Page 1 ® x Stack DGS-3400 Series Layer 2 M anaged Gigabit Ethernet Sw itch Web UI Reference Guide xStack ® DGS-3400 Series Product Model: Layer 2+ Managed Gigabit Ethernet Switch Release 3.0...
Page 2 Corporation. Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products. D-Link Corporation disclaims any proprietary interest in trademarks and trade names other than its own.
Page 3: Table Of Contents
Table of Contents Intended Readers ..................................xiii Typographical Conventions ..................................xiii Notes, Notices, and Cautions ..............................xiii Web-based Switch Configuration ........................1 Introduction ....................................1 Logging in to the Web Manager ..............................1 Web-based User Interface ................................2 Areas of the User Interface ..................................2 Web Pages ......................................
Page 4 Port Media Type ......................................31 Cable Diagnostics ......................................32 DDM ..........................................33 DDM Settings ......................................33 DDM Temperature Threshold Settings ..............................34 DDM Voltage Threshold Settings................................35 DDM Bias Current Threshold Settings ..............................36 DDM TX Power Threshold Settings ................................ 37 DDM RX Power Threshold Settings ...............................
Page 5 IPv6 Static/Default Route Settings ................................64 Route Preference Settings ................................66 Gratuitous ARP Settings ................................66 Static ARP Settings ..................................68 DHCP Auto Configuration Settings ............................. 69 DHCP/BOOTP Relay................................... 69 DHCP / BOOTP Relay Global Settings ................................ 69 The Implementation of DHCP Information Option 82 ..........................72 DHCP/BOOTP Relay Interface Settings ...............................
Page 6 DNS Resolver Dynamic Name Server Table .............................. 102 DNS Resolver Static Host Name Settings ..............................102 DNS Resolver Dynamic Host Name Table ..............................103 SNMP Manager ..................................104 SNMP Settings ......................................104 SNMP Trap Settings ....................................105 SNMP User Table ....................................... 106 SNMP View Table ......................................
Page 7 VLAN Description ....................................151 Notes about VLANs on the DGS-3400 Series ............................151 IEEE 802.1Q VLANs .................................... 152 802.1Q VLAN Tags ....................................153 Port VLAN ID ....................................... 154 Tagging and Untagging ..................................155 Ingress Filtering ..................................... 155 Default VLANs ...................................... 155 Port-based VLANs ....................................
Page 8 802.1D-2004 Rapid Spanning Tree ............................... 196 Port Transition States ..................................... 197 Edge Port ....................................... 197 P2P Port ......................................... 197 802.1D-1998/802.1D-2004/802.1Q-2005 Compatibility ........................198 STP Bridge Global Settings ..................................198 MST Configuration Identification ................................201 MSTP Port Information ....................................203 STP Instance Settings ....................................204 STP Port Settings ......................................
Page 9 Schedule Settings ..................................248 QoS Output Scheduling Settings ................................. 248 Configuring the Combination Queue ..............................250 QoS Scheduling Mechanism Settings ................................. 250 ACL (Access Control List) .......................... 253 Time Range ....................................253 Access Profile Table .................................. 254 ACL Flow Meter ..................................273 CPU Interface Filtering ................................
Page 10 Authentication Server Group ..................................335 Authentication Server Host ..................................336 Login Method Lists ..................................... 338 Enable Method Lists ....................................339 Configure Local Enable Password ................................341 Enable Admin ......................................342 RADIUS Accounting Settings ..................................343 MAC-based Access Control (MAC) ............................344 Notes about MAC-based Access Control ..............................
Page 11 Received (RX) ......................................379 UMB Cast (RX) ......................................381 Transmitted (TX) ......................................383 Errors ......................................385 Received (RX) ......................................385 Transmitted (TX) ......................................387 Packet Size ....................................389 Browse Router Port ..................................391 Browse MLD Router Port ................................392 VLAN Status ....................................392 VLAN Status Port ..................................
Page 12 Mitigating ARP Spoofing Attacks Using Packet Content ACL ........................411 Appendix B ..............................418 Switch Log Entries ...................................... 418 Appendix C ..............................431 Trap Logs ........................................431 Glossary ................................ 435...
Page 13: Intended Readers
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Intended Readers ® The xStack DGS-3400 Series User Manual contains information for setup and management of the Switch. This manual is intended for network managers familiar with network management concepts and terminology. Typographical Conventions Convention Description...
Page 14: Web-Based Switch Configuration
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Section 1 Web-based Switch Configuration Introduction Logging in to the Web Manager Web-based User Interface Web Pages Introduction ® All software functions of the xStack DGS-3400 switch series can be managed, configured and monitored via the embedded web- based (HTML) interface.
Page 15: Web-Based User Interface
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 1 - 1 Enter Network Password dialog box Leave both the User Name field and the Password field blank and click OK. This will open the Web-based user interface. The Switch management features available in the Web-based manager are explained below.
Page 16 Area 1 Select the menu or window to display. Open folders and click the hyperlinked menu buttons and subfolders contained within them to display menus. Click the D-Link logo to go to the D-Link website. Area 2 Presents a graphical near real-time image of the front panel of the Switch. This area displays the Switch's ports and expansion modules, showing port activity, duplex mode, or flow control, depending on the specified mode.
Page 17: Web Pages
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Web Pages When connecting to the management mode of the Switch with a Web browser, a login screen is displayed. Enter a user name and password to access the Switch's management mode. Below is a list of the main folders available in the Web interface: Administration –...
Page 18: Administration
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Section 2 Administration DGS-3400 Web Management Tool IP Address Interface Settings Stacking Port Configuration User Accounts Password Encryption Mirror System Log System Severity Settings Command Logging Settings SNTP Settings MAC Notification Settings TFTP Services...
Page 19: Device Information
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch sFlow IP Multicast VLAN Replication Single IP Management (SIM) Overview IP Tunnel Settings Device Information The Device Information window contains the main settings for all major functions for the Switch. It appears automatically when you log on to the Switch.
Page 20 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Device Information window configurable parameters include those described in the table below. Parameter Description System Name Enter a system name for the Switch, if so desired. This name will identify it in the Switch network.
Page 21: Ipv6
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch authorization parameters configured. Auth Protocol The user may use the pull-down menu to choose between RADIUS EAP and Local for the 802.1X authentication protocol on the Switch. The default setting is RADIUS EAP. 802.1X Authen The user may use the pull-down menu to Enable or Disable the 802.1X Authen Network Network RADIUS...
Page 22 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch anycast address has been added, which will send packets to the closest node which is a part of a group of nodes, thereby eliminating a specified device for a particular group. Simplifying the Packet Header –...
Page 23: Packet Format
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Packet Format As in IPv4, the IPv6 packet consists of the packet header and the payload, but the difference occurs in the packet header which has been amended and improved for better packet flow and processing. The following will outline and detail the IPv6 enhancements and parts of the IPv6 packet, with special attention to the packet header.
Page 24: Extension Headers
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Extension Headers Extension headers are used to identify optional parameters regarding IPv6 packets such as routing, fragmentation of packets or authentication parameters. The types of extension headers supported are Hop-by-Hop, Routing, Fragment, Destination Options, Authentication and Encapsulating Security Payload.
Page 25: Types
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch 0-9 (ex. 136.145.225.121). Now in IPv6, the format of the address resembles xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx where a set of xxxx represents a 16-bit hexadecimal value (ex. 2D83:0C76:3140:0000:0000:020C:417A:3214). Although this address looks long and cumbersome, there are some compression rules that will shorten the format of the IPv6 address to make it more compatible to the user.
Page 26: Icmpv6
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch The second type of special address is the loopback address which is represented by 0:0:0:0:0:0:0:1, or ::1 in its compressed form. It is akin to the 127.0.0.1 address in IPv4 and is used in troubleshooting and testing IP stacks. This address, like the unspecified address, and should not be statically or dynamically assigned to an interface.
Page 27: Duplicate Address Detection (Dad)
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch The address is unreachable (Code 3) The port is unreachable (Code 4) Duplicate Address Detection (DAD) DAD messages are used to specify that there is more than one node on a local link possessing the same IP address. IPv6 addresses are only leased for a defined period of time.
Page 28: Ip Address
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Sales 10.160.0.0 10.160.0.1 Backbone 10.192.0.0 10.192.0.1 Table 2- 2 VLAN Example – Assigned IP Interfaces The six IP interfaces, each with an IP address (listed in the table above), and a subnet mask of 255.224.0.0 can be entered into the Setup IP Interface window.
Page 29: Setting The Switch's Ip Address Using The Console Interface
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Use the Get IP From: pull-down menu to choose from BOOTP or DHCP. This selects the method the Switch assigns an IP address on the next reboot. The following fields can be set or modified: Parameter Description...
Page 30: Interface Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch • Alternatively, the user can enter config ipif System ipaddress xxx.xxx.xxx.xxx/z. Where the x's represent the IP address to be assigned to the IP interface named System and the z represents the corresponding number of subnets in CIDR notation.
Page 31 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 5 IPv4 Interface Settings - Edit window Enter a name for the new interface to be added in the Interface Name field (if editing an IP interface, the Interface Name will already be in the top field as seen in the window above).
Page 32: Ipv6 Interface Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch NOTE: The Switch's factory default IP address is 10.90.90.90 with a subnet mask of 255.0.0.0 and a default gateway of 0.0.0.0. IPv6 Interface Settings This window is used to set up IPv6 interfaces and addresses for the Switch. To view this window, click Administration >...
Page 33 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 8 IPv6 Interface Settings - Edit window The following fields may be viewed or modified. Parameter Description Interface Name This field displays the name for the IP interface, or it is used to add a new interface. The default IP interface is named “System”.
Page 34 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch VLAN Name This field states the VLAN Name directly associated with this interface. DHCPv6 Client State Use the pull-down menu to enable or disable the DHCPv6 client state of the interface. IPv6 Address Use this field to set a Global Unicast Address for the Switch.
Page 35: Stacking
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch RA Managed Flag Use the pull-down menu to enable or disable the Managed flag. When enabled, this will trigger the router to use a stateful autoconfiguration process to get both Global and link- local IPv6 addresses for the Switch.
Page 36 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 9 Switches stacked in a Duplex Ring Figure 2 - 10 Switches stacked in a Duplex Chain Within each of these topologies, each switch plays a role in the Switch stack. These roles can be set by the user per individual Switch, or if desired, can be automatically determined by the switch stack.
Page 37: Stack Switch Swapping
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Once switches have been assembled in the topology desired by the user and powered on, the stack will undergo three processes until it reaches a functioning state. Initialization State –...
Page 38: Stacking Mode Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Stacking Mode Settings To begin the stacking process, users must first enable this device for stacking by using the Stacking Mode Settings window. To view this window, click Administration > Stacking > Mode Settings, as shown below. Figure 2 - 11 Stacking Mode Settings window Use the pull-down menu, choose Enabled and click Apply to allow stacking of this Switch.
Page 39: Port Configuration
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch New Box ID The new box ID of the selected switch in the stack that was selected in the Current Box ID field. The user may choose any number between 1 and 12 to identify the switch in the switch stack. Auto will automatically assign a box number to the switch in the switch stack.
Page 40: Port Configuration
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Port Configuration To view this window, click Administration > Port Configuration > Port Configuration, as shown on the right: To configure switch ports: Choose the port or sequential range of ports using the From/To port pull- down menus.
Page 41: Port Error Disabled
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Speed/Duplex Use the Speed/Duplex pull-down menu to select the speed and duplex/half-duplex state of the port. Auto denotes auto-negotiation between 10 and 1000 Mbps devices, in full- or half-duplex. The Auto setting allows the port to automatically determine the fastest settings the device the port is connected to can handle, and then to use those settings.
Page 42: Port Description
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Port Description The Switch supports a port description feature where the user may name various ports on the Switch. To view this window, click Administration > Port Configuration >...
Page 43: Port Details
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 17 Port Auto Negotiation Information Table window Port Details This window is used to view detailed port information for individual ports on a particular unit. Use the drop-down menus to select the specific port of the unit you wish to view and click Find.
Page 44: Port Media Type
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 18 Port Details window Port Media Type This window is used to display the port media type available on each unit. To view a particular switch in the stack use the drop- down menu to select the unit.
Page 45: Cable Diagnostics
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch To view this window, click Administration > Port Configuration > Port Media Type, as shown below. Figure 2 - 19 Port Media Type window Cable Diagnostics This window is used to control the cable diagnostics and determine where and what kind of errors have occurred on the cable. This function is primarily used for administrators to view tests on copper cables.
Page 46: Ddm
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch To view this window, click Administration > Port Configuration > Cable Diagnostics, as shown below. Figure 2 - 20 Cable Diagnostics window This folder contains windows that perform Digital Diagnostic Monitoring (DDM) functions on the Switch. There are windows that allow the user to view the digital diagnostic monitoring status of SFP modules inserting to the Switch and to configure alarm settings, warning settings, temperature threshold settings, voltage threshold settings, bias current threshold settings, Tx power threshold settings, and Rx power threshold settings.
Page 47: Ddm Temperature Threshold Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 21 DDM Settings window The following parameters can be configured: Parameter Description Trap State Specify whether to send the trap, when the operating parameter exceeds the alarm or warning threshold.
Page 48: Ddm Voltage Threshold Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 22 DDM Temperature Threshold Settings window The following parameters can be configured: Parameter Description Unit Select the unit to configure. From / To Select a range of ports to be configured. High Alarm (-128- This is the highest threshold for the alarm.
Page 49: Ddm Bias Current Threshold Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 23 DDM Voltage Threshold Settings window The following parameters can be configured: Parameter Description Unit Select the unit to configure. From / To Select a range of ports to be configured. High Alarm (0- This is the highest threshold for the alarm.
Page 50: Ddm Tx Power Threshold Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 24 DDM Bias Current Threshold Settings window The following parameters can be configured: Parameter Description Unit Select the unit to configure. From / To Select a range of ports to be configured.
Page 51: Ddm Rx Power Threshold Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 25 DDM TX PowerThreshold Settings window The following parameters can be configured: Parameter Description Unit Select the unit to configure. From / To Select a range of ports to be configured. High Alarm (0- This is the highest threshold for the alarm.
Page 52: Ddm Status Table
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 26 DDM TX PowerThreshold Settings window The following parameters can be configured: Parameter Description Unit Select the unit to configure. From / To Select a range of ports to be configured. High Alarm (0- This is the highest threshold for the alarm.
Page 53: User Accounts
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 27 DDM Status Table window User Accounts Use the User Account Management window to control user privileges, create new users and view existing User Accounts. To view this window, click Administration >...
Page 54: Password Encryption
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch User Name Enter a name for the account, or display the name of the selected account. Old Password Enter the original password of the existing account. New Password Enter a new password for the account.
Page 55: Port Mirror Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 32 Port Mirror Global Settings window The following parameters can be configured: Parameter Description Porting Mirror Use the pull-down menu to enable or disable the port mirror status. Global State Click Apply to implement the changes.
Page 56 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 35 Port Mirroring - Edit window The following parameters are displayed or can be configured: Parameter Description Group ID (1-4) Enter or display the group ID this entry belongs to. Target Port Tick the check box and enter the port which received the copies from the source port.
Page 57: Mirroring Within The Switch Stack
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Mirroring within the Switch Stack Users may configure mirroring between switches in the switch stack but certain conditions and restrictions apply. When mirroring is configured in the stack, the primary master and the backup master will save and synchronize these mirroring configurations in their respective databases.
Page 58 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 38 Configure System Log Server - Edit window The following parameters are displayed or can be configured: Parameter Description Index(1-4) System log server settings index (1-4). Server IP The IPv4 address of the System log server.
Page 59: System Log Save Mode Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch System Log Save Mode Settings This window may be used to choose a method for which to save the switch log to the flash memory on the Switch. To view this window, click Administration >...
Page 60: System Severity Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch System Severity Settings The Switch can be configured to allow alerts be logged or sent as a trap to an SNMP agent or both. The level at which the alert triggers either a log entry or a trap message can be set as well.
Page 61: Sntp Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 42 Command Logging Settings window NOTE: When the switch is under the booting procedure, all configuration commands will not be logged. When the user uses AAA authentication to logged in, the user name should not be changed if the user has used the Enable Admin function to replace its privilege.
Page 62: Time Zone And Dst
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Time Settings - Current Time System Boot Time Displays the time when the Switch was initially started for this session. Current Time Displays the Current Time. Time Source Displays the time source for the system.
Page 63 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 44 Time Zone and DST Settings window The following parameters can be set: Parameter Description Time Zone and DST Daylight Saving Time Use this pull-down menu to enable or disable the DST Settings. State Daylight Saving Time Use this pull-down menu to specify the amount of time that will constitute your local DST...
Page 64 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch From: Month Enter the month DST will start on. From: Time in HH MM Enter the time of day that DST will start on. To: Which Week Enter the week of the month the DST will end.
Page 65: Mac Notification Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch MAC Notification Settings MAC Notification is used to monitor MAC addresses learned and entered into the forwarding database. To view this window, click Administration > MAC Notification Settings, as shown on the right. Global Settings The following parameters may be viewed and modified:...
Page 66: Tftp Services
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch TFTP Services Trivial File Transfer Protocol (TFTP) services allow the Switch's firmware to be upgraded by transferring a new firmware file from a TFTP server to the Switch. A configuration file can also be downloaded into the Switch from a TFTP server. Switch configuration settings can be saved and a history and attack log can be uploaded from the Switch to the TFTP server.
Page 67: Multiple Image Services
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch two configuration images in its memory. Image ID 1 will always be the boot up configuration for the Switch unless specified by the user. Choosing Active will download the configuration to the Boot Up Image ID, depending on the user’s configuration.
Page 68: Config Firmware Image
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 47 Firmware Information window The following parameters are displayed: Parameter Description States the image ID number of the firmware in the Switch’s memory. The Switch can store 2 firmware images for use.
Page 69: Rcp
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 48 Config Firmware Image window The following parameters can be set: Parameter Description Image The Switch allows two firmware images to be stored in its memory and either can be configured to be the boot up firmware for the Switch.
Page 70: Rcp Server Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 49 Remote Copy Protocol between an RCP server and an Ethernet Switch As illustrated in Figure 2 - 49, a user can: a) Upload a configuration file from the Switch to the RCP Server. b) Download a firmware file from the RCP Server to the Switch.
Page 71: Rcp Services
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch IP Address Enter the IP address of the global RCP server. User Name Enter the remote user name. Click Apply to implement the changes. RCP Services This window is use to configure the services that provided by the RCP server. To view this window, click Administration >...
Page 72: Ping Test
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Ping Test Ping is a small program that sends ICMP Echo packets to the IP address you specify. The destination node then responds to or “echoes” the packets sent from the Switch. This is very useful to verify connectivity between the Switch and other nodes on the network.
Page 73: Ipv6 Ping Test
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch IPv6 Ping Test The following window is used to Ping an IPv6 address. To view this window, click Administration > Ping Test > IPv6 Ping Test, as shown below. Figure 2 - 53 IPv6 Ping Test window This window allows the following parameters to be configured to ping an IPv6 address.
Page 74: Ipv6 Neighbor
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch IPv6 Neighbor IPv6 neighbors are devices on the link-local network that have been detected as being IPv6 devices. These devices can forward packets and keep track of the reachability of routers, as well as if changes occur within link-layer addresses of nodes on the network or if identical unicast addresses are present on the local link.
Page 75: Route Redistribution Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch To search for an entry, enter the appropriate information and click Find. To add a new entry click Add, the following window will be displayed.To remove an entry, click the corresponding button.
Page 76: Static/Default Route Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Action Add or Edit the entry. Enter the RIP route metric value for the redistributed routes. The valid value is 0 to 16. The Metric (0-16) default value is 0. Click Apply to implement the changes.
Page 77: Ipv6 Static/Default Route Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch To remove an entry, click the corresponding button. To add a new entry, click the Add button, revealing the following window to configure: Figure 2 - 58 Static/Default Route Settings - Add window The following fields can be set: Parameter Description...
Page 78 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch IPv6 Address/PrefixLen The IPv6 address and corresponding Prefix Length of the IPv6 static route entry. Interface The IP Interface where the static IPv6 route is created. Next Hop Address The corresponding IPv6 address for the next hop Gateway address in IPv6 format.
Page 79: Route Preference Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Route Preference Settings To view this window, click Administration > Route Preference Settings, as shown below. Figure 2 - 61 Route Preference Settings window The following fields can be configured: Parameter Description RIP (1-999)
Page 80 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 62 Gratuitous ARP Settings window The following fields can be set or viewed: Parameter Description Send on IPIF status up This is used to enable/disable the sending of gratuitous ARP request packets while an IPIF interface comes up.
Page 81: Static Arp Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Interval Click Apply to implement the changes. To return to the Gratuitous ARP Settings window, click the Show All Gratuitous ARP Entries link. Static ARP Settings Address Resolution Protocol (ARP) is a TCP/IP protocol that converts IP addresses into physical addresses. This table allows network managers to view, define, modify and delete ARP information for specific devices.
Page 82: Dhcp Auto Configuration Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Parameter Description IP Address The IP address of the ARP entry. This field cannot be edited in the Static ARP Settings – Edit window. MAC Address The MAC address of the ARP entry. After entering the IP Address and MAC Address of the Static ARP entry, click Apply to implement the new entry.
Page 83 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 68 DHCP/ BOOTP Relay Global Settings window The following fields can be set: Parameter Description DHCP/BOOTP Relay This field can be toggled between Enabled and Disabled using the pull-down menu. It is State used to enable or disable the DHCP/BOOTP Relay service on the Switch.
Page 84 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch When the DHCP server receives the packet, if the server is capable of option 82, it can implement policies like restricting the number of IP addresses that can be assigned to a single remote ID or circuit ID.
Page 85: The Implementation Of Dhcp Information Option 82
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch The Implementation of DHCP Information Option 82 The config dhcp_relay option_82 command configures the DHCP relay agent information option 82 setting of the switch. The formats for the circuit ID sub-option and the remote ID sub-option are as follows: NOTE: For the circuit ID sub-option of a standalone switch, the module field is always zero.
Page 86: Dhcp/Bootp Relay Interface Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch DHCP/BOOTP Relay Interface Settings This window allows the user to set up a server, by IP address, for relaying DHCP/ BOOTP information. The user may enter a previously configured IP interface on the Switch that will indicate which interface is able to support the dhcp relay function.
Page 87: Dhcp Relay Option 60 Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Parameter Description Relay IP Address Enter the specified IP address for the DHCP relay forward. Mode Use the pull-down menu to choose either Relay or Drop. When drop is specified, the packet with no matching rules found will be dropped without further process.
Page 88: Dhcp Relay Option 61 Default Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Server IP Enter the relay server IP address. Match Type Use the drop-down menu to select either Exact Match or Partial Match. Exact Match – The option 60 string in the packet must fully match the specified string. Partial Match –...
Page 89: Dhcp/Bootp Local Relay Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 75 DHCP Relay Option 61 Table window To remove an entry, enter the appropriate MAC Address or String information and click Delete. To delete all entries click Clear All.
Page 90: Dhcpv6 Relay
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 77 DHCP/BOOTP Local Relay Global Settings window The following parameters are displayed or can be configured: Parameter Description Global State Use the pull-down menu to enable or disable the status. VLAN State Use the pull-down menu to enable or disable the VLAN status.
Page 91: Dhcpv6 Relay Interface Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Hops Count (1-32) This field allows an entry between 1 and 32 to define the maximum number of router hops DHCPv6 messages can be forwarded across. The default hop count is 4. Click Apply to implement the changes.
Page 92: Dhcp Server
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 81 DHCPv6 Relay Interface Settings - View window The following fields are displayed or can be configured: Parameter Description Interface Name Display the IPv6 relay interface name. DHCPv6 Server Enter the IPv6 destination address to forward DHCPv6 packets.
Page 93: Dhcp Server Exclude Address Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 82 DHCP Server Settings window The following parameters may be configured: Parameter Description DHCP Server Global Use the pull-down menu to globally enable or disable the switch as a DHCP server. State Ping Packets (Number Enter a number between 2 and 10 to denote the number of ping packets that the Switch...
Page 94: Dhcp Server Pool Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 83 Create DHCP Excluded Address window The following parameters may be configured: Parameter Description Begin Address Enter the starting IP address of the range of IP addresses to be excluded from the DHCP pool. End Address Enter the final IP address of the range of IP addresses to be excluded from the DHCP pool.
Page 95 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 85 Config DHCP Pool window The following parameters can be configured or viewed: Parameter Description Pool Name Denotes the name of the DHCP pool for which you are currently adjusting the parameters. IP Address Enter the IP address to be assigned to requesting DHCP Clients.
Page 96 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch addresses. Net BIOS Enter the IP address of a Net BIOS Name Server that will be available to a Microsoft DHCP Client. Name Server This Net BIOS Name Server is actually a WINS (Windows Internet Naming Service) Server that allows Microsoft DHCP clients to correlate host names to IP addresses within a general grouping of networks.
Page 97: Dhcp Server Dynamic Binding
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 86 DHCP Server Pool Display window To return to the Create DHCP Pool window, click the Show All DHCP Server Pool Entries link. DHCP Server Dynamic Binding The following window will allow users to view dynamically bound IP addresses of the DHCP server.
Page 98: Dhcp Server Manual Binding
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch The following parameters may be configured or viewed: Parameter Description Pool Name To find the dynamically bound entries of a specific pool, enter the Pool Name into the field and click Find.
Page 99: Dhcpv6 Server
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 89 Create DHCP Pool Manual Binding window The following parameters may be configured or viewed. Parameter Description Pool Name Enter the name of the DHCP pool within which will be created a manual DHCP binding entry. IP Address Enter the IP address to be statically bound to a device within the local network that will be specified by entering the Hardware Address in the following field.
Page 100: Dhcpv6 Server Pool Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch To view this window, click Administration > DHCPv6 Server > DHCPv6 Server Global Settings, as shown below. Figure 2 - 90 DHCPv6 Server Global Settings window The following parameters may be configured: Parameter Description Global State...
Page 101: Dhcpv6 Server Manual Binding Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Click Apply to implement the changes. To return to the DHCPv6 Server Pool Table window, click the Show DHCPv6 Server Pool Table link. To configure the settings of a pool in the DHCPv6 Server Pool Table, click the corresponding Modify button to reveal the following window: Figure 2 - 93 DHCPv6 Pool Table - Edit window The following parameters can be configured or viewed:...
Page 102: Dhcpv6 Server Dynamic Binding Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 94 DHCPv6 Server Manual Biding Brief Table window To find the DHCPv6 server manual binding entries, enter the Pool Name into the field and click Find. Click View All to see all the entries.
Page 103: Dhcpv6 Server Interface Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 96 DHCPv6 Server Dynamic Biding Brief Table window To find the DHCPv6 server dynamic binding entries, enter the Pool Name into the field and click Find. Click View All to see all the entries.
Page 104: Dhcpv6 Server Excluded Address Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 99 DHCPv6 Server Dynamic Interface Table - Edit window The following fields can be configured or viewed: Parameter Description Interface Name Display the name of the interface. DHCPv6 Server State Use the pull-down menu to enable or disable the DHCPv6 server status.
Page 105: Filter Dhcp Server
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 101 DHCPv6 Server Excluded Address Brief Table - View window The following fields can be configured or viewed: Parameter Description Pool Name Display the name of the pool. Begin Address Enter the starting IP address of the range of IP addresses to be excluded from the DHCPv6 pool.
Page 106: Filter Dhcp Server Port Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 102 DHCP Server Filter Global Settings window The following parameters may be configured: Parameter Description Trap/Log Enable this function to record logs and send traps when the Switch detects the illegal DHCP server packets.
Page 107 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 103 Filter DHCP Server Port State Settings window The following parameters may be configured: Parameter Description State Use the pull-down menu to enable or disable the Filter DHCP Server Port State Settings. Port List Specify the ports that will enable or disable the filter DHCP server.
Page 108: Layer 2 Protocol Tunneling Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Layer 2 Protocol Tunneling Settings The Layer 2 Protocol Tunneling (L2PT) supports traffic of multiple customers across service provider networks. L2PT enables the BPDU’s of the same customer’s network to be multicast over specific VLANs in the service provider’s network, which in turn will ensure the same geographically dispersed customer network can implement consistent spanning tree calculations across the service provider network.
Page 109: Rspan
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch RSPAN RSPAN (Remote Switched Port Analyzer) is a feature used to monitor and analyze the traffic passing through ports. The character ‘R’ is short for ‘Remote’ which means that the mirror source ports and the destination port are not on the same Switch. So a remote mirror session consists of at least two switches.
Page 110 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 106 RSPAN Settings window The following fields can be configured: Parameter Description VLAN Name Enter the name of the VLAN you wish to Add, Find or Delete. VID (1-4094) Enter the VLAN ID of the VLAN you wish to Add, Find or Delete.
Page 111 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch The following fields can be configured: Parameter Description VLAN Name This is the VLAN Name that, along with the VLAN ID, identifies the VLAN which will modify the RSPAN Entries. VID (1-4094) This is the VLAN ID that, along with the VLAN Name, identifies the VLAN which will to modify the RSPAN Entries.
Page 112: Dns Relay
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch for that RSPAN session. The goal of TX source ports is to monitor as much as possible all the packets sent by TX Source Ports the source interface after all modification and processing is performed by the switch. Click Apply to implement the changes.
Page 113: Dns Relay Static Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 109 DNS Relay Global Settings window The following fields can be set: Parameter Description DNS State This field can be toggled between Disabled and Enabled using the pull-down menu, and is used to enable or disable the DNS Relay service on the Switch.
Page 114: Dns Resolver
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch DNS Resolver The DNS Resolver provides a solution to translate the domain name to an IP address for application on the switch itself. DNS Resolver Global Settings This window is used to configure the DNS resolver state and name server timeout.
Page 115: Dns Resolver Dynamic Name Server Table
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Click Add to reveal the following window to configure: Figure 2 - 113 DNS Resolver Static Name Server Settings window The following fields can be set: Parameter Description Primary Tick the check box to indicate the name server is a primary name server.
Page 116: Dns Resolver Dynamic Host Name Table
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Click Add to reveal the following window to configure: Figure 2 - 116 DNS Resolver Static Host Name Settings window The following fields can be set: Parameter Description Host Name Enter the host’s host name.
Page 117: Snmp Manager
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch SNMP Manager SNMP Settings Simple Network Management Protocol (SNMP) is an OSI Layer 7 (Application Layer) designed specifically for managing and monitoring network devices. SNMP enables network management stations to read and modify the settings of gateways, routers, switches, and other network devices.
Page 118: Snmp Trap Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch SNMP settings are configured using the menus located on the SNMP V3 folder of the web manager. Workstations on the network that are allowed SNMP privileged access to the Switch can be restricted with the Management Station IP Address menu. SNMP Trap Settings The following window is used to enable and disable trap settings for the SNMP function on the Switch.
Page 119: Snmp User Table
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch To enable or disable linkchange trap settings for individual ports, select the ports using the From and To drop-down menus, enable the State using the drop-down menu, and then click Apply. SNMP User Table This window displays all of the SNMP users currently configured on the Switch.
Page 120 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch To return to the SNMP User Table, click the Show All SNMP User Table Entries link. To add a new entry to the SNMP User Table, click the Add button on the SNMP User Table window. This will open the SNMP User Table Configuration window, as shown below.
Page 121: Snmp View Table
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch SNMP View Table This window is used to assign views to community strings that define which MIB objects can be accessed by a remote SNMP manager. To view this window, click Administration > SNMP Manager > SNMP View Table, as shown below. Figure 2 - 122 SNMP View Table window To delete an existing SNMP View Table entry, click the corresponding button in the Delete column.
Page 122: Snmp Group Table
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch View Type Select Included to ensure this object is included in the list of objects that an SNMP manager can access. Select Excluded to exclude this object from the list of objects that an SNMP manager can access.
Page 123: Snmp Community Table
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch To add a new entry to the Switch's SNMP Group Table, click the Add button in the upper left-hand corner of the SNMP Group Table window. This will open the SNMP Group Table Configuration window, as shown below. Figure 2 - 126 SNMP Group Table Configuration window The following parameters can be configured: Parameter...
Page 124 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch • An Access List of IP addresses of SNMP managers that are permitted to use the community string to gain access to the Switch's SNMP agent. • Any MIB view that defines the subset of all MIB objects will be accessible to the SNMP community.
Page 125: Snmp Host Table
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch SNMP community. This string is used like a password to give remote SNMP managers access to MIB objects in the Switch's SNMP agent. View Name Type an alphanumeric string of up to 32 characters that is used to identify the group of MIB objects that a remote SNMP manager is allowed to access on the Switch.
Page 126: Snmp Engine Id
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch V3-NoAuth-NoPriv – To specify that the SNMP version 3 will be used, with a NoAuth-NoPriv security level. V3-Auth-NoPriv – To specify that the SNMP version 3 will be used, with an Auth-NoPriv security level.
Page 127: Trap Source Interface Settings
Powered Devices (PDs) over Category 5 or Category 5E UTP Ethernet cables. The DGS-3426P follows the standard PSE (Power Sourcing Equipment) pinout Alternative A, whereby power is sent out over pins 1, 2, 3 and 6. The DGS-3426P works with all D-Link 802.3af capable devices. The DGS-3426P includes the following PoE features: Auto-discovery recognizes the connection of a PD (Powered Device) and automatically sends power to it.
Page 128: Poe System Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Based on 802.3af/at PDs receive power according to the following classification PSE provides power according to the following classification: Class Maximum power available to PD Class Max power used by 12.95W 15.4W 3.84W...
Page 129: Poe Port Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch 370W) configure a Power Limit between 37 and 370W for the DGS-3426P. The default setting is 370W. Disconnect Method The PoE controller uses either Deny next port or Deny low priority port to offset the power limit being exceeded and keep the Switch’s power at a usable level.
Page 130 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 134 PoE Port Settings window The following parameters can be configured: Parameter Description Choose the switch in the switch stack for which to configure the PoE settings. Unit ®...
Page 131 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch higher priority. The setting of priority will affect the ordering of supplying power. Whether the disconnect method is set to deny low priority port, the priority of each port will be used by the system to manage the supply of power to ports.
Page 132: Sflow
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch sFlow sFlow is a feature on the Switch that allows users to monitor network traffic running through the switch to identify network problems through packet sampling and packet counter information of the Switch.
Page 133: Sflow Global Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch sFlow Global Settings The following window is used to globally enable the sFlow feature for the Switch. Simply use the pull-down menu and click Apply to enable or disable sFlow. This window will also display the sFlow version currently being utilized by the Switch, along with the sFlow Address that is the Switch’s IP address.
Page 134 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch to four entries can be added with the same UDP port. Owner Displays the owner of the entry made here. The user that added this sFlow Analyzer configured this name.
Page 135: Sflow Sampler Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 139 sFlow Analyzer Settings – Edit window The following fields can be configured or viewed: Parameter Description Analyzer Server (1- Enter an integer from 1 to 4 to denote the sFlow Analyzer to be added. Up to four entries can be added.
Page 136 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch To view this window, click Administration > sFlow > sFlow Sampler Settings, as shown below. Figure 2 - 140 sFlow Sampler Settings window The following fields are displayed: Parameter Description Port...
Page 137: Sflow Poller Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 142 sFlow Sampler Settings - Edit window The following fields can be configured or viewed: Parameter Description Unit Select the unit you wish to configure. From / To Choose the beginning and ending range of ports to be configured for packet sampling.
Page 138 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 143 sFlow Counter Poller Settings window The following fields are displayed: Parameter Description Port Displays the port from which packet counter samples are being taken. Analyzer Server ID Displays the ID of the Analyzer Server where datagrams, containing the packet counter polling information taken using this polling mechanism, will be sent.
Page 139: Ip Multicast Vlan Replication
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 145 sFlow Counter Poller Settings - Edit window The following parameters can be configured or viewed: Parameter Description Unit Select the unit you wish to configure. From / To Choose the beginning and ending range of ports to be configured for counter polling.
Page 140: Ip Multicast Vlan Replication Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch The following fields may be set: Parameter Description IP Multicast VLAN Enable or Disable the IP Multicast VLAN Replication State on the Switch. Replication State TTL specifies whether to decrease the time to live of a packet, the user can choose either Decrease or No Decrease.
Page 141 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 148 IP Multicast VLAN Replication Settings - Source Edit window The following fields may be set: Parameter Description Entry Name The name of the previously created IP Multicast VLAN Replication entry will be displayed. VID / VLAN Name Select VID and enter a source VLAN ID.
Page 142 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 149 IP Multicast VLAN Replication Settings - Destination Edit window The following fields may be set: Parameter Description Entry Name The name of the previously created IP Multicast VLAN Replication entry will be displayed. VID / VLAN Name Select VID and enter an outgoing VLAN ID.
Page 143: Single Ip Management (Sim) Overview
DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Single IP Management (SIM) Overview Simply put, D-Link Single IP Management is a concept that will stack switches together over Ethernet instead of using stacking ports or modules. There are some advantages in implementing the “Single IP Management” feature: SIM can simplify management of small workgroups or wiring closets while scaling the network to handle increased bandwidth demand.
Page 144: The Upgrade To V1.61
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch • CSs must change their role to CaS and then to MS, to become a MS of a SIM group. Thus, the CS cannot directly be converted to a MS. •...
Page 145: Single Ip Vs. Switch Stacking
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch NOTE: SIM Management does not support IPv6. For users wishing to utilize this function, switches in the SIM group must be configured with IPv4 addresses. IPv6 for SIM management will be supported in a future release of this switch.
Page 146: Topology
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Candidate – A Candidate Switch (CaS) is not the member of a SIM group but is connected to a Commander Switch. This is the default setting for the SIM role of the DGS-3400 Series. Commander –...
Page 147 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 152 Single IP Management window - Tree View The Tree View window holds the following information under the Data tab: Parameter Description Device Name This field will display the Device Name of the switches in the SIM group configured by the user.
Page 148 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 153 Topology view This screen will display how the devices within the Single IP Management Group connect to other groups and devices. Possible icons in this screen are as follows: Icon Description Group...
Page 149 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Member switch of other group Layer 2 candidate switch Layer 3 candidate switch Unknown device Non-SIM devices...
Page 150: Tool Tips
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Tool Tips In the Topology view window, the mouse plays an important role in configuration and in viewing device information. Setting the mouse cursor over a specific device in the topology window (tool tip) will display the same information about a specific device as the Tree view does.
Page 151 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 155 Port Speed Utilizing the Tool Tip...
Page 152: Group Icon
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Right-click Right-clicking on a device will allow the user to perform various functions, depending on the role of the Switch in the SIM group and the icon associated with it. Group Icon Figure 2 - 156 Right-clicking a Group Icon The following options may appear for the user to configure:...
Page 153: Commander Switch Icon
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Port Speed Displays the connection speed between the CS and the MS or CaS Commander Switch Icon Figure 2 - 158 Right-clicking a Commander Icon The following options may appear for the user to configure: •...
Page 154: Menu Bar
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 160 Right-clicking a Candidate icon The following options may appear for the user to configure: • Collapse – to collapse the group that will be represented by a single icon. •...
Page 155: Firmware Upgrade
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch • Refresh - update the views with the latest status. • Topology - display the Topology view. Help • About - Will display the SIM information, including the current SIM version. Figure 2 - 164 About window Firmware Upgrade This window is used to upgrade firmware from the Commander Switch to the Member Switch.
Page 156: Upload Log
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 166 Configuration File Backup/Restore window Upload Log The following window is used to upload log files from SIM member switches to a specified PC. To upload a log file, enter the IP address of the SIM member switch and then enter the path on your PC to which to save this file.
Page 157: Rip 1 Route Interpretation
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch To maximize stability, the hop count RIP uses to measure distance must have a low maximum value. Infinity (that is, the network is unreachable) is defined as 16 hops. In other words, if a network is more than 16 routers from the source, the local router will consider the network unreachable.
Page 158: Rip
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch RIP Version 2 Extensions RIP version 2 includes an explicit subnet mask entry, so RIP version 2 can be used to propagate variable length subnet addresses or CIDR classless addresses. RIP version 2 also adds an explicit next hop entry, which speeds convergence and helps prevent the formation of routing loops.
Page 159: Ripng
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 170 RIP Interface Settings - Edit window The following RIP interface settings can be applied to each IP interface: Parameter Description Interface Name The name of the IP interface on which RIP is to be setup. This interface must be previously configured on the Switch.
Page 160: Ripng Global Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch RIPng Global Settings This window allows users to set up RIPng. To view this window, click Administration > RIP > RIPng > RIPng Global Settings, as shown below. Figure 2 - 171 RIPng Global Settings window The following settings can be configured: Parameter...
Page 161: Ip Tunnel Settings
IPv6, and the development of transition strategies, tools, and mechanisms has been part of the basic IPv6 design from the start. This IPv6 tunneling mechanism is one of D-Link’s strategies for solving the transition from IPv4 to IPv6. To configure the settings, click Administration > IP Tunnel Settings, as shown below.
Page 162 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 - 175 IP Tunnel Settings - Add window Enter the Interface Name in the field and click Apply. To return to the IP Tunnel Settings window, click the Show All IP Tunnel Entries link.
Page 163 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch exist in the database. However, whether the tunnel’s former information is invalid or not will depend on the current mode. IPv6 ISATAP tunnels are point-to-multipoint tunnels that can be used to connect systems within a site.
Page 164: L2 Features
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Section 3 L2 Features VLAN Trunking IGMP Snooping MLD Snooping Loop-back Detection Global Settings Spanning Tree Forwarding & Filtering LLDP Q-in-Q ERPS DULD Settings NLB Multicast FDB Settings The following section will aid the user in configuring security functions for the Switch.
Page 165: Ieee 802.1Q Vlans
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch IEEE 802.1Q VLANs Some relevant terms: Tagging – The act of putting 802.1Q VLAN information into the header of a packet. Untagging – The act of stripping 802.1Q VLAN information out of the packet header. Ingress port –...
Page 166: 802.1Q Vlan Tags
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 3 - 1 IEEE 802.1Q Packet Forwarding 802.1Q VLAN Tags The figure below shows the 802.1Q VLAN tag. There are four additional octets inserted after the source MAC address. Their presence is indicated by a value of 0x8100 in the EtherType field.
Page 167: Port Vlan Id
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 3 - 2 IEEE 802.1Q Tag The EtherType and VLAN ID are inserted after the MAC source address, but before the original EtherType/Length or Logical Link Control. Because the packet is now a bit longer than it was originally, the Cyclic Redundancy Check (CRC) must be recalculated.
Page 168: Tagging And Untagging
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch PVID of the port on which they were received. Forwarding decisions are based upon this PVID, in so far as VLANs are con- cerned. Tagged packets are forwarded according to the VID contained within the tag. Tagged packets are also assigned a PVID, but the PVID is not used to make packet-forwarding decisions, the VID is.
Page 169: Port-Based Vlans
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch VLAN Name Switch Ports System (default) 5, 6, 7, 8, 21, 22, 23, 24 Engineering 9, 10, 11, 12 Marketing 13, 14, 15, 16 Finance 17, 18, 19, 20 Sales 1, 2, 3, 4 Table 3 - 1 VLAN Example –...
Page 170 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 3 - 4 Current Static VLAN Entries window The Current Static VLAN Entries window lists all previously configured VLANs by VLAN ID and VLAN Name. To delete an existing 802.1Q VLAN, click the corresponding button under the Delete heading.
Page 171: Vlan Trunk
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 3 - 6 Static VLAN window – Edit window The following parameters can be configured or viewed: Parameter Description Unit Select the switch in the switch stack for which to configure VLANs. Allows the entry of a VLAN ID in the Add window, or displays the VLAN ID of an existing VLAN in the Modify window.
Page 172 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 3 - 7 VLAN Trunk Global Settings window The following parameters can be configured: Parameter Description VLAN Trunk Use the pull-down menu to enable or disable VLAN trunk global status. Status State Use the pull-down menu to enable or disable VLAN trunk port state.
Page 173: Gvrp Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch GVRP Settings The GVRP Settings window allows the user to determine whether the Switch will share its VLAN configuration information with other GARP VLAN Registration Protocol (GVRP) enabled switches.
Page 174: Double Vlans
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch forwarded to the port for transmission, the port will add an 802.1Q tag using the PVID to write the VID in the tag. When the packet arrives at its destination, the receiving device will use the PVID to make VLAN forwarding decisions.
Page 175: Regulations For Double Vlans
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch In this example, the Service Provider Access Network switch (Provider edge switch) is the device creating and configuring Double VLANs. Both CEVLANs (Customer VLANs) 10 and 11, are tagged with the SPVID 100 on the Service Provider Access Network and therefore belong to one VLAN on the Service Provider’s network, thus being a member of two VLANs.
Page 176: Double Vlan Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Double VLAN Settings This window is used to enable or disable the double VLAN State settings. To view this window, click L2 Features > VLAN > Double VLAN, as shown below. Figure 3 - 10 Double VLAN State Settings window Choose Enabled using the pull-down menu and click Apply.
Page 177 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 3 - 13 Double VLAN State Settings - View window Parameters shown in the previous window are explained below: Parameter Description SPVID The VLAN ID number of this potential Service Provider VLAN. VLAN Name The name of the VLAN on the Switch.
Page 178: Pvid Auto Assign
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Click Apply to implement the changes. To return to the Double VLAN State Settings window, click the Show Double VLAN Entries link. To configure the parameters for a previously created Service Provider VLAN, click the Modify button of the corresponding SPVID in the Double VLAN State Settings window.
Page 179: Mac-Based Vlan Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch To view this window, click L2 Features > VLAN > PVID Auto Assign, as shown below. Figure 3 - 16 PVID Auto Assign Settings window When Enabled, PVID will be automatically assigned when adding a port to a VLAN as an untagged member port. Click Apply to implement the change.
Page 180: Protocol Vlan Group Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Protocol Type Header in Hexadecimal Form IP over Ethernet 0x0800 IPX 802.3 0xFFFF IPX 802.2 0xE0E0 IPX SNAP 0x8137 IPX over Ethernet2 0x8137 decLAT 0x6004 SNA 802.2 0x0404 netBios 0xF0F0...
Page 181: Protocol Vlan Port Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 3 - 19 Protocol VLAN Group - Add window The Add and Modify windows of the Protocol VLAN Group hold the following fields to be configured: Parameter Description Group ID (1-16)
Page 182: Subnet Vlan
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 3 - 20 Protocol VLAN Port Settings window The following fields may be configured: Parameter Description Port List Use this parameter to assign ports to a Protocol VLAN Group or remove them from the Protocol VLAN Group.
Page 183: Subnet Vlan Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch The VLAN classification precedence is configurable on each port. The default value is MAC-based VLAN classification precedence. Note: If the IP address of the received untagged packet is match two entries in the table. The longest-prefix match order is used. For make the subnet VLAN can work well, must add the ingress port into the VLAN member ports.
Page 184 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 3 - 22 VLAN Precedence Settings window The following fields may be configured: Parameter Description Unit Select the switch in the switch stack to be modified. From / To These two fields allow the range of ports that will be included in the VLAN precedence.
Page 185: Trunking
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Trunking Understanding Port Trunk Groups Port trunk groups are used to combine a number of ports together to make a single high-bandwidth data pipeline. DGS-3400 Series supports up to 32 port trunk groups with 2 to 8 ports in each group. A potential bit rate of 8000 Mbps can be achieved. Figure 3 - 23 Example of Port Trunk Group...
Page 186: Link Aggregation
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch The Switch treats all ports in a trunk group as a single port. Data transmitted to a specific host (destination address) will always be transmitted over the same port in a trunk group. This allows packets in a data stream to arrive in the same order they were sent. NOTE: If any ports within the trunk group become disconnected, packets intended for the disconnected port will be load shared among the other linked ports of the link aggregation group.
Page 187 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 3 - 25 Link Aggregation Group Entries - Add window To edit a port trunk group, click the corresponding Modify button to see the window shown as below.
Page 188 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 3 - 26 Link Aggregation Group Entries - Edit window The user-changeable parameters are as follows: Parameter Description Group ID Select an ID number for the group, between 1 and 32. Type This pull-down menu allows users to select between Static and LACP (Link Aggregation Control Protocol).
Page 189: Lacp Port Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch unknown unicasts. After setting the previous parameters, click Apply to allow your changes to be implemented. Successfully created trunk groups will be show in the Link Aggregation Group Entries window. To return to the Link Aggregation Group Entries window, click the Show All Link Aggregation Group Entries link.
Page 190 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 3 - 27 LACP Port Settings window The user may set the following parameters: Parameter Description Unit Select the switch in the switch stack to be modified. From / To A consecutive group of ports may be configured starting with the selected port.
Page 191: Igmp Snooping
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Mode Active – Active LACP ports are capable of processing and sending LACP control frames. This allows LACP compliant devices to negotiate the aggregated link so the group may be changed dynamically as needs require.
Page 192 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch IGMP Snooping Data Driven Enter a value between 1 and 960 for data driven max learning entry. Learning Settings (1-960) Click Apply to implement the changes. Click the corresponding Modify button in the IGMP Snooping Settings table to open the window, as shown below. Figure 3 - 29 IGMP Snooping Settings –...
Page 193 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch 25 (seconds). Default = 10. Robustness Variable (1-255) Adjust this variable according to expected packet loss. If packet loss on the VLAN is expected to be high, the Robustness Variable should be increased to accommodate increased packet loss.
Page 194: Router Port Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Router Port Settings A static router port is a port that has a multicast router attached to it. Generally, this router would have a connection to a WAN or to the Internet.
Page 195: Igmp Snooping Static Group Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Parameter Description This is the VLAN ID that, along with the VLAN Name, identifies the VLAN where the multicast router is attached. VLAN Name This is the name of the VLAN where the multicast router is attached. Unit Select the switch in the switch stack to be modified.
Page 196: Ism Vlan Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 3 - 33 IGMP Snooping Static Group - Add window To modify an entry, click the corresponding Modify button, and the following window will be displayed. Figure 3 - 34 IGMP Static Group Modify window The following fields can be configured or viewed: Parameter...
Page 197: Restrictions And Provisos
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch the traffic path. To lighten the traffic load, multicast VLANs may be incorporated. These multicast VLANs will allow the Switch to forward this multicast traffic as one copy to recipients of the multicast VLAN, instead of multiple copies. Regardless of other normal VLANs that are incorporated on the Switch, users may add any ports to the multicast VLAN where they wish multicast traffic to be sent.
Page 198 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch The following fields can be configured or viewed: Parameter Description VLAN Name Enter a name for the ISM VLAN into the field. VID (2-4094) Enter a VLAN ID between 2 and 4094. Remap Priority (0-7) Enter a value between 0 and 7.
Page 199: Limited Multicast Address Range Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Tagged Member Enter a port or list of ports to be added to the Multicast VLAN as a tagged member port. Ports Source Port Enter a port or list of ports to be added to the Multicast VLAN. Source ports will become the untagged members of the multicast VLAN.
Page 200 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 3 - 39 Limited IP Multicast Address Range window The following parameters can be configured: Parameter Description Unit Select the switch in the switch stack to be modified. From / To Enter the port range for which to begin the Limited IP Multicast Range configuration.
Page 201: Mld Snooping
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Click Apply to implement the new settings on the Switch. Click Delete to remove the configured range from the settings. Click Delete All to delete all Limited IP Multicast settings. MLD Snooping Multicast Listener Discovery (MLD) Snooping is an IPv6 function used similarly to IGMP snooping in IPv4.
Page 202 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 3 - 40 MLD Multicast Router Only Settings window The following parameters can be configured: Parameter Description MLD Multicast Router Only Use the pull-down menu to enable or disable the MLD multicast router. Data Driven Learning Entry Enter a value between 1 and 511 for data driven max learning entry.
Page 203 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 3 - 41 MLD Snooping Settings – Edit window The following parameters may be viewed or modified: Parameter Description This is the VLAN ID that, along with the VLAN Name, identifies the VLAN for which to modify the MLD Snooping Settings.
Page 204: Mld Router Port Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch seconds with a default setting of 1 second. Version (1-2) Configure the MLD version of the query packet which will be sent by the router. Node Timeout (1-16711450) Specifies the link node timeout, in seconds.
Page 205 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 3 - 42 MLD Router Port Settings window To configure the router ports settings for a specified VLAN, click its corresponding Modify button, which will produce the following window for the user to configure.
Page 206 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Click Apply to implement the new settings.
Page 207: Loop-Back Detection Global Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Loop-back Detection Global Settings The Loop-back Detection function is used to identify loops occurring between the Switch and a device that is directly connected to it. This process is accomplished by the use of a Configuration Testing Protocol (CTP) packet that is generated by the switch.
Page 208 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch None – The trap will not be sent in any situation. Loopdetect Trap Loop Detected – The trap is sent when the loop condition is detected. Loop Cleared – The trap is sent when the loop condition is cleared. Both –...
Page 209: Spanning Tree
MSTP. 802.1D-1998 STP will be familiar to most networking professionals. However, since 802.1D-2004 RSTP and 802.1Q- 2005 MSTP have been recently introduced to D-Link managed Ethernet switches, a brief introduction to the technology is provided below followed by a description of how to set up 802.1D-1998 STP, 802.1D-2004 RSTP, and 802.1Q-2005 MSTP.
Page 210: Port Transition States
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch terminology is the same as STP. Most of the settings configured for STP are also used for RSTP. This section introduces some new Spanning Tree concepts and illustrates the main differences between the two protocols. Port Transition States An essential difference between the three protocols is in the way ports transition to a forwarding state and in the way this transition relates to the role of the port (forwarding or not forwarding) in the topology.
Page 211: 802.1D-1998/802.1D-2004/802.1Q-2005 Compatibility
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch 802.1D-1998/802.1D-2004/802.1Q-2005 Compatibility MSTP or RSTP can interoperate with legacy equipment and is capable of automatically adjusting BPDU packets to 802.1D-1998 format when necessary. However, any segment using 802.1D-1998 STP will not benefit from the rapid transition and rapid topology change detection of MSTP or RSTP.
Page 212 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 3 - 46 STP Bridge Global Settings window (MSTP) Figure 3 - 47 STP Bridge Global Settings window (STP Compatible) See the table below for descriptions of the STP versions and corresponding setting options. NOTE: The Hello Time cannot be longer than the Max.
Page 213 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch STP Version Use the pull-down menu to choose the desired version of STP: STP compatible – Select this parameter to set the Spanning Tree Protocol (STP) globally on the switch.
Page 214: Mst Configuration Identification
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch MST Configuration Identification The following windows allow the user to configure a MSTI instance on the Switch. These settings will uniquely identify a multiple spanning tree instance set on the Switch. The Switch initially possesses one CIST or Common Internal Spanning Tree of which the user may modify the parameters for but cannot change the MSTI ID for, and cannot be deleted.
Page 215 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 3 - 49 MST Configuration Identification - Add window Configure the following parameters to create a MSTI in the Switch: Parameter Description MSTI ID Enter a number between 1 and 15 to set a new MSTI on the Switch. Type Create is selected to create a new MSTI.
Page 216: Mstp Port Information
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Click Apply to implement the changes. Click the Show MST configuration Table link to return to the MST Configuration Identification window. To configure the parameters for a previously set MSTI, click its hyperlinked MSTI ID number, which will reveal the following window for configuration.
Page 217: Stp Instance Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 3 - 52 MSTP Port Information window To view the MSTI settings for a particular port, select the Port number, located in the top left hand corner of the screen and click Apply.
Page 218 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch To view this window, click L2 Features > Spanning Tree > STP Instance Settings, as shown below. Figure 3 - 54 STP Instance Settings window The following information is displayed: Parameter Description Instance Type...
Page 219: Stp Port Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch STP Port Settings STP can be set up on a port per port basis. In addition to setting Spanning Tree parameters for use on the switch level, the Switch allows for the configuration of groups of ports, each port-group of which will have its own spanning tree, and will require some of its own configuration settings.
Page 220 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Unit Select the switch in the switch stack to be modified. From / To A consecutive group of ports may be configured starting with the selected port. External Cost This defines a metric that indicates the relative cost of forwarding packets to the specified (0=Auto)
Page 221: Forwarding & Filtering
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch active topology, possibly because those bridges are not under the full control of the administrator. Click Apply to implement the changes. Forwarding & Filtering This folder contains windows for Unicast Forwarding, Multicast Forwarding and Multicast Filtering Mode. Unicast Forwarding This window is used to configure the Unicast Forwarding on the Switch.
Page 222 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 3 - 58 Static Multicast Forwarding Settings window The Static Multicast Forwarding Settings window displays all of the entries made into the Switch's static multicast forwarding table.
Page 223: Multicast Filtering Mode
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Multicast Filtering Mode This window allows users to configure the Switch to forward or filter the Unregistered Groups per VLAN. To view this window, click L2 Features > Forwarding & Filtering >Multicast Filtering Mode, as shown below. Figure 3 - 60 Multicast Filtering Mode Settings window The following parameters can be set: Parameter...
Page 224: Lldp Global Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch LLDP Global Settings This window is used to configure the LLDP Global Settings on the Switch. When LLDP is enabled the Switch can start to transmit, receive and process LLDP packets. The specific function of each port will depend on the per port LLDP settings. LLDP Global State is Disabled by default.
Page 225: Basic Lldp Port Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch TX Delay (1-8192) LLDP TX Delay allows the user to change the minimum time delay interval for any LLDP port which will delay advertising any successive LLDP advertisements due to change in the LLDP MIB content.
Page 226 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 3 - 62 Basic LLDP Port Settings window The following parameters can be set: Parameter Description Unit Select the unit to configure. From / To Use the pull-down menu to select a range of ports to be configured. Notification State Use the pull-down menu to Enable or Disable the status of the LLDP notification.
Page 227: 802.1 Extension Lldp Port Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch RX_Only – The local LLDP agent can only receive LLDP frames. TX_and_RX – The local LLDP agent can both transmit and receive LLDP frames. Disabled – The local LLDP agent can neither transmit nor receive LLDP frames. The default value is TX_and_RX.
Page 228 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 3 - 63 802.1 Extension LLDP Port Settings window...
Page 229: Extension Lldp Port Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch The following parameters can be set: Parameter Description Unit Select the unit to configure. From / To Use the pull-down menu to select a range of ports to be configured. Port VLAN ID Use the drop-down menu to enable or disable the advertised PVID.
Page 230 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 3 - 64 802.3 Extension LLDP Port Settings window The following parameters can be set: Parameter Description Unit Select the unit you wish to configure. From / To Use the pull-down menu to select a range of ports to be configured.
Page 231: Lldp Management Address Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch The default state is Disabled. Power Via MDI This specifies that the LLDP agent should transmit 'Power via MDI TLV'. Three IEEE 802.3 PMD implementations (10BASE-T, 100BASE-TX, and 1000BASE-T) allow power to be supplied over the link for connected non-powered systems.
Page 232 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 3 - 65 LLDP Management Address Settings window The following parameters can be set: Parameter Description Unit Select the unit you wish to configure. From / To Use the pull-down menu to select a range of ports to be configured.
Page 233: Lldp Statistics
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Port State Used to Enable or Disable the Port State for the LLDP Management Address Settings. Click Apply to implement the changes. LLDP Statistics LLDP Statistics allows you an overview of neighbor detection activity, LLDP Statistics and the settings for individual ports on the Switch.
Page 234: Lldp Management Address Table
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 3 - 66 LLDP Statistics System window LLDP Management Address Table The following window is used to set up LLDP management address settings on the Switch.
Page 235: Lldp Local Port Table
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch To view this window, click L2 Features > LLDP > LLDP Management Address Table, as shown below. Figure 3 - 67 LLDP Management Address Table window The following parameters can be set or displayed: Parameter Description Management...
Page 236 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch...
Page 237 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 3 - 68 LLDP Local Port Brief Table window To view Normal information on a per port basis click the corresponding View button, which will display the following window. Figure 3 - 69 LLDP Local Port Table - View Normal window To return to the previous window click the Show LLDP Local Port Brief Table...
Page 238 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 3 - 70 LLDP Local Port Table - View Detailed window To return to the LLDP Local Port Brief Information window, click the Show LLDP Local Port Brief Table link.
Page 239: Lldp Remote Port Table
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch LLDP Remote Port Table This window displays port information learned from the neighbor. The Switch receives packets from a remote station but is able to store the information as local. To view this window, click L2 Features >...
Page 240 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch To return to the LLDP Local Remote Port Brief window, click the Show LLDP Remote Port Brief Table link. To view the LLDP Remote Port Normal Table window, click the Show LLDP Remote Port Normal Table link.
Page 241: Q-In-Q
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Q-in-Q Q-in-Q is designed for service providers to carry traffic from multiple users across a network. Q-in-Q is used to maintain customer specific VLAN and Layer 2 protocol configurations even when the same VLAN ID is being used by different customers. This is achieved by inserting SP-VLAN tags into the customer’s frames when they enter the service provider’s network, and then removing the tags when the frames leave the network.
Page 242: Vlan Translation Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch The following fields can be set: Parameter Description QinQ State Use the pull down menu to Enable or Disable the Q-in-Q State. When Q-in-Q is Enabled, all network port roles will have NNI ports and their outer TPID set to 0x88a8.
Page 243: Erps
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 3 - 75 VLAN Translation Settings window The following fields can be set: Parameter Description Unit Select the unit you wish to configure. From / To A consecutive group of ports that are part of the VLAN configuration starting with the selected port.
Page 244: Erps Raps Vlan Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 3 - 76 ERPS Global Settings window The following fields can be set: Parameter Description Global Status Enable the global ERPS function on a switch. Log Status Enable or disable the log state of ERPS events.
Page 245 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 3 - 78 ERPS RAPS VLAN Table - Add window Enter a VLAN ID in the R-APS VID (1-4094) field, and click Apply to see the entry appears in ERPS RAPS VLAN Table window.
Page 246 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch West Click to specify the port as the west ring port. To specify as a Virtual Channel, tick the check and toggle from Port to Virtual Channel. West Port If Port is set above, enter the port to be configured.
Page 247: Duld Settings
Click Apply to implement changes made. DULD Settings The Switch features a D-Link Unidirectional Link Detection (DULD) module. The unidirectional link detection provides a mechanism that can be used to detect unidirectional link for Ethernet switches whose PHYs do not support unidirectional OAM operation.
Page 248 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 3 - 81 DULD Settings window The following fields can be set: Parameter Description...
Page 249: Nlb Multicast Fdb Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Unit Select the unit you wish to configure. From / To Select a range of ports. Admin State Enable or disable the administration state. This indicates these ports unidirectional link detection status.
Page 250 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch The following fields can be set: Parameter Description VLAN Name Click the radio button and enter the VLAN of the NLB multicast FDB entry to be created. VID (1-4094) Click the radio button and enter the VLAN by the VLAN ID.
Page 251: Qos
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Section 4 802.1p Settings Bandwidth Control HOL Prevention Settings Schedule Settings ® The xStack DGS-3400 Series supports 802.1p priority queuing Quality of Service. The following section discusses the implementation of QoS (Quality of Service) and benefits of using 802.1p priority queuing.
Page 252: Understanding Qos
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 4 - 1 An Example of the Default QoS Mapping on the Switch The picture above shows the default priority setting for the Switch. Class-6 has the highest priority of the seven priority classes of service on the Switch.
Page 253 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch • Priority 0 is assigned to the Switch’s Q2 queue. • Priority 1 is assigned to the Switch’s Q0 queue. • Priority 2 is assigned to the Switch’s Q1 queue. •...
Page 254: Understanding Ieee 802.1P Priority
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch NOTICE: The Switch contains eight classes of service for each port on the Switch. One of these classes is reserved for internal use on the Switch and is therefore not configurable. All references in the following section regarding classes of service will refer to only the seven classes of service that may be used and configured by the administrator.
Page 255: 802.1P Default Priority Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch 802.1p Default Priority Settings The Switch allows the assignment of a default 802.1p priority to each port on the Switch. The priority tags are numbered from 0, the lowest priority, to 7, the highest priority.
Page 256: 802.1P User Priority Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Priority The priority tags are numbered from 0, the lowest priority, to 7, the highest priority. Insert a priority value, from 0-7 in the Priority field. Click Apply to implement the changes. 802.1p User Priority Settings ®...
Page 257: Bandwidth Control
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Priority The priority tags are numbered from 0, the lowest priority, to 7, the highest priority. Insert a priority value, from 0-7 in the Priority field. Class ID Use the pull-down menu to select the Switch’s hardware priority queue.
Page 258 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 4 - 4 Bandwidth Settings window The following parameters can be set or are displayed: Parameter Description Unit Select the switch in the switch stack to be modified. From / To A consecutive group of ports may be configured starting with the selected port.
Page 259: Per Queue Bandwidth Control Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Effective RX Specifies the limitation of the received data rate. rate Effective TX Specifies the limitation of the transmitted data rate. rate Click Apply to set the bandwidth control for the selected ports. Results of configured Bandwidth Settings will be displayed in the Bandwidth Control Table.
Page 260 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 4 - 5 Per Queue Bandwidth Control Settings window The following parameters can be set: Parameter Description Unit Select the switch in the switch stack to be modified. From / To A consecutive group of ports may be configured starting with the selected port.
Page 261: Hol Prevention Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Click Apply to implement the changes. HOL Prevention Settings This window is used to enable or disable Head of Line (HOL) prevention. To view the HOL Prevention Settings window, click QoS > HOL Prevention Settings, as shown below. Figure 4 - 6 Per Queue Bandwidth Control Settings window Use the drop-down menu to enable or disable head of line prevention.
Page 262 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 4 - 7 QoS Output Scheduling window The following values may be assigned to the QoS classes to set the scheduling. Parameter Description Select the unit to configure. Unit A consecutive group of ports may be configured starting with the selected port.
Page 263: Configuring The Combination Queue
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch NOTE: Entering a 0 for the Max Packets field in the QoS Output Scheduling window above will create a Combination Queue. For more information on implementation of this feature, see the next section, Configuring the Combination Queue.
Page 264 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 4 - 8 QoS Scheduling Mechanism window The following parameters can be configured. Parameter Description Select the unit to configure. Unit A consecutive group of ports may be configured starting with the selected port. From / To...
Page 265 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Mode Use the pull-down menu to select one of the following modes. Strict - The highest class of service is the first to process traffic. That is, the highest class of service will finish before other queues empty.
Page 266: Acl (Access Control List)
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Section 5 ACL (Access Control List) Time Range Access Profile Table ACL Flow Meter CPU Interface Filtering Time Range This window is used in conjunction with the Access Profile feature to determine a starting point and an ending point, based on days of the week, when an Access Profile configuration will be enabled on the Switch.
Page 267: Access Profile Table
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch enabled. Tick the Select All Days check box to configure this time range for every day of the week. Click Apply to implement changes made. Currently configured entries will be displayed in the Time Range Information table in the bottom half of the window shown above.
Page 268 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 5 - 3 Access Profile Configuration window (Ethernet) The following parameters can be set, for the Ethernet type: Parameter Description Profile ID (1-6) Type in a unique identifier number for this profile set. This value can be set from 1 to 6. Type Select profile based on Ethernet (MAC Address), IP, Packet Content or IPv6 address.
Page 269 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 5 - 4 Access Profile Entry Display window (Ethernet) The window shown below is the IP Access Profile Configuration window: Figure 5 - 5 Access Profile Configuration window (IP) The following parameters can be set, for IP: Parameter Description...
Page 270 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Type Select profile based on Ethernet (MAC Address), IP, Packet Content or IPv6 address. This will change the menu according to the requirements for the type of profile. Select Ethernet to instruct the Switch to examine the layer 2 part of each packet header.
Page 271 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 5 - 6 Access Profile Entry Display window (IP) The window shown below is the Access Profile Configuration window for Packet Content Mask: Figure 5 - 7 Access Profile Configuration window (Packet Content Mask) This window will aid the user in configuring the Switch to mask packet headers beginning with the offset value specified.
Page 272 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch header. • Select IPv6 to instruct the Switch to examine the IPv6 part of each packet header. The offset field is used to examine the packet header which is divided up into four “chunks” where Offset each chunk represents 4 bytes.
Page 273 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 5 - 9 Access Profile Configuration window (IPv6) The following parameters can be set, for IP: Parameter Description Profile ID (1-6) Type in a unique identifier number for this profile set. This value can be set from 1 to 6. Type Select profile based on Ethernet (MAC Address), IP, Packet Content or IPv6 address.
Page 274 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch • dst port mask – Specify a TCP port mask for the destination port in hex form (hex 0x0-0xffff) which you wish to filter. Select UDP to use the UDP port number contained in an incoming packet as the forwarding criterion.
Page 275 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch To remove a previously created rule, select it and click the button. To add a new Access Rule, click the Add Rule button: Figure 5 - 12 Access Rule Configuration window (Ethernet) The following parameters can be configured: Parameter Description...
Page 276 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch replace priority − Click the corresponding box if you want to re-write the 802.1p default priority of a packet to the value entered in the Priority field, which meets the criteria specified previously in this command, before forwarding it on to the specified CoS queue.
Page 277 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 5 - 13 Access Rule Display window (Ethernet) To configure the Access Rule for IP, open the Access Profile Table window and click Modify for an IP entry. This will open the following window: Figure 5 - 14 Access Rule Table window (IP) To create a new rule set for an access profile click the Add Rule button.
Page 278 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 5 - 15 Access Rule Configuration window (IP) Configure the following Access Rule Configuration settings for IP: Parameter Description Profile ID This is the identifier number for this profile set. Mode Select Permit to specify that the packets that match the access profile are forwarded by the Switch, according to any additional rule added (see below).
Page 279 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch packet will have its incoming 802.1p user priority re-written to its original value before being forwarded by the Switch. For more information on priority queues, CoS queues and mapping for 802.1p, see the QoS section of this manual.
Page 280 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 5 - 16 Access Rule Display window (IP) To configure the Access Rule for Packet Content, open the Access Profile Table window and click Modify for a Packet Content entry.
Page 281 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 5 - 18 Access Rule Configuration window (Packet Content) To set the Access Rule for the Packet Content Mask, adjust the following parameters and click Apply. Parameter Description Profile ID...
Page 282 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch This parameter is specified to re-write the 802.1p default priority previously set in the Switch, Priority (0-7) which is used to determine the CoS queue to which packets are forwarded to. Once this field is specified, packets accepted by the Switch that match this priority are forwarded to the CoS queue specified previously by the user.
Page 283 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 5 - 19 Access Rule Display window (Packet Content) NOTE: When using the ACL Mirror function, ensure that the Port Mirroring function is enabled and a target mirror port is set. To configure the Access Rule for IPv6, open the Access Profile Table window and click Modify for an IPv6 entry.
Page 284 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 5 - 21 Access Rule Configuration window (IPv6) Parameter Description Profile ID This is the identifier number for this profile set. Mode Select Permit to specify that the packets that match the access profile are forwarded by the Switch, according to any additional rule added (see below).
Page 285 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Class Entering a value between 0 and 255 will instruct the Switch to examine the class field of the IPv6 header. This class field is a part of the packet header that is similar to the Type of Service (ToS) or Precedence bits field of IPv4.
Page 286: Acl Flow Meter
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 5 - 22 Access Rule Display window (IPv6) ACL Flow Meter Before configuring the ACL Flow Meter, here is a list of acronyms and terms users will need to know. trTCM –...
Page 287 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch DSCP – Differentiated Services Code Point. The part of the packet header where the color will be added. Users may change the DSCP field of incoming packets. The ACL Flow Meter function will allow users to color code IP packet flows based on the rate of incoming packets.
Page 288 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 5 - 24 ACL Flow Meter Configuration - Add window The following fields may be configured: Parameter Description Profile ID (1-6) Enter the pre-configured Profile ID for which to configure the ACL Flow Metering parameters. Access ID (1-128) Enter the pre-configured Access ID for which to configure the ACL Flow Metering parameters.
Page 289 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch srTCM Choosing this field will allow users to employ the Single Rate Three Color Mode and set the following parameters to determine the color rate of the IP packet flow. CIR –...
Page 290: Cpu Interface Filtering
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 5 - 25 ACL Flow Meter Configuration - View window CPU Interface Filtering ® Due to a chipset limitation and needed extra switch security, the xStack DGS-3400 Series switch incorporates CPU Interface filtering.
Page 291: Cpu Interface Filtering Table
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch CPU Interface Filtering Table This window displays the CPU Access Profile Table entries created on the Switch. To view this window, click ACL > CPU Interface Filtering > CPU Interface Filtering Table, as shown below. Figure 5 - 27 CPU Interface Filtering Table window To add an entry to this window, click the Add Profile button.
Page 292 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch VLAN Selecting this option instructs the Switch to examine the VLAN identifier of each packet header and use this as the full or partial criterion for forwarding. Source MAC Source MAC Mask - Enter a MAC address mask for the source MAC address.
Page 293 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 5 - 30 CPU Interface Filtering Configuration window (IP) The following parameters may be configured for the IP CPU filter. Parameter Description Profile ID (1-5) Type in a unique identifier number for this profile set. This value can be set from 1 to 5. Type Select profile based on Ethernet (MAC Address), IP address, IPv6 address or Packet Content Mask.
Page 294 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch • Select Type to further specify that the access profile will apply an ICMP type value, or specify Code to further specify that the access profile will apply an ICMP code value.
Page 295 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 5 - 32 CPU Interface Filtering Configuration window (Packet Content) This screen will aid the user in configuring the Switch to mask packet headers beginning with the offset value specified. The following fields are used to configure the Packet Content Mask: Parameter Description...
Page 296 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch specified: • value (0-15) – Enter a value in hex form to mask the packet from the beginning of the packet to the 15th byte. • value (16-31) – Enter a value in hex form to mask the packet from byte 16 to byte 31. •...
Page 297 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Select Ethernet to instruct the Switch to examine the layer 2 part of each packet header. Select IP to instruct the Switch to examine the IP address in each frame's header. Select Packet Content Mask to specify a mask to hide the content of the packet header.
Page 298 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch In this window, the user may add a rule to a previously created CPU access profile by clicking the corresponding Modify button of the entry to configure, Ethernet, IP, IPv6 or Packet Content. Each entry will open a new and unique window, as shown in the examples below.
Page 299 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch VLAN Name Allows the entry of a name for a previously configured VLAN. Source MAC Source MAC Address – Enter a MAC Address for the source MAC address. Destination Destination MAC Address –...
Page 300 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch To create a new rule set for an access profile click the Add Rule button. A new window is displayed. To remove a previously created rule, click the corresponding button.
Page 301 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 5 - 42 CPU Interface Filtering Rule Display window (IP) The following window is the CPU Interface Filtering Rule Table for Packet Content. Figure 5 - 43 CPU Interface Filtering Rule Table window (Packet Content)
Page 302 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch To remove a previously created rule, select it and click the button. To add a new Access Rule, click the Add Rule button: Figure 5 - 44 CPU Interface Filtering Rule Configuration window (Packet Content)
Page 303 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch The following parameters can be configured. Parameter Description Profile ID This is the identifier number for this profile set. Mode Select Permit to specify that the packets that match the access profile are forwarded by the Switch, according to any additional rule added (see below).
Page 304 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 5 - 46 CPU Interface Filtering Rule Table window (IPv6) To create a new rule set for an access profile click the Add Rule button. A new window is displayed. To remove a previously created rule, click the corresponding button.
Page 305 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch or Precedence bits field of IPv4. Flow Label Configuring this field, in hex form, will instruct the Switch to examine the flow label field of the IPv6 header. This flow label field is used by a source to label sequences of packets such as non- default quality of service or real time service packets.
Page 306: Security
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Section 6 Security Authorization Attributes State Settings Traffic Control Port Security IP-MAC-Port Binding 802.1X Web-based Access Control (WAC) Trust Host BPDU Attack Protection Settings ARP Spoofing Prevention Settings Access Authentication Control MAC-based Access Control (MAC) Safeguard Engine...
Page 307: Traffic Control
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Traffic Control On a computer network, packets such as Multicast packets and Broadcast packets continually flood the network as normal procedure. At times, this traffic may increase do to a malicious endstation on the network or a malfunctioning device, such as a faulty network card.
Page 308 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Traffic Storm only. • Storm Cleared – Will send Storm Trap messages when a Traffic Storm has been cleared by the Switch only. • Both – Will send Storm Trap messages when a Traffic Storm has been both detected and cleared by the Switch.
Page 309: Port Security
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch NOTE: Ports that are in the Shutdown (Forever) mode will be seen as Discarding in Spanning Tree windows and implementations though these ports will still be forwarding BPDUs to the Switch’s CPU. NOTE: Ports that are in Shutdown (Forever) mode will be seen as link down in all windows and screens until the user recovers these ports.
Page 310: Port Security Entries
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Unit Choose the Switch ID number of the Switch in the switch stack to be modified. From / To A consecutive group of ports may be configured starting with the selected port. Admin State This pull-down menu allows the user to enable or disable Port Security (locked MAC address table for the selected ports).
Page 311: Ip-Mac-Port Binding
Switch offers IP-MAC-Port Binding (IMPB), a D-Link security application used most often on edge switches directly connected to network hosts. IMPB is also an integral part of D-Link’s End-to-End Security Solution (E2ES). The primary purpose of IP-MAC-Port Binding is to restrict client access to a switch by enabling administrators to configure pairs of client MAC and IP addresses that are allowed to access networks through a switch.
Page 312 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch ACL Mode is that it ensures better security by checking both ARP Packets and IP Packets. However, doing so requires the use of ACL rules. ACL Mode can be viewed as an enhanced version of ARP Mode because ARP Mode is enabled by default when ACL Mode is selected.
Page 313: Arp Inspection
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Strict and Loose State Other than ACL and ARP mode, users can also configure the state on a port for granular control. There are two states: Strict and Loose, and only one state can be selected per port.
Page 314: Impb Global Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 6 - 7 ARP Cache Poisoning When the user configures strict mode and enables IMPB on a port, ARP inspection is enabled. For an ARP inspection active port: All ARP packets should be captured to the CPU (including broadcast ARP and unicast ARP packets) and the CPU will make the decision to either forward or drop.
Page 315: Impb Port Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch The Trap/Log field will enable and disable the sending of trap / log messages for IMPB. When enabled, the Switch will send traps and log messages when an ARP packet is received that doesn’t match the IP-MAC binding entries configured on the Switch. The DHCP Snoop State field will enable and disable the DHCP Snooping option.
Page 316 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 6 - 10 IMPB Port Settings window The following fields can be set or modified: Parameter Description Unit Choose the Switch ID number of the Switch in the switch stack to be modified. From / To Select a port or range of ports to set for IP-MAC Binding.
Page 317 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Loose state is that it uses less CPU resources because the Switch only checks incoming ARP packets. However, it also means that Loose state cannot block users who send only unicast IP packets.
Page 318: Impb Entry Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch to recover the port back to normal state, under which the port will start learning both illegal and legal MAC addresses again. Selecting this feature when the port is in Normal state will do nothing. Max Entry (1-50) Specifies the maximum number of dynamic (DHCP snooped) IP-MAC-Port Binding entries that can be learned on the port.
Page 319: Mac Block List
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 6 - 12 DHCP Snooping Entries window The following fields can be set: Parameter Description Unit - Port Use the pull-down menu to choose the Switch ID number of the Switch in the switch stack and the port on the Switch.
Page 320: 307
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 6 - 14 ND Snoop Entries window The following fields can be set: Parameter Description Unit - Port Use the pull-down menu to choose the Switch ID number of the Switch in the switch stack and the port on the Switch.
Page 321 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 6 - 16 The three roles of 802.1X The following section will explain the three roles of Client, Authenticator, and Authentication Server in greater detail. Authentication Server The Authentication Server is a remote device that is connected to the same network as the Client and Authenticator, must be running a RADIUS Server program and must be configured properly on the Authenticator (Switch).
Page 322: Authentication Process
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 6 - 18 The Authenticator Client The Client is simply the endstation that wishes to gain access to the LAN or switch services. All endstations must be running software that is compliant with the 802.1X protocol.
Page 323 DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 6 - 20 The 802.1X Authentication Process The D-Link implementation of 802.1X allows network administrators to choose between two types of Access Control used on the Switch, which are: Port-based Access Control –...
Page 324 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Port-based Network Access Control Figure 6 - 21 Example of Typical Port-based Configuration Once the connected device has successfully been authenticated, the Port then becomes Authorized, and all subsequent traffic on the Port is not subject to access control restriction until an event occurs that causes the Port to become Unauthorized.
Page 325 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch MAC-Based Network Access Control Figure 6 - 22 Example of Typical MAC-Based Configuration In order to successfully make use of 802.1X in a shared media LAN segment, it would be necessary to create “logical” Ports, one for each attached device that required access to the LAN.
Page 326: 802.1X Port Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Guest VLANs On 802.1X security enabled networks, there is a need for non 802.1X supported devices to gain limited access to the network, due to the lack of the proper 802.1X software or incompatible devices, such as computers running Windows 98 or lower operating systems, or the need for guests to gain access to the network without full authorization or local authentication on the...
Page 327 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 6 - 24 Configure 802.1X Authenticator Parameter window To configure the settings by port, click its corresponding Modify button, which will display the following table to configure:...
Page 328 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 6 - 25 Configure 802.1X Port Settings window This screen allows setting of the following features: Parameter Description Unit Choose the Switch ID number of the Switch in the switch stack to be modified. From / To Enter the port or ports to be set.
Page 329: Guest Vlan Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch The default setting is Auto. TXPeriod (1-65535) This sets the TX period of time for the authenticator PAE state machine. This value determines the period of an EAP Request/Identity packet transmitted to the client. The default setting is 30 seconds.
Page 330: Authentication Radius Server Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch VLAN Name Enter the pre-configured VLAN name to create as a Guest 802.1x VLAN. Operation The user has four choices in configuring the Guest 802.1X VLAN, which are: Enabled ports –...
Page 331: 802.1X User Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch This window displays the following information: Parameter Description Index Choose the desired RADIUS server to configure: First, Second or Third. IPv4 Address Click the radio button and enter the RADIUS IPv4 address. IPv6 Address Click the radio button and enter the RADIUS IPv6 address.
Page 332: Initialize Port(S)
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Parameter Description Max User (1-4000) Enter the maximum number of users to be allowed. Check the No Limit check box to specify that there will be the maximum number of users. By default there is no limit. User Name Enter the User Name of the new profile to be created.
Page 333: Reauthenticate Port(S)
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch To initialize ports, first choose the switch in the switch stack by using the pull-down menu and then choose the range of ports in the From and To field. Then the user must specify the MAC address to be initialized by entering it into the MAC Address field and ticking the corresponding check box.
Page 334 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch NOTE: The user must first globally enable 802.1X in the DGS-3400 Web Management Tool window before initializing ports. Information in the Initialize Ports Table cannot be viewed before enabling 802.1X. To re-authenticate ports for the MAC side of 802.1X, the user must first enable 802.1X by MAC address in the DGS-3600 Web Management Tool window.
Page 335: Web-Based Access Control (Wac)
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Web-based Access Control (WAC) Web-Based Authentication Login is a feature designed to authenticate a user when the user is trying to access the Internet via the Switch. The authentication process uses HTTP protocol.
Page 336: Wac Global Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch If a RADIUS server is to be used for authentication, the user must first establish a RADIUS Server with the appropriate parameters, including the target VLAN, before enabling the Web-based Access Control on the Switch. WAC Global Settings This window is used to enable and configure Web-based Access Control Global State on the Switch.
Page 337: Wac Port Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Virtual IPv6 Enter a virtual IPv6 address so that the TCP packets sent to the virtual IP for IPv6 will get a reply. If the virtual IP for IPv6 is enabled, the TCP packets sent to the virtual IP or physical IPIF’s IPv6 address will both get a reply.
Page 338 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 6 - 34 WAC Port Settings window The following parameters can be configured: Parameter Description Unit Use the drop-down menu to select the unit you wish to configure. From / To Enter the range of ports you wish to configure.
Page 339: Wac User Account
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch value between 1 and 1440 minutes. A value of Infinite indicates the Idle state of the authenticated host on the port will never be checked. The default setting is Infinite. Block Time (0-300 This parameter specifies the period of time a host will keep in a blocked state after it fails sec)
Page 340: Wac Authentication State
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 6 - 37 User Account Modify window The following parameters can be configured: Parameter Description User Name Enter a user name for the new account. Old Password Enter the original password for the user.
Page 341: Trust Host
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 6 - 38 WAC Host Table Settings window The following parameters can be configured: Parameter Description Port List Enter the ports you wish to Find or Delete. Check the All Ports box to select all ports. State Select the state of the ports.
Page 342 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 6 - 39 Security IP window To configure secure IP addresses for trusted host management of the Switch, type the IP address of the station you are currently using in the first field as well as up to three additional IP addresses of trusted hosts.
Page 343: Bpdu Attack Protection Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch BPDU Attack Protection Settings This window is used to configure the BPDU protection function for the ports on the Switch. In generally, there are two states in BPDU protection function.
Page 344: Arp Spoofing Prevention Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch The following parameters can be configured: Parameter Description Global State Enable or disable the BPDU attack protection global state. Trap State Enable or disable the BPDU attack trap state. Log State Enable or disable the BPDU attack log state.
Page 345: Access Authentication Control
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 6 - 41 ARP Spoofing Prevention Settings window The following parameters can be configured: Parameter Description Gateway IP Address Enter the gateway IP address. Gateway MAC Enter the gateway MAC address.
Page 346 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch The Switch has four built-in Authentication Server Groups, one for each of the TACACS, XTACACS, TACACS+ and RADIUS protocols. These built-in Authentication Server Groups are used to authenticate users trying to access the Switch. The users will set Authentication Server Hosts in a preferable order in the built-in Authentication Server Groups and when a user tries to gain access to the Switch, the Switch will ask the first Authentication Server Hosts for authentication.
Page 347: Authentication Policy And Parameter Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Authentication Policy and Parameter Settings This command will enable an administrator-defined authentication policy for users trying to access the Switch. When enabled, the device will check the Login Method List and choose a technique for user authentication upon login. To view this window, click Security >...
Page 348: Authentication Server Group
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch The following parameters can be set: Parameter Description Application Lists the configuration applications on the Switch. The user may configure the Login Method List and Enable Method List for authentication for users utilizing the Console (Command Line Interface) application, the Telnet application, SSH and the Web (HTTP) application.
Page 349: Authentication Server Host
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 6 - 45 Add a Server Host to Server Group - XTACACS window To add an Authentication Server Host to the list, enter its IP address in the IP Address field, choose the protocol associated with the IP address of the Authentication Server Host and click Add to Group to add this Authentication Server Host to the group.
Page 350 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch To view the following window, click Security > Access Authentication Control > Authentication Server Host: Figure 6 - 47 Authentication Server Host window To add an Authentication Server Host, click the Add button, revealing the following window: Figure 6 - 48 Authentication Server Host Setting - Add window Configure the following parameters to add an Authentication Server Host: Parameter...
Page 351: Login Method Lists
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch NOTE: More than one authentication protocol can be run on the same physical server host but, remember that TACACS/XTACACS/TACACS+ are separate entities and are not compatible with each other. Login Method Lists This command will configure a user-defined or default Login Method List of authentication techniques for users logging on to the Switch.
Page 352: Enable Method Lists
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 6 - 51 Login Method List – Add window To define a Login Method List, set the following parameters and click Apply: Parameter Description Method List Name Enter a method list name defined by the user of up to 15 characters.
Page 353 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch NOTE: To set the Local Enable Password, see the next section, entitled Local Enable Password. To view this window, click Security > Access Authentication Control > Enable Method Lists, as shown below. Figure 6 - 52 Enable Method Lists window To delete an Enable Method List defined by the user, click the under the Delete heading corresponding to the entry desired to...
Page 354: Configure Local Enable Password
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch To define an Enable Login Method List, set the following parameters: Parameter Description Method List Name Enter a method list name defined by the user of up to 15 characters. The user may add one, or a combination of up to four of the following authentication methods Method 1, 2, 3, 4 to this method list:...
Page 355: Enable Admin
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Enable Admin The Enable Admin window is for users who have logged on to the Switch on the normal user level, and wish to be promoted to the administrator level.
Page 356: Radius Accounting Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch RADIUS Accounting Settings The Accounting feature of the Switch uses a remote RADIUS server to collect information regarding events occurring on the Switch. The following is a list of information that will be sent to the RADIUS server when an event triggers the Switch to send these informational packets.
Page 357: Mac-Based Access Control (Mac)
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch There are three types of Accounting that can be enabled on the Switch. Network – When enabled, the Switch will send informational packets to a remote RADIUS server when 802.1X users connect to the physical ports on the switch to access the network.
Page 358: Mac-Based Access Control Global Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch MAC-based Access Control Global Settings The following window is used to set the parameters for the MAC-based Access Control function on the Switch. Here the user can set the state, password, authentication method, as well as create, configure or delete Guest VLANs.
Page 359 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 6 - 58 MAC-based Access Control Global Settings window The following parameters may be viewed or set: Parameter Description...
Page 360 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch MAC-based Access Control Global Settings State Use the pull-down menu to globally enable or disable the MAC-based Access Control function on the Switch. Method Use the pull-down menu to choose the type of authentication to be used when authentication MAC addresses on a given port.
Page 361: Mac-Based Access Control Local Mac Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch an authenticated host will stay in an authenticated state. When the aging time has expired, the host will be moved back to an unauthenticated state. When aging time is set to Infinite, it will disable the aging time.
Page 362: Safeguard Engine
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Safeguard Engine Periodically, malicious hosts on the network will attack the Switch by utilizing packet flooding (ARP Storm) or other methods. These attacks may increase the switch load beyond its capability. To alleviate this problem, the Safeguard Engine function was added to the Switch’s software.
Page 363: Safeguard Engine Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch NOTICE: When Safeguard Engine is enabled, the Switch will allot bandwidth to various traffic flows (ARP, IP) using the FFP (Fast Filter Processor) metering table to control the CPU utilization and limit traffic.
Page 364: Traffic Segmentation
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Mode Used to select the type of Safeguard Engine to be activated by the Switch when the CPU utilization reaches a high rate. The user may select: Fuzzy –...
Page 365: Secure Socket Layer (Ssl)
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 6 - 65 Setup Forwarding Ports window ® Configuring traffic segmentation on the xStack DGS-3400 Series is accomplished in two parts. First, select a switch in the switch stack by using the Unit pull-down menu, and then specify a port from the switch, using the Port pull-down menu.
Page 366: Ssl
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch This window is used to download a certificate file for the SSL function on the Switch from a TFTP server. The certificate file is a data record used for authenticating devices on the network. It contains information on the owner, keys for authentication and digital signatures.
Page 367: Secure Shell (Ssh)
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Certificate File Name Enter the path and the filename of the certificate file to download. This file must have a .der extension. (Ex. c:/cert.der) Key File Name Enter the path and the filename of the key file to download.
Page 368: Ssh Server Configuration
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Configure the User Account to use a specified authorization method to identify users that are allowed to establish SSH connections with the Switch using the SSH User Authentication window. There are three choices as to the method SSH will use to authorize the user, which are Host Based, Password and Public Key.
Page 369: Ssh Authentication Mode And Algorithm Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch to the Switch to attempt another login. The number of maximum attempts may be set between 2 and 20. The default setting is 2. Session Rekeying This field is used to set the time period that the Switch will change the security shell encryptions by using the pull-down menu.
Page 370 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Parameter Description Authentication Algorithm Password This field may be Enabled or Disabled to choose if the administrator wishes to use a locally configured password for authentication on the Switch. This field is Enabled by default.
Page 371: Ssh User Authentication Mode
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch SSH User Authentication Mode The following windows are used to configure parameters for users attempting to access the Switch through SSH. To view this window, click Security > SSH > SSH User Authentication Mode, as shown below. Figure 6 - 69 SSH User Authentication Mode window In the example above, the User Account “RG”...
Page 372: Compound Authentication
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Compound Authentication Modern networks employ many authentication methods. The Compound Authentication methods supported by this Switch include 802.1X, MAC-based Access Control (MAC), Web-based Access Control (WAC), Japan Web-based Access Control (JWAC), and IP-MAC-Port Binding (IMPB).
Page 373: Impb + Jwac Mode
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch IMPB + JWAC Mode This mode adds an extra layer of security by checking the IP MAC-Binding Port Binding (IMPB) table before trying one of the supported authentication methods. The IMPB Table is used to create a ‘white-list’...
Page 374 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 6 - 76 Multiple Authentication Settings window The following parameters may be set: Parameter Description Unit Choose the Unit ID of the switch in the switch stack you wish to configure. From / To Select a port or range of ports to be configured.
Page 375: Authentication Guest Vlan Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Host-based – Each user can be authenticated individually. Methods None – Specifies that multiple authentication is not enabled. Any – Specifies that a client will gain access if it passes any of the authentication methods (802.1X, MAC, or JWAC/WAC).
Page 376: Japanese Web-Based Access Control (Jwac)
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Guest VLAN port list. Click Apply to implement changes made. Japanese Web-based Access Control (JWAC) The JWAC folder contains six windows: JWAC Global Configuration, JWAC Port Settings, JWAC User Account, JWAC Host Information, JWAC Customize Page Language Settings and JWAC Customize Page.
Page 377 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 6 - 79 JWAC Global State Configuration window...
Page 378 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch To set JWAC for the Switch, complete the following fields: Parameter Description JWAC Global State Settings JWAC Global State Use this drop-down menu to either enable or disable JWAC on the Switch. JWAC Configuration Forcible Logout This parameter enables or disables JWAC Forcible Logout.
Page 379: Jwac Port Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Switch detects no Quarantine Server, it will redirect all unauthenticated HTTP access attempts to the JWAC Login Page forcibly if the Redirect is enabled and the Redirect Destination is configured to be a Quarantine Server.
Page 380 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 6 - 80 JWAC Port Table Parameter window To configure individual JWAC port settings, click the Add button, the following window will be displayed:...
Page 381 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 6 - 81 JWAC Port Table Parameter - Add window To configure the settings by port, click the corresponding Modify button, which will display the following window: Figure 6 - 82 J JWAC Port Table Parameter - Edit window To set the JWAC on individual ports for the Switch, complete the following fields: Parameter...
Page 382: Jwac User Account
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Aging Time (1-1440 This parameter specifies the period of time a host will keep in authenticated state after it min) successes to authenticate. Enter a value between 1 and 1440 minutes. The default setting is 1440 minutes.
Page 383: Jwac Authentication State
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Confirm New Retype the password entered in the previous field. Password Click Apply to implement changes made. To view JWAC user settings for the Switch, click the Show All JWAC User Account Entries link, to view the following window: Figure 6 - 85 JWAC User Accounts window...
Page 384: Jwac Customize Page Language Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch To view the following window, click Security > Japanese Web-based Access Control (JWAC) > JWAC Authentication State, as shown below. Figure 6 - 87 JWAC Authentication State Table window To search for Hosts, enter the Port list information and click the Search button.
Page 385: Jwac Customize Page
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch JWAC Customize Page This window is used to customize fields in the JWAC Customize page. To view this window, click Security > Japanese Web-based Access Control (JWAC) > JWAC Customize Page, as shown below.
Page 386: Monitoring
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Section 7 Monitoring Device Status Stacking Information Stacking Device Module Information DRAM & Flash Utilization CPU Utilization Port Utilization Packets Errors Packet Size Browse Router Port Browse MLD Router Port VLAN Status VLAN Status Port Port Access Control...
Page 387: Stacking Information
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 7 - 1 Device Status window The following fields may be viewed in this window: Parameter Description Specifies the Switch in the Switch Stack that is being displayed. Internal Power Displays Active if the internal power supply is powering the system.
Page 388: Stacking Device
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Parameters Description Box ID Displays the Switch’s order in the stack. User Set Box ID can be assigned automatically (Auto), or can be assigned statically. The default is Auto. Type Displays the model name of the corresponding switch in a stack.
Page 389: Dram & Flash Utilization
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 7 - 4 Module Information window Module information displayed: Parameter Description The slot number where the module is installed. Module Name The full name of the module installed. Rev.
Page 390: Cpu Utilization
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch CPU Utilization This window displays the percentage of the CPU being used, expressed as an integer percentage and calculated as a simple average by time interval. To view this window, click Monitoring > CPU Utilization, as shown below. Figure 7 - 6 CPU Utilization graph To view the CPU utilization by port, use the real-time graphic of the Switch and/or switch stack at the top of the web page by simply clicking on a port.
Page 391: Port Utilization
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Port Utilization This window displays the percentage of the total available bandwidth being used on the port. To view this window, click Monitoring > Port Utilization, as shown below. Figure 7 - 7 Port Utilization window To select a port to view these statistics for, first select the Switch in the switch stack by using the Unit pull-down menu and then select the port by using the Port pull-down menu.
Page 392: Packets
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Packets The Web Manager allows various packet statistics to be viewed as either a line graph or a table. Six windows are offered. Received (RX) This window displays the following graph of packets received on the Switch. To select a port to view these statistics for, first select the Switch in the switch stack by using the Unit pull-down menu and then select the port by using the Port pull-down menu.
Page 393 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 7 - 9 RX Packets Analysis Table window The following fields may be set or viewed: Parameter Description Time Interval Select the desired setting between 1s and 60s, where “s” stands for seconds. The default value is one second.
Page 394: Umb Cast (Rx)
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch UMB Cast (RX) To select a port to view these statistics for, first select the Switch in the switch stack by using the Unit pull-down menu and then select the port by using the Port pull-down menu.
Page 395 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 7 - 11 RX Packets Analysis window (table for Unicast, Multicast, and Broadcast Packets) The following fields may be set or viewed: Parameter Description Time Interval Select the desired setting between 1s and 60s, where “s”...
Page 396: Transmitted (Tx)
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Transmitted (TX) To select a port to view these statistics for, first select the Switch in the switch stack by using the Unit pull-down menu and then select the port by using the Port pull-down menu.
Page 397 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 7 - 13 TX Packets Analysis window (table for Bytes and Packets) The following fields may be set or viewed: Parameter Description Time Interval Select the desired setting between 1s and 60s, where “s” stands for seconds. The default value is one second.
Page 398: Errors
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Errors The Web Manager allows port error statistics compiled by the Switch's management agent to be viewed as either a line graph or a table. Four windows are offered. Received (RX) To select a port to view these statistics for, first select the Switch in the switch stack by using the Unit pull-down menu and then select the port by using the Port pull-down menu.
Page 399 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 7 - 15 RX Error Analysis window (table) The following fields can be set: Parameter Description Time Interval Select the desired setting between 1s and 60s, where “s” stands for seconds. The default value is one second.
Page 400: Transmitted (Tx)
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch MultiDr Incremented for each multicast packet that is discarded. VLANIngDr Incremented for each packet that is discarded by VLAN ingress checking. Show/Hide Check whether or not to display CRC Error, Under Size, Over Size, Fragment, Jabber, and Drop errors.
Page 401 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch To view the Transmitted Error Packets Table window, click the link View Table, which will show the following table: Figure 7 - 17 TX Error Analysis window (table) The following fields may be set or viewed: Parameter Description...
Page 402: Packet Size
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch View Line Chart Clicking this button instructs the Switch to display a line graph rather than a table. Packet Size The Web Manager allows packets received by the Switch, arranged in six groups and classed by size, to be viewed as either a line graph or a table.
Page 403 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch To view the Packet Size Analysis Table window, click the link View Table, which will show the following table: Figure 7 - 19 RX Size Analysis window (table) The following fields can be set or viewed: Parameter Description...
Page 404: Browse Router Port
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch 256-511 The total number of packets (including bad packets) received that were between 256 and 511 octets in length inclusive (excluding framing bits but including FCS octets). 512-1023 The total number of packets (including bad packets) received that were between 512 and 1023 octets in length inclusive (excluding framing bits but including FCS octets).
Page 405: Browse Mld Router Port
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Browse MLD Router Port This displays which of the Switch’s ports are currently configured as router ports in IPv6. A router port configured by a user (using the console or Web-based management interfaces) is displayed as a static router port, designated by S. A router port that is dynamically configured by the Switch is designated by D and a Forbidden port is designated by F.
Page 406: Vlan Status Port
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch VLAN Status Port This window allows the VLAN status for each of the Switch's ports to be viewed. To view settings for a particular port, enter the port number and click Find.
Page 407: Authenticator Statistics
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Port List Enter the port list you wish to find. To view all ports tick the Select All Ports check box. MAC Address Displays the MAC address of the client that is present when configured in mac based mode. It displays “-p”...
Page 408: Authenticator Diagnostics
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 7 - 26 Authenticator Session Statistics window Authenticator Diagnostics This table contains the diagnostic information regarding the operation of the Authenticator associated with each port. An entry appears in this table for each port that supports the Authenticator function.
Page 409 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 7 - 29 RADIUS Account Client information The user may also select the desired time interval to update the statistics, between 1s and 60s, where “s” stands for seconds. The default value is one second.
Page 410: Mac Address Table
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch ® NOTE: To configure 802.1X features for the xStack switch, go to Security > 802.1X. MAC Address Table This allows the Switch's dynamic MAC address forwarding table to be viewed. When the Switch learns an association between a MAC address and a port number, it makes an entry into its forwarding table.
Page 411: Igmp Snooping Group
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch MAC Address The MAC address entered into the address table. Unit - Port The unit and port to which the MAC address above corresponds. Type Describes the method which the Switch discovered the MAC address. The possible entries are Dynamic, Self, and Static.
Page 412: Mld Snooping Group
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch The functions are used in the MAC address table: Parameter Description VLAN Name Enter a VLAN Name to be browsed by or to be deleted. VID List Enter a list of VLAN ID to be browsed by or to be deleted.
Page 413: Trace Route
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch The functions are used in the MAC address table: Parameter Description VLAN Name Enter a VLAN Name to be browsed by or to be deleted. VID List Enter a list of VLAN ID to be browsed by or to be deleted.
Page 414: Trace Ipv6 Route
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Domain Name Enter the domain name of the host. TTL (1-60) The time to live value of the trace route request. This is the maximum number of routers the traceroute command will cross while seeking the network path between two devices.
Page 415: Switch Logs
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Timeout (1-65535) Defines the time-out period while waiting for a response from the remote device. The user may choose an entry between 1 and 65535 seconds. Probe (1-9) The probe value is the number of times the Switch will send probe packets to the next hop on the intended traceroute path.
Page 416: Browse Arp Table
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Severity Tick the check boxes to specify the severity to be displayed. Sequence A counter incremented whenever an entry to the Switch's history log is made. The table displays the last entry (highest sequence number) first.
Page 417: Ip Forwarding Table
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 7 - 39 Current Session Table window IP Forwarding Table The IP Forwarding Table window is read-only where the user may view IP addresses discovered by the Switch. To search a specific IP address, enter it into the field labeled IP Address at the top of the window and click Find to begin your search.
Page 418: Browse Ipv6 Routing Table
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 7 - 41 Routing Table window Browse IPv6 Routing Table To view this window, click Monitoring > Routing Table > Browse IPv6 Routing Table, as shown below. Figure 7 - 42 IPv6 Routing Table window MAC-based Access Control Authentication Status To clear MAC-based Access Control Authentication entries enter the appropriate information and click Delete.
Page 419 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 7 - 43 MAC-based Access Control Authentication State Table Settings window...
Page 420: Save, Reset And Reboot
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Section 8 Save, Reset and Reboot Reset Reboot System Save Services Logout Reset The Reset function has several options when resetting the Switch. Some of the current configuration parameters can be retained while resetting all other configuration parameters to their factory defaults.
Page 421: Save Services
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Click the No radio button for not saving the current configuration before restarting the Switch. All of the configuration information entered from the last time Save Changes was executed will be lost. Click the Restart button to restart the Switch.
Page 422: Configuration Information
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Configuration Information The following window is used to view information regarding configuration files saved in the Switch. The Switch can hold two configuration files in its memory. Configuration Files can be uploaded to the Switch using the TFTP services located in the Administration folder.
Page 423: Current Configuration Settings
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Current Configuration Settings The following window is used to select one of the two possible configuration files that can be stored in the Switch as a boot up configuration file, or to select it for deletion from the Switch’s memory.
Page 424: Mitigating Arp Spoofing Attacks Using Packet Content Acl
LAN (known as ARP spoofing). This document is intended to introduce the ARP protocol, ARP spoofing attacks, and the countermeasures brought by D-Link’s switches to thwart ARP spoofing attacks. In the process of ARP, PC A will first issue an ARP request to query PC B’s MAC address. The network structure is shown in Figure 1.
Page 425 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Figure 2 When the switch floods the frame of ARP request to the network, all PCs will receive and examine the frame but only PC B will reply the query as the destination IP matched (see Figure 3).
Page 426 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Forwarding Table Port1 00-20-5C-01-11-11 Port2 00-20-5C-01-22-22 How ARP Spoofing Attacks a Network ARP spoofing, also known as ARP poisoning, is a method to attack an Ethernet network which may allow an attacker to sniff data frames on a LAN, modify the traffic, or stop the traffic altogether (known as a Denial of Service –...
Page 427 Figure 5 Prevent ARP Spoofing via Packet Content ACL D-Link managed switches can effectively mitigate common DoS attacks caused by ARP spoofing via a unique Package Content ACL. For the reason that basic ACL can only filter ARP packets based on packet type, VLAN ID, Source, and Destination MAC information, there is a need for further inspections of ARP packets.
Page 428: Example Topology
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Example topology...
Page 429 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Configuration The configuration logic is as follows: Only if the ARP matches Source MAC address in Ethernet, Sender MAC address and Sender IP address in ARP protocol can pass through the switch.
Page 430 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch...
Page 431: Switch Log Entries
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Appendix B Switch Log Entries The following table lists all possible entries and their corresponding meanings that will appear in the System Log of this Switch. Severity Category Event Description Log Information Remark...
Page 432 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Configuration Configuration successfully by console and “IP: <ipaddr>, successfully downloaded by console MAC: <macaddr>“ are XOR downloaded (Username: <username>, IP: shown in log string, which Informational <ipaddr>) means if user login by console, will no IP and MAC information for logging...
Page 433 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch will no IP and MAC information for logging Console Successful login Unit <unitID>, Successful login There are no IP and MAC if through Console through Console (Username: login by console.
Page 434 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch <unitID:portNum>) CIST New Root CIST New Root bridge selected Informational selected (MAC: <macaddr>, Priority: <int>) MSTI Root MSTI Regional New Root bridge Selected selected (Instance: Informational <isntanceID>, MAC: <macaddr>, Priority: <int>) BPDU Loop Back BPDU Loop Back on Ports...
Page 435 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch method <username>) Successful login Successful login through Web through Web (SSL) (SSL) from <userIP> Informational authenticated by authenticated by AAA local AAA local method method (Username: <username>) Login failed through Login failed through Web (SSL) Web (SSL)
Page 436 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Login failed through Login failed through Console Console due to due to AAA server timeout or Warning AAA server timeout improper configuration or improper (Username: <username>) configuration Successful login Successful login through Web through Web...
Page 437 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch configuration <username>) Successful Enable Successful Enable Admin Admin through through Console authenticated Console by AAA local_enable method Informational authenticated by (Username: <username>) AAA local_enable method Enable Admin failed Enable Admin failed through through Console Console authenticated by AAA...
Page 438 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Successful Enable Successful Enable Admin Admin through through Console authenticated Informational Console by AAA none method authenticated by (Username: <username>) AAA none method Successful Enable Successful Enable Admin Admin through Web through Web from <userIP>...
Page 439 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch <username>) Enable Admin failed Enable Admin failed through Web (SSL) from <userIP> through Web (SSL) Warning authenticated by authenticated by AAA server AAA server <serverIP> (Username: <username>) Enable Admin failed through Enable Admin failed Web (SSL) from <userIP>...
Page 440 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Dynamic IMPB Dynamic IMPB entry is conflict entry is in conflict with static ARP(IP: <ipaddr>, Warning with static ARP MAC: <macaddr>, Port <[unitID:]portNum>) Dynamic IMPB Dynamic IMPB entry conflicts with static IMPB: <ipaddr>, entry conflicts with Warning...
Page 441 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch The authorized number of users on Port < [unitID:]portNum> enters Warning a port has reached MBAC stop learning state. the maximum user limit. The authorized number of users on a port is below the Port <[unitID:]portNum>...
Page 442 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch whole device. This log will be triggered when the authorized user number is below WAC recovers from stop the max user limit Warning learning state. on whole device in a time interval (interval is project depended)
Page 443 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch A unidirectional link port: <[unitID:]portNum> is DULD has been detected Warning unidirectional on this port...
Page 444: Trap Logs
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Appendix C Trap Logs This table lists the trap logs found on the DGS-3400 Series Switches. MACNotifyTrap This trap indicates the MAC address 1.3.6.1.4.1.171.11.70.1.2.16.1.2.0 variations in the address table. 1.3.6.1.4.1.171.11.70.2.2.16.1.2.0 1.3.6.1.4.1.171.11.70.3.2.16.1.2.0 1.3.6.1.4.1.171.11.70.7.2.16.1.2.0...
Page 445 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch SingleIPMSColdStart Commander switch will send 1.3.6.1.4.1.171.12.8.6.0.11 swSingleIPMSColdStart notification to indicated host when its Member generate cold start notification. SingleIPMSWarmStart The commander switch will send 1.3.6.1.4.1.171.12.8.6.0.12 swSingleIPMSWarmStart notification to the indicated host when its member generates a warm start notification.
Page 446 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch connect -> working. connect -> disconnect. disconnect -> lowVoltage. disconnect -> overCurrent. disconnect -> working. disconnect -> connect. PowerFailure Power Failure notification. The notification 1.3.6.1.4.1.171.12.11.2.2.2.0.2 is issued when the swPowerStatus changes in the following cases: lowVoltage ->...
Page 447 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch authenticationFailure An authenticationFailure trap signifies that 1.3.6.1.6.3.1.1.5.5 the sending protocol entity is the address of a protocol message that is not properly authenticated.While implementations the SNMP must be capable of generating this trap, they must also be capable of suppressing the emission of such traps via an implementation- specific mechanism.
Page 448: Glossary
® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch Glossary 1000BASE-SX: A short laser wavelength on multimode fiber optic cable for a maximum length of 550 meters 1000BASE-LX: A long wavelength for a “long haul” fiber optic cable for a maximum length of 10 kilometers 100BASE-FX: 100Mbps Ethernet implementation over fiber.
Page 449 ® x Stack DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch line speed: See baud rate. main port: The port in a resilient link that carries data traffic in normal operating conditions. MDI - Medium Dependent Interface: An Ethernet port connection where the transmitter of one device is connected to the receiver of another device.

D-Link xStack DGS-3400 Series Reference Manual

Web-Based Switch Configuration

Administration

L2 Features

Qos

ACL (Access Control List)

Security

Quick Links

Related Manuals for D-Link xStack DGS-3400 Series

Summary of Contents for D-Link xStack DGS-3400 Series