Page 2 Corporation. Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products. D-Link Corporation disclaims any proprietary interest in trademarks and trade names other than its own.
Page 3: Table Of Contents
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Table of Contents Preface ......................................x Intended Readers................................... xi Typographical Conventions ................................xi Notes, Notices, and Cautions ................................ xi Safety Instructions ..................................xii Safety Cautions ......................................xii General Precautions for Rack-Mountable Products ............................ xiii Protecting Against Electrostatic Discharge ..............................xiv...
Page 4 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Web-based Switch Configuration.........................22 Introduction....................................22 Login to Web Manager ....................................22 Web-based User Interface .....................................22 Web Pages........................................24 Administration ...............................25 Device Information ..................................26 IP Address....................................28 Port Configuration..................................30 Port Settings ........................................30 Port Error Disabled ..................................
Page 5 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch D-Link Single IP Management ..............................61 Single IP Management (SIM) Overview ...............................61 SIM Using the Web Interface..................................62 Topology ........................................64 Tool Tips........................................66 Right Click ........................................67 Menu Bar ........................................69 Firmware Upgrade ..................................71 Configuration File Backup/Restore..............................
Page 6 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Route Redistribution Settings ..............................114 Static/Default Route Settings ..............................115 Route Preference Settings ................................116 Policy Route Settings ................................. 118 Static ARP Settings..................................120 Static IPv6 ARP Settings ....................................121 Routing Table..................................... 122 Static/Default IP Route Settings..................................122...
Page 7 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Configuring the Combination Queue ................................175 802.1p Default Priority ................................176 802.1p User Priority................................... 177 ACL ................................178 Access Profile Table .................................. 178 CPU Interface Filtering................................189 CPU Interface Filtering State Settings ................................189 CPU Interface Filtering Profile Table .................................189...
Page 8 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch SSH Authentication Mode and Algorithm Settings.............................234 SSH User Authentication ....................................236 Monitoring ..............................237 Device Status ..................................... 237 Module Information ................................... 238 CPU Utilization..................................238 Port Utilization................................... 239 Packets ....................................... 240 Received (RX)......................................240 UMB Cast (RX) ......................................242...
Page 9 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Browse OSPF Virtual Neighbor Table................................271 Switch Log ....................................272 Browse ARP Table......................................272 Browse IPv6 ARP Table .....................................273 Session Table ......................................273 Switch Maintenance.............................274 Reset......................................274 Reboot System ................................... 274 Save Services ..................................... 275 Save Changes ......................................275...
Page 10: Preface
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Preface The xStack DGS-3600 Series User Manual is divided into sections that describe the system installation and operating instructions with examples. Section 1, Introduction - Describes the Switch and its features.
Page 11: Intended Readers
Intended Readers The xStack DGS-3600 Series User Manual contains information for setup and management of the Switch. The term, “the Switch” will be used when referring to all three switches. This manual is intended for network managers familiar with network management concepts and terminology.
Page 12: Safety Instructions
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Safety Instructions Use the following safety guidelines to ensure your own personal safety and to help protect your system from potential damage. Throughout this document, the caution icon ( ) is used to indicate cautions and precautions that you need to review and follow.
Page 13: General Precautions For Rack-Mountable Products
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch • To help protect your system from sudden, transient increases and decreases in electrical power, use a surge suppressor, line conditioner, or uninterruptible power supply (UPS). • Position system cables and power cables carefully; route cables so that they cannot be stepped on or tripped over. Be sure that nothing rests on any cables.
Page 14: Protecting Against Electrostatic Discharge
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch CAUTION: The system chassis must be positively grounded to the rack cabinet frame. Do not attempt to connect power to the system until grounding cables are connected. A qualified electrical inspector must inspect completed power and safety ground wiring. An energy hazard will exist if the safety ground cable is omitted or disconnected.
Page 15: Introduction
DGS-3600 Series The DGS-3600 switch series is a member of the D-Link xStack switch family. xStack is a complete family of stackable devices that ranges from edge 10/100Mbps switches to core Gigabit switches. xStack provides unsurpassed performance, fault tolerance, scalable flexibility, robust security, standard-based interoperability and an impressive support for 10 Gigabit technology to future- proof departmental and enterprise network deployments with an easy migration path.
Page 16: Features
DGS-3600 Series Layer 3 Stackable Fast Ethernet Managed Switch The DGS-3627G contains twenty-four 1000Mbps SFP (Small Form Factor Portable) ports, in addition to four 1000BASE-T located on the front panel. The SFP combo ports are to be used with fiber-optical transceiver cabling in order to uplink various other networking devices for a gigabit link that may span great distances.
Page 17: Xstack Dgs-3600 Series
One female DCE RS-232 DB-9 One female DCE RS-232 DB-9 console port console port console port The following table lists the features and compatibility for each type of port present in the xStack DGS-3600 series. 10/100/1000BASE-T SFP Combo 1000BASE-T Combo 10GE Module IEEE 802.3 compliant...
Page 18: Front-Panel Components
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Front-Panel Components DGS-3627 • Twenty-four 10/100/1000BASE-T ports • Four Combo SFP ports located to the right • One female DCE RS-232 DB-9 console port • LEDs for Power, Console, RPS, Link/Act/Speed and 10GE for each port •...
Page 19: Ports
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch LEDs The following table lists the LEDs located on models of the xStack DGS-3600 switch along with their corresponding description: LED Indicator Color Status Description Green Solid Power On Power Dark...
Page 20: Rear Panel Description
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Rear Panel Description The rear panels of the DGS-3627, DGS-3627G and the DGS-3650 are described below. DGS-3627 and DGS-3627G The rear panel of DGS-3627 and DGS-3627G contains an AC power connector, an outlet for an optional external RPS and three slots for additional 10GE optional modules.
Page 21: Side Panel Description
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Side Panel Description The right-hand side panel of the Switch contains a system fan and ventilation along the entire right side. The left hand panel includes a system fan and a heat vent. The system fans are used to dissipate heat. Do not block these openings on either side of the Switch.
Page 22: 10Ge Uplink Modules
10GE Uplink Modules At the rear of the xStack DGS-3600 series switches reside optional module slots. This slot may be equipped with the DEM-410X single-port 10GE XFP uplink module, or a DEM-410CX single-port 10GE CX4 uplink module, both sold separately.
Page 23: Installing The Sfp Ports
Installing the SFP ports The xStack DGS-3600 Series switches are equipped with SFP (Small Form Factor Portable) ports, which are to be used with fiber-optical transceiver cabling in order to uplink various other networking devices for a gigabit link that may span great distances.
Page 24: Installation
DCE RS-232 console cable • If any item is missing or damaged, please contact your local D-Link Reseller for replacement. Before You Connect to the Network The site where you install the Switch may greatly affect its performance. Please follow these guidelines for setting up the Switch.
Page 25: Installing The Switch Without The Rack
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Installing the Switch without the Rack When installing the Switch on a desktop or shelf, the rubber feet included with the Switch should first be attached. Attach these cushioning feet on the bottom at each corner of the device. Allow enough ventilation space between the Switch and any other objects in the vicinity.
Page 26: Mounting The Switch In A Standard 19" Rack
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Mounting the Switch in a Standard 19" Rack CAUTION: Installing systems in a rack without the front and side stabilizers installed could cause the rack to tip over, potentially resulting in bodily injury under certain circumstances. Therefore, always install the stabilizers before installing components in the rack.
Page 27: Rps Installation
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch RPS Installation Follow the instructions below to connect an RPS power supply to the Switch (DPS-500). The DPS-500 is a redundant power- supply unit designed to conform to the voltage requirements of the switches being supported. DPS-500 can be installed into the DPS-900, or DPS-800.
Page 28: Connect To Rps
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Connect to RPS The DPS-200 is connected to the Master Switch using a 14-pin DC power cable. A standard, three-pronged AC power cable connects the redundant power supply to the main power source.
Page 29: Connecting The Switch
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Section 3 Connecting the Switch Switch to End Node Switch to Hub or Switch Connecting to Network Backbone or Server NOTE: All 10/100/1000Mbps NWay Ethernet ports can support both MDI- II and MDI-X connections.
Page 30: Switch To Hub Or Switch
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Switch to Hub or Switch These connections can be accomplished in a number of ways using a normal cable. A 10BASE-T hub or switch can be connected to the Switch via a twisted-pair Category 3, 4 or 5 UTP/STP cable.
Page 31: Connecting To Network Backbone Or Server
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Connecting To Network Backbone or Server The two Mini-GBIC combo ports are ideal for uplinking to a network backbone or server. The copper ports operate at a speed of 1000, 100 or 10Mbps in full duplex mode. The fiber optic ports can operate at 1000Mbps in full duplex mode. Connections to the Gigabit Ethernet ports are made using fiber optic cable or Category 5 copper cable, depending on the type of port.
Page 32: Introduction To Switch Management
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Section 4 Introduction to Switch Management Management Options Web-based Management Interface SNMP-Based Management Managing User Accounts Command Line Console Interface through the Serial Port Connecting the Console Port (RS-232 DCE) First Time Connecting to the Switch...
Page 33 12. Enter the commands to complete your desired tasks. Many commands require administrator-level access privileges. Read the next section for more information on setting up user accounts. See the xStack DGS-3600 Series CLI Manual on the documentation CD for a list of all commands and additional information on using the CLI.
Page 34: First Time Connecting To The Switch
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch First Time Connecting to the Switch The Switch supports user-based security that can allow you to prevent unauthorized users from accessing the Switch or changing its settings. This section tells how to log onto the Switch.
Page 35: Snmp Settings
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Successful creation of the new administrator account will be verified by a Success message. • NOTE: Passwords are case sensitive. User names and passwords can be up to 15 characters in length.
Page 36: Ip Address Assignment
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Traps Traps are messages that alert network personnel of events that occur on the Switch. The events can be as serious as a reboot (someone accidentally turned OFF the Switch), or less serious like a port status change. The Switch generates traps and sends them to the trap recipient (or network manager).
Page 37 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Alternatively, you can enter config ipif System ipaddress xxx.xxx.xxx.xxx/z. Where the x's represent the IP address to be assigned to the IP interface named System and the z represents the corresponding number of subnets in CIDR notation.
Page 38: Web-Based Switch Configuration
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Section 5 Web-based Switch Configuration Introduction Login to Web manager Web-Based User Interface Web Pages Introduction All software functions of the Switch can be managed, configured and monitored via the embedded web-based (HTML) interface.
Page 39: Areas Of The User Interface
Area 1 Select the menu or window to be displayed. The folder icons can be opened to display the hyper- linked menu buttons and subfolders contained within them. Click the D-Link logo to go to the D-Link website. Area 2 Presents a graphical near real-time image of the front panel of the Switch.
Page 40: Web Pages
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Web Pages When you connect to the management mode of the Switch with a web browser, a login window is displayed. Enter a user name and password to access the Switch's management mode.
Page 41: Administration
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Section 6 Administration Device Information (DGS-3600 Web Management Tool) IP Address Port Configuration User Accounts Port Mirroring System Log Settings System Severity Settings SNTP Settings MAC Notification Settings TFTP Services File System Services...
Page 42: Device Information
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Device Information The Device Information window contains the main settings for all major functions for the Switch and appears automatically when you log on. To return to the Device Information window,...
Page 43 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch IGMP Snooping To enable system-wide IGMP Snooping capability select Enabled. IGMP snooping is Disabled by default. Enabling IGMP snooping allows you to specify use of a multicast router only (see below). To configure IGMP Snooping for individual VLANs, use the IGMP Snooping located in the IGMP Snooping folder contained in the L2 Features folder.
Page 44: Ip Address
The IP Address may initially be set using the console interface prior to connecting to it through the Ethernet. If the Switch IP address has not yet been changed, read the introduction of the xStack DGS-3600 Series CLI Manual or return to Section 4 of this manual for more information.
Page 45 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch The Switch will send out a DHCP broadcast request when it is powered up. The DHCP protocol DHCP allows IP addresses, network masks, and default gateways to be assigned by a DHCP server. If this option is set, the Switch will first look for a DHCP server to provide it with this information before using the default or previously entered settings.
Page 46: Port Configuration
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Port Configuration This section contains information for configuring various attributes and properties for individual physical ports, including port speed and flow control. Port Settings Click Administration > Port Configuration > Port Settings to display the following window: To configure switch ports: 1.
Page 47 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Parameter Description From…. To Use the pull-down menus to select the port or range of ports to be configured. State Toggle this field to either enable or disable a given port or group of ports.
Page 48: Port Error Disabled
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Port Error Disabled The following window will display the information about ports that have had their connection status disabled, for reasons such as STP loopback detection or link down status. To view this window, click Port Configuration > Port Error Disabled.
Page 49: Port Description
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Port Description The Switch supports a port description feature where the user may name various ports on the Switch. To assign names to various ports, click Administration > Port Configuration > Port Description to view the...
Page 50: User Accounts
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch User Accounts Use the User Account Management window to control user privileges. To view existing User Accounts, open the Administration folder and click on the User Accounts link. This will open the User Account Management window, as shown below.
Page 51: Port Mirroring
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Port Mirroring The Switch allows you to copy frames transmitted and received on a port and redirect the copies to another port. You can attach a monitoring device to the mirrored port, such as a sniffer or an RMON probe, to view details about the packets passing through the first port.
Page 52: System Log Settings
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch System Log Settings The Switch can send Syslog messages to up to four designated servers using the System Log Server. In the Administration folder, click System Log Settings, to view the window shown below.
Page 53 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch kernel messages user-level messages mail system system daemons security/authorization messages messages generated internally by syslog line printer subsystem network news subsystem UUCP subsystem clock daemon security/authorization messages FTP daemon NTP subsystem...
Page 54: System Severity Settings
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch System Severity Settings The Switch can be configured to allow alerts be logged or sent as a trap to an SNMP agent or both. The level at which the alert triggers either a log entry or a trap message can be set as well. Use the System Severity Settings menu to set the criteria for alerts.
Page 55: Sntp Settings
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch SNTP Settings Time Settings To configure the time settings for the Switch, open the Administration folder. Then the SNTP Settings folder and click on the Time Settings link, revealing the following window for the user to configure.
Page 56: Time Zone And Dst
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Time Zone and DST The following are windows used to configure time zones and Daylight Savings time settings for SNTP. Open the Administration folder, then the SNTP Settings folder and click on the Time Zone and DST link, revealing the following window.
Page 57 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch DST Repeating Settings Using repeating mode will enable DST seasonal time adjustment. Repeating mode requires that the DST beginning and ending date be specified using a formula. For example, specify to begin DST on Saturday during the second week of April and end DST on Sunday during the last week of October.
Page 58: Mac Notification Settings
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch MAC Notification Settings MAC Notification is used to monitor MAC addresses learned and entered into the forwarding database. To globally set MAC notification on the Switch, open the following window by opening the MAC Notification Settings in the Administration folder.
Page 59: Tftp Services
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch TFTP Services Trivial File Transfer Protocol (TFTP) services allow the Switch's firmware to be upgraded by transferring a new firmware file from a TFTP server to the Switch. A configuration file can also be loaded into the Switch from a TFTP server.
Page 60: File System Services
File System Services The xStack DGS-3600 switch series contains a 16-megabyte Flash memory where the user may store files for further use on the Switch. The user may place over 200 re-nameable files on the FAT 16 mode Flash memory, of which the user has the option of setting firmware images and configuration files as boot up files, upon the next reboot of the Switch.
Page 61: Directory
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Directory The Directory window allows users to view files stored in the flash memory of the Switch. In future releases, more than one drive may be located in the Flash drive, but for this release, the only drive located on the Flash memory of the Switch is C:. Therefore, to view files located on C:, the user should enter C: into the Drive ID field and click Find.
Page 62: Ping Test
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Ping Test Ping is a small program that sends ICMP Echo packets to the IP address you specify. The destination node then responds to or "echoes" the packets sent from the Switch. This is very useful to verify connectivity between the Switch and other nodes on the network.
Page 63: Time Range
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Time Range The Time Range window is used in conjunction with the Access Profile feature to determine a starting point and an ending point, based on days of the week, when an Access Profile configuration will be enabled on the Switch. Once configured here, the time range settings are to be applied to an access profile rule using the Access Profile table.
Page 64: Snmp Manager
SNMP version used for specific tasks. The xStack DGS-3600 Series supports the Simple Network Management Protocol (SNMP) versions 1, 2c, and 3. The administrator can specify the SNMP version used to monitor and control the Switch. The three versions of SNMP vary in the level of security provided between the management station and the network device.
Page 65: Snmp Traps Settings
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch SNMP Traps Settings The following window is used to enable and disable trap settings for the SNMP function on the Switch. To view this window for configuration, click Administration > SNMP Manager > SNMP Trap Settings: Figure 6- 25.
Page 66 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Auth-Protocol None - Indicates that no authorization protocol is in use. MD5 - Indicates that the HMAC-MD5-96 authentication level will be used. SHA - Indicates that the HMAC-SHA authentication protocol will be used.
Page 67: Snmp View Table
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch SNMP View Table The SNMP View Table is used to assign views to community strings that define which MIB objects can be accessed by a remote SNMP manager. To view the SNMP View Table window, open the SNMP Manager folder under Administration and click the SNMP View Table entry.
Page 68: Snmp Group Table
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch SNMP Group Table An SNMP Group created with this table maps SNMP users (identified in the SNMP User Table) to the views created in the previous menu. To view the SNMP Group Table window, open the SNMP Manager folder in the Administration folder and click the SNMP Group Table entry.
Page 69: Snmp Community Table Configuration
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch The following parameters can set: Parameter Description Group Name Type an alphanumeric string of up to 32 characters. This is used to identify the new SNMP group of SNMP users. Read View Name This name is used to specify the SNMP group created can request SNMP messages.
Page 70: Snmp Host Table
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Parameter Description Community Name Type an alphanumeric string of up to 32 characters that is used to identify members of an SNMP community. This string is used like a password to give remote SNMP managers access to MIB objects in the Switch's SNMP agent.
Page 71: Snmp Engine Id
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch SNMP Engine ID The Engine ID is a unique identifier used for SNMP V3 implementations. This is an alphanumeric string used to identify the SNMP engine on the Switch. To display the...
Page 72: Ip-Mac Binding
The maximum number of IP-MAC binding entries is dependant on chip capability (e.g. the ARP table size) and storage size of the device. For the xStack DGS-3600 Series switches, the maximum number of IP-MAC Binding entries is 500.
Page 73 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Figure 6- 41. Access Rule Display windows for IP MAC Binding NOTE: When configuring the ACL mode function of the IP-MAC binding function, please pay close attention to previously set ACL entries. Since the ACL mode entries will fill the first two available access profiles and access profile IDs denote the ACL priority, the ACL mode entries may take precedence over other configured ACL entries.
Page 74: Ip-Mac Binding Port
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch IP-MAC Binding Port To enable or disable IP-MAC binding on specific ports, click IP-MAC Binding Port in the IP-MAC Binding folder on the Administration Menu to open the IP-MAC Binding Ports Setting window.
Page 75: Ip-Mac Binding Table
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch IP-MAC Binding Table The window shown below can be used to create IP-MAC binding entries. Click the IP-MAC Binding Table on the IP-MAC Binding folder on the Administration menu to view the IP-MAC Binding Setting window. Enter the IP and MAC addresses of the authorized users in the appropriate fields and click Add.
Page 76: Ip-Mac Binding Blocked
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch IP-MAC Binding Blocked To view unauthorized devices that have been blocked by IP-MAC binding restrictions open the IP-MAC Binding Blocked window show below. Click IP-MAC Binding Blocked in the IP-MAC Blocked folder on the Configuration menu to open the IP-MAC Binding Blocked window.
Page 77: D-Link Single Ip Management
D-Link Single IP Management Single IP Management (SIM) Overview Simply put, D-Link Single IP Management is a concept that will stack switches together over Ethernet instead of using stacking ports or modules. There are some advantages in implementing the "Single IP Management" feature: 1.
Page 78: Sim Using The Web Interface
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch The Upgrade to v1.6 To better improve SIM management, the xStack DGS-3600 series switches have been upgraded to version 1.61 in this release. Many improvements have been made, including: 1. The Commander Switch (CS) now has the capability to automatically rediscover member switches that have left the SIM group, either through a reboot or web malfunction.
Page 79 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch If the Switch Administrator wishes to configure the Switch as a Commander Switch (CS), select commander from the Role State field and click Apply. The following parameters can be set: Parameters...
Page 80: Topology
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Topology The Topology window will be used to configure and manage the Switch within the SIM group and requires Java script to function properly on your computer. The Java Runtime Environment on your server should initiate and lead you to the topology window, as seen below.
Page 81 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Figure 6- 48. Topology view This screen will display how the devices within the Single IP Management Group are connected to other groups and devices. Possible icons in this screen are as follows:...
Page 82: Tool Tips
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Tool Tips In the Topology view window, the mouse plays an important role in configuration and in viewing device information. Setting the mouse cursor over a specific device in the topology window (tool tip) will display the same information about a specific device as the Tree view does.
Page 83: Right Click
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Right Click Right clicking on a device will allow the user to perform various functions, depending on the role of the Switch in the SIM group and the icon associated with it.
Page 84: Commander Switch Icon
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Commander Switch Icon Figure 6- 53. Right Clicking a Commander Icon The following options may appear for the user to configure: Collapse - to collapse the group that will be represented by a single icon.
Page 85: Menu Bar
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Add to group - add a candidate to a group. Clicking this option will reveal the following screen for the user to enter • a password for authentication from the Candidate Switch before being added to the SIM group. Click OK to enter the password or Cancel to exit the window.
Page 86 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch NOTE: Upon this firmware release, some functions of the SIM can only be configured through the Command Line Interface. See the DGS-3600 CLI Manual for more information on SIM and its configurations.
Page 87: Firmware Upgrade
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Firmware Upgrade This screen is used to upgrade firmware from the Commander Switch to the Member Switch. To access the following window, click Administration > Single IP Management Settings > Firmware Upgrade. Member Switches will be listed in the table and will be specified by Port (port on the CS where the MS resides), MAC Address, Model Name and Version.
Page 88: Layer 2 Features
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Section 7 Layer 2 Features VLAN Trunking IGMP Snooping MLD Snooping Spanning Tree Forwarding & Filtering The following section will aid the user in configuring security functions for the Switch. The Switch includes various functions for VLAN, Trunking, IGMP Snooping, Spanning Tree, and Forwarding, all discussed in detail in the following section.
Page 89: Ieee 802.1Q Vlans
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Notes About VLANs on the DGS-3600 Series No matter what basis is used to uniquely identify end nodes and assign these nodes VLAN membership, packets cannot cross VLANs without a network device performing a routing function between the VLANs.
Page 90: Q Vlan Tags
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch 802.1Q VLAN Tags The figure below shows the 802.1Q VLAN tag. There are four additional octets inserted after the source MAC address. Their presence is indicated by a value of 0x8100 in the EtherType field. When a packet's EtherType field is equal to 0x8100, the packet carries the IEEE 802.1Q/802.1p tag.
Page 91: Port Vlan Id
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Port VLAN ID Packets that are tagged (are carrying the 802.1Q VID information) can be transmitted from one 802.1Q compliant network device to another with the VLAN information intact. This allows 802.1Q VLANs to span network devices (and indeed, the entire network, if all network devices are 802.1Q compliant).
Page 92: Default Vlans
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Default VLANs The Switch initially configures one VLAN, VID = 1, called "default." The factory default setting assigns all ports on the Switch to the "default." As new VLANs are configured in Port-based mode, their respective member ports are removed from the "default."...
Page 93: Guest Vlans
Protocol VLANs The xStack DGS-3600 Switch Series incorporates the idea of protocol-based VLANs. This standard, defined by the IEEE 802.1v standard maps packets to protocol-defined VLANs by examining the type octet within the packet header to discover the type of protocol associated with it.
Page 94: Static Vlan Entry
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Protocol Type Header in Hexadecimal Form IP over Ethernet 0x0800 IPX 802.3 0xFFFF IPX 802.2 0xE0E0 IPX SNAP 0x8137 IPX over Ethernet2 0x8137 decLAT 0x6004 SNA 802.2 0x0404 netBios 0xF0F0 0x0600...
Page 95 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Figure 7- 7. 802.1Q Static VLAN window - Add To return to the 802.1Q Static VLANs window, click the Show All Static VLAN Entries link. To change an existing 802.1Q VLAN entry, click the Modify button of the corresponding entry to modify. A new menu will appear to configure the port settings and to assign a unique name and number to the new VLAN.
Page 96 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Parameter Description VID (VLAN ID) Allows the entry of a VLAN ID in the Add window, or displays the VLAN ID of an existing VLAN in the Modify window. VLANs can be identified by either the VID or the VLAN name.
Page 97 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch vines - Using this parameter will instruct the Switch to forward packets to this VLAN if the tag in the packet header is concurrent with this protocol. This packet header information is defined by the Banyan Virtual Integrated Network Service (VINES) Protocol.
Page 98: Gvrp Setting
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch GVRP Setting In the L2 Features menu, open the VLAN folder and click GVRP Settings. The GVRP Settings window, shown left, allows you to determine whether the Switch will share its VLAN configuration information with other GARP VLAN Registration Protocol (GVRP) enabled switches.
Page 99: Guest Vlan
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Guest VLAN In the Security menu, open the 802.1X folder and click Configure 802.1X Guest VLAN, which will display the following window for the user to configure. Remember, to set a Guest 802.1X VLAN, the user must first configure a normal VLAN which can be enabled here for Guest VLAN status.
Page 100: Trunking
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Trunking Understanding Port Trunk Groups Port trunk groups are used to combine a number of ports together to make a single high-bandwidth data pipeline. DGS-3600 Series supports up to 32 port trunk groups with 2 to 8 ports in each group. A potential bit rate of 8000 Mbps can be achieved.
Page 101: Link Aggregation
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Link aggregation allows several ports to be grouped together and to act as a single link. This gives a bandwidth that is a multiple of a single link's bandwidth. Link aggregation is most commonly used to link a bandwidth intensive network device or devices, such as a server, to the backbone of a network.
Page 102 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Figure 7- 14. Link Aggregation Group Configuration - Modify The user-changeable parameters are as follows: Parameter Description Group ID Select an ID number for the group, between 1 and 32. State Trunk groups can be toggled between Enabled and Disabled.
Page 103: Lacp Port Settings
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch LACP Port Settings The LACP Port Settings window is used in conjunction with the Link Aggregation window to create port trunking groups on the Switch. Using the following window, the user may set which ports will be active and passive in processing and sending LACP control frames.
Page 104: Igmp Snooping
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch IGMP Snooping Internet Group Management Protocol (IGMP) snooping allows the Switch to recognize IGMP queries and reports sent between network stations or devices and an IGMP host. When enabled for IGMP snooping, the Switch can open or close a port to a specific device based on IGMP messages passing through the Switch.
Page 105 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Parameter Description VLAN ID This is the VLAN ID that, along with the VLAN Name, identifies the VLAN for which to modify the IGMP Snooping Settings. VLAN Name This is the VLAN Name that, along with the VLAN ID, identifies the VLAN for which to modify the IGMP Snooping Settings.
Page 106: Router Port Settings
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Router Port Settings A static router port is a port that has a multicast router attached to it. Generally, this router would have a connection to a WAN or to the Internet. Establishing a router port will allow multicast packets coming from the router to be propagated through the network, as well as allowing multicast messages (IGMP) coming from the network to be propagated to the router.
Page 107: Limited Ip Multicast Range
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Limited IP Multicast Range The Limited IP Multicast Range window allows the user to specify which multicast address(es) reports are to be received on specified ports on the Switch. This function...
Page 108: Mld Snooping
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch MLD Snooping Multicast Listener Discovery (MLD) Snooping is an IPv6 function used similarly to IGMP snooping in IPv4. It is used to discover ports on a VLAN that are requesting multicast data. Instead of flooding all ports on a selected VLAN with multicast traffic, MLD snooping will only forward multicast data to ports that wish to receive this data through the use of queries and reports produced by the requesting ports and the source of the multicast traffic.
Page 109 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Figure 7- 22. MLD Snooping Settings - Edit window The following parameters may be viewed or modified: Parameter Description VLAN ID This is the VLAN ID that, along with the VLAN Name, identifies the VLAN for which to modify the MLD Snooping Settings.
Page 110: Mld Router Port Settings
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Done Timer Specifies the maximum amount of time a router can remain in the Switch after receiving a done message from the group without receiving a node listener report. The user may specify a time between 1 and 16711450 with a default setting of 2 seconds.
Page 111 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Figure 7- 24. Router Port- Modify window The following parameters can be set: Parameter Description VID (VLAN ID) This is the VLAN ID that, along with the VLAN Name, identifies the VLAN where the MLD multicast router is attached.
Page 112: Spanning Tree
STP will be familiar to most networking professionals. However, since 802.1w RSTP and 802.1s MSTP has been recently introduced to D-Link managed Ethernet switches, a brief introduction to the technology is provided below followed by a description of how to set up 802.1D STP, 802.1w RSTP and 802.1s MSTP.
Page 113: Edge Port
Switch, such as BPDU packets looped back from an unmanaged switch connected to the DGS- 3600 Series switches. To maintain the consistency of the throughput, the xStack DGS-3600 Series switches implement the STP Loopback Detection function.
Page 114 Neighbor switches of the xStack DGS-3600 Series switches must have the capability to forward BPDU packets. Switches • the fail to meet this requirement will disable this function for the port in question on the xStack DGS-3600 Series switches. Loopback Detection is globally enabled for the switch, yet the port-by-port default setting is disabled.
Page 115: Stp Bridge Global Settings
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch STP Bridge Global Settings To open the following window, open the Spanning Tree folder in the L2 Features menu and click the STP Bridge Global Settings link. Figure 7- 25. STP Bridge Global Settings window – RSTP (default) Figure 7- 26.
Page 116 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch NOTE: The Hello Time cannot be longer than the Max. Age. Otherwise, a configuration error will occur. Observe the following formulas when setting the above parameters: Max. Age <= 2 x (Forward Delay - 1 second) Max.
Page 117: Mst Configuration Identification
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch MST Configuration Identification The following screens in the MST Configuration Identification window allow the user to configure a MSTI instance on the Switch. These settings will uniquely identify a multiple spanning tree instance set on the Switch. The Switch initially possesses one CIST or Common Internal Spanning Tree of which the user may modify the parameters for but cannot change the MSTI ID for, and cannot be deleted.
Page 118 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Parameter Description MSTI ID Enter a number between 1 and 15 to set a new MSTI on the Switch. Type Create is selected to create a new MSTI. No other choices are available for this field when creating a new MSTI.
Page 119: Mstp Port Information
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch The user may configure the following parameters for a MSTI on the Switch. Parameter Description MSTI ID Displays the MSTI ID previously set by the user. Type This field allows the user to choose a desired method for altering the MSTI settings. The user has four choices.
Page 120: Stp Instance Settings
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Parameter Description Instance ID Displays the MSTI ID of the instance being configured. An entry of 0 in this field denotes the CIST (default MSTI). Internal cost This parameter is set to represent the relative cost of forwarding packets to specified ports (0=Auto) when an interface is selected within a STP instance.
Page 121: Stp Port Settings
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Parameter Description MSTI ID Displays the MSTI ID of the instance being modified. An entry of 0 in this field denotes the CIST (default MSTI). Type The Type field in this window will be permanently set to Set Priority Only.
Page 122 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch The following STP Port Settings fields can be set: Parameter Description From/To A consecutive group of ports may be configured starting with the selected port. External Cost This defines a metric that indicates the relative cost of forwarding packets to the specified port list.
Page 123: Forwarding
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Forwarding Unicast Forwarding The following figure and table describe how to set up Multicast Forwarding on the Switch. Open the Forwarding & Filtering folder in the L2 Features menu and click on the Unicast Forwarding link.
Page 124: Multicast Filtering Mode
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Figure 7- 39. Setup Static Multicast Forwarding Table window The following parameters can be set: Parameter Description The VLAN ID of the VLAN to which the corresponding MAC address belongs. Multicast MAC The MAC address of the static source of multicast packets.
Page 125 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Parameter Description VLAN Name The VLAN to which the specified filtering action applies. Select the All option to apply the action to all VLANs on the Switch. This drop-down menu allows you to select the action the Switch will take when it receives a Filtering Mode multicast packet that requires forwarding to a port in the specified VLAN.
Page 126: Layer 3 Features
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Section 8 Layer 3 Features IP Interface Settings MD5 Key Settings Route Redistribution Settings Static/Default Route Settings Route Preference Settings Policy Route Settings Static ARP Settings Routing Table OSPF DCHP/BOOTP Relay...
Page 127: Ip Interface Settings
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch The amount of broadcast data, such as RIP update packets and PIM hello packets, will be increased. • IP Interface Settings Each VLAN must be configured prior to setting up the VLAN’s corresponding IP interface.
Page 128 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Figure 8- 2. IP Interface Settings – Add Figure 8- 3. IP Interface Settings - Edit Enter a name for the new interface to be added in the Interface Name field (if you are editing an IP interface, the Interface Name will already be in the top field as seen in the window above).
Page 129: Md5 Key Settings
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch MD5 Key Settings The MD5 Key Settings menu allows the entry of a 16-character Message Digest − version 5 (MD5) key which can be used to authenticate every packet exchanged between OSPF routers. It is used as a security mechanism to limit the exchange of network topology information to the OSPF routing domain.
Page 130: Route Redistribution Settings
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Route Redistribution Settings Route redistribution allows routers on the network, which are running different routing protocols to exchange routing information. This is accomplished by comparing the routes stored in the various routers routing tables and assigning appropriate metrics. This information is then exchanged among the various routers according to the individual routers current routing protocol.
Page 131: Static/Default Route Settings
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Click Add/Modify to implement changes made. NOTE: The source protocol (Src. Protocol) entry and the destination protocol (Dst. Protocol) entry cannot be the same. Static/Default Route Settings Entries into the Switch’s forwarding table can be made using both MAC addresses and IP addresses. Static IP forwarding is accomplished by the entry of an IP address into the Switch’s Static IP Routing Table.
Page 132: Route Preference Settings
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Parameter Description Allows the entry of an IP address that will be a static entry into the Switch’s Routing Table. IP Address Subnet Mask Allows the entry of a subnet mask corresponding to the IP address above.
Page 133 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch 3. After changing the route preference value for a specific routing protocol, that protocol needs to be restarted because the previously learned routes have been dropped from the switch. The Switch must learn the routes again before the new settings can take affect.
Page 134: Policy Route Settings
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Policy Route Settings Policy Based routing is a method used by the Switch to give specified devices a cleaner path to the Internet. Used in conjunction with the Access Profile feature, the Switch...
Page 135 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Figure 8- 10. Policy Routing – Add window Adjust the following parameters and click Apply to set the new Policy Route, which will be displayed in the Policy Routing Table. Parameter...
Page 136: Static Arp Settings
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Static ARP Settings The Address Resolution Protocol (ARP) is a TCP/IP protocol that converts IP addresses into physical addresses. This table allows network managers to view, define, modify and delete ARP information for specific devices.
Page 137: Static Ipv6 Arp Settings
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Static IPv6 ARP Settings Static ARP entries can be defined for IPv6 addresses. This will create a permanent entry is entered and is used to translate IPv6 address to MAC addresses.
Page 138: Routing Table
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Routing Table The Switch supports static routing for IP and IPv6 formatted addressing. Access both menus in the Routing Table folder. Static/Default IP Route Settings Entries into the Switch’s forwarding table can be made using both MAC addresses and IP addresses. Static IP forwarding is accomplished by the entry of an IP address into the Switch’s Static IP Routing Table.
Page 139: Ipv6 Static Route Settings
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Parameter Description IP Address Allows the entry of an IP address that will be a static entry into the Switch’s Routing Table. Subnet Mask Allows the entry of a subnet mask corresponding to the IP address above.
Page 140 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Click to select the default option if this will be the default IPv6 route. Choosing this option will allow the user to configure the default gateway for the next hop router only.
Page 141: Rip
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch The Routing Information Protocol is a distance-vector routing protocol. There are two types of network devices running RIP - active and passive. Active devices advertise their routes to others through RIP messages, while passive devices listen to these messages.
Page 142: Rip Global Settings
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch RIP Command Codes The field VERSION contains the protocol version number (1 in this case), and is used by the receiver to verify which version of RIP the packet was sent.
Page 143: Rip Interface Settings
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch RIP Interface Settings RIP settings are configured for each IP interface on the Switch. Click the RIP Interface Settings link in the RIP folder. The menu appears in table form listing settings for IP interfaces currently on the Switch. To configure RIP settings for an individual interface, click on the hyperlinked Interface Name.
Page 144: Ospf
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch OSPF The Open Shortest Path First (OSPF) routing protocol uses a link-state algorithm to determine routes to network destinations. A “link” is an interface on a router and the “state” is a description of that interface and its relationship to neighboring routers. The state contains information such as the IP address, subnet mask, type of network the interface is attached to, other routers attached to the network, etc.
Page 145 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Shortest Path Tree To build Router A’s shortest path tree for the network diagramed below, Router A is put at the root of the tree and the smallest cost link to each destination network is calculated.
Page 146 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Router A 128.213.0.0 Router B Router C 192.213.11.0 222.211.10.0 Figure 8- 26. Constructing a Shortest Path Tree - Completed Note that this shortest path tree is only from the viewpoint of Router A. The cost of the link from Router B to Router A, for instance is not important to constructing Router A’s shortest path tree, but is very important when Router B is constructing its...
Page 147: Ospf Authentication
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Summary link-state updates are generated by Border Routers to distribute routing information about other networks within the AS. Normally, all Summary link-state updates are forwarded to the backbone (area 0) and are then forwarded to all other areas in the network.
Page 148: Designated Router Election
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Neighbors Routers that are connected to the same area or segment become neighbors in that area. Neighbors are elected via the Hello protocol. IP multicast is used to send out Hello packets to other routers on the segment. Routers become neighbors when they see themselves listed in a Hello packet sent by another router on the same segment.
Page 149: Ospf Packet Formats
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Adjacencies on Point-to-Point Interfaces OSPF Routers that are linked using point-to-point interfaces (such as serial links) will always form adjacencies. The concepts of DR and BDR are unnecessary. OSPF Packet Formats All OSPF packet types begin with a standard 24-byte header and there are five packet types.
Page 150 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Hello Packet Hello packets are OSPF packet type 1. They are sent periodically on all interfaces, including virtual links, in order to establish and maintain neighbor relationships. In addition, Hello Packets are multicast on those physical networks having a multicast or broadcast capability, enabling dynamic discovery of neighboring routers.
Page 151 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Database Description Packet Database Description packets are OSPF packet type 2. These packets are exchanged when an adjacency is being initialized. They describe the contents of the topological database. Multiple packets may be used to describe the database. For this purpose, a poll- response procedure is used.
Page 152 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Link-State Request Packet Link-State Request packets are OSPF packet type 3. After exchanging Database Description packets with a neighboring router, a router may find that parts of its topological database are out of date. The Link-State Request packet is used to request the pieces of the neighbor’s database that are more up to date.
Page 153 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch The body of the Link-State Update packet consists of a list of link-state advertisements. Each advertisement begins with a common 20-byte header, the link-state advertisement header. Otherwise, the format of each of the five types of link-state advertisements is different.
Page 154 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Link State Advertisement Header All link state advertisements begin with a common 20-byte header. This header contains enough information to uniquely identify the advertisements (Link State Type, Link State ID, and Advertising Router). Multiple instances of the link state advertisement may exist in the routing domain at the same time.
Page 155 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Router Links Advertisements Router links advertisements are type 1 link state advertisements. Each router in an area originates a routers links advertisement. The advertisement describes the state and cost of the router’s links to the area. All of the router’s links to the area must be described in a single router links advertisement.
Page 156 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Field Description Type A quick classification of the router link. One of the following: Type Description: Point-to- point connection to another router. Connection to a transit network. Connection to a stub network.
Page 157 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Network Link Advertisements Link-State Age Options Link-State ID Advertising Router Link-State Sequence Number Link-State Checksum Length Network Mask Attached Router Figure 8- 35. Network Link Advertisements Field Description Network Mask The IP address mask for the network.
Page 158 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Field Description Network Mask For Type 3 link state advertisements, this indicates the destination network’s IP address mask. For example, when advertising the location of a class A network the value 0xff000000.
Page 159: Including The Nssa
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Including the NSSA The NSSA or Not So Stubby Area is a feature that has been added to OSPF so external routes from ASs (Autonomous Systems) can be imported into the OSPF area. As an extension of stub areas, the NSSA feature uses a packet translation system used by BRs (Border Routers) to translate outside routes into the OSPF area.
Page 160 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Field Description Link State This field will hold information concerning information regarding the LS Checksum, Packet Header length, LS sequence number, Advertising Router, Link State ID, LS age, the packet type (Type-7), and the options field. The Options byte contains information regarding the N-Bit and the P-Bit, which will be described later in this section.
Page 161: Ospf Global Settings
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch OSPF Global Settings The OSPF Global Settings menu allows OSPF to be enabled or disabled on the Switch − without changing the Switch’s OSPF configuration. To view the following window, click L3 Features > OSPF > OSPF Global Settings. To enable OSPF, first supply an OSPF Route ID (see below), select Enabled from the State drop-down menu and click the Apply button.
Page 162 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch To change an existing set in the list, type the Area ID of the set you want to change, make the changes and click the Add/Modify button. The modified OSPF area ID will appear in the table.
Page 163: Ospf Interface Settings
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch OSPF Interface Settings To set up OSPF interfaces, click L3 Features > OSPF > OSPF Interface Settings to view OSPF settings for existing IP interfaces. If there are no IP interfaces configured (besides the default System interface), only the System interface settings will appear listed.
Page 164 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Parameter Description Interface Name Displays the of an IP interface previously configured on the Switch. Area ID Allows the entry of an OSPF Area ID configured above. Router Priority (0- Allows the entry of a number between 0 and 255 representing the OSPF priority of the 255) selected area.
Page 165: Ospf Virtual Link Settings
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch OSPF Virtual Link Settings Click the OSPF Virtual Interface Settings link to view the current OSPF Virtual Interface Settings. There are not virtual interface settings configured by default, so the first time this table is viewed there will be not interfaces listed. To add a new OSPF virtual interface configuration set to the table, click the Add button.
Page 166: Ospf Area Aggregation Settings
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Parameter Description Allows the entry of an OSPF Area ID − previously defined on the Switch − that allows a Transit Area ID remote area to communicate with the backbone (area 0). A Transit Area cannot be a Stub Area or a Backbone Area.
Page 167: Ospf Host Route Settings
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Figure 8- 49. OSPF Area Aggregation Settings - Add Specify the OSPF aggregation settings and click the Apply button to add or change the settings. The new settings will appear listed in the OSPF Area Aggregation Settings table. To view the table, click the...
Page 168 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Figure 8- 51. OSPF Host Route Settings - Add Figure 8- 52. OSPF Host Route Settings - Edit Specify the host route settings and click the Apply button to add or change the settings. The new settings will appear listed in the OSPF Host Route Settings list.
Page 169: Dhcp/Bootp Relay
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch DHCP/BOOTP Relay The relay hops count limit allows the maximum number of hops (routers) that the DHCP/BOOTP messages can be relayed through to be set. If a packet’s hop count is more than the hop count limit, the packet is dropped. The range is between 1 and 16 hops, with a default value of 4.
Page 170: The Implementation Of Dhcp Information Option 82
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch DHCP Agent This field can be toggled between Enabled and Disabled using the pull-down menu. It is Information Option 82 used to enable or disable the Switches ability to check the validity of the packet’s option 82 Check field.
Page 171: Dhcp/Bootp Relay Interface Settings
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Remote ID sub-option format: MAC address 1 byte 1 byte 1 byte 1 byte 6 bytes 1. Sub-option type 2. Length 3. Remote ID type 4. Length 5. MAC address: The Switch’s system MAC address.
Page 172: Dns Relay
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch DNS Relay Computer users usually prefer to use text names for computers for which they may want to open a connection. Computers themselves, require 32 bit IP addresses. Somewhere, a database of network devices’ text names and their corresponding IP addresses must be maintained.
Page 173: Dns Relay Static Settings
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Secondary Name Allows the entry of the IP address of a secondary domain name server (DNS). Server DNSR Cache Status This can be toggled between Disabled and Enabled. This determines if a DNS cache will be enabled on the Switch.
Page 174: Vrrp
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch VRRP VRRP or Virtual Routing Redundancy Protocol is a function on the Switch that dynamically assigns responsibility for a virtual router to one of the VRRP routers on a LAN. The VRRP router that controls the IP address associated with a virtual router is called the Master, and will forward packets sent to this IP address.
Page 175 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Parameter Description VRID / Interface VRID - Displays the virtual router ID set by the user. This will uniquely identify the VRRP Name Interface on the network. Interface Name - An IP interface name that has been enabled for VRRP. This entry must have been previously set in the IP Interfaces table.
Page 176 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch State Used to enable (Up) and disable (Down) the VRRP IP interface on the Switch. Priority (1-254) Enter a value between 1 and 254 to indicate the router priority. The VRRP Priority value may determine if a higher priority VRRP router overrides a lower priority VRRP router.
Page 177 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch This window displays the following information: Parameter Description Interface Name An IP interface name that has been enabled for VRRP. This entry must have been previously set in the IP Interface Settings table.
Page 178: Vrrp Authentication Settings
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch VRRP Authentication Settings The VRRP Authentication Settings window is used to set the authentication for each Interface configured for VRRP. This authentication is used to identify incoming message packets received by a router. If the authentication is not consistent with incoming packets, they will be discarded.
Page 179: Ip Multicast Routing Protocol
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch IP Multicast Routing Protocol The functions supporting IP multicasting are added under the IP Multicast Routing Protocol folder, from the L3 Features folder. IGMP, DVMRP, and PIM-DM can be enabled or disabled on the Switch without changing the individual protocol’s configuration by using the DGS-3600 Web Management Tool.
Page 180: Igmp Version 3
Figure 8- 65. IGMP State Transitions IGMP Version 3 The current release of the xStack DGS-3600 switch series now implements IGMPv3. Improvements of IGMPv3 over version 2 include: The introduction of the SSM or Source Specific Multicast. In previous versions of IGMP, the host would receive all packets •...
Page 181: Igmp Interface Settings
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Timers As previously mentioned, IGMPv3 incorporates filters to include or exclude sources. These filters are kept updated using timers. IGMPv3 utilizes two types of timers, one for the group and one for the source. The purpose of the filter mode is to reduce the reception state of a multicast group so that all members of the multicast group are satisfied.
Page 182 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch This window allows the configuration of IGMP for each IP interface configured on the Switch. IGMP can be configured as Version 1, 2 or 3 by toggling the Version field using the pull-down menu. The length of time between queries can be varied by entering a value between 1 and 31,744 seconds in the Query Interval field.
Page 183: Dvmrp Interface Configuration
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch DVMRP Interface Configuration The Distance Vector Multicast Routing Protocol (DVMRP) is a hop-based method of building multicast delivery trees from multicast sources to all nodes of a network. Because the delivery trees are ‘pruned’ and ‘shortest path’, DVMRP is relatively efficient.
Page 184 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Figure 8- 70. DVMRP Interface Settings - Edit window The following fields can be set: Parameter Description Interface Name Displays the name of the IP interface for which DVMRP is to be configured. This must be a previously defined IP interface.
Page 185: Pim-Dm Interface Configuration
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch PIM-DM Interface Configuration The Protocol Independent Multicast - Dense Mode (PIM-DM) protocol should be used in networks with a low delay (low latency) and high bandwidth as PIM-DM is optimized to guarantee delivery of multicast packets, not to reduce overhead.
Page 186 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch The following fields can be set or viewed: Parameter Description Interface Name Allows the entry of the name of the IP interface for which PIM-DM is to be configured. This must be a previously defined IP interface.
Page 187: Qos
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Section 9 Bandwidth Control QoS Scheduling Mechanism QoS Output Scheduling 802.1p Default Priority 802.1p User Priority The DGS-3600 Series supports 802.1p priority queuing Quality of Service. The following section discusses the implementation of QoS (Quality of Service) and benefits of using 802.1p priority queuing.
Page 188: Understanding Qos
CoS. The other CoS queues that have been given a nonzero value, and depending upon the weight, will follow a common weighted round-robin scheme. Remember that the xStack DGS-3600 Switch Series has seven configurable priority queues (and seven Classes of Service) for each port on the Switch.
Page 189: Port Bandwidth
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Port Bandwidth The bandwidth control settings are used to place a ceiling on the transmitting and receiving data rates for any selected port. In the QoS folder, click Bandwidth Control, to view the window shown to the left.
Page 190: Qos Scheduling Mechanism
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch QoS Scheduling Mechanism Changing the output scheduling used for the hardware queues in the Switch can customize QoS. As with any changes to QoS implementation, careful consideration should be given to how network traffic in lower priority queues is affected.
Page 191: Configuring The Combination Queue
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Configuring the Combination Queue Utilizing the QoS Output Scheduling Configuration window shown above, the xStack DGS-3600 switch series can implement a combination queue for forwarding packets. This combination queue allows for a combination of strict and weight-fair (weighted round-robin “WRR”) scheduling for emptying given classes of service.
Page 192: 802.1P Default Priority
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch 802.1p Default Priority The Switch allows the assignment of a default 802.1p priority to each port on the Switch. In the QoS folder, click 802.1p Default Priority, to view the window shown adjacent.
Page 193: 802.1P User Priority
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch 802.1p User Priority The DGS-3600 Series allows the assignment of a user priority to each of the 802.1p priorities. In the QoS folder, click 802.1p User Priority, to view the screen shown below.
Page 194: Acl
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Section 10 Access Profile Table CPU Interface Filtering Access profiles allow users to establish criteria to determine whether or not the Switch will forward packets based on the information contained in each packet's header. These criteria can be specified on a basis of Packet Content, MAC address, or IP address.
Page 195 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Parameter Description Profile ID (1-14) Type in a unique identifier number for this profile set. This value can be set from 1 – 14. Type Select profile based on Ethernet (MAC Address), IP address, or IPv6 address. This will change the menu according to the requirements for the type of profile.
Page 196 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Parameter Description Profile ID (1-14) Type in a unique identifier number for this profile set. This value can be set from 1 - 14. Type Select profile based on Ethernet (MAC Address), IP address, or IPv6 address. This will change the menu according to the requirements for the type of profile.
Page 197 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch The page shown below is the IPv6 configuration window. Figure 10- 4. Access Profile Configuration (IPv6) This screen will aid the user in configuring the Switch to mask packet headers beginning with the offset value specified. The...
Page 198 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch To establish the rule for a previously created Access Profile: In the ACL folder, click the Access Profile Table link opening the Access Profile Table. The window shown below will appear.
Page 199 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch To set the Access Rule for Ethernet, adjust the following parameters and click Apply. Parameters Description Profile ID This is the identifier number for this profile set. Mode Select Permit to specify that the packets that match the access profile are forwarded by the Switch, according to any additional rule added (see below).
Page 200 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch To view the settings of a previously, correctly configured rule, click in the Access Rule Table to view the window shown below. Clicking the hyperlink for the Profile ID on the Access Profile Table will also bring up the Access Rule Display window.
Page 201 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Type Selected profile based on Ethernet (MAC Address), IP address, or IPv6 address. Ethernet instructs the Switch to examine the layer 2 part of each packet header. • IP instructs the Switch to examine the IP address in each frame's header.
Page 202 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Figure 10- 12. Access Rule Display window (IP) To configure the Access Rule for Ethernet, open the Access Profile Table (Figure 10-5) and click Add for an Ethernet entry. This will open the following screen: To configure the Access Rule for IPv6, open the Access Profile Table and click Modify for an IPv6 entry.
Page 203 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch To set the Access Rule for the IPv6, adjust the following parameters and click Apply. Parameter Description Profile ID This is the identifier number for this profile set. Mode Select Permit to specify that the packets that match the access profile are forwarded by the Switch, according to any additional rule added (see below).
Page 204 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Figure 10- 15. Access Rule Display window (IPv6)
Page 205: Cpu Interface Filtering
CPU Interface Filtering Due to a chipset limitation and the need for extra switch security, the xStack DGS-3600 switch series incorporates CPU Interface filtering. This added feature increases the running security of the Switch by enabling the user to create a list of access rules for packets destined for the Switch’s CPU interface.
Page 206 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Figure 10- 18. CPU Interface Filtering Profile Configuration – Ethernet Parameter Description Profile ID (1-5) Type in a unique identifier number for this profile set. This value can be set from 1 - 5.
Page 207 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch The page shown below is the CPU Interface Filtering Profile Configuration for IP page. Figure 10- 19. CPU Interface Filtering Configuration window- IP The following parameters can be modified: Parameter Description Profile ID (1-5) Type in a unique identifier number for this profile set.
Page 208 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch (IGMP) field in each frame's header. Select Type to further specify that the access profile will apply an IGMP type • value. Select TCP to use the TCP port number contained in an incoming packet as the forwarding criterion.
Page 209 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Parameter Description Profile ID (1-5) Type in a unique identifier number for this profile set. This value can be set from 1 - 5. Type Select profile based on Ethernet (MAC Address), IP address or Packet Content Mask. This will change the menu according to the requirements for the type of profile.
Page 210 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch The CPU Interface Filtering Rule Configuration allows the user to create a rule for a previously created CPU Access Profile. Figure 10- 23. CPU Interface Filtering Rule Configuration – Ethernet To set the CPU Access Rule for Ethernet, adjust the following parameters and click Apply.
Page 211 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch To view the settings of a previously configured rule, click in the Access Rule Table to view the following screen: Figure 10- 24. CPU Interface Filtering Rule Display – Ethernet The following window is the CPU Interface Filtering Rule Table for IP.
Page 212 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Parameter Description Profile ID This is the identifier number for this profile set. Mode Select Permit to specify that the packets that match the access profile are forwarded by the Switch, according to any additional rule added (see below).
Page 213 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Figure 10- 28. CPU Interface Filtering Rule Table – Packet Content To remove a previously created rule, select it and click the button. To add a new CPU Access Rule, click the Add button: Figure 10- 29.
Page 214 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Type Selected profile based on Ethernet (MAC Address), IP address or Packet Content. Ethernet instructs the Switch to examine the layer 2 part of each packet header. • IP instructs the Switch to examine the IP address in each frame's header.
Page 215: Security
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Section 11 Security Traffic Control Port Security Port Lock Entries 802.1X Trust Host Access Authentication Control Safeguard Engine Traffic Segmentation Traffic Control On a computer network, packets such as Multicast packets and Broadcast packets continually flood the network as normal procedure.
Page 216 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch returning it to an Enabled status. To utilize this method of Storm Control, choose the Shutdown option of the Action field in the window below. To view this window to configure Traffic Control, click Security > Traffic Control.
Page 217 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch NOTE: Traffic Control cannot be implemented on ports that are set for Link Aggregation (Port Trunking). NOTE: Ports that are in the Shutdown forever mode will be seen as Discarding in Spanning Tree windows and implementations though these ports will still be forwarding BPDUs to the Switch’s CPU.
Page 218: Port Security
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Port Security A given ports’ (or a range of ports') dynamic MAC address learning can be locked such that the current source MAC addresses entered into the MAC address forwarding table can not be changed once the port lock is enabled.
Page 219: Port Lock Entries
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Port Lock Entries The Port Lock Entries Table window is used to remove an entry from the port security entries learned by the Switch and entered into the forwarding database. To view the following window, click Security > Port Lock Entries: Figure 11- 3.
Page 220: Port Access Entity (802.1X)
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Port Access Entity (802.1X) 802.1X Port-Based and MAC-Based Access Control The IEEE 802.1X standard is a security measure for authorizing and authenticating users to gain access to various wired or wireless devices on a specified Local Area Network by using a Client and Server based access control model. This is accomplished by using a RADIUS server to authenticate users trying to access a network by relaying Extensible Authentication Protocol over LAN (EAPOL) packets between the Client and the Server.
Page 221 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Authentication Server The Authentication Server is a remote device that is connected to the same network as the Client and Authenticator, must be running a RADIUS Server program and must be configured properly on the Authenticator (Switch). Clients connected to a port on the Switch must be authenticated by the Authentication Server (RADIUS) before attaining any services offered by the Switch on the LAN.
Page 222: Authentication Process
Figure 11- 9. The 802.1X Authentication Process The D-Link implementation of 802.1X allows network administrators to choose between two types of Access Control used on the Switch, which are: 1. Port-Based Access Control – This method requires only one user to be authenticated per port by a remote RADIUS server to allow the remaining users on the same port access to the network.
Page 223: Understanding 802.1X Port-Based And Mac-Based Network Access Control
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Understanding 802.1X Port-based and MAC-based Network Access Control The original intent behind the development of 802.1X was to leverage the characteristics of point-to-point in LANs. As any single LAN segment in such infrastructures has no more than two devices attached to it, one of which is a Bridge Port. The Bridge Port detects events that indicate the attachment of an active device at the remote end of the link, or an active device becoming inactive.
Page 224: Mac-Based Network Access Control
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch MAC-Based Network Access Control RADIUS Server Ethernet Switch … 802.1X 802.1X 802.1X 802.1X 802.1X 802.1X 802.1X 802.1X 802.1X 802.1X 802.1X 802.1X Client Client Client Client Client Client Client Client Client Client...
Page 225: Guest Vlans
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Guest VLANs On 802.1X security enabled networks, there is a need for non 802.1X supported devices to gain limited access to the network, due to lack of the proper 802.1X software or incompatible...
Page 226: Guest Vlan
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Guest VLAN In the Security menu, open the 802.1X folder and click Configure 802.1X Guest VLAN, which will display the following window for the user to configure. Remember, to set a Guest 802.1X VLAN, the user must first configure a normal VLAN which can be enabled here for Guest VLAN status.
Page 227: Configure 802.1X Authenticator Parameter
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Configure 802.1X Authenticator Parameter To configure the 802.1X Authenticator Settings, click Security > 802.1X > Configure 802.1X Authenticator Parameter: Figure 11- 14. 802.1X Authenticator Settings window To configure the settings by port, click on its corresponding Modify button, which will display the following table to configure:...
Page 228 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch This window allows users to set the following features: Parameter Description From [ ] To [ ] Enter the port or ports to be set. AdmCtrlDir <both> Sets the administrative-controlled direction to either in or both.
Page 229: 802.1X User
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch 802.1X User In the Security folder, open the 802.1X folder and click 802.1X User to open the 802.1X User window. This window will allow the user to set different local users on the Switch.
Page 230: Initializing Ports For Mac Based 802.1X
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch This window displays the following information: Parameter Description From and To Select ports to be initialized. Port A read-only field indicating a port on the Switch. MAC Address The MAC address of the Switch connected to the corresponding port, if any.
Page 231: Reauthenticate Port(S) For Port Based 802.1X
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Reauthenticate Port(s) for Port Based 802.1X This window allows reauthentication of a port or group of ports by using the pull-down menus From and To and clicking Apply. The Reauthenticate Port Table displays the current status of the reauthenticated port(s) once Apply has been clicked.
Page 232: Reauthenticate Port(S) For Mac-Based 802.1X
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Reauthenticate Port(s) for MAC-based 802.1X To reauthenticate ports for the MAC side of 802.1X, the user must first enable 802.1X by MAC address in the DGS-3600 Web Management Tool window. Click Security > 802.1X > Reauthenticate Port(s) to open the following window: Figure 11- 20.
Page 233: Trust Host
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Trust Host Go to the Security folder and click on the Trust Host link; the following window will appear. Figure 11- 22. Security IP Management window Use the Security IP Management to permit remote stations to manage the Switch. If you choose to define one or more designated management stations, only the chosen stations, as defined by IP address, will be allowed management privilege through the web manager or Telnet session.
Page 234: Access Authentication Control
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Access Authentication Control The TACACS/XTACACS/TACACS+/RADIUS commands allow users to secure access to the Switch using the TACACS/XTACACS/TACACS+/RADIUS protocols. When a user logs in to the Switch or tries to access the administrator level privilege, he or she is prompted for a password.
Page 235: Authentication Policy And Parameter Settings
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Authentication Policy and Parameter Settings This command will enable an administrator-defined authentication policy for users trying to access the Switch. When enabled, the device will check the Login Method List and choose a technique for user authentication upon login.
Page 236: Authentication Server Group
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Parameter Description Application Lists the configuration applications on the Switch. The user may configure the Login Method List and Enable Method List for authentication for users utilizing the Console (Command Line Interface) application, the Telnet application, SSH and the WEB (HTTP) application.
Page 237: Authentication Server Host
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch To add a user-defined group to the list, click the Add button in the Authentication Server Group window, which will display the following window. Figure 11- 27. Authentication Server Group Table Add Settings Simply enter a group name of no more than 15 alphanumeric characters to define the user group to add.
Page 238 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch To edit an Authentication Server Host, click the IP address hyperlink, revealing the following window: Figure 11- 30. Authentication Server Host Setting –Edit window Configure the following parameters to add an Authentication Server Host:...
Page 239: Login Method Lists
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Login Method Lists This command will configure a user-defined or default Login Method List of authentication techniques for users logging on to the Switch. The sequence of techniques implemented in this command will affect the authentication result. For example, if a user enters a sequence of techniques, for example TACACS –...
Page 240: Enable Method Lists
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Parameter Description Method List Name Enter a method list name defined by the user of up to 15 characters. Method 1, 2, 3, 4 The user may add one, or a combination of up to four of the following authentication...
Page 241 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Figure 11- 35. Enable Method List - Edit window Figure 11- 36. Enable Method List - Add window To define an Enable Login Method List, set the following parameters and click Apply:...
Page 242: Configure Local Enable Password
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Configure Local Enable Password This window will configure the locally enabled password for the Enable Admin command. When a user chooses the "local_enable" method to promote user level privileges to administrator privileges, he or she will be prompted to enter the password configured here that is locally set on the Switch.
Page 243: Safeguard Engine
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Safeguard Engine Periodically, malicious hosts on the network will attack the Switch by utilizing packet flooding (ARP Storm) or other methods. These attacks may increase the Safeguard Engine beyond its capability. To alleviate this problem, the Safeguard Engine function was added to the Switch’s software.
Page 244: Safeguard Engine Settings
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Safeguard Engine Settings To enable Safeguard Engine or configure advanced Safeguard Engine settings for the Switch, click Administration > Safeguard Engine > Safeguard Engine Settings, which will open the following window.
Page 245: Traffic Segmentation
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Traffic Segmentation Traffic segmentation is used to limit traffic flow from a single port to a group of ports on either a single switch or a group of ports on another switch in a switch stack. This method of segmenting the flow of traffic is similar to using VLANs to limit traffic, but is more restrictive.
Page 246: Secure Socket Layer (Ssl)
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Secure Socket Layer (SSL) Secure Sockets Layer or SSL is a security feature that will provide a secure communication path between a host and client through the use of authentication, digital signatures and encryption. These security functions are implemented through the use of a...
Page 247 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Figure 11- 45. Download Certificate and Ciphersuite window To download certificates, set the following parameters and click Apply. Parameter Description Enter the type of certificate to be downloaded. This type refers to the server responsible for Certificate Type issuing certificates.
Page 248 Switch and need to be configured using the command line interface. For more information on SSL and its functions, see the xStack DGS-3600 Series CLI Manual, located on the documentation CD of this product.
Page 249: Ssh
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch SSH is an abbreviation of Secure Shell, which is a program allowing secure remote login and secure network services over an insecure network. It allows a secure login to remote host computers, a safe method of executing commands on a remote end node, and will provide secure encrypted and authenticated communication between two non-trusted hosts.
Page 250: Ssh Authentication Mode And Algorithm Settings
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Parameter Description SSH Server Status Use the pull-down menu to enable or disable SSH on the Switch. The default is Disabled. Max Session (1-8) Enter a value between 1 and 8 to set the number of users that may simultaneously access the Switch.
Page 251 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch The following algorithms may be set: Parameter Description SSH Authentication Mode and Algorithm Settings Password This parameter may be enabled if the administrator wishes to use a locally configured password for authentication on the Switch. The default is Enabled.
Page 252: Ssh User Authentication
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch SSH User Authentication The following windows are used to configure parameters for users attempting to access the Switch through SSH. To access the following window, click Security > SSH > SSH User Authentication Mode.
Page 253: Monitoring
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Section 12 Monitoring Device Status Module Information CPU Utilization Port Utilization Packets Errors Packet Size Browse Router Port Browse MLD Router Port VLAN Status Port Access Control MAC Address Table IGMP Snooping Group...
Page 254: Module Information
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Module Information The Module Information display in the Monitoring menu shows information about any installed modules. Figure 12- 2. Module Information Module information displayed: Parameter Description The slot number where the module is installed.
Page 255: Port Utilization
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Parameter Description Time Interval Select the desired setting between 1s and 60s, where "s" stands for seconds. The default value is one second. Record Number Select number of times the Switch will be polled between 20 and 200. The default value is 200.
Page 256: Packets
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Packets The Web Manager allows various packet statistics to be viewed as either a line graph or a table. Six windows are offered. Received (RX) Click the Received (RX) link in the Packets folder of the Monitoring menu to view the following graph of packets received on the Switch.
Page 257 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Figure 12- 6. Rx Packets Analysis window (table for Bytes and Packets) The following fields may be set or viewed: Parameter Description Time Interval Select the desired setting between 1s and 60s, where "s" stands for seconds. The default value is one second.
Page 258: Umb Cast (Rx)
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch UMB Cast (RX) Click the UMB Cast (RX) link in the Packets folder of the Monitoring menu to view the following graph of UMB cast packets received on the Switch. Figure 12- 7. Rx Packets Analysis window (line graph for Unicast, Multicast, and Broadcast Packets)
Page 259 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Figure 12- 8. Rx Packets Analysis window (table for Unicast, Multicast, and Broadcast Packets) The following fields may be set or viewed: Parameter Description Time Interval Select the desired setting between 1s and 60s, where "s" stands for seconds. The default value is one second.
Page 260: Transmitted (Tx)
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Transmitted (TX) Click the Transmitted (TX) link in the Packets folder of the Monitoring menu to view the following graph of packets transmitted from the Switch. Figure 12- 9. Tx Packets Analysis window (line graph for Bytes and Packets)
Page 261 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Figure 12- 10. Tx Packets Analysis window (table for Bytes and Packets) The following fields may be set or viewed: Parameter Description Time Interval Select the desired setting between 1s and 60s, where "s" stands for seconds. The default value is one second.
Page 262: Errors
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Errors The Web Manager allows port error statistics compiled by the Switch's management agent to be viewed as either a line graph or a table. Four windows are offered. Received (RX) Click the Received (RX) link in the Errors folder of the Monitoring menu to view the following graph of error packets received on the Switch.
Page 263 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Figure 12- 12. Rx Error Analysis window (table) The following fields can be set: Parameter Description Select the desired setting between 1s and 60s, where "s" stands for seconds. The default value Time Interval is one second.
Page 264: Transmitted (Tx)
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Transmitted (TX) Click the Transmitted (TX) link in the Error folder of the Monitoring menu to view the following graph of error packets received on the Switch. Figure 12- 13. Tx Error Analysis window (line graph)
Page 265 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Figure 12- 14. Tx Error Analysis window (table) The following fields may be set or viewed: Parameter Description Select the desired setting between 1s and 60s, where "s" stands for seconds. The default Time Interval value is one second.
Page 266: Packet Size
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Packet Size The Web Manager allows packets received by the Switch, arranged in six groups and classed by size, to be viewed as either a line graph or a table. Two windows are offered.
Page 267 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Figure 12- 16. Tx/Rx Packet Size Analysis window (table) The following fields can be set or viewed: Parameter Description Time Interval Select the desired setting between 1s and 60s, where "s" stands for seconds. The default value is one second.
Page 268: Browse Router Port
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Browse Router Port This displays which of the Switch's ports are currently configured as router ports. A router port configured by a user (using the console or Web-based management interfaces) is displayed as a static router port, designated by S. D designates a router port that is dynamically configured by the Switch.
Page 269: Port Access Control
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Port Access Control The following screens are used to monitor 802.1X statistics of the Switch, on a per port basis. To view the Port Access Control screens, open the monitoring folder and click the Port Access Control folder. There are six screens to monitor.
Page 270 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch The user may also view this window if MAC Base is chosen for 802.1X. The window displays the same information, except that it is by MAC address and not port. Figure 12- 21. Authenticator State window – MAC-Based 802.1X...
Page 271: Authenticator Statistics
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Authenticator Statistics This table contains the statistics objects for the Authenticator PAE associated with each port. An entry appears in this table for each port that supports the Authenticator function. To view the Authenticator Statistics, click Monitoring > Port Access Control >...
Page 272: Authenticator Session Statistics
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Authenticator Session Statistics This table contains the session statistics objects for the Authenticator PAE associated with each port. An entry appears in this table for each port that supports the Authenticator function. To view the Authenticator Session Statistics, click Monitoring > Port Access Control >...
Page 273: Authenticator Diagnostics
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch 1) Supplicant Logoff 2) Port Failure 3) Supplicant Restart 4) Reauthentication Failure 5) AuthControlledPortControl set to ForceUnauthorized 6) Port re-initialization 7) Port Administratively Disabled 8) Not Terminated Yet UserName The User-Name representing the identity of the Supplicant PAE.
Page 274 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Auth Fail Counts the number of times that the state machine transitions from AUTHENTICATING to HELD, as a result of the Backend Authentication state machine indicating authentication failure (authFail = TRUE).
Page 275: Radius Authentication
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch RADIUS Authentication This table contains information concerning the activity of the RADIUS authentication client on the client side of the RADIUS authentication protocol. It has one row for each RADIUS authentication server with which the client shares a secret. To view the RADIUS Authentication, click Monitoring >...
Page 276: Radius Accounting
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch PendingRequests The number of RADIUS Access-Request packets destined for this server that have not yet timed out or received a response. This variable is incremented when an Access-Request is sent and decremented due to receipt of an Access-Accept, Access-Reject or Access- Challenge, a timeout or retransmission.
Page 277 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch MalformedResponses The number of malformed RADIUS Accounting-Response packets received from this server. Malformed packets include packets with an invalid length. Bad authenticators and unknown types are not included as malformed accounting responses.
Page 278: Mac Address Table
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch MAC Address Table This allows the Switch's dynamic MAC address forwarding table to be viewed. When the Switch learns an association between a MAC address and a port number, it makes an entry into its forwarding table.
Page 279: Igmp Snooping Group
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch IGMP Snooping Group IGMP Snooping allows the Switch to read the Multicast Group IP address and the corresponding MAC address from IGMP packets that pass through the Switch. The number of IGMP reports that were snooped is displayed in the Reports field. To view the IGMP Snooping Group Table, click IGMP Snooping Group in the Monitoring menu: Figure 12- 28.
Page 280: Mld Snooping Group
Reports The total number of reports received for this group. NOTE: To configure MLD snooping for the xStack DGS-3600 Series switch, go to the Administration folder and select MLD Snooping. Configuration and other information concerning IGMP snooping may be found in Section 6 of this manual under MLD...
Page 281: Trace Route
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Trace Route The following window will aid the user in back tracing the route taken by a packet before arriving at the Switch. When initiated, the Trace Route program will display the IP addresses of the previous hops a packet takes from the Target IP Address entered in the window, until it reaches the Switch.
Page 282: Igmp Snooping Forwarding
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch IGMP Snooping Forwarding This window will display the current multicast forwarding entries learned by IGMP Snooping. To view the following screen, open the Monitoring folder and click the IGMP Snooping Forwarding link.
Page 283: Ip Forwarding Table
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch IP Forwarding Table The IP Forwarding Table may be found in the Monitoring menu in the Layer 3 Feature folder. The IP Forwarding Table is a read-only screen where the user may view IP addresses discovered by the Switch. To search a specific IP address, enter it into the field labeled IP Address at the top of the screen and click Find to begin your search.
Page 284: Browse Routing Table
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Browse Routing Table The Browse Routing Table window may be found in the Monitoring menu. This screen shows the current IP routing table of the Switch. To find a specific IP route, enter an IP address into the Destination Address field along with a proper subnet mask into the Mask field and click Find.
Page 285: Browse Igmp Group Table
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Browse IGMP Group Table The Browse IGMP Group Table window may be found in the Monitoring menu. This window will show current IGMP group entries on the Switch. To search a specific IGMP...
Page 286: Browse Pim Neighbor Table
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Browse PIM Neighbor Table Multicast routers Protocol Independent Multicast (PIM) determine which other multicast routers should receive multicast packets. The PIM Neighbor Address Table contains information regarding each of a router’s PIM neighbors. This screen may be found in the Monitoring folder under the heading PIM Monitor.
Page 287: Browse Ospf Neighbor Table
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Link State ID This field identifies the portion of the Internet environment that is being described by the advertisement. The contents of this field depend on the advertisement's LS type. LS Type...
Page 288: Switch Log
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Switch Log The Web manager allows the Switch's history log, as compiled by the Switch's management agent, to be viewed. To view the Switch history log, open the Monitoring folder and click the Switch Log link.
Page 289: Browse Ipv6 Arp Table
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Browse IPv6 ARP Table The Browse IPv6 ARP Table window may be found in the Monitoring menu. This window will show current IPv6 ARP entries on the Switch. To search a specific IPv6 ARP entry, enter an IPv6 Address and click Find. To clear the ARP Table, click Clear All.
Page 290: Switch Maintenance
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Section 13 Switch Maintenance Reset Reboot System Save Changes Log Out Reset The Reset function has several options when resetting the Switch. Some of the current configuration parameters can be retained while resetting all other configuration parameters to their factory defaults.
Page 291: Save Services
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Save Services The following three windows will aid the user in saving configurations to the Switch’s memory. Save Changes The Switch has two levels of memory, normal RAM and non-volatile or NV-RAM. Configuration changes are made effective clicking the Save button.
Page 292: Current Configuration Settings
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Current Configuration Settings The Configuration Settings window allows users to manipulate configuration images saved in the Flash memory of the Switch. To access the following window, click Save Services > Configuration Settings.
Page 293: Technical Specifications
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Appendix A Technical Specifications General IEEE 802.3 10BASE-T Ethernet Protocols IEEE 802.3u 100BASE-TX Fast Ethernet IEEE 802.3ab 1000BASE-T Gigabit Ethernet IEEE 802.3z 1000BASE-T (SFP “Mini GBIC”) IEEE 802.1D Spanning Tree IEEE 802.1s Multiple Spanning Tree IEEE 802.1w Rapid Spanning Tree...
Page 294 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch DGS-3627G: 24 x 1000Mbps SFP ports 4 x 10/100/1000Mbps Combo Ports 3 available slots for optional 10GE modules DGS-3650: 48 x 10/100/1000 Mbps ports 4 x 1000Mbps Combo SFP Ports 2 available slots for optional 10GE modules Physical and Environmental Input: 100~240V, AC/1.3A, 50~60Hz...
Page 295: Cables And Connectors
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Appendix B Cables and Connectors When connecting the Switch to another switch, a bridge or hub, a normal cable is necessary. Please review these products for matching cable pin assignment. The following diagrams and tables show the standard RJ-45 receptacle/connector and their pin assignments.
Page 296: System Log Entries
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Appendix C System Log Entries The following table lists all possible entries and their corresponding meanings that will appear in the System Log of this Switch. Event Category Log Content Severity...
Page 297 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Event Category Log Content Severity Remark Description by console and "IP: <ipaddr>, MAC: <macaddr>" are XOR Configuration download by Configuration shown in log string, which console was unsuccessful! download was Warning means if the user logs in (Username: <username>, IP:...
Page 298 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Event Category Log Content Severity Remark Description included in the log. If the user logs in through the Console session Console session timed out console, no IP or MAC Informational timed out (Username: <username>)
Page 299 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Event Category Log Content Severity Remark Description BPDU Loop Back BPDU Loop Back on Port Warning on port <portNum> Spanning Tree Spanning Tree Protocol is Protocol is Informational enabled enabled Spanning Tree...
Page 300 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Event Category Log Content Severity Remark Description Login failed Login failed through Web through Web from <userIP> authenticated authenticated by by AAA local method Warning AAA local (Username: <username>, method MAC: <macaddr>)
Page 301 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Event Category Log Content Severity Remark Description Successful login Successful login through Web through Web (SSL) from <userIP> (SSL) authenticated by AAA none Informational authenticated by method (Username: AAA none <username>, MAC: method <macaddr>)
Page 302 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Event Category Log Content Severity Remark Description Successful login through Web Successful login (SSL) from <userIP> through Web authenticated by AAA server (SSL) Informational <serverIP> (Username: authenticated by <username>, MAC: AAA server <macaddr>)
Page 303 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Event Category Log Content Severity Remark Description configuration <macaddr>) Successful Enable Admin through Successful Enable Admin Console through Console authenticated by authenticated by AAA Informational local_enable method local_enable (Username: <username>) method...
Page 304 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Event Category Log Content Severity Remark Description method Enable Admin Enable Admin failed through failed through Telnet from <userIP> Telnet authenticated by AAA authenticated by Warning local_enable method (Username: <username>, local_enable MAC: <macaddr>)
Page 305 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Event Category Log Content Severity Remark Description Successful Enable Successful Enable Admin Admin through through SSH from <userIP> authenticated by AAA none Informational authenticated by method (Username: AAA none <username>, MAC: method <macaddr>)
Page 306 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Event Category Log Content Severity Remark Description AAA server <username>, MAC: <macaddr>) Enable Admin Enable Admin failed through failed through Web (SSL) from <userIP> due Web (SSL) due to to AAA server timeout or...
Page 307 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Event Category Log Content Severity Remark Description port security has reached its Port maximum Port security violation (Port: Warning Security learning size and <portNum>, MAC: <macaddr>) will not learn any new addresses...
Page 308: Cable Lengths
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Appendix D Cable Lengths Use the following table to as a guide for the maximum cable lengths. Standard Media Type Maximum Distance Mini-GBIC 1000BASE-LX, Single-mode fiber module 10km 1000BASE-SX, Multi-mode fiber module...
Page 309: Glossary
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch Glossary 1000BASE-SX: A short laser wavelength on multimode fiber optic cable for a maximum length of 2000 meters 1000BASE-LX: A long wavelength for a "long haul" fiber optic cable for a maximum length of 10 kilometers 100BASE-FX: 100Mbps Ethernet implementation over fiber.
Page 310 DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch latency: The delay between the time a device receives a packet and the time the packet is forwarded out of the destination port. line speed: See baud rate. main port: The port in a resilient link that carries data traffic in normal operating conditions.
Page 311 FCC Warning This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with this manual, may cause harmful interference to radio communications.
Page 312: Warrenties/Registration
Hardware. The Warranty Period shall extend for an additional ninety (90) days after any repaired or replaced Hardware is delivered. If a material defect is incapable of correction, or if D-Link determines in its sole discretion that it is not practical to repair or replace the defective Hardware, the price paid by the original purchaser for the defective Hardware will be refunded by D-Link upon return to D-Link of the defective Hardware.
Page 313: Copyright Statement
OF THE PRODUCT IS WITH THE PURCHASER OF THE PRODUCT. Limitation of Liability: TO THE MAXIMUM EXTENT PERMITTED BY LAW, D-LINK IS NOT LIABLE UNDER ANY CONTRACT, NEGLIGENCE, STRICT LIABILITY OR OTHER LEGAL OR EQUITABLE THEORY FOR ANY LOSS OF USE OF THE PRODUCT, INCONVENIENCE OR DAMAGES OF ANY...
Page 314 Spare parts and spare kits: Ninety (90) days The customer's sole and exclusive remedy and the entire liability of D-Link and its suppliers under this Limited Warranty will be, at D-Link’s option, to repair or replace the defective Hardware during the Warranty Period at no charge to the original owner or to refund the actual purchase price paid. Any repair or replacement will be rendered by D-Link at an Authorized D-Link Service Office.
Page 315 D-Link; and Products that have been purchased from inventory clearance or liquidation sales or other sales in which D-Link, the sellers, or the liquidators expressly disclaim their warranty obligation pertaining to the product. While necessary maintenance or repairs on your Product can be performed by any company, we recommend that you use only an Authorized D-Link Service Office.
Page 316: Product Registration
Product Registration Register your D-Link product online at http://support.dlink.com/register/ Product registration is entirely voluntary and failure to complete or return this form will not diminish your warranty rights.
Page 317 D-Link will then provide you with a Limited Lifetime Warranty reference number for this product. Please retain your original dated proof of purchase with a note of the serial number, and Limited Lifetime Warranty reference number together with this warranty statement and place each document in a safe location.
Page 318: Disclaimer Of Warranty
To the extent allowed by local law, the remedies in this warranty statement are customer’s sole and exclusive remedies. Except as indicated above, in no event will D-Link or its suppliers be liable for loss of data or for indirect, special, incidental, consequential (including lost profit or data), or other damage, whether based in a contract, tort, or otherwise.
Page 319: Tech Support
Tech Support Technical Support You can find software updates and user documentation on the D-Link website. Tech Support for customers within Australia: D-Link Technical Support over the Telephone: 1300-766-868 Monday to Friday 8:00am to 8:00pm EST Saturday 9:00am to 1:00pm EST D-Link Technical Support over the Internet: http://www.dlink.com.au...
Page 320 Technical Support You can find software updates and user documentation on the D-Link website. Tech Support for customers within South Eastern Asia and Korea: D-Link South Eastern Asia and Korea Technical Support over the Telephone: +65-6895-5355 Monday to Friday 9:00am to 12:30pm, 2:00pm-6:00pm Singapore Time D-Link Technical Support over the Internet: email:support@dlink.com.sg...
Page 321 Technical Support You can find software updates and user documentation on the D-Link website. Tech Support for customers within India D-Link Technical Support over the Telephone: +91-22-26526741 +91-22-26526696 –ext 161 to 167 Monday to Friday 9:30AM to 7:00PM D-Link Technical Support over the Internet: http://ww.dlink.co.in...
Page 322 D-Link provides free technical support for customers for the duration of the warranty period on this product. Customers can contact D-Link technical support through our web site or by phone. Tech Support for customers within the Russia D-Link Technical Support over the Telephone:...
Page 323 Technical Support You can find software updates and user documentation on the D-Link website. Tech Support for customers within the U.A.E & North Africa: D-Link Technical Support over the Telephone: (971) 4-391-6480 (U.A.E) Sunday to Wednesday 9:00am to 6:00pm GMT+4 Thursday 9:00am to 1:00pm GMT+4 D-Link Middle East &...
Page 324 Technical Support You can find software updates and user documentation on the D-Link website. Tech Support for customers within South Africa and Sub Sahara Region: D-Link South Africa and Sub Sahara Technical Support over the Telephone: +27-12-665-2165 08600 DLINK ( For South Africa only )
Page 325 Technical Support You can find updates and user documentation on the D-Link website Tech Support for Latin America customers: D-Link Technical Support over the followings Telephones: Argentina: 0800-666 1442 Monday to Friday 09:00am to 22:00pm Chile: 800-214 422 Monday to Friday 08:00am to 21:00pm...
Page 326 Обновления программного обеспечения и документация доступны на Интернет-сайте D-Link. D-Link предоставляет бесплатную поддержку для клиентов в течение гарантийного срока. Клиенты могут обратиться в группу технической поддержки D-Link по телефону или через Интернет. Техническая поддержка D-Link: (495) 744-00-99 Техническая поддержка через Интернет...
Page 327 Sitio Web www.dlinkla.com El servicio de soporte técnico tiene presencia en numerosos países de la Región Latino América, y presta asistencia gratuita a todos los clientes de D-Link, en forma telefónica e internet, a través de la casilla soporte@dlinkla.com Soporte Técnico Help Desk Argentina:...
Page 328 Você pode encontrar atualizações de software e documentação de usuário no site da D-Link Brasil www.dlinkbrasil.com.br. A D-Link fornece suporte técnico gratuito para clientes no Brasil durante o período de vigência da garantia deste produto. Suporte Técnico para clientes no Brasil: Telefone São Paulo (11) 2185-9301...
Page 330 Technical Support You can find software updates and user documentation on the D-Link website. D-Link provides free technical support for customers within the United States and within Canada for the duration of the warranty period on this product. U.S. and Canadian customers can contact D-Link technical support through our website, or by phone.
Page 331 Technical Support You can find software updates and user documentation on the D-Link websites. If you require product support, we encourage you to browse our FAQ section on the Web Site before contacting the Support line. We have many FAQ’s which we hope will provide you a speedy resolution for...
Page 332 Technische Unterstützung Aktualisierte Versionen von Software und Benutzerhandbuch finden Sie auf der Website von D-Link. D-Link bietet kostenfreie technische Unterstützung für Kunden innerhalb Deutschlands, Österreichs, der Schweiz und Osteuropas. Unsere Kunden können technische Unterstützung über unsere Website, per E-Mail oder telefonisch anfordern.
Page 333: Assistance Technique
Assistance technique Vous trouverez la documentation et les logiciels les plus récents sur le site web D-Link. Vous pouvez contacter le service technique de D-Link par notre site internet ou par téléphone. Support technique destiné aux clients établis en France: Assistance technique D-Link par téléphone :...
Page 334 Asistencia Técnica Puede encontrar las últimas versiones de software así como documentación técnica en el sitio web de D-Link. D-Link ofrece asistencia técnica gratuita para clientes residentes en España durante el periodo de garantía del producto. Asistencia Técnica de D-Link por teléfono:...
Page 335 Supporto tecnico Gli ultimi aggiornamenti e la documentazione sono disponibili sul sito D-Link. Supporto tecnico per i clienti residenti in Italia D-Link Mediterraneo S.r.L. Via N. Bonnet 6/B 20154 Milano Supporto Tecnico dal lunedì al venerdì dalle ore 9.00 alle ore 19.00 con orario continuato...
Page 336 Technical Support You can find software updates and user documentation on the D-Link website. D-Link provides free technical support for customers within Benelux for the duration of the warranty period on this product. Benelux customers can contact D-Link technical support through our website, or by phone.
Page 337: Pomoc Techniczna
Najnowsze wersje oprogramowania i dokumentacji użytkownika można znaleźć w serwisie internetowym firmy D-Link. D-Link zapewnia bezpłatną pomoc techniczną klientom w Polsce w okresie gwarancyjnym produktu. Klienci z Polski mogą się kontaktować z działem pomocy technicznej firmy D-Link za pośrednictwem Internetu lub telefonicznie.
Page 338 Technická podpora Aktualizované verze software a uživatelských příruček najdete na webové stránce firmy D-Link. D-Link poskytuje svým zákazníkům bezplatnou technickou podporu Zákazníci mohou kontaktovat oddělení technické podpory přes webové stránky, mailem nebo telefonicky Web: http://www.dlink.cz/suppport/ E-mail: support@dlink.cz Telefon: 224 247 503 Telefonická...
Page 339 Technikai Támogatás Meghajtó programokat és frissítéseket a D-Link Magyarország weblapjáról tölthet le. Telefonon technikai segítséget munkanapokon hétfőtől- csütörtökig 9.00 – 16.00 óráig és pénteken 9.00 – 14.00 óráig kérhet a (1) 461-3001 telefonszámon vagy a support@dlink.hu emailcímen. Magyarországi technikai támogatás : D-Link Magyarország...
Page 340 Teknisk Support Du kan finne programvare oppdateringer og bruker dokumentasjon på D-Links web sider. D-Link tilbyr sine kunder gratis teknisk support under produktets garantitid. Kunder kan kontakte D-Links teknisk support via våre hjemmesider, eller på tlf. Teknisk Support: D-Link Teknisk telefon Support:...
Page 341 Teknisk Support Du finder software opdateringer og bruger- dokumentation på D-Link’s hjemmeside. D-Link tilbyder gratis teknisk support til kunder i Danmark i hele produktets garantiperiode. Danske kunder kan kontakte D-Link’s tekniske support via vores hjemmeside eller telefonisk. D-Link teknisk support over telefonen: Tlf.
Page 342 Teknistä tukea asiakkaille Suomessa: D-Link tarjoaa teknistä tukea asiakkailleen. Tuotteen takuun voimassaoloajan. Tekninen tuki palvelee seuraavasti: Arkisin klo. 9 - 21 numerosta 0800-114 677 Internetin kautta Ajurit ja lisätietoja tuotteista. http://www.dlink.fi Sähköpostin kautta voit myös tehdä kyselyitä.
Page 343 Teknisk Support På vår hemsida kan du hitta mer information om mjukvaru uppdateringar och annan användarinformation. D-Link tillhandahåller teknisk support till kunder i Sverige under hela garantitiden för denna produkt. Teknisk Support för kunder i Sverige: D-Link Teknisk Support via telefon: 0770-33 00 35 Vardagar 08.00-20.00...
Page 344 Você pode encontrar atualizações de software e documentação de http://www.dlink.pt utilizador no site de D-Link Portugal A D-Link fornece suporte técnico gratuito para clientes no Portugal durante o período de vigência de garantia deste produto. Suporte Técnico para clientes no Portugal: Assistência Técnica:...
Page 345 Τεχνική Υποστήριξη Μπορείτε να βρείτε software updates και πληροφορίες για τη χρήση των προϊόντων στις ιστοσελίδες της D-Link Η D-Link προσφέρει στους πελάτες της δωρεάν υποστήριξη στον Ελλαδικό χώρο Μπορείτε να επικοινωνείτε µε το τµήµα τεχνικής υποστήριξης µέσω της ιστοσελίδας ή µέσω τηλεφώνου...
Page 347: International Offices
URL: www.dlink.com.au URL: www.dlink.com.cn URL: www.dlink.no India Taiwan Finland D-Link House, Kurla Bandra Complex Road Latokartanontie 7A No. 289 , Sinhu 3rd Rd., Neihu District , Off CST Road, Santacruz (East) FIN-00700 HELSINKI Taipei City 114 ,Taiwan Mumbai - 400098...
Page 348: Registration Card
8. What category best describes your company? Aerospace Engineering Education Finance Hospital Legal Insurance/Real Estate Manufacturing Retail/Chainstore/Wholesale Government Transportation/Utilities/Communication System house/company Other________________________________ 9. Would you recommend your D-Link product to a friend? Don't know yet 10.Your comments on this product?

This manual is also suitable for:

Xstack dgs-3627g Xstack dgs-3627 Xstack dgs-3650

D-Link xStack DGS-3600 User Manual

Quick Links

User Manual

Related Manuals for D-Link xStack DGS-3600

Summary of Contents for D-Link xStack DGS-3600