 minutes.
Page 50: Mac Notification Settings
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch MAC Notification Settings MAC Notification is used to monitor MAC addresses learned and entered into the forwarding database. To view this window, click Administration > MAC Notification Settings, as shown on the right. Global Settings The following parameters may be viewed and modified:...
Page 51: Tftp Services
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch TFTP Services Trivial File Transfer Protocol (TFTP) services allow the Switch's firmware to be upgraded by transferring a new firmware file from a TFTP server to the Switch. A configuration file can also be downloaded into the Switch from a TFTP server. Switch configuration settings can be saved and a history and attack log can be uploaded from the Switch to the TFTP server.
Page 52: Multiple Image Services
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch configuration uploads, select the Image ID of the configuration. Choosing Active will upload the Boot Up Image ID configuration to the TFTP server. And user can upload configuration of Image 1 or 2 by choosing Image ID. Server IPv4 Address Enter the IPv4 address of the server from which to download firmware and configuration or upload configuration and log.
Page 53: Config Firmware Image
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch R – If the IP address has this letter attached to it, it denotes a firmware upgrade through the Console Serial Port (RS-232). T – If the IP address has this letter attached to it, it denotes a firmware upgrade through Telnet. S –...
Page 54: Ipv6 Ping Test
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 2 - 36 IPv4 Ping Test window This window allows the following parameters to be configured. Parameter Description Target IP Enter the Target IP Address to be pinged. Address Repeat Pinging The user may use the Infinite times radio button, in the Repeat Pinging for field, which will tell the ping program to keep sending ICMP Echo packets to the specified IP address until the program is stopped.
Page 55: Ipv6 Neighbor
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 2 - 37 IPv6 Ping Test window This window allows the following parameters to be configured to ping an IPv6 address. Parameter Description IPv6 Address Enter an IPv6 address to be pinged. Interface The Interface field is used for addresses on the link-local network.
Page 56 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 2 - 38 IPv6 Neighbor Settings window The following fields can be configured or viewed: Parameter Description Interface Name Enter the interface name of the IPv6 neighbor you wish to find. Neighbor IPv6 Enter the neighbor IPv6 address of the entry you wish to find.
Page 57: Routing Table
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch specific interface for a link-local IPv6 address. For Global IPv6 addresses, this field may be omitted. Neighbor IPv6 Address The IPv6 address of the neighbor entry. Specify the address using the hexadecimal IPv6 Address (IPv6 Address is hexadecimal number, for example 1234::5D7F/32).
Page 58: Ipv6 Static/Default Route Settings
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Displays whether the entry is Active or Inactive. Status Delete Click the button to delete this entry from the IPv4 Static/Default Route Settings table. To enter an IP Interface into the Switch’s IPv4 Static/Default Route Settings window, click the Add button, revealing the following window to configure: Figure 2 - 41 Static/Default Route Settings –...
Page 59: Gratuitous Arp Settings
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Parameter Description IPv6 Address/PrefixLen The IPv6 address and corresponding Prefix Length of the IPv6 static route entry. The IP Interface where the static IPv6 route is created. Interface Next Hop Address The corresponding IPv6 address for the next hop Gateway address in IPv6 format.
Page 60 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 2 - 44 Gratuitous ARP Settings window The following fields can be set or viewed: Parameter Description Send on IPIF status This is used to enable/disable the sending of gratuitous ARP request packets while an IPIF interface comes up.
Page 61: Static Arp Settings
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Static ARP Settings The Address Resolution Protocol (ARP) is a TCP/IP protocol that converts IP addresses into physical addresses. This table allows network managers to view, define, modify and delete ARP information for specific devices. Static entries can be defined in the ARP Table.
Page 62: Dhcp Auto Configuration Settings
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch DHCP Auto Configuration Settings This window is used to enable the DHCP Autoconfiguration feature on the Switch. When enabled, the Switch is instructed to receive a configuration file from a TFTP server, which will set the Switch to become a DHCP client automatically on boot up. To employ this method, the DHCP server must be set up to deliver the TFTP server IP address and configuration file name information in the DHCP reply packet.
Page 63 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch This field can be toggled between Enabled and Disabled using the drop-down menu. It is Relay State used to enable or disable the DHCP/BOOTP Relay service on the Switch. The default is Disabled Relay Hops Count This field allows an entry between 1 and 16 to define the maximum number of router hops...
Page 64 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch This field can be toggled between Replace, Drop, and Keep by using the drop-down menu. DHCP Relay Agent Information Option 82 It is used to set the Switches policy for handling packets when the DHCP Relay Agent Policy Information Option 82 Check is set to Disabled.
Page 65: The Implementation Of Dhcp Information Option 82
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch The Implementation of DHCP Information Option 82 The config dhcp_relay option_82 command configures the DHCP relay agent information option 82 setting of the switch. The formats for the circuit ID sub-option and the remote ID sub-option are as follows: NOTE: For the circuit ID sub-option of a standalone switch, the module field is always zero.
Page 66: Dhcp/Bootp Relay Interface Settings
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch DHCP/BOOTP Relay Interface Settings This window allows the user to set up a server, by IP address, for relaying DHCP/ BOOTP information. The user may enter a previously configured IP interface on the Switch that will indicate which interface is able to support the dhcp relay function. Properly configured settings will be displayed in the BOOTP Relay Table at the bottom of the following window, once the user clicks the Add button under the Apply heading.
Page 67: Dhcp Relay Option 60 Settings
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Parameter Description Enter the specified IP address for the DHCP relay forward. Relay IP Address Mode Use the drop-down menu to choose either Relay or Drop. When drop is specified, the packet with no matching rules found will be dropped without further process.
Page 68: Dhcp Relay Option 61 Default Settings
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Partial Match – The option 60 string in the packet only needs to partially match the specified string. DHCP Relay Option 61 Default Settings This window is used to configure the DHCP Relay Option 61 Default Settings. These settings are used to determine the rule to process those packets that have no option 61 matching rules.
Page 69: Dhcp Server
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 2 - 58 DHCP Relay Option 61 Add window The following parameters may be configured. Parameter Description Use the drop down menu to select the method of identification for the Client ID either MAC Client ID Address or String.
Page 70: Dhcp Server Exclude Address Settings
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 2 - 59 DHCP Server Global Settings window The following parameters may be configured. Parameter Description DHCP Server Use the drop-down menu to globally enable or disable the switch as a DHCP server. Global State Ping Packets Enter a number between 2 and 10 to denote the number of ping packets that the Switch will send...
Page 71: Dhcp Server Pool Settings
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch DHCP Server Pool Settings The following windows will allow users to create and then set the parameters for the DHCP Pool of the switch’s DHCP server. Users must first create the pool by entering a name of up to 12 alphanumeric characters into the Pool Name field and clicking Apply.
Page 72 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch The following parameters may be configured or viewed. Parameter Description Pool Name Denotes the name of the DHCP pool for which you are currently adjusting the parameters. IP Address Enter the IP address to be assigned to requesting DHCP Clients. This address will not be chosen but the first 3 sets of numbers in the IP address will be used for the IP address of requesting DHCP Clients.
Page 73: Dhcp Server Dynamic Binding
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 2 - 63 DHCP Server Pool Display window DHCP Server Dynamic Binding The following window will allow users to view dynamically bound IP addresses of the DHCP server. These IP addresses are ones that were allotted to clients on the local network and are now bound to the device stated by its MAC address.
Page 74: Dhcp Server Manual Binding
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Pool Name This field will denote the Pool Name of the displayed dynamically bound DHCP entry. IP Address This field will display the IP address allotted to this device by the DHCP Server feature of this Switch.
Page 75: Dhcp Server Screening
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Parameter Description Enter the name of the DHCP pool within which will be created a manual DHCP binding entry. Pool Name IP Address Enter the IP address to be statically bound to a device within the local network that will be specified by entering the Hardware Address in the following field.
Page 76: Dhcp Server Screening Port Settings
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch DHCP Server Screening Port Settings This window is used to enable the settings for the Filter DHCP Server Port Settings. To view this window, click Administration > Filter DHCP Server > Filter DHCP Server Port Settings, as shown below: Figure 2 - 68 DHCP Server Screening Port State Settings window The following parameters may be configured.
Page 77: Layer 2 Protocol Tunneling (L2Pt) Settings
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Layer 2 Protocol Tunneling (L2PT) Settings The Layer 2 Protocol Tunneling (L2PT) supports traffic of multiple customers across service provider networks. L2PT enables the BPDU’s of the same customer’s network to be multicast over specific VLANs in the service provider’s network, which in turn will ensure the same geographically dispersed customer network can implement consistent spanning tree calculations across the service provider network.
Page 78: Rspan
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch RSPAN RSPAN (Remote Switched Port Analyzer) is a feature used to monitor and analyze the traffic passing through ports. The character ‘R’ is short for ‘Remote’ which means that the mirror source ports and the destination port are not on the same Switch. So a remote mirror session consists of at least two switches.
Page 79 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 2 - 71 RSPAN Settings window The following fields can be configured: Parameter Description VLAN Name Enter the name of the VLAN you wish to Add, Find or Delete. VID (1-4094) Enter the VLAN ID of the VLAN you wish to Add Find or Delete.
Page 80 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 2 - 72 RSPAN Settings – Edit window The following fields can be configured: Parameter Description VLAN Name This is the VLAN Name that, along with the VLAN ID, identifies the VLAN which will modify the RSPAN Entries.
Page 81: Snmp Manager
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch SNMP Manager SNMP Settings Simple Network Management Protocol (SNMP) is an OSI Layer 7 (Application Layer) designed specifically for managing and monitoring network devices. SNMP enables network management stations to read and modify the settings of gateways, routers, switches, and other network devices.
Page 82: Snmp Trap Settings
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch SNMP settings are configured using the menus located on the SNMP V3 folder of the web manager. Workstations on the network that are allowed SNMP privileged access to the Switch can be restricted with the Management Station IP Address menu. SNMP Trap Settings The following window is used to enable and disable trap settings for the SNMP function on the Switch.
Page 83: Snmp User Table
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch SNMP User Table This window displays all of the SNMP users currently configured on the Switch. To view this window, click Administration > SNMP Manager > SNMP User Table, as shown below: Figure 2 - 74 SNMP User Table window To delete an existing SNMP User Table entry, click the below the Delete heading corresponding to the entry you wish to...
Page 84 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 2 - 76 SNMP User Table Configuration window The following parameters can set: Parameter Description User Name Enter an alphanumeric string of up to 32 characters. This is used to identify the SNMP user. Group Name This name is used to specify the SNMP group created can request SNMP messages.
Page 85: Snmp View Table
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch SNMP View Table This window is used to assign views to community strings that define which MIB objects can be accessed by a remote SNMP manager. To view this window, click Administration > SNMP Manager > SNMP View Table, as shown below: Figure 2 - 77 SNMP View Table window To delete an existing SNMP View Table entry, click the corresponding button in the Delete column.
Page 86: Snmp Group Table
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch manager can access. To implement your new settings, click Apply. To return to the SNMP View Table window, click the Show All SNMP View Table Entries link. SNMP Group Table An SNMP Group created with this table maps SNMP users (identified in the SNMP User Table) to the views created in the previous menu.
Page 87: Snmp Community Table
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 2 - 81 SNMP Group Table Configuration window The following parameters can set: Parameter Description Group Name Type an alphanumeric string of up to 32 characters. This is used to identify the new SNMP group of SNMP users.
Page 88: Snmp Host Table
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch • Read/write or read-only level permission for the MIB objects accessible to the SNMP community. To view this window, click Administration > SNMP Manager > SNMP Community Table, as shown below: Figure 2 - 82 SNMP Community Table window The following parameters can set: Parameter...
Page 89 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Users now have the choice of adding an IPv4 or an IPv6 host to the SNMP host table. To add a new IPv4 entry to the Switch's SNMP Host Table, click the Add IPv4 Host button in the upper left-hand corner of the window. This will open the SNMP Host Table Configuration window, as shown below.
Page 90: Snmp Engine Id
Category 5 or Category 5E UTP Ethernet cables. The DGS-3426P follows the standard PSE (Power Sourcing Equipment) pinout Alternative A, whereby power is sent out over pins 1, 2, 3 and 6. The DGS-3426P works with all D-Link 802.3af capable devices.
Page 91: Poe System Settings
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch PoE System Settings This window is used to configure PoE settings on the Switch. To view this window, click Administration > PoE > PoE System Settings, as shown below: Figure 2 - 87 PoE System Settings window The following parameters can be configured: Parameter Description...
Page 92 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 2 - 88 PoE Port Settings window The following parameters can be configured: Parameter Description Choose the switch in the switch stack for which to configure the PoE settings. Unit From Port/To Port Select a range of ports from the drop-down menus to be enabled or disabled for PoE.
Page 93: Sflow
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Class 0 – 0.44~12.95W Class 1 – 0.44~3.84W Class 2 – 3.84~6.49W Class 3 – 6.49~12.95W The following is the power limit applied to the port for these four classes. For each class, the power limit is a little more than the power consumption range for that class.
Page 94: Sflow Global Settings
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch sFlow Global Settings The following window is used to globally enable the sFlow feature for the Switch. Simply use the drop-down menu and click Apply to enable or disable sFlow. This window will also display the sFlow version currently being utilized by the Switch, along with the sFlow Address that is the Switch’s IP address.
Page 95 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch deleted. Countdown Time Displays the current time remaining before this Analyzer server times out. When the server times out, all sFlow samples and counter polls associated with this server will be deleted. Address Displays the IP address of the sFlow Analyzer Server.
Page 96: Sflow Sampler Settings
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch is 6343. 65535) Max Datagram Size This field will specify the maximum number of data bytes that can be packaged into a single (300-1400) sFlow datagram. Users may select a value between 300 and 1400 bytes with a default setting of 1400 bytes.
Page 97: Sflow Poller Settings
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 2 - 94 sFlow Sampler Add window The following fields may be set: Parameter Description Select the unit you wish to configure. Unit From… To Choose the beginning and ending range of ports to be configured for packet sampling. Analyzer Server ID Enter the previously configured Analyzer Server ID to state the device that will be receiving (1-4)
Page 98 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 2 - 95 sFlow Counter Poller Settings window The following fields are displayed: Parameter Description Port Displays the port from which packet counter samples are being taken. Analyzer Server ID Displays the ID of the Analyzer Server where datagrams, containing the packet counter polling information taken using this polling mechanism, will be sent.
Page 99: Ip Multicast Vlan Replication
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch every time this interval reaches 0, and this information will be included in the sFlow datagrams 120 sec) that will be sent to the sFlow Analyzer for examination. Ticking the Disabled check box will disable the counter polling for this entry.
Page 100 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 2 - 98 IP Multicast VLAN Replication Settings window Enter a name for the IP Multicast Replication entry and click Apply. The new entry will appear in the IP Multicast VLAN Replication Entries Table.
Page 101 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Multicast IP A multicast IP address list can be entered. Address List A source IP Address can be specified. Source IP Address The following table is used to set the Destination settings, to view this window click the corresponding View button in the IP Multicast VLAN Replication Entries table as shown below: This table is used to configure the destination, so when traffic matches an IP Multicast VLAN Replication entry, it will be replicated based on the destination settings.
Page 102: Single Ip Management (Sim) Overview
DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Single IP Management (SIM) Overview Simply put, D-Link Single IP Management is a concept that will stack switches together over Ethernet instead of using stacking ports or modules. There are some advantages in implementing the "Single IP Management" feature: 1.
Page 103: The Upgrade To V1.61
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch • The user can manually configure a CS to become a CaS. • A MS can become a CaS by: • Being configured as a CaS through the CS. • If report packets from the CS to the MS time out. •...
Page 104: Single Ip Vs. Switch Stacking
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch NOTE: SIM Management does not support IPv6. For users wishing to utilize this function, switches in the SIM group must be configured with IPv4 addresses. IPv6 for SIM management will be supported in a future release of this switch. Single IP vs.
Page 105: Topology
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch a Commander Switch. This is the default setting for the SIM role of the DGS-3426G. Commander – Choosing this parameter will make the Switch a Commander Switch (CS). The user may join other switches to this Switch, over Ethernet, to be part of its SIM group. Choosing this option will also enable the Switch to be configured for SIM.
Page 106 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch The Tree View window holds the following information under the Data tab: Parameter Description Device Name This field will display the Device Name of the switches in the SIM group configured by the user. If no device is configured by the name, it will be given the name default and tagged with the last six digits of the MAC Address to identify it.
Page 107 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch This screen will display how the devices within the Single IP Management Group connect to other groups and devices. Possible icons in this screen are as follows: Icon Description Group Layer 2 commander switch Layer 3 commander switch Commander switch of other group Layer 2 member switch.
Page 108: Tool Tips
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Tool Tips In the Topology view window, the mouse plays an important role in configuration and in viewing device information. Setting the mouse cursor over a specific device in the topology window (tool tip) will display the same information about a specific device as the Tree view does.
Page 109 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 2 - 106 Port Speed Utilizing the Tool Tip...
Page 110: Group Icon
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Right-click Right-clicking on a device will allow the user to perform various functions, depending on the role of the Switch in the SIM group and the icon associated with it. Group Icon Figure 2 - 107 Right-clicking a Group Icon The following options may appear for the user to configure: •...
Page 111: Commander Switch Icon
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch will have no entry in this field. Port Speed Displays the connection speed between the CS and the MS or CaS Commander Switch Icon Figure 2 - 109 Right-clicking a Commander Icon The following options may appear for the user to configure: •...
Page 112: Candidate Switch Icon
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Candidate Switch Icon Figure 2 - 111 Right-clicking a Candidate icon The following options may appear for the user to configure: • Collapse – to collapse the group that will be represented by a single icon. •...
Page 113: Firmware Upgrade
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 2 - 114 Input password dialog • Remove from Group - Remove an MS from the group. Device • Configure - will open the Web manager for the specific device. View •...
Page 114: Configuration Backup/Restore
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Configuration Backup/Restore This window is used to upgrade configuration files from the Commander Switch to the Member Switch. Member Switches will be listed in the table and will be specified by Port (port on the CS where the MS resides), MAC Address, Model Name and Version.
Page 115: L2 Features
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Section 3 L2 Features VLAN Trunking IGMP Snooping MLD Snooping Loop-back Detection Global Settings Spanning Tree Forwarding & Filtering LLDP Q-in-Q The following section will aid the user in configuring security functions for the Switch. The Switch includes various functions for VLAN, Trunking, IGMP Snooping, MLD Snooping, Loop-back Detection Global Settings, Spanning Tree, Forwarding &...
Page 116 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Egress port – A port on a switch where packets are flowing out of the Switch, either to another switch or to an end station, and tagging decisions must be made. IEEE 802.1Q (tagged) VLANs are implemented on the Switch.
Page 117: 802.1Q Vlan Tags
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch 802.1Q VLAN Tags The figure below shows the 802.1Q VLAN tag. There are four additional octets inserted after the source MAC address. Their presence is indicated by a value of 0x8100 in the EtherType field. When a packet's EtherType field is equal to 0x8100, the packet carries the IEEE 802.1Q/802.1p tag.
Page 118: Tagging And Untagging
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Prior to the adoption of 802.1Q VLANs, port-based and MAC-based VLANs were in common use. These VLANs relied upon a Port VLAN ID (PVID) to forward packets. A packet received on a given port would be assigned that port's PVID and then be forwarded to the port that corresponded to the packet's destination address (found in the Switch's forwarding table).
Page 119: Port-Based Vlans
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Packets cannot cross VLANs. If a member of one VLAN wants to connect to another VLAN, the link must be through an external router. NOTE: If no VLANs are configured on the Switch, then all packets will be forwarded to any destination port.
Page 120: Static Vlan Entry
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Switch supports fourteen pre-defined protocols for configuration. The user may also choose a protocol that is not one of the fourteen defined protocols by properly configuring the userDefined protocol VLAN. The supported protocols for the protocol VLAN function on this switch include IP, IPX, DEC LAT, SNAP, NetBIOS, AppleTalk, XNS, SNA, IPv6, RARP and VINES.
Page 121 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch NOTE: The Switch supports up to 4k static VLAN entries. Figure 3 - 6 Static VLAN window – Modify The following fields can then be set in either the Add or Modify 802.1Q Static VLANs windows: Parameter Description Unit...
Page 122: Gvrp Settings
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch GVRP Settings The GVRP Settings window allows the user to determine whether the Switch will share its VLAN configuration information with other GARP VLAN Registration Protocol (GVRP) enabled switches. In addition, Ingress Checking can be used to limit traffic by filtering incoming packets whose PVID does not match the PVID of the port.
Page 123: Double Vlans
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch forwarded to the port for transmission, the port will add an 802.1Q tag using the PVID to write the VID in the tag. When the packet arrives at its destination, the receiving device will use the PVID to make VLAN forwarding decisions.
Page 124: Regulations For Double Vlans
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Network and therefore belong to one VLAN on the Service Provider’s network, thus being a member of two VLANs. In this way, the Customer can retain its normal VLAN and the Service Provider can congregate multiple Customer VLANs within one SP-VLAN, thus greatly regulating traffic and routing on the Service Provider switch.
Page 125: Double Vlan Settings
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Double VLAN Settings This window is used to enable or disable the double VLAN State settings. To view this window click, L2 Features > VLAN > Double VLAN, as shown below: Figure 3 - 9 Double VLAN State Settings window Choose Enabled using the drop-down menu and click Apply.
Page 126 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 3 - 12 Double VLAN Information window Parameters shown in the previous window are explained below: Parameter Description SPVID The VLAN ID number of this potential Service Provider VLAN. VLAN Name The name of the VLAN on the Switch.
Page 127: Pvid Auto Assign
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Click Apply to implement changes made. To configure the parameters for a previously created Service Provider VLAN, click the button of the corresponding SPVID in the Double VLAN State Settings window. The following window will appear for the user to configure. Figure 3 - 14 Double VLAN Configuration window To configure a Double VLAN, enter the following parameters and click Apply.
Page 128: Mac-Based Vlan Settings
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 3 - 15 PVID Auto Assign Settings window When Enabled, PVID will be automatically assigned when adding a port to a VLAN as an untagged member port. MAC-based VLAN Settings This table is used to create new MAC-based VLAN entries and search, edit and delete existing entries.
Page 129: Protocol Vlan Group Settings
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Protocol Type Header in Hexadecimal Form IP over Ethernet 0x0800 IPX 802.3 0xFFFF IPX 802.2 0xE0E0 IPX SNAP 0x8137 IPX over Ethernet2 0x8137 decLAT 0x6004 SNA 802.2 0x0404 netBios 0xF0F0 0x0600 VINES 0x0BAD IPV6...
Page 130: Protocol Vlan Port Settings
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 3 - 18 Protocol VLAN Group – Add window The Add and Modify windows of the Protocol VLAN Group hold the following fields to be configured: Parameter Description Group ID (1-16) Enter an integer from 1 to 16 to identify the protocol VLAN group being created here.
Page 131 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 3 - 19 Protocol VLAN Port Settings window The following fields may be configured: Parameter Description Port List Use this parameter to assign ports to a Protocol VLAN Group or remove them from the Protocol VLAN Group.
Page 132: Trunking
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Trunking Understanding Port Trunk Groups Port trunk groups are used to combine a number of ports together to make a single high-bandwidth data pipeline. DGS-3426G supports up to 32 port trunk groups with 2 to 8 ports in each group. A potential bit rate of 8000 Mbps can be achieved. Figure 3 - 20 Example of Port Trunk Group The Switch treats all ports in a trunk group as a single port.
Page 133: Link Aggregation
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch NOTE: If any ports within the trunk group become disconnected, packets intended for the disconnected port will be load shared among the other linked ports of the link aggregation group. NOTE: Trunking may be done across switches in the switch stack without any limitations.
Page 134 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 3 - 22 Link Aggregation Group Configuration window...
Page 135 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 3 - 23 Link Aggregation Group Configuration window (Modify) The user-changeable parameters are as follows: Parameter Description Select an ID number for the group, between 1 and 32. Group ID State Trunk groups can be toggled between Enabled and Disabled.
Page 136: Lacp Port Settings
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch After setting the previous parameters, click Apply to allow your changes to be implemented. Successfully created trunk groups will be show in the Link Aggregation Group Entries window. NOTE: To configure the Algorithm for Link Aggregation, please refer back to the DGS- 3426G Web Management Tool and select the Link Aggregation Algorithm located on that web page.
Page 137 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 3 - 24 LACP Port Settings window The user may set the following parameters: Parameter Description Unit Select the switch in the switch stack to be modified. From…To A consecutive group of ports may be configured starting with the selected port. Mode Active –...
Page 138: Igmp Snooping
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch dynamically as needs require. In order to utilize the ability to change an aggregated port group, that is, to add or subtract ports from the group, at least one of the participating devices must designate LACP ports as active.
Page 139 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 3 - 26 IGMP Snooping Settings – Edit window The following parameters may be viewed or modified: Parameter Description VLAN ID This is the VLAN ID that, along with the VLAN Name, identifies the VLAN the user wishes to modify the IGMP Snooping Settings for.
Page 140: Router Port Settings
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch table without receiving a membership report. Default = 260. This specifies the maximum amount of time in seconds between the Switch receiving Leave Timer a leave group message from a host, and the Switch issuing a group membership query.
Page 141: Igmp Snooping Static Group Settings
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 3 - 28 Router Port window (Modify) The following parameters can be set: Parameter Description Unit Select the switch in the switch stack to be modified. VID (VLAN ID) This is the VLAN ID that, along with the VLAN Name, identifies the VLAN where the multicast router is attached.
Page 142 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 3 - 29 IGMP Snooping Static Group Settings window The following parameters can be configured: Parameter Description The list of the VLAN IDs for which to create IGMP snooping static group information. VLAN Name The name of the VLAN for which to create IGMP snooping static group information.
Page 143: Ism Vlan Settings
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch To modify an entry, click the corresponding Modify button, the following window will be displayed. Figure 3 - 31 IGMP Static Group Modify window The following fields can be configured: Parameter Description PortList Enter the port number of the entry you wish to Add or Delete.
Page 144 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch The following windows will allow users to create and configure multicast VLANs for the switch. To view this windows, click L2 Features > IGMP Snooping > ISM VLAN Settings, as shown below. Figure 3 - 32 IGMP Snooping Multicast VLAN Table window The previous window displays the settings for previously created Multicast VLANs.
Page 145: Limited Ip Multicast (Igmp Filtering) Address Range Settings
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch 2 and 4094. State Use the drop-down menu to enable or disable the selected Multicast VLAN. Enter a port or list of ports to be added to the Multicast VLAN. Member ports will become the Member Port untagged members of the multicast VLAN.
Page 146 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 3 - 36 Limited IP Multicast Address Range window Click Apply to implement the new settings on the Switch. Click Delete to remove the configured range from the settings. Click Delete All to delete all Limited IP Multicast settings.
Page 147: Mld Snooping
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch MLD Snooping Multicast Listener Discovery (MLD) Snooping is an IPv6 function used similarly to IGMP snooping in IPv4. It is used to discover ports on a VLAN that are requesting multicast data. Instead of flooding all ports on a selected VLAN with multicast traffic, MLD snooping will only forward multicast data to ports that wish to receive this data through the use of queries and reports produced by the requesting ports and the source of the multicast traffic.
Page 148 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 3 - 38 MLD Snooping Settings – Edit window The following parameters may be viewed or modified: Parameter Description VLAN ID This is the VLAN ID that, along with the VLAN Name, identifies the VLAN for which to modify the MLD Snooping Settings.
Page 149: Mld Router Port Settings
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Specifies the maximum amount of time a router can remain in the Switch’s routing Router Timeout table as a listening node of a multicast group without the Switch receiving a node listener report.
Page 150 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 3 - 40 Router Port window (Modify) The following parameters can be set: Parameter Description This is the VLAN ID that, along with the VLAN Name, identifies the VLAN where the MLD VID (VLAN ID) multicast router is attached.
Page 151: Loop-Back Detection Global Settings
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Loop-back Detection Global Settings The Loop-back Detection function is used to identify loops occurring between the Switch and a device that is directly connected to it. This process is accomplished by the use of a Configuration Testing Protocol (CTP) packet that is generated by the switch.
Page 152 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch None – The trap will not be sent in any situation. Loopdetect Trap Loop Detected – The trap is sent when the loop condition is detected. Loop Cleared – The trap is sent when the loop condition is cleared. Both –...
Page 153: Spanning Tree
STP will be familiar to most networking professionals. However, since 802.1w RSTP and 802.1s MSTP has been recently introduced to D-Link managed Ethernet switches, a brief introduction to the technology is provided below followed by a description of how to set up 802.1D STP, 802.1w RSTP and 802.1s MSTP.
Page 154: Edge Port
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch All three protocols calculate a stable topology in the same way. Every segment will have a single path to the root bridge. All bridges listen for BPDU packets. However, BPDU packets are sent more frequently - with every Hello packet. BPDU packets are sent even if a BPDU packet was not received.
Page 155: Stp Bridge Global Settings
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch STP Bridge Global Settings This window is used to configure the STP Bridge Global Settings on the Switch. To view this window, click L2 Features > Spanning Tree > STP Bridge Global Settings, as shown below: Figure 3 - 42 STP Bridge Global Settings window (RSTP - default) Figure 3 - 43 STP Bridge Global Settings window (MSTP)
Page 156 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 3 - 44 STP Bridge Global Settings window (STP Compatible) See the table below for descriptions of the STP versions and corresponding setting options. NOTE: The Hello Time cannot be longer than the Max. Age. Otherwise, a configuration error will occur.
Page 157 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch The Forward Delay can be from 4 to 30 seconds. Any port on the Switch spends this time Forward Delay (4-30 sec) in the listening state while moving from the blocking state to the forwarding state. Max Hops (1-40) Used to set the number of hops between devices in a spanning tree region before the BPDU (bridge protocol data unit) packet sent by the Switch will be discarded.
Page 158: Mst Configuration Identification
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch MST Configuration Identification The following windows allow the user to configure a MSTI instance on the Switch. These settings will uniquely identify a multiple spanning tree instance set on the Switch. The Switch initially possesses one CIST or Common Internal Spanning Tree of which the user may modify the parameters for but cannot change the MSTI ID for, and cannot be deleted.
Page 159 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Parameter Description MSTI ID Enter a number between 1 and 15 to set a new MSTI on the Switch. Type Create is selected to create a new MSTI. No other choices are available for this field when creating a new MSTI.
Page 160: Mstp Port Information
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch The user may configure the following parameters for a MSTI on the Switch. Parameter Description MSTI ID Displays the MSTI ID previously set by the user. Type This field allows the user to choose a desired method for altering the MSTI settings. The user has four choices.
Page 161 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch The user may configure the following parameters: Parameter Description Instance ID Displays the MSTI ID of the instance being configured. An entry of 0 in this field denotes the CIST (default MSTI). Internal Cost This parameter is set to represent the relative cost of forwarding packets to specified ports (0=Auto)
Page 162: Stp Instance Settings
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch STP Instance Settings The following window displays MSTIs currently set on the Switch. To view this window, click L2 Features > Spanning Tree > STP Instance Settings, as shown below: Figure 3 - 51 STP Instance Settings window The following information is displayed: Parameter Description...
Page 163: Stp Port Settings
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch STP Port Settings STP can be set up on a port per port basis. In addition to setting Spanning Tree parameters for use on the switch level, the Switch allows for the configuration of groups of ports, each port-group of which will have its own spanning tree, and will require some of its own configuration settings.
Page 164: Forwarding & Filtering
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch similar to edge ports, however they are restricted in that a P2P port must operate in full duplex. Like edge ports, P2P ports transition to a forwarding state rapidly thus benefiting from RSTP.
Page 165: Multicast Forwarding
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Multicast Forwarding The following window describes how to set up Multicast Forwarding on the Switch. To view this window, click, L2 Features > Forwarding & Filtering >Multicast Forwarding, as shown below: Figure 3 - 55 Static Multicast Forwarding Settings window The Static Multicast Forwarding Settings window displays all of the entries made into the Switch's static multicast forwarding table.
Page 166: Multicast Filtering Mode
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Multicast Filtering Mode This window allows users to configure the Switch to forward or filter the Unregistered Groups per VLAN. To view this window click, L2 Features > Forwarding & Filtering >Multicast Filtering Mode, as shown below: Figure 3 - 57 Multicast Filtering Mode Settings window The following parameters can be set: Parameter...
Page 167: Lldp Global Settings
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch LLDP Global Settings This window is used to configure the LLDP Global Settings on the Switch. When LLDP is enabled the Switch can start to transmit, receive and process LLDP packets. The specific function of each port will depend on the per port LLDP settings. LLDP Global State is Disabled by default.
Page 168: Basic Lldp Port Settings
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Notification LLDP Notification Interval is used to send notifications to configured SNMP trap receiver(s) when Interval (5-3600) an LLDP change is detected in an advertisement received on the port from an LLDP neighbor. To set the LLDP Notification Interval, enter a value in seconds (5 to 3600).
Page 169: 802.1 Extension Lldp Port Settings
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Parameter Description Unit Select the unit to configure. From Port / To Use the drop-down menu to select a range of ports to be configured. Port Notification State Use the drop-down menu to Enable or Disable the status of the LLDP notification. This function controls the SNMP trap, however it cannot implement traps on SNMP when the notification is disabled.
Page 170 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 3 - 60 802.1 Extension LLDP Port Settings window The following parameters can be set:...
Page 171: Extension Lldp Port Settings
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Parameter Description Unit Select the unit you wish to configure. From/To Use the drop-down menu to select a range of ports to be configured. Port VLAN ID Use the drop-down menu to enable or disable the advertised PVID. This TLV optional datatype determines whether the IEEE 802.1 organizationally defined port VLAN TLV transmission is allowed on a given LLDP transmission capable port.
Page 172 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 3 - 61 802.3 Extension LLDP Port Settings window The following parameters can be set: Parameter Description Unit Select the unit you wish to configure. From/To Use the drop-down menu to select a range of ports to be configured. MAC/PHY This function indicates that the LLDP agent should transmit 'MAC/PHY configuration/status Configuration/Status...
Page 173: Lldp Management Address Settings
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch The default state is disable Power Via MDI This specifies that the LLDP agent should transmit 'Power via MDI TLV'. Three IEEE 802.3 PMD implementations (10BASE-T, 100BASE-TX, and 1000BASE-T) allow power to be supplied over the link for connected non-powered systems.
Page 174 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 3 - 62 LLDP Management Address Settings window The following parameters can be set: Parameter Description Unit Select the unit you wish to configure. From/To Port Use the drop-down menu to select a range of ports to be configured. Address Type Use the drop down menu to select either the IPv4 or IPv6 Address.
Page 175: Lldp Statistics
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch LLDP Statistics LLDP Statistics allows you an overview of neighbor detection activity, LLDP Statistics and the settings for individual ports on the Switch. Use the drop-down menu to check a specific unit the information will be displayed in the lower half of the table. To view this window, click L2 Features >...
Page 176: Lldp Management Address Table
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch LLDP Management Address Table The following window is used to set up LLDP management address settings on the Switch. To view this window, click L2 Features > LLDP > LLDP Management Address Settings, as shown below: Figure 3 - 64 LLDP Management Address window The following parameters can be set or displayed: Parameter...
Page 177 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 3 - 65 LLDP Local Port Table window To view Normal or Detailed information on a per port basis click the corresponding View button, which will display the following window:...
Page 178 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 3 - 66 LLDP Local Port Table (View Normal) window To return to the previous window, click the Show LLDP Local Port Brief Table button. To view details of individual parameters click the hyperlinked Show LLDP Local Port Detailed Table which will reveal the following window:...
Page 179: Lldp Remote Port Table
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 3 - 67 LLDP Local Port Table (View Detail) window To return to the LLDP Local Port Table window click the Show LLDP Local Port Brief Table button. To retunt to the previous window, click the Show LLDP Local Port Normal Table.
Page 180 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 3 - 68 LLDP Remote Port Table window Select the port you wish to view by using the drop-down menu and click Find, the information will be displayed in the lower half of the table.
Page 181: Q-In-Q
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Q-in-Q Q-in-Q is designed for service providers to carry traffic from multiple users across a network. Q-in-Q is used to maintain customer specific VLAN and Layer 2 protocol configurations even when the same VLAN ID is being used by different customers. This is achieved by inserting SP-VLAN tags into the customer’s frames when they enter the service provider’s network, and then removing the tags when the frames leave the network.
Page 182: Vlan Translation Settings
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch The following fields can be set: Parameter Description QinQ State Use the drop-down menu to Enable or Disable the Q-in-Q State. When Q-in-Q is Enabled, all network port roles will have NNI ports and their outer TPID set to 0x88a8. All existing static VLANs will run as SP-VLANs.
Page 183 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch The following fields can be set: Parameter Description Unit Select the unit you wish to configure. From/To A consecutive group of ports that are part of the VLAN configuration starting with the selected port.
Page 184: Qos
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Section 4 Bandwidth Control QoS Scheduling Mechanism QoS Output Scheduling 802.1p Default Priority 802.1p User Priority ® The xStack DGS-3426G switch supports 802.1p priority queuing Quality of Service. The following section discusses the implementation of QoS (Quality of Service) and benefits of using 802.1p priority queuing.
Page 185: Understanding Qos
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 4 - 1 An Example of the Default QoS Mapping on the Switch The picture above shows the default priority setting for the Switch. Class-6 has the highest priority of the seven priority classes of service on the Switch.
Page 186 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch • Priority 0 is assigned to the Switch’s Q2 queue. • Priority 1 is assigned to the Switch’s Q0 queue. • Priority 2 is assigned to the Switch’s Q1 queue. • Priority 3 is assigned to the Switch’s Q3 queue.
Page 187: Understanding Ieee 802.1P Priority
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch NOTICE: The Switch contains eight classes of service for each port on the Switch. One of these classes is reserved for internal use on the Switch and is therefore not configurable. All references in the following section regarding classes of service will refer to only the seven classes of service that may be used and configured by the administrator.
Page 188 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 4 - 2 Bandwidth Settings window The following parameters can be set or are displayed: Parameter Description Unit Select the switch in the switch stack to be modified. From/To A consecutive group of ports may be configured starting with the selected port. Type This drop-down menu allows a selection between RX (receive,) TX (transmit,) and Both.
Page 189: Qos Scheduling Mechanism
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch This field allows the input of the data rate that will be the limit for the selected port. The user may Rate (64- 10000000) choose a rate between 64 and 10000000 units, where each unit is defined a 1Kbit/s. Effective Rx Specifies the limitation of the received data rate.
Page 190: Qos Output Scheduling
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch QoS Output Scheduling QoS can be customized by changing the output scheduling used for the hardware classes of service in the Switch. As with any changes to QoS implementation, careful consideration should be given to how network traffic in lower priority classes of service is affected.
Page 191: Configuring The Combination Queue
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Configuring the Combination Queue ® Utilizing the QoS Output Scheduling window shown above, the xStack DGS-3426G can implement a combination queue for forwarding packets. This combination queue allows for a combination of strict and weight-fair (weighted round-robin, or WRR) scheduling for emptying given classes of service.
Page 192 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 4 - 6 802.1p Default Priority window The user may adjust the following parameters: Parameter Description Unit Use the drop-down menu to choose the switch unit from the switch stack. Enter a port range by using the drop-down menus in the From and To fields.
Page 193: 802.1P User Priority
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch 802.1p User Priority ® The xStack DGS-3426G allows the assignment of a class of service to each of the 802.1p priorities. To view this window click, QoS > 802.1P User Priority, as shown below: Figure 4 - 7 802.1p User Priority window Once a priority has been assigned to the port groups on the Switch, then a Class may be assigned to each of the seven levels of 802.1p priorities.
Page 194: Acl (Access Control List)
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Section 5 ACL (Access Control List) Time Range Access Profile Table ACL Flow Meter CPU Interface Filtering Time Range This window is used in conjunction with the Access Profile feature to determine a starting point and an ending point, based on days of the week, when an Access Profile configuration will be enabled on the Switch.
Page 195: Access Profile Table
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch enabled. Tick the Select All Days check box to configure this time range for every day of the week. Click Apply to implement changes made. Currently configured entries will be displayed in the Time Range Information table in the bottom half of the window shown above.
Page 196 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch The following parameters can be set, for the Ethernet type: Parameter Description Type in a unique identifier number for this profile set. This value can be set from 1 to 6. Profile ID (1-6) Type Select profile based on Ethernet (MAC Address), IP, Packet Content or IPv6 address.
Page 197 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 5 - 5 Access Profile Configuration window (IP) The following parameters can be set, for IP: Parameter Description Profile ID (1-6) Type in a unique identifier number for this profile set. This value can be set from 1 to 6. Type Select profile based on Ethernet (MAC Address), IP, Packet Content or IPv6 address.
Page 198 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch • Code - Further specify that the access profile will apply an ICMP code value. Select IGMP to instruct the Switch to examine the Internet Group Management Protocol (IGMP) field in each frame's header. •...
Page 199 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 5 - 7 Access Profile Configuration window (Packet Content) This window will aid the user in configuring the Switch to mask packet headers beginning with the offset value specified. The following fields are used to configure the Packet Content: Parameter Description...
Page 200 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 5 - 8 Access Profile Entry Display window (Packet Content) The page shown below is the IPv6 configuration window. Figure 5 - 9 Access Profile Configuration window (IPv6) The following parameters can be set, for IP: Parameter Description Profile ID (1-6)
Page 201 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 5 - 10 Access Profile Entry Display for IPv6 To establish the rule for a previously created Access Profile: To configure the Access Rule for Ethernet, open the Access Profile Table window and click Modify for an Ethernet entry. This will open the following window: Figure 5 - 11 Access Rule Table window...
Page 202 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch To remove a previously created rule, select it and click the button. To add a new Access Rule, click the Add Rule button: Figure 5 - 12 Access Rule Configuration window (Ethernet) To set the Access Rule for Ethernet, adjust the following parameters and click Apply.
Page 203 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch forwarded by the Switch. For more information on priority queues, CoS queues and mapping for 802.1p, see the QoS section of this manual. Replace DSCP Select this option to instruct the Switch to replace the DSCP value (in a packet that meets the (0-63) selected criteria) with the value entered in the adjacent field.
Page 204 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 5 - 13 Access Rule Display window (Ethernet) To configure the Access Rule for IP, open the Access Profile Table window and click Modify for an IP entry. This will open the following window: Figure 5 - 14 Access Rule Table window (IP) To create a new rule set for an access profile click the Add Rule button.
Page 205 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 5 - 15 Access Rule Configuration window (IP) Configure the following Access Rule Configuration settings for IP: Parameter Description Profile ID This is the identifier number for this profile set. Select Permit to specify that the packets that match the access profile are forwarded by the Mode Switch, according to any additional rule added (see below).
Page 206 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Replace DSCP Select this option to instruct the Switch to replace the DSCP value (in a packet that meets the (0-63) selected criteria) with the value entered in the adjacent field. VLAN Name Allows the entry of a name for a previously configured VLAN.
Page 207 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 5 - 16 Access Rule Display window (IP) To configure the Access Rule for IPv6, open the Access Profile Table window and click Modify for an IPv6 entry. This will open the following window: Figure 5 - 17 Access Rule Table Click Add Rule to open the next window to configure the IPv6 entry for an access rule.
Page 208 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 5 - 18 Access Rule Configuration window (IPv6) Parameter Description Profile ID This is the identifier number for this profile set. Mode Select Permit to specify that the packets that match the access profile are forwarded by the Switch, according to any additional rule added (see below).
Page 209 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch IPv6 header. This flow label field is used by a source to label sequences of packets such as (0-FFFFF) non-default quality of service or real time service packets. The user may specify an IP address mask for the source IPv6 address by entering the IP Source IPv6 Address address mask, in hex form.
Page 210 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 5 - 20 Access Rule Table window (Packet Content Mask) To remove a previously created rule, select it and click the button. To add a new Access Rule, click the Add button: Figure 5 - 21 Access Rule Configuration window (Packet Content Mask) To set the Access Rule for the Packet Content Mask, adjust the following parameters and click Apply.
Page 211 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch in the Port Mirroring window. Port Mirroring must be enabled and a target port must be set. Access ID (1-128) Type in a unique identifier number for this access. This value can be set from 1 to 128. •...
Page 212: Acl Flow Meter
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 5 - 22 Access Profile Entry Display window (Packet Content Mask) NOTE: When using the ACL Mirror function, ensure that the Port Mirroring function is enabled and a target mirror port is set. ACL Flow Meter Before configuring the ACL Flow Meter, here is a list of acronyms and terms users will need to know.
Page 213 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Yellow – When an IP flow is in the yellow mode, its configurable parameters can be set in the Exceed field. Users may choose to either Permit or Drop exceeded packets. Users may also choose to change the DSCP field of the packets. Red –...
Page 214 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 5 - 24 ACL Flow Meter Configuration window (Add) The following fields may be configured: Parameter Description Profile ID (1-6) Enter the pre-configured Profile ID for which to configure the ACL Flow Metering parameters. Access ID (1-128) Enter the pre-configured Access ID for which to configure the ACL Flow Metering parameters.
Page 215 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch CIR – The Committed Information Rate can be set between 1 and 156249. The color rates are based on the following two fields which are used in conjunction with the CIR. CBS –...
Page 216: Cpu Interface Filtering
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch CPU Interface Filtering ® Due to a chipset limitation and needed extra switch security, the xStack DGS-3426G switch incorporates CPU Interface filtering. This added feature increases the running security of the Switch by enabling the user to create a list of access rules for packets destined for the Switch’s CPU interface.
Page 217 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 5 - 28 CPU Interface Filtering Configuration window (Ethernet) Parameter Description Profile ID (1-5) Type in a unique identifier number for this profile set. This value can be set from 1 to 5. Type Select profile based on Ethernet (MAC Address), IP address, IPv6 address or packet content mask.
Page 218 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 5 - 30 CPU Interface Filtering Configuration window (IP) The following parameters may be configured for the IP CPU filter. Parameter Description Profile ID (1-5) Type in a unique identifier number for this profile set. This value can be set from 1 to 5. Type Select profile based on Ethernet (MAC Address), IP address, IPv6 address or Packet Content Mask.
Page 219 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch value. Select IGMP to instruct the Switch to examine the Internet Group Management Protocol (IGMP) field in each frame's header. • Select Type to further specify that the access profile will apply an IGMP type value. Select TCP to use the TCP port number contained in an incoming packet as the forwarding criterion.
Page 220 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 5 - 32 CPU Interface Filtering Configuration window (Packet Content) This screen will aid the user in configuring the Switch to mask packet headers beginning with the offset value specified. The following fields are used to configure the Packet Content Mask: Parameter Description...
Page 221 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch • value (48-63) – Enter a value in hex form to mask the packet from byte 48 to byte 63. • value (64-79) – Enter a value in hex form to mask the packet from byte 64 to byte 79. Click Apply to implement changes made.
Page 222 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Checking this field will instruct the Switch to examine the class field of the IPv6 header. This Class class field is a part of the packet header that is similar to the Type of Service (ToS) or Precedence bits field in IPv4.
Page 223 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 5 - 37 CPU Interface Filtering Table – (Ethernet) To create a new rule set for an access profile click the Add Rule button. A new window is displayed. To remove a previously created rule, click the corresponding button.
Page 224 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Specifies that the access profile will apply only to packets with this hexadecimal 802.1Q Ethernet Ethernet Type type value (hex 0x0-0xffff) in the packet header. The Ethernet type value may be set in the form: hex 0x0-0xffff, which means the user may choose a combination of letters and numbers ranging from a-f and from 0-9.
Page 225 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 5 - 41 CPU Interface Filtering Rule Configuration window (IP) Configure the following Access Rule Configuration settings for IP: Parameter Description Profile ID This is the identifier number for this profile set. Select Permit to specify that the packets that match the access profile are forwarded by the Mode Switch, according to any additional rule added (see below).
Page 226 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 5 - 42 CPU Interface Filtering Rule Display window (IP) The following window is the CPU Interface Filtering Rule Table for Packet Content. Figure 5 - 43 CPU Interface Filtering Rule Table window (Packet Content)
Page 227 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch To remove a previously created rule, select it and click the button. To add a new Access Rule, click the Add Rule button: Figure 5 - 44 CPU Interface Filtering Rule Configuration window (Packet Content)
Page 228 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch To set the Access Rule for Packet Content, adjust the following parameters and click Apply. Parameter Description Profile ID This is the identifier number for this profile set. Select Permit to specify that the packets that match the access profile are forwarded by the Mode Switch, according to any additional rule added (see below).
Page 229 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 5 - 46 CPU Interface Filtering Rule Table window (IPv6) To remove a previously created rule, select it and click the button. To add a new Access Rule, click the Add Rule button: Figure 5 - 47 CPU Interface Filtering Rule Configuration window (IPv6)
Page 230 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch To set the Access Rule for IPv6, adjust the following parameters and click Apply. Parameter Description Profile ID This is the identifier number for this profile set. Select Permit to specify that the packets that match the access profile are forwarded by the Mode Switch, according to any additional rule added (see below).
Page 231: Security
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Section 6 Security Authorization Network State Settings Traffic Control Port Security IP-MAC-Port Binding 802.1X Web-based Access Control (WAC) Trust Host Access Authentication Control MAC-based Access Control (MAC) Safeguard Engine Traffic Segmentation Secure Socket Layer (SSL) Secure Shell (SSH) Multiple Authentication...
Page 232: Traffic Control
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Traffic Control On a computer network, packets such as Multicast packets Broadcast packets continually flood the network as normal procedure. At times, this traffic may increase do to a malicious endstation on the network or a malfunctioning device, such as a faulty network card.
Page 233 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Traffic Storm only. • Storm Cleared – Will send Storm Trap messages when a Traffic Storm has been cleared by the Switch only. • Both – Will send Storm Trap messages when a Traffic Storm has been both detected and cleared by the Switch.
Page 234: Port Security
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch NOTE: Ports that are in Shutdown (Forever) mode will be seen as link down in all windows and screens until the user recovers these ports. Port Security A given port’s (or a range of ports') dynamic MAC address learning can be locked such that the current source MAC addresses entered into the MAC address forwarding...
Page 235: Port Security Entries
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Permanent – The locked addresses will only age out after the Switch has been reset. DeleteOnTimeout – The locked addresses will age out after the aging timer expires. DeleteOnReset – The locked addresses will not age out until the Switch has been reset or rebooted.
Page 236: Ip-Mac-Port Binding
DGS-3426G switch offers IP-MAC-Port Binding (IMPB), a D-Link security application used most often on edge switches directly connected to network hosts. IMPB is also an integral part of D-Link’s End-to-End Security Solution (E2ES). The primary purpose of IP-MAC-Port Binding is to restrict client access to a switch by enabling administrators to configure pairs of client MAC and IP addresses that are allowed to access networks through a switch.
Page 237: Strict And Loose State
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch ACL rules. ACL Mode can be viewed as an enhanced version of ARP Mode because ARP Mode is enabled by default when ACL Mode is selected. Strict and Loose State Other than ACL and ARP mode, users can also configure the state on a port for granular control. There are two states: Strict and Loose, and only one state can be selected per port.
Page 238 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 5 IMP Global Settings window The following parameters can be set: Parameter Description Trap/Log This field will enable and disable the sending of trap log messages for IP-MAC binding. When enabled, the Switch will send a trap log message to the SNMP agent and the Switch log when an ARP packet is received that doesn’t match the IP-MAC binding configuration set on the Switch.
Page 239: Imp Port Settings
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Click Apply to implement the settings made. IMP Port Settings This window is used to configure IMP settings on a port basis. Select a port or a range of ports with the From Port and To Port fields. Enable or disable the port with Strict or Loose State, enable or disable Allow Zero IP and Forward DHCP Packet fields, and configure the port’s Max IMPB entry.
Page 240: Imp Entry Settings
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch setting. Enabled Loose – This mode provides a looser way of control. If the user selects loose mode, the Switch will forward all packets by default. However, it will still inspect incoming ARP packets and compare them with the Switch’s IMPB white list entries.
Page 241: Dhcp Snooping Entries
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 7 IMP Entry Settings window The following fields can be set or modified: Parameter Description Enter the IP address to bind to the MAC address set below. IP Address MAC Address Enter the MAC address to bind to the IP Address set above.
Page 242: 231
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 9 MAC Blocked List window To find an unauthorized device MAC address that has been blocked by the IP-MAC binding restrictions, enter the VLAN Name and MAC Address in the appropriate fields and click Find. To delete an entry, click the Delete button next to the entry’s port. To delete all the entries in this window, click Delete All.
Page 243 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Authentication Server The Authentication Server is a remote device that is connected to the same network as the Client and Authenticator, must be running a RADIUS Server program and must be configured properly on the Authenticator (Switch). Clients connected to a port on the Switch must be authenticated by the Authentication Server (RADIUS) before attaining any services offered by the Switch on the LAN.
Page 244: Authentication Process
Figure 6 - 15 The 802.1X Authentication Process The D-Link implementation of 802.1X allows network administrators to choose between two types of Access Control used on the Switch, which are: 1.
Page 245 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Port-Based Network Access Control RADIUS Server Ethernet Switch … 802.1X 802.1X 802.1X 802.1X 802.1X 802.1X 802.1X 802.1X 802.1X Client Client Client Client Client Client Client Client Client Network access controlled port Network access uncontrolled port Figure 6 - 16 Example of Typical Port-Based Configuration Once the connected device has successfully been authenticated, the Port then becomes Authorized, and all subsequent traffic on...
Page 246 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch MAC-Based Network Access Control RADIUS Server Ethernet Switch … 802.1X 802.1X 802.1X 802.1X 802.1X 802.1X 802.1X 802.1X 802.1X 802.1X 802.1X 802.1X Client Client Client Client Client Client Client Client Client Client Client Client Network access controlled port...
Page 247: Guest Vlans
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Guest VLANs On 802.1X security enabled networks, there is a need for non 802.1X supported devices to gain limited access to the network, due to the lack of the proper 802.1X software or incompatible devices, such as computers running Windows 98 or lower operating systems, or the need for guests to gain access to the network without full authorization or local authentication on the...
Page 248 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Parameter Description VLAN Name Enter the pre-configured VLAN name to create as a Guest 802.1X VLAN. Operation The user has four choices in configuring the Guest 802.1X VLAN, which are: Enabled ports – Selecting this option will enable ports listed in the Port List below, as part of the Guest VLAN.
Page 249: Configure 802.1X Authenticator Parameter
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Configure 802.1X Authenticator Parameter This window is used to configure the 802.1X authenticator settings on the Switch. The user may toggle between switches in the switch stack by using the Unit drop-down menu. To view this window, click Security >...
Page 250 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 21 802.1X Authenticator Settings of Unit 1 – Modify This screen allows setting of the following features: Parameter Description Unit Choose the Switch ID number of the Switch in the switch stack to be modified. From…To Enter the port or ports to be set.
Page 251: 802.1X User
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch TxPeriod(1-65535) This sets the TxPeriod of time for the authenticator PAE state machine. This value determines the period of an EAP Request/Identity packet transmitted to the client. The default setting is 30 seconds.
Page 252: Initialize Port(S)
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 22 802.1X User window This screen allows setting of the following features: Parameter Description Max User (1-4000) Enter the maximum number of users to be allowed. Check the No Limit check box to specify that there will be the maximum number of users.
Page 253: Reauthenticate Port(S)
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch To initialize ports for the MAC side of 802.1X, the user must first enable 802.1X by MAC address in the DGS-3426G Web Management Tool window. Click Security > 802.1X > Initialize Port(s), as shown below: Figure 6 - 24 Initialize Ports window (MAC-based 802.1X) To initialize ports, first choose the switch in the switch stack by using the drop-down menu and then choose the range of ports in the From and To field.
Page 254 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 25 Reauthenticate Port(s) window (Port-based 802.1X) NOTE: The user must first globally enable 802.1X in the DGS-3426G Web Management Tool window before initializing ports. Information in the Initialize Ports Table cannot be viewed before enabling 802.1X. To reauthenticate ports for the MAC side of 802.1X, the user must first enable 802.1X by MAC address in the DGS-3426G Web Management Tool window.
Page 255: Authentic Radius Server
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Authentic RADIUS Server The RADIUS feature of the Switch allows the user to facilitate centralized user administration as well as providing protection against a sniffing, active hacker. The Web Manager offers three windows. To view this window, click Security >...
Page 256: Web-Based Access Control (Wac)
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Web-based Access Control (WAC) Web-based Access Control (WAC), also known as Web-based Authentication Login, is a feature designed to authenticate a user when the user is trying to access the Internet via the Switch. The authentication process uses HTTP protocol.
Page 257 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 28 WAC Global State window The following parameters can be configured: Parameter Description WAC Global State Use this drop-down menu to either enable or disable WAC on the Switch. Web-based Access Control Configuration Method Use the drop down menu to configure the Method, choose between Local or RADIUS.
Page 258: Wac Port Settings
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch If no protocol is specified the protocol used is HTTP. WAC Authorization Network Configuration RADIUS Authorization Specifies to Enable or Disable RADIUS Authorization. Local Authorization Specifies to Enable or Disable Local Authorization. Click Apply to implement changes made.
Page 259 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 29 WAC Port Settings window The following parameters can be configured: Parameter Description Unit Use the drop down menu to select the unit you wish to configure. From…To Enter the range of ports you wish to configure.
Page 260: Wac User Account
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch authenticated host and the host will be moved back to the unauthenticated state. Enter a value between 1 and 1440 minutes. A value of Infinite indicates the Idle state of the authenticated host on the port will never be checked.
Page 261: Wac Host Table Settings
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 32 WAC User Account – Edit window The following parameters can be configured: Parameter Description User Name Enter a user name for the new account. Password Enter the password for the user. This field is case-sensitive and must be a complete alphanumeric string.
Page 262: Trust Host
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 33 WAC Host Table Settings The following parameters can be configured: Parameter Description Port List Enter the ports you wish to Find or Delete. Check the All Ports box to select all ports. State Select the state of the ports.
Page 263: Access Authentication Control
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Access Authentication Control The TACACS / XTACACS / TACACS+ / RADIUS commands allow users to secure access to the Switch using the TACACS / XTACACS / TACACS+ / RADIUS protocols. When a user logs in to the Switch or tries to access the administrator level privilege, he or she is prompted for a password.
Page 264: Authentication Policy & Parameter Settings
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Authentication Policy & Parameter Settings This command will enable an administrator-defined authentication policy for users trying to access the Switch. When enabled, the device will check the Login Method List and choose a technique for user authentication upon login. To view this window, click Security >...
Page 265: Authentication Server Group
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Parameter Description Application Lists the configuration applications on the Switch. The user may configure the Login Method List and Enable Method List for authentication for users utilizing the Console (Command Line Interface) application, the Telnet application, SSH and the Web (HTTP) application.
Page 266: Authentication Server Host
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 38 Add a Server Host to Server Group (XTACACS) window To add an Authentication Server Host to the list, enter its IP address in the IP Address field, choose the protocol associated with the IP address of the Authentication Server Host and click Add to add this Authentication Server Host to the group.
Page 267 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 40 Authentication Server Host window To add an Authentication Server Host, click the Add button, revealing the following window: Figure 6 - 41 Authentication Server Host Setting - Add window Configure the following parameters to add an Authentication Server Host: Parameter Description...
Page 268: Login Method Lists
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch NOTE: More than one authentication protocol can be run on the same physical server host but, remember that TACACS/XTACACS/TACACS+ are separate entities and are not compatible with each other. Login Method Lists This command will configure a user-defined or default Login Method List of authentication techniques for users logging on to the Switch.
Page 269: Enable Method Lists
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 44 Login Method List – Add window To define a Login Method List, set the following parameters and click Apply: Parameter Description Enter a method list name defined by the user of up to 15 characters. Method List Name The user may add one, or a combination of up to four (4) of the following authentication Method 1, 2, 3, 4...
Page 270 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch NOTE: To set the Local Enable Password, see the next section, entitled Local Enable Password. To view this window, click Security > Access Authentication Control > Enable Method Lists, as shown below: Figure 6 - 45 Enable Method List Settings window To delete an Enable Method List defined by the user, click the under the Delete heading corresponding to the entry desired to...
Page 271: Configure Local Enable Password
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Parameter Description Method List Name Enter a method list name defined by the user of up to 15 characters. The user may add one, or a combination of up to four of the following authentication methods Method 1, 2, 3, 4 to this method list: local_enable –...
Page 272: Enable Admin
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Enable Admin The Enable Admin window is for users who have logged on to the Switch on the normal user level, and wish to be promoted to the administrator level. After logging on to the Switch, users will have only user level privileges. To gain access to administrator level privileges, the user will open this window and will have to enter an authentication password.
Page 273: Radius Accounting Settings
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch RADIUS Accounting Settings The Accounting feature of the Switch uses a remote RADIUS server to collect information regarding events occurring on the Switch. The following is a list of information that will be sent to the RADIUS server when an event triggers the Switch to send these informational packets.
Page 274: Mac-Based Access Control (Mac)
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch MAC-based Access Control (MAC) The MAC-based Access Control feature will allow users to configure a list of MAC addresses, either locally or on a remote RADIUS server, to be authenticated by the Switch and given access rights based on the configurations set on the Switch of the target VLAN where these authenticated users are placed.
Page 275 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 51 MAC-based Access Control Global Settings...
Page 276 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch The following parameters may be viewed or set: Parameter Description MAC-based Access Control Global Settings State Use the drop-down menu to globally enable or disable the MAC-based Access Control function on the Switch. Method Use the drop-down menu to choose the type of authentication to be used when authentication MAC addresses on a given port.
Page 277: Mac-Based Access Control Local Mac Settings
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Max User (1-4000) Specifies per port maximum authenticated number of users. The default value is 128. Aging Time (1-1440 min) Specifies a time period (configurable per port) between 1-1440 minutes, during which an authenticated host will stay in an authenticated state.
Page 278: Safeguard Engine
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Safeguard Engine Periodically, malicious hosts on the network will attack the Switch by utilizing packet flooding (ARP Storm) or other methods. These attacks may increase the switch load beyond its capability. To alleviate this problem, the Safeguard Engine function was added to the Switch’s software.
Page 279: Safeguard Engine Settings
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch NOTICE: When Safeguard Engine is enabled, the Switch will allot bandwidth to various traffic flows (ARP, IP) using the FFP (Fast Filter Processor) metering table to control the CPU utilization and limit traffic. This may limit the speed of routing traffic over the network. Safeguard Engine Settings This window is used to enable Safeguard Engine or configure advanced Safeguard Engine settings for the Switch.
Page 280: Traffic Segmentation
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Switch, and will stop receiving all unnecessary broadcast IP packets, until the storm has subsided. The default setting is Fuzzy mode. Safeguard Engine Displays the current mode of the CPU Utilization Settings. Current Status Traffic Segmentation Traffic segmentation is used to limit traffic flow from a single port to a group of ports.
Page 281: Secure Socket Layer (Ssl)
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 58 Setup Forwarding Ports window ® Configuring traffic segmentation on the xStack DGS-3426G switch series is accomplished in two parts. First, select a switch in the switch stack by using the Unit drop-down menu, and then specify a port from the switch, using the Port drop-down menu. Next, specify which ports on the switch that are able to receive packets from the switch and port specified in the first part.
Page 282: Ssl
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch This window is used to download a certificate file for the SSL function on the Switch from a TFTP server. The certificate file is a data record used for authenticating devices on the network. It contains information on the owner, keys for authentication and digital signatures.
Page 283: Secure Shell (Ssh)
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Key File Name Enter the path and the filename of the key file to download. This file must have a .der extension (Ex. c:/pkey.der) Configuration SSL Status Use the drop-down menu to enable or disable the SSL status on the switch. The default is Disabled.
Page 284: Ssh Server Configuration
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch 3. Configure the encryption algorithm that SSH will use to encrypt and decrypt messages sent between the SSH client and the SSH server, using the SSH Authentication Mode and Algorithm Settings window. 4.
Page 285: Ssh Authentication Mode And Algorithm Settings
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Listened Port Enter the virtual port number to be used with this feature. The common port number for SSH Number is 22. SSH Authentication Mode and Algorithm Settings This window allows the configuration of the desired types of SSH algorithms used for authentication encryption. There are three categories of algorithms listed and specific algorithms of each may be enabled or disabled by using their corresponding drop- down menus.
Page 286 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Host-based This field may be enabled or disabled to choose if the administrator wishes to use a host computer for authentication. This parameter is intended for Linux users requiring SSH authentication techniques and the host computer is running the Linux operating system with a SSH program previously installed.
Page 287: Ssh User Authentication Mode
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch SSH User Authentication Mode The following windows are used to configure parameters for users attempting to access the Switch through SSH. To view this window, click Security > SSH > SSH User Authentication Mode, as shown below: Figure 6 - 62 Current Accounts window In the example screen above, the User Account “RG”...
Page 288: Multiple Authentication
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Parameter Description User Name Enter a User Name of no more than 15 characters to identify the SSH user. This User Name must be a previously configured user account on the Switch. The administrator may choose one of the following to set the authorization for users attempting Auth.
Page 289 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 66 Multiple Authentication Settings window The following parameters may be set: Parameter Description Unit Choose the Unit ID of the switch in the switch stack you wish to configure. From/To Select a port or range of ports to be configured.
Page 290: Authentication Guest Vlan Settings
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch keep trying until the next authentication. Host Based – Each user can be authenticated individually. Methods None – Specifies that multiple authentication is not enabled. Any – Specifies that a client will gain access if it passes any of the authentication (802.1X, MAC or JWAC).
Page 291: Jwac (Japanese Web-Based Access Control)
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch JWAC (Japanese Web-based Access Control) The JWAC folder contains six windows: JWAC Global Configuration, JWAC Port Settings, JWAC User Account, JWAC Host Information, JWAC Customize Page Language Settings and JWAC Customize Page. JWAC Global Configuration Use this window to enable and configure Japanese Web-based Access Control on the Switch.
Page 292 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 69 JWAC Global Settings window...
Page 293 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch To set the Web Authentication for the Switch, complete the following fields: Parameter Description JWAC Global State Settings JWAC Global State Use this drop-down menu to either enable or disable JWAC on the Switch. JWAC Configuration Forcible Logout This parameter enables or disables JWAC Forcible Logout.
Page 294: Jwac Port Settings
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch attempts to the JWAC Login Page forcibly if the Redirect is enabled and the Redirect Destination is configured to be a Quarantine Server. Error Timeout (5- This parameter is used to set the Quarantine Server Error Timeout. When the Quarantine Server Monitor is enabled, the JWAC Switch will periodically check if the Quarantine works 300) okay.
Page 295 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 70 JWAC Port Settings window To configure individual JWAC port settings, click the Add button, the following window will be displayed:...
Page 296 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 71 JWAC Port Configuration window To configure the settings by port, click the corresponding Modify button, which will display the following window: Figure 6 - 72 JWAC Port Configuration window To set the JWAC on individual ports for the Switch, complete the following fields: Parameter Description...
Page 297: Jwac User Account
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch JWAC configuration window. Idle Time This parameter specifies the period of time during which there is no traffic for an authenticated host and the host will be moved back to the unauthenticated state. Enter a (1-1440 Minutes) value between 1 and 1440 minutes.
Page 298: Jwac Host Information
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 75 JWAC User Accounts window To add another JWAC user account to the Switch, click the Add button, to clear all the existing entries, click the Clear All button. To modify a JWAC user account, click the corresponding Modify button, which will open the following window: Figure 6 - 76 JWAC User Account Modify Table window The following fields can be configured:...
Page 299: Jwac Customize Page Language Settings
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 77 JWAC Host Table Settings window To search for Hosts, enter the Port list information and click the Search button. To clear an entry, enter the Port list information and click the Delete button.
Page 300 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 79 JWAC Customize Page window This window allows the administrator to customize fields in the JWAC Customize page, enter the new information and click Apply.
Page 301: Monitoring
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Section 7 Monitoring Device Status Stacking Information Stacking Device Module Information CPU Utilization Port Utilization Packets Errors Packet Size Browse Router Port Browse MLD Router Port VLAN Status VLAN Status Port Port Access Control MAC Address Table IGMP Snooping Group...
Page 302: Stacking Information
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Right Fan Displays the status of all Right Fans. Back Fan Displays the status of the Back Fans. CPU Fan Displays the status of the CPU Fans. Stacking Information To change a switch’s default stacking configuration (for example, the order in the stack), see Box Information in the Configuration folder.
Page 303: Stacking Device
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Runtime Version Shows the firmware version in use for the Switch. This may be different from the values shown in the illustrations. H/W Version Shows the hardware version in use for the Switch. This may be different from the values shown in the illustration.
Page 304: Cpu Utilization
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch CPU Utilization This window displays the percentage of the CPU being used, expressed as an integer percentage and calculated as a simple average by time interval. To view this window, click Monitoring > CPU Utilization, as shown below: Figure 7 - 5 CPU Utilization graph To view the CPU utilization by port, use the real-time graphic of the Switch and/or switch stack at the top of the web page by simply clicking on a port.
Page 305: Port Utilization
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Port Utilization This window displays the percentage of the total available bandwidth being used on the port. To view this window, click Monitoring > Port Utilization, as shown below: Figure 7 - 6 Port Utilization window To select a port to view these statistics for, first select the Switch in the switch stack by using the Unit drop-down menu and then select the port by using the Port drop-down menu.
Page 306: Packets
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Packets The Web Manager allows various packet statistics to be viewed as either a line graph or a table. Six windows are offered. Received (Rx) This window displays the following graph of packets received on the Switch. To select a port to view these statistics for, first select the Switch in the switch stack by using the Unit drop-down menu and then select the port by using the Port drop-down menu.
Page 307 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 7 - 8 Rx Packets Analysis Table window The following fields may be set or viewed: Parameter Description Time Interval Select the desired setting between 1s and 60s, where "s" stands for seconds. The default value is one second.
Page 308: Umb Cast (Rx)
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch UMB Cast (RX) To select a port to view these statistics for, first select the Switch in the switch stack by using the Unit drop-down menu and then select the port by using the Port drop-down menu. The user may also use the real-time graphic of the Switch and/or switch stack at the top of the window by simply clicking on a port.
Page 309 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 7 - 10 Rx Packets Analysis window (table for Unicast, Multicast, and Broadcast Packets) The following fields may be set or viewed: Parameter Description Time Interval Select the desired setting between 1s and 60s, where "s" stands for seconds. The default value is one second.
Page 310: Transmitted (Tx)
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Transmitted (TX) To select a port to view these statistics for, first select the Switch in the switch stack by using the Unit drop-down menu and then select the port by using the Port drop-down menu. The user may also use the real-time graphic of the Switch and/or switch stack at the top of the web page by simply clicking on a port.
Page 311 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 7 - 12 Tx Packets Analysis window (table for Bytes and Packets) The following fields may be set or viewed: Parameter Description Time Interval Select the desired setting between 1s and 60s, where "s" stands for seconds. The default value is one second.
Page 312: Errors
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Errors The Web Manager allows port error statistics compiled by the Switch's management agent to be viewed as either a line graph or a table. Four windows are offered. Received (RX) To select a port to view these statistics for, first select the Switch in the switch stack by using the Unit drop-down menu and then select the port by using the Port drop-down menu.
Page 313 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 7 - 14 Rx Error Analysis window (table) The following fields can be set: Parameter Description Time Interval Select the desired setting between 1s and 60s, where "s" stands for seconds. The default value is one second.
Page 314: Transmitted (Tx)
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch VLANIngDr Incremented for each packet that is discarded by VLAN ingress checking. Show/Hide Check whether or not to display CRC Error, Under Size, Over Size, Fragment, Jabber, and Drop errors. Clear Clicking this button clears all statistics counters on this window.
Page 315 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 7 - 16 Tx Error Analysis window (table) The following fields may be set or viewed: Parameter Description Time Interval Select the desired setting between 1s and 60s, where "s" stands for seconds. The default value is one second.
Page 316: Packet Size
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Packet Size The Web Manager allows packets received by the Switch, arranged in six groups and classed by size, to be viewed as either a line graph or a table. Two windows are offered. To select a port to view these statistics for, first select the Switch in the switch stack by using the Unit drop-down menu and then select the port by using the Port drop-down menu.
Page 317 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch To view the Packet Size Analysis Table window, click the link View Table, which will show the following table: Figure 7 - 18 Rx Size Analysis window (table) The following fields can be set or viewed: Parameter Description Time Interval...
Page 318: Browse Router Port
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch View Line Chart Clicking this button instructs the Switch to display a line graph rather than a table. Browse Router Port This displays which of the Switch’s ports are currently configured as router ports. A router port configured by a user (using the console or Web-based management interfaces) is displayed as a static router port, designated by S.
Page 319: Vlan Status
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 7 - 20 Browse MLD Snooping Router Port window VLAN Status This allows the VLAN status for each of the Switch's ports to be viewed by VLAN. This window displays the ports on the Switch that are currently Egress (E) or Tag (T) ports.
Page 320: Port Access Control
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 7 - 22 VLAN Status Port window Port Access Control The following screens are used to monitor 802.1X statistics of the Switch, on a per port basis. To view the Port Access Control windows, open the monitoring folder and click the Port Access Control folder.
Page 321: Authenticator Statistics
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch The user may also view this window if any port/host is authenticated. Parameter Description Port List Enter the port list you wish to find. To view all ports tick the Select All Ports check box. MAC Address Displays the MAC address of the client that is present when configured in mac based mode.
Page 322: Authenticator Diagnostics
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 7 - 25 Authenticator Session Statistics window Authenticator Diagnostics This table contains the diagnostic information regarding the operation of the Authenticator associated with each port. An entry appears in this table for each port that supports the Authenticator function. Enter the ports you wish to view and click Search. To view this window, click Monitoring >...
Page 323 ® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Figure 7 - 28 RADIUS Account Client information The user may also select the desired time interval to update the statistics, between 1s and 60s, where “s” stands for seconds. The default value is one second.
Page 324: Mac Address Table
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch ® Note: To configure 802.1X features for the xStack switch, go to the Administration folder and select Port Access Entity. MAC Address Table This allows the Switch's dynamic MAC address forwarding table to be viewed. When the Switch learns an association between a MAC address and a port number, it makes an entry into its forwarding table.
Page 325: Igmp Snooping Group
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch VLAN Name The VLAN Name of the VLAN of which the port is a member. MAC Address The MAC address entered into the address table. Unit – Port The unit and port to which the MAC address above corresponds. Type Describes the method which the Switch discovered the MAC address.
Page 326: Switch Logs
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch The user may search the MLD Snooping Group Table by VLAN name by entering it in the top left hand corner and clicking Find. To view all entries click View All Entry. ®...
Page 327: Browse Arp Table
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Browse ARP Table This window will show current ARP entries on the Switch. To search a specific ARP entry, enter an interface name into the Interface Name or an IP Address and click Find. To clear the ARP Table, click Clear All. To view this table, click Monitoring >...
Page 328: Browse Routing Table
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Browse Routing Table The Routing Table window may be found in the Monitoring folder. This window shows the current IP routing table of the Switch. To find a specific IP route, enter an IP address along with a proper subnet mask in the two fields offered and click Find. Figure 7 - 36 Routing Table window MAC-based Access Control Authentication Status To clear MAC-based Access Control Authentication entries enter the appropriate information and click Delete.
Page 329: Save, Reset And Reboot
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Section 8 Save, Reset and Reboot Reset Reboot System Save Services Logout Reset The Reset function has several options when resetting the Switch. Some of the current configuration parameters can be retained while resetting all other configuration parameters to their factory defaults.
Page 330: Save Services
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Clicking the Yes click-box will instruct the Switch to save the current configuration to non-volatile RAM before restarting the Switch. Clicking the No click-box instructs the Switch not to save the current configuration before restarting the Switch. All of the configuration information entered from the last time Save Changes was executed will be lost.
Page 331: Configuration Information
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Configuration Information The following window is used to view information regarding configuration files saved in the Switch. The Switch can hold two configuration files in its memory. Configuration Files can be uploaded to the Switch using the TFTP services located in the Administration folder.
Page 332: Current Configuration Settings
® xStack DGS-3426G Layer 2 Gigabit Ethernet Managed Switch Current Configuration Settings The following window is used to select one of the two possible configuration files that can be stored in the Switch as a boot up configuration file, or to select it for deletion from the Switch’s memory. To view this window, click Save Services >...
Page 333: Mitigating Arp Spoofing Attacks Using Packet Content Acl
LAN (known as ARP spoofing). This document is intended to introduce the ARP protocol, ARP spoofing attacks, and the countermeasures brought by D-Link’s switches to thwart ARP spoofing attacks. In the process of ARP, PC A will first issue an ARP request to query PC B’s MAC address. The network structure is shown in Figure 1.
Page 334 When the switch floods the frame of ARP request to the network, all PCs will receive and examine the frame but only PC B will reply the query as the destination IP matched (see Figure 3). Figure 3 When PC B replies to the ARP request, its MAC address will be written into “Target H/W Address” in the ARP payload shown in Table 3.
Page 335 Forwarding Table Port1 00-20-5C-01-11-11 Port2 00-20-5C-01-22-22...
Page 336 How ARP Spoofing Attacks a Network ARP spoofing, also known as ARP poisoning, is a method to attack an Ethernet network which may allow an attacker to sniff data frames on a LAN, modify the traffic, or stop the traffic altogether (known as a Denial of Service – DoS attack). The principle of ARP spoofing is to send the fake, or spoofed ARP messages to an Ethernet network.
Page 337: Example Topology
Figure 5 Prevent ARP Spoofing via Packet Content ACL D-Link managed switches can effectively mitigate common DoS attacks caused by ARP spoofing via a unique Package Content ACL. For the reason that basic ACL can only filter ARP packets based on packet type, VLAN ID, Source, and Destination MAC information, there is a need for further inspections of ARP packets.
Page 338 Configuration The configuration logic is as follows: 1. Only if the ARP matches Source MAC address in Ethernet, Sender MAC address and Sender IP address in ARP protocol can pass through the switch. (In this example, it is the gateway’s ARP.) 2.
Page 340: Switch Log Entries
Appendix B Switch Log Entries The following table lists all possible entries and their corresponding meanings that will appear in the System Log of this Switch. Category Event Description Log Information Severity Remark System started up Unit <unitID>, System started system Critical System warm start Unit <unitID>, System warm...
Page 341 Firmware upgrade Unit <unitID>, Firmware by console and "IP: <ipaddr>, was unsuccessful upgrade by console was MAC: <macaddr>" are XOR unsuccessful! (Username: shown in log string, which Warning <username>, IP: <ipaddr>, means if user login by console, MAC: <macaddr>) will no IP and MAC information for logging Configuration Configuration successfully...
Page 342 for logging Firmware upgraded Firmware upgraded by console by console and "IP: <ipaddr>, to SLAVE unsuccessfully (Username: MAC: <macaddr>" are XOR unsuccessfully <username>, IP: <ipaddr>, shown in log string, which Warning MAC: <macaddr>) means if user login by console, will no IP and MAC information for logging Console Successful login...
Page 343 invalid community community string! string Topology changed Topology changed (Instance: <instanceID>, Port: Informational <unitID:portNum>) CIST New Root CIST New Root bridge selected selected (MAC: <macaddr>, Priority: Informational <int>) MSTI Root MSTI Regional New Root bridge Selected selected (Instance: Informational <isntanceID>, MAC: <macaddr>, Priority: <int>) BPDU Loop Back BPDU Loop Back on Port...
Page 344 Login failed through Login failed through Web from Web authenticated <userIP> authenticated by AAA Warning by AAA local local method (Username: method <username>, MAC: <macaddr>) Successful login Successful login through Web through Web (SSL) (SSL) from <userIP> authenticated by authenticated by AAA local Informational AAA local method method (Username:...
Page 345 AAA server <username>) Login failed through Login failed through Console Console due to due to AAA server timeout or AAA server timeout improper configuration Warning or improper (Username: <username>) configuration Successful login Successful login through Web through Web from <userIP> authenticated by authenticated by AAA server <serverIP>...
Page 346 Login failed through Login failed through SSH from SSH authenticated <userIP> authenticated by AAA Warning by AAA server server <serverIP> (Username: <username>, MAC: <macaddr>) Login failed through Login failed through SSH from SSH due to AAA <userIP> due to AAA server server timeout or timeout or improper Warning...
Page 347 Successful Enable Successful Enable Admin Admin through SSH through SSH from <userIP> authenticated by authenticated by AAA Informational AAA local_enable local_enable method method (Username: <username>, MAC: <macaddr>) Enable Admin failed Enable Admin failed through through SSH SSH from <userIP> authenticated by authenticated by AAA Warning AAA local_enable...
Page 348 Enable Admin failed Enable Admin failed through through Web Web from <userIP> authenticated by authenticated by AAA server Warning AAA server <serverIP> (Username: <username>, MAC: <macaddr>) Enable Admin failed Enable Admin failed through through Web due to Web from <userIP> due to AAA AAA server timeout server timeout or improper Warning...
Page 349 connection failed RADIUS AAA server ACK AAA server <serverIP> <protocol> is one of TACACS, error (Protocol: <protocol>) response Warning XTACACS, TACACS+, is wrong RADIUS AAA does not AAA doesn't support this support this functionality Informational functionality Unauthenticated IP Unauthenticated IP-MAC IP-MAC- PORT address...
Page 350: Trap Logs
Invalid version VRRP receives an invalid Warning packet received version packet Invalid virtual ID VRRP receives an invalid virtual Warning packet received ID packet Invalid checksum VRRP receives an invalid Warning packet received checksum packet Invalid TTL packet Interface <string>, VRID <id> received receives an invalid VRRP TTL Warning...
Page 351 MACNotifyTrap This trap indicates the MAC address 1.3.6.1.4.1.171.11.70.1.2.16.1.2.0.1 variations in the address table. 1.3.6.1.4.1.171.11.70.2.2.16.1.2.0.1 1.3.6.1.4.1.171.11.70.3.2.16.1.2.0.1 1.3.6.1.4.1.171.11.70.7.2.16.1.2.0.1 PortLoopOccurredTrap This trap is sent when a Port loop occurs. 1.3.6.1.4.1.171.11.70.1.2.16.1.2.0.0.3 1.3.6.1.4.1.171.11.70.2.2.16.1.2.0.0.3 1.3.6.1.4.1.171.11.70.3.2.16.1.2.0.0.3 1.3.6.1.4.1.171.11.70.7.2.16.1.2.0.0.3 PortLoopRestart This trap is sent when a Port loop restarts 1.3.6.1.4.1.171.11.70.1.2.16.1.2.0.0.4 after the interval time.
Page 352 FilterDetectedTrap This trap is sent when an illegal DHCP 1.3.6.1.4.1.171.12.37.100.0.1 server is detected. The same illegal DHCP server IP address detected is just sent once to the trap receivers within the log ceasing unauthorized duration. SingleIPMSColdStart Commander switch will send 1.3.6.1.4.1.171.12.8.6.0.11 swSingleIPMSColdStart notification to indicated host when its Member generate...
Page 353 working -> disconnect. fail -> connect. fail -> disconnect. connect -> lowVoltage. connect -> overCurrent. connect -> working. connect -> disconnect. disconnect -> lowVoltage. disconnect -> overCurrent. disconnect -> working. disconnect -> connect. PowerFailure Power Failure notification. The notification 1.3.6.1.4.1.171.12.11.2.2.2.0.2 is issued when the swPowerStatus changes in the following cases: lowVoltage ->...
Page 354 linkUp A linkUp trap signifies that the sending 1.3.6.1.6.3.1.1.5.4 protocol entity recognizes that one of the communication links represented in the agent's configuration has come up. authenticationFailure An authenticationFailure trap signifies 1.3.6.1.6.3.1.1.5.5 that the sending protocol entity is the address of a protocol message that is not properly authenticated.While implementations of the SNMP must be...
Page 355: Glossary
Glossary 1000BASE-SX: A short laser wavelength on multimode fiber optic cable for a maximum length of 550 meters 1000BASE-LX: A long wavelength for a "long haul" fiber optic cable for a maximum length of 10 kilometers 100BASE-FX: 100Mbps Ethernet implementation over fiber. 100BASE-TX: 100Mbps Ethernet implementation over Category 5 and Type 1 Twisted Pair cabling.
Page 356 line speed: See baud rate. main port: The port in a resilient link that carries data traffic in normal operating conditions. MDI - Medium Dependent Interface: An Ethernet port connection where the transmitter of one device is connected to the receiver of another device.

D-Link xStack DGS-3426G User Manual

Web-Based Switch Configuration

Administration

L2 Features

Qos

ACL (Access Control List)

Security

Monitoring

Quick Links

User Manual

Related Manuals for D-Link xStack DGS-3426G

Summary of Contents for D-Link xStack DGS-3426G