Page 2 Microsoft Corporation. Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products. D-Link Computer Corporation disclaims any proprietary interest in trademarks and trade names other than its own.
Page 3: Table Of Contents
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Table of Contents Preface................................viii Intended Readers ............................ix Typographical Conventions ...........................ix Notes, Notices, and Cautions..........................ix Safety Instructions ............................x Safety Cautions ....................................x General Precautions for Rack-Mountable Products ........................xi Protecting Against Electrostatic Discharge..........................
Page 4 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Login to Web Manager ................................21 Web-based User Interface ................................22 Web Pages....................................24 Administration ...............................25 Device Information ............................26 IP Address...............................28 Setting the Swith’s IP Address using the Console Interface ......................30 Port Configuration............................31...
Page 5 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch PoE System Configuration................................65 PoE Port Configuration................................66 Single IP Settings............................68 SIM Settings....................................69 Topology...................................... 71 Tool Tips...................................... 73 Right-Click....................................74 Menu Bar ..................................... 76 Firmware Upgrade ..................................77 Configuration Backup/Restore..............................
Page 6 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch MST Configuration Identification.............................. 125 STP Instance Settings................................. 127 MSTP Port Information ................................128 Loopback Detection Settings........................130 LLDP................................131 LLDP Global Settings................................131 Basic LLDP Port Settings ................................133 802.1 Extension LLDP Port Settings ............................134 802.3 Extension LLDP Port Settings ............................
Page 7 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch DHCP Snooping Entries ................................190 MAC Block List..................................190 SSL ................................191 Download Certificate ................................. 191 Ciphersuite ....................................191 SSH ................................194 SSH Server Configuration ................................. 194 SSH Authentication Mode and Algorithm Settings ........................195 SSH User Authentication ................................
Page 8 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Transmitted (TX) ..................................243 Packet Size ..............................245 MAC Address ...............................247 Switch Log ..............................249 IGMP Snooping Group ..........................250 Browse Router Port .............................251 VLAN Status..............................251 MLD Snooping Group..........................251 Browse MLD Snooping Router Port ......................252 Static ARP Settings ............................253...
Page 9: Preface
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Preface The DES-3028/DES-3028P/DES-3028G/DES-3052/DES-3052P User Manual is divided into sections that describe the system installation and operating instructions with examples. Section 1, Introduction - Describes the Switch and its features.
Page 10: Intended Readers
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Intended Readers The DES-3028/DES-3028P/DES-3028G/DES-3052/DES-3052P User Manual contains information for setup and management of the Switch. The term, “the Switch” will be used when referring to all five switches. This manual is intended for network managers familiar with network management concepts and terminology.
Page 11: Safety Instructions
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Safety Instructions Use the following safety guidelines to ensure your own personal safety and to help protect your system from potential damage. Throughout this document, the caution icon ( ) is used to indicate cautions and precautions that you need to review and follow.
Page 12: General Precautions For Rack-Mountable Products
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch  To help protect your system from sudden, transient increases and decreases in electrical power, use a surge suppressor, line conditioner, or uninterruptible power supply (UPS).  Position system cables and power cables carefully; route cables so that they cannot be stepped on or tripped over. Be sure that nothing rests on any cables.
Page 13: Protecting Against Electrostatic Discharge
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch CAUTION: The system chassis must be positively grounded to the rack cabinet frame. Do not attempt to connect power to the system until grounding cables are connected. A qualified electrical inspector must inspect completed power and safety ground wiring. An energy hazard will exist if the safety ground cable is omitted or disconnected.
Page 14: Introduction
Installing SFP ports DES-3028/28P/28G/52/52P The DES-3028, DES-3028P, DES-3028G, DES-3052, and the DES-3052P are all members of the D-Link Switch family. These Switches provide unsurpassed performance, fault tolerance, scalable flexibility, robust security, standard-based interoperability and impressive technology to future-proof departmental and enterprise network deployments with an easy migration path.
Page 15 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch  RFC1493 Bridge  RFC2819 RMON  RFC2665 Ether-like MIB  RFC2863 Interface MIB  Private MIB  RFC2674 for 802.1p  IEEE 802.1X MIB  IEEE 802.3x flow control in full duplex mode ...
Page 16: Ports
One female DCE RS-232 DB-9 console port One female DCE RS-232 DB-9 console port console port The following table lists the features and compatibility for each type of port present in the DES-3028/28P/28G/52/52P. 10/100/1000BASE-T SFP Combo 1000BASE-T Combo SFP Transceivers Supported: IEEE 802.3 compliant...
Page 17: Led Indicators
LED Indicators The Switch supports LED indicators for Power, Console, RPS and Port LEDs. The following shows the LED indicators for the DES-3028/28P/28G/52/52P Series switches along with an explanation of each indicator. LEDs and there corresponding meanings are displayed below.
Page 18 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch When there is a secure 100Mbps Fast Ethernet Solid Green connection (or link) at any of the ports. When there is reception or transmission (i.e. Activity— Blinking Green Act) of data occurring at a...
Page 19: Front-Panel Description
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Front-Panel Description DES-3028/DES-3028P  Twenty-four 10/100Mbps BASE-T ports  Two Combo 1000BASE-T/SFP ports located to the right  Two 1000BASE-T ports located to the right  One female DCE RS-232 DB-9 console port ...
Page 20: Rear Panel Description
Side Panel Description The left and right-hand panel of the DES-3028G/DES-3028/DES-3052 Switches contain heat vents. The heat vents are used to dissipate heat. Do not block these openings, and leave at least 6 inches of space at the rear and sides of the Switch for proper ventilation.
Page 21: Gigabit Combo Ports
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 1- 13. Side panels of the DES-3028P The left-hand side panel of the DES-3052P Switch contains a system fan and ventilation along the entire right side. The system fan is used to dissipate heat.
Page 22: Installing The Sfp Ports
Installing the SFP ports The DES-3028/28P/28G/52/52P Switches are equipped with SFP (Small Form Factor Portable) ports, which are to be used with fiber-optical transceiver cabling in order to uplink various other networking devices for a gigabit link that may span great distances.
Page 23: Installation
 DCE RS-232 console cable If any item is missing or damaged, please contact your local D-Link Reseller for replacement. Before You Connect to the Network The site where you install the Switch may greatly affect its performance. Please follow these guidelines for setting up the Switch.
Page 24: Installing The Switch Without The Rack
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Installing the Switch without the Rack When installing the Switch on a desktop or shelf, the rubber feet included with the Switch should first be attached. Attach these cushioning feet on the bottom at each corner of the device. Allow enough ventilation space between the Switch and any other objects in the vicinity.
Page 25: Mounting The Switch In A Standard 19" Rack
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Mounting the Switch in a Standard 19" Rack CAUTION: Installing systems in a rack without the front and side stabilizers installed could cause the rack to tip over, potentially resulting in bodily injury under certain circumstances. Therefore, always install the stabilizers before installing components in the rack.
Page 26: Connecting The Switch
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Section 3 Connecting the Switch Switch to End Node Switch to Hub or Switch Connecting to Network Backbone or Server NOTE: All 10/100/1000Mbps NWay Ethernet ports can support both MDI- II and MDI-X connections.
Page 27: Switch To Hub Or Switch
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Switch to Hub or Switch These connections can be accomplished in a number of ways using a normal cable.  A 10BASE-T hub or switch can be connected to the Switch via a twisted-pair Category 3, 4 or 5 UTP/STP cable.
Page 28: Introduction To Switch Management
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Section 4 Introduction to Switch Management Management Options Web-based Management Interface SNMP-Based Management Managing User Accounts Command Line Console Interface through the Serial Port Connecting the Console Port (RS-232 DCE)
Page 29 12. Enter the commands to complete your desired tasks. Many commands require administrator-level access privileges. Read the next section for more information on setting up user accounts. See the DES-3028/28P/28G/52/52P CLI Manual on the documentation CD for a list of all commands and additional information on using the CLI.
Page 30: First Time Connecting To The Switch
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch First Time Connecting to the Switch The Switch supports user-based security that can allow you to prevent unauthorized users from accessing the Switch or changing its settings. This section tells how to log onto the Switch.
Page 31: Snmp Settings
The DES-3028/28P/28G/52/52P supports SNMP versions 1, 2c, and 3. You can specify which version of SNMP you want to use to monitor and control the Switch. The three versions of SNMP vary in the level of security provided between the management station and the network device.
Page 32: Ip Address Assignment
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch information or receive traps using SNMP v.1 while assigning a higher level of security to another group, granting read/write privi- leges using SNMP v.3. Using SNMP v.3 individual users or groups of SNMP managers can be allowed to perform or be restricted from performing specific SNMP management functions.
Page 33 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch DES-3028G:4#show switch Command: show switch Device Type : DES-3028G Fast Ethernet Switch MAC Address : 00-21-91-98-60-77 IP Address : 10.73.21.11 (Manual) VLAN Name : default Subnet Mask : 255.0.0.0 Default Gateway : 0.0.0.0...
Page 34 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch DES-3028G:4#config ipif System ipaddress 10.90.90.91/255.0.0.0 Command: config ipif System ipaddress 10.90.90.91/8 Success. DES-3028G:4# Figure 4- 5. Assigning the Switch an IP Address In the above example, the Switch was assigned an IP address of 10.90.90.91 with a subnet mask of 255.0.0.0. (the CIDR form was used to set the address (10.90.90.91/8).
Page 35: Web-Based Switch Configuration
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Section 5 Web-based Switch Configuration Introduction Login to Web manager Web-Based User Interface Basic Setup Reboot Basic Switch Setup Network Management Switch Utilities Network Monitoring IGMP Snooping Status Introduction All software functions of the Switch can be managed, configured and monitored via the embedded web-based (HTML) interface.
Page 36: Web-Based User Interface
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 5- 1. Enter Network Password dialog Enter “admin” in both the User Name and Password fields and click OK. This will open the Web-based user interface. The Switch management features available in the web-based manager are explained below.
Page 37 Select the folder or window to be displayed. The folder icons can be opened to display the hyper- Area 1 linked window buttons and subfolders contained within them. Click the D-Link logo to go to the D- Link website. Area 2 Presents a graphical near real-time image of the front panel of the Switch.
Page 38: Web Pages
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Web Pages When you connect to the management mode of the Switch with a web browser, a login window is displayed. Enter a user name and password to access the Switch's management mode.
Page 39: Administration
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Section 6 Administration IP Address Port Configuration DHCP/BOOTP Relay User Accounts Cable Diagnostics Port Mirroring System Log Settings Log Settings SNTP Settings MAC Notification Settings TFTP Services Multiple Image Services...
Page 40: Device Information
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Device Information This window contains the main settings for all major functions of the Switch and appears automatically when you log on. To return to the Device Information window, click the DES-30xx Web Management Tool folder.
Page 41 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch The fields that can be configured are described below: Parameter Description System Name Enter a system name for the Switch, if so desired. This name will identify it in the Switch network.
Page 42: Ip Address
The IP address may initially be set using the console interface prior to connecting to it through the Ethernet. If the Switch IP address has not yet been changed, read the introduction of the DES-3028/28P/28G/52/52P CLI Manual or return to Section 4 of this manual for more information.
Page 43 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch 2. Enter the appropriate IP Address and Subnet Mask. 3. If you want to access the Switch from a different subnet from the one it is installed on, enter the IP address of the Default Gateway.
Page 44: Setting The Swith's Ip Address Using The Console Interface
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch configuration file present in Switch memory will be loaded. Click Apply to allow changes to take effect. Setting the Swith’s IP Address using the Console Interface Each Switch must be assigned its own IP Address, which is used for communication with an SNMP network manager or other TCP/IP application (for example BOOTP, TFTP).
Page 45: Port Configuration
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Port Configuration This section contains information for configuring various attributes and properties for individual physical ports, including port speed and flow control. Port Settings Click Administration > Port Configuration > Port Settings to display the following window: To configure switch ports: 1.
Page 46 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch The following parameters can be configured: Parameter Description From…. To Use the pull-down menus to select the port or range of ports to be configured. State Toggle this field to either enable or disable a given port or group of ports.
Page 47: Port Description
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Port Description The Switch supports a port description feature where the user may name various ports on the Switch. To assign names to various ports, click Administration > Port Configuration > Port...
Page 48 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Parameter Description Port Displays the port that has been error disabled. State Describes the current running state of the port, whether Enabled or Disabled. Connection This field will show if a port has been disabled due to an error detected in the port.
Page 49: Dhcp/Bootp Relay
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch DHCP/BOOTP Relay To enable and configure DHCP/BOOTP Relay Global Settings on the Switch, click Administration > DHCP/BOOTP Relay > DHCP/BOOTP Relay Global Settings: DHCP/BOOTP Relay Global Settings Figure 6- 6. DHCP/ BOOTP Relay Global Settings window...
Page 50 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch check and policy settings will have no effect. DHCP Relay Agent This field can be toggled between Enabled and Disabled using the pull-down menu. It is Information Option 82 used to enable or disable the Switches ability to check the validity of the packet’s option 82...
Page 51 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch The Implementation of DHCP Information Option 82 in the DES-3028/28P/28G/52/52P switches The config dhcp_relay option_82 command configures the DHCP relay agent information option 82 setting of the switch. The formats for the circuit ID sub-option and the remote ID sub-option are as follows: NOTE: For the circuit ID sub-option of a standalone switch, the module field is always zero.
Page 52: Dhcp/Bootp Relay Interface Settings
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch 2. Length: the string length of the Remote ID suboption 3. Remote ID type 4. Length: the string length of the user-defined string 5. User-defined string Figure 6- 8. Circuit ID and Remote ID Sub-option Format 2 DHCP/BOOTP Relay Interface Settings This window allows the user to set up a server, by IP address, for relaying DHCP/ BOOTP information to the Switch.
Page 53 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 6- 10. DHCP Local Relay Settings window...
Page 54: User Accounts
Show All User Account Entries. NOTE: In case of lost passwords or password corruption, please refer to the D-Link website and the White Paper entitled “Password Recovery Procedure”, which will guide you through the steps necessary to resolve this issue.
Page 55 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 6- 13. User Account Modify Table window Modify or delete an existing user account in the User Account Modify Table. To delete the user account, click on the Delete button.
Page 56: Cable Diagnostics
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Cable Diagnostics The following window is used to test the cables connecting to the Switch. This feature is used to determine if there are any errors on the copper cables and the position where the errors may have occurred. Use the pull down menu to enter the port or range of ports to be tested and click the Test Now button which will display the the results in the Cable Diagnostics Information table below.
Page 57 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch If there are no problems with the cable the test results will show that the cable is OK, if Test Results there are no cables connected to the port the results will show No Cable.
Page 58: Port Mirroring
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Port Mirroring The Switch allows you to copy frames transmitted and received on a port and redirect the copies to another port. You can attach a monitoring device to the mirrored port, such as a sniffer or an RMON probe, to view details about the packets passing through the first port.
Page 59: System Log Settings
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch System Log Settings The Switch can send Syslog messages to up to four designated servers using the System Log Server. To view this window click Administration > System Log Settings, to view the window shown below.
Page 60 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch kernel messages user-level messages mail system system daemons security/authorization messages messages generated internally by syslog line printer subsystem network news subsystem UUCP subsystem clock daemon security/authorization messages FTP daemon...
Page 61: Log Settings
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Log Settings The Log settings can be changed by clicking the System Log Settings link to open the following window: Figure 6- 19. Log Settings window The following parameters can be set:...
Page 62: Sntp Settings
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch SNTP Settings Time Settings This window is used to configure the time settings for the Switch. To view this window click, Administration > SNTP Settings > Time Settings. Figure 6- 20. Time Settings window...
Page 63: Time Zone And Dst
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Time in HH MM SS Enter the current time in hours, minutes, and seconds. Click Apply to implement changes made. Time Zone and DST The following are windows used to configure time zones and Daylight Savings time settings for SNTP. Open the Administration folder, then the SNTP Settings folder and click on the Time Zone and DST link, revealing the following window.
Page 64 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Time Zone Offset Use these pull-down menus to specify your local time zone's offset from Greenwich Mean from GMT in +/- Time (GMT.) HH:MM DST Repeating Settings Using repeating mode will enable DST seasonal time adjustment. Repeating mode requires that the DST beginning and ending date be specified using a formula.
Page 65: Mac Notification Settings
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch MAC Notification Settings MAC Notification is used to monitor MAC addresses learned and entered into the forwarding database. To globally set MAC notification on the Switch, click Administration > MAC Notification Settings.
Page 66: Tftp Services
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch TFTP Services Trivial File Transfer Protocol (TFTP) services allow the Switch's firmware to be upgraded by transferring a new firmware file from a TFTP server to the Switch. A configuration file can also be loaded into the Switch from a TFTP server.
Page 67: Multiple Image Services
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Multiple Image Services To configure the files located on the Flash memory, use the following windows to guide you. The Multiple Image Services folder contains windows to allow the user to view Firmware Information and to configure Firmware Image, to view these windows click Administration >...
Page 68: Ping Test
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Ping Test Ping is a small program that sends ICMP Echo packets to the IP address you specify. The destination node then responds to or "echoes" the packets sent from the Switch. This is very useful to verify connectivity between the Switch and other nodes on the network.
Page 69 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 6- 27. Safeguard Engine example For every consecutive checking interval that reveals a packet flooding issue, the Switch will double the time it will discard ingress ARP and IP broadcast packets. In the example above, the Switch doubled the time for dropping ARP and IP broadcast packets when consecutive flooding issues were detected at 5 second intervals.
Page 70 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 6- 29. Safeguard Engine Settings window – CPU Utilization Settings To set the Safeguard Engine for the Switch, complete the following fields: Parameter Description State Toggle this field to either Enabled or Disabled for the Safeguard Engine of the Switch.
Page 71: Snmp Manager
The DES-3028/28P/28G/52/52P supports the SNMP versions 1, 2c, and 3. The default SNMP setting is enabled and cannot be disabled. The three versions of SNMP vary in the level of security provided between the management station and the network device.
Page 72: Snmp Traps Settings
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch SNMP settings are configured using the menus located on the SNMP V3 folder of the web manager. Workstations on the network that are allowed SNMP privileged access to the Switch can be restricted with the Trusted Host IP Management window in the Security folder of the web manager.
Page 73 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Group Name This name is used to specify the SNMP group created can request SNMP messages. SNMP Version V1 - Indicates that SNMP version 1 is in use. V2 - Indicates that SNMP version 2 is in use.
Page 74: Snmp View Table
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch To implement changes made, click Apply. To return to the SNMP User Table, click the Show All SNMP User Table Entries link. SNMP View Table This window is used to assign views to community strings that define which MIB objects can be accessed by a remote SNMP manager.
Page 75: Snmp Group Table
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch To implement your new settings, click Apply. To return to the SNMP View Table, click the Show All SNMP View Table Entries link. SNMP Group Table An SNMP Group created with this table maps SNMP users (identified in the SNMP User Table) to the views created in the previous menu.
Page 76: Snmp Community Table Configuration
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 6- 38. SNMP Group Table Configuration window The following parameters can set: Parameter Description Group Name Type an alphanumeric string of up to 32 characters. This is used to identify the new SNMP group of SNMP users.
Page 77: Snmp Host Table
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 6- 39. SNMP Community Table Configuration window The following parameters can set: Parameter Description Type an alphanumeric string of up to 32 characters that is used to identify members of an Community Name SNMP community.
Page 78: Snmp Engine Id
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch The following parameters can set: Parameter Description Host IP Address Type the IP address of the remote management station that will serve as the SNMP host for the Switch.
Page 79: Poe System
DES-3052P follow the standard PSE (Power Source over Ethernet) pinout Alternative A, whereby power is sent out over pins 1, 2, 3 and 6. Both the DES-3028P and DES-3052P work with all D-Link 802.3af capable devices. The DES-3028P and DES-3052P include the following PoE features: ...
Page 80: Poe Port Configuration
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch PoE Port Configuration To configure PoE port configuration for the Switch, click Administration > PoE System > PoE Port Configuration, which will reveal the following window for the user to configure: Figure 6- 44.
Page 81 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch up is denied, regardless of its priority. Deny low priority port - After the power limit has been exceeded, the next port attempting to power up causes the port with the lowest priority to shut down to allow the high-priority and critical priority ports to power up.
Page 82: Single Ip Settings
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Single IP Settings Simply put, D-Link Single IP Management is a concept that will stack switches together over Ethernet instead of using stacking ports or modules. There are some advantages in implementing the "Single IP Management" feature: 1.
Page 83: Sim Settings
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch The Upgrade to v1.6 To better improve SIM management, the DES-3028/28P/28G/52/52P Switches have been upgraded to version 1.6 in this release. Many improvements have been made, including: 1. The Commander Switch (CS) now has the capability to automatically rediscover member switches that have left the SIM group, either through a reboot or web malfunction.
Page 84: Parameters Description
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 6- 46. SIM Settings window (enabled) If the Switch Administrator wishes to configure the Switch as a Commander Switch (CS), select Commander from the Role State field and click Apply. The window will change once again to look like this: Figure 6- 47.
Page 85: Topology
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Topology The Topology window will be used to configure and manage the Switch within the SIM group and requires Java script to function properly on your computer. The Java Runtime Environment on your server should initiate and lead you to the topology window, as seen below.
Page 86: Icon Description
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Model Name Displays the full model name of the corresponding Switch. To view the Topology Map, click the View menu in the toolbar and then Topology, which will produce the following window.
Page 87: Tool Tips
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Non-SIM devices Tool Tips In the Topology view window, the mouse plays an important role in configuration and in viewing device information. Setting the mouse cursor over a specific device in the topology window (tool tip) will display the same information about a specific device as the Tree view does.
Page 88: Right-Click
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Right-Click Right-clicking on a device will allow the user to perform various functions, depending on the role of the Switch in the SIM group and the icon associated with it.
Page 89: Commander Switch Icon
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Commander Switch Icon Figure 6- 54. Right-Clicking a Commander Icon The following options may appear for the user to configure: Collapse - To collapse the group that will be represented by a single icon.
Page 90: Menu Bar
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Add to group - Add a candidate to a group. Clicking this option will reveal the following dialog for the user to enter  a password for authentication from the Candidate Switch before being added to the SIM group. Click OK to enter the password or Cancel to exit the window.
Page 91: Firmware Upgrade
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Help About - Will display the SIM information, including the current SIM version.  Figure 6- 60. About window Firmware Upgrade This screen is used to upgrade firmware from the Commander Switch to the Member Switch. Member Switches will be listed in the table and will be specified by Port (port on the CS where the MS resides), MAC Address, Model Name and Version.
Page 92: Upload Log
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 6- 62. Configuration File Backup/Restore window Upload Log The following window is used to upload log files from SIM member switches to a specified PC. To upload a log file, enter the IP address of the PC and then enter a path on your PC where you wish to save this file.
Page 93: Multicast Forwarding
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 6- 64. Unicast Forwarding window To add or edit an entry, define the following parameters and then click Add/Modify: Parameter Description The VLAN ID number of the VLAN on which the above Unicast MAC address resides.
Page 94 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 6- 66. Setup Static Multicast Forwarding Table window The following parameters can be set: Parameter Description The VLAN ID of the VLAN to which the corresponding MAC address belongs.
Page 95: Multicast Filtering Mode
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Multicast Filtering Mode The following figure and table describe how to set up multicast forwarding on the Switch. To view this window, click Administration > Forwarding & Filtering > Multicast Filtering Mode: Figure 6- 67.
Page 96: Smtp Service
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch SMTP Service SMTP or Simple Mail Transfer Protocol is a function of the Switch that will send switch events to mail recipients based on e-mail addresses entered using the commands below. The Switch is to be configured as a client of SMTP while the server is a remote device that will receive messages from the Switch, place the appropriate information into an e-mail and deliver it to recipients configured on the Switch.
Page 97: Smtp Server Settings
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch SMTP Server Settings The following window is used to configure the fields to set up the SMTP server for the switch, along with setting e-mail addresses to which switch log files can be sent when a problem arises on the Switch. To open the following window, click Administration >...
Page 98 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 6- 69. SMTP Service window The following parameters can be set: Parameter Description Subject Enter the subject of the test e-mail. Content Enter the content of the test e-mail.
Page 99: L2 Features
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Section 7 L2 Features VLAN QinQ Trunking IGMP Snooping MLD Snooping Spanning Tree Loopback Detection LLDP VLANs A Virtual Local Area Network (VLAN) is a network topology configured according to a logical scheme rather than the physical layout.
Page 100: Q Vlan Tags
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Any port can be configured as either tagging or untagging. The untagging feature of IEEE 802.1Q VLANs allows VLANs to work with legacy switches that don't recognize VLAN tags in packet headers. The tagging feature allows VLANs to span multiple 802.1Q-compliant switches through a single physical connection and allows Spanning Tree to be enabled on all ports and work...
Page 101: Tagging And Untagging
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 7- 2. IEEE 802.1Q Tag The EtherType and VLAN ID are inserted after the MAC source address, but before the original EtherType/Length or Logical Link Control. Because the packet is now a bit longer than it was originally, the Cyclic Redundancy Check (CRC) must be recalculated.
Page 102: Default Vlans
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch If the packet is not tagged with VLAN information, the ingress port will tag the packet with its own PVID as a VID. The switch then determines if the destination port is a member of the same VLAN (has the same VID) as the ingress port. If it does not, the packet is dropped.
Page 103: Asymmetric Vlans
Asymmetric VLANs The DES-3028 Switch Series has the capability to create and utilize Asymmetric VLANs on the Switch. Asymmetric VLANs allow devices to transmit packets on one VLAN and receive it on another VLAN. This configuration is accomplished through the use of three functions: enabling Asymmetric VLANs, VLAN creation, and GVRP configuration.
Page 104: Static Vlan Entry
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch VLAN and Trunk Groups The members of a trunk group have the same VLAN setting. Any VLAN setting on the members of a trunk group will apply to the other member ports.
Page 105 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Parameter Description Allows the entry of a VLAN ID in the Add dialog box, or displays the VLAN ID of an existing VLAN in the Modify dialog box. VLANs can be identified by either the VID or the VLAN name.
Page 106: Gvrp Settings
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch VLAN in the Modify dialog box. VLANs can be identified by their VID. Action Choose an action to Create, Configure or Delete an 802.1Q Static VLAN. Advertisement Use the pull down menu to Enable or Disable the Advertisement broadcast on the VLAN.
Page 107 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 7- 8. GVRP Settings window The following fields can be set: Parameter Description These two fields allow you to specify the range of ports that will be included in the Port-based VLAN From/To that you are creating using this window.
Page 108: Vlan Trunk Settings
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Check to compare the VID tag of an incoming packet with the PVID number assigned to the port. If the two are different, the port filters (drops) the packet. Disabled disables ingress filtering. Ingress Checking is Disabled by default.
Page 109 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 7- 9. VLAN Trunk Port Settings window...
Page 110: Qinq
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch QinQ This function allows the user to enable or disable the QinQ function. QinQ is designed for service providers to carry traffic from multiple users across a network. QinQ...
Page 111 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Role The user can choose between UNI or NNI role. UNI – To select a user-to-network interface which specifies that communication between the specified user and a specified network will occur.
Page 112: Trunking
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Trunking Port trunk groups are used to combine a number of ports together to make a single high-bandwidth data pipeline. The Switch supports up to six port trunk groups with 2 to 8 ports in each group. A potential bit rate of 800 Mbps can be achieved.
Page 113: Link Aggregation
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Link Aggregation To configure port trunking, click L2 Features > Trunking > Link Aggregation to bring up the following window: Figure 7- 12. Link Aggregation window To configure port trunk groups, click the Add button to add a new trunk group and use the Port Trunking Configuration menu (see example below) to set up trunk groups.
Page 114 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 7- 14. LACP Port Settings window To configure LACP port trunk settings, select a port range using the From and To drop-down menus, select either Passive or Active Mode, and then click Apply to let your changes take effect.
Page 115: Igmp Snooping
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch IGMP Snooping Internet Group Management Protocol (IGMP) snooping allows the Switch to recognize IGMP queries and reports sent between network stations or devices and an IGMP host. When enabled for IGMP snooping, the Switch can open or close a port to a specific device based on the IGMP messages passing through the Switch.
Page 116 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch the IGMP Snooping Settings. VLAN Name This is the VLAN Name that, along with the VLAN ID, identifies the VLAN for which to modify the IGMP Snooping Settings. Query Interval This field is used to set the time (in seconds) between transmitting IGMP queries.
Page 117: Router Ports Settings
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Router Ports Settings A static router port is a port that has a multicast router attached to it. Generally, this router would have a connection to a WAN or to the Internet.
Page 118 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 7- 18. Router Ports Settings - Edit window The following parameters can be viewed: Parameter Description This is the VLAN ID that, along with the VLAN Name, identifies the VLAN where the VID (VLAN ID) multicast router is attached.
Page 119: Igmp Authentication
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch IGMP Authentication IGMP Access Authentication provides a client-server authentication protocol for specified ports on the Switch. This function will secure access to an IP multicast group by using a user authentication process that will insure there is more control over the access to multicast traffic.
Page 120 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 7- 19. IGMP Access Control window Select the range of ports you wish to Enable or Disable and click Apply to implement changes made.
Page 121: Dynamic Ip Multicast Learning
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Dynamic IP Multicast Learning To configure the Dynamic IP Multicast Learning Max Entry Settings on the Switch, click L2 Features > IGMP Snooping > Dynamic IP Multicast Learning. Figure 7- 20. Dynamic IP Multicast Learning Settings window...
Page 122: Ism Vlan Settings
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch ISM VLAN Settings In a switching environment, multiple VLANs may exist. Every time a multicast query passes through the Switch, the switch must forward separate different copies of the data to each VLAN on the system, which, in turn, increases data traffic and may clog up the traffic path.
Page 123 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 7- 23. IGMP Snooping Multicast VLAN Settings – Add window modified Both the Add and Modify windows of the IGMP Multicast VLAN Settings have the following configurable fields.
Page 124: Ip Multicast Filter Profile Settings
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 7- 24. IGMP Snooping Multicast VLAN Group List Settings window Enter a Multicast Group List for a particular entry and click Add the new IGMP Snooping Multicast VLAN Group List entry will be displayed on the IGMP Snooping Multicast VLAN Group List table on the lower half of the window.
Page 125: Limited Multicast Range Settings
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 7- 27. IP Multicast Address Group List Settings – Group List window Enter the multicast Address List starting with the lowest in the range, and click Apply. Limited Multicast Range Settings The Limited Multicast Range Settings enables the user to configure the ports on the switch that will be involved in the Limited IP Multicast Range.
Page 126 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 7- 28. Limited Multicast Range Settings The following parameters can be set: Parameter Description From/To Select a range of ports to be granted access or denied access from receiving multicast information.
Page 127: Max Multicast Group Settings
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Access This field is set to Permit by default. Max Multicast Group Settings The Max Multicast Group Settings enables the user to configure the ports on the switch that will be apart of the maximum filter group up to a maximum of 256.
Page 128: Mld Snooping
Switch, it will no longer forward multicast traffic from a specific multicast group address to this listening port. NOTE: The DES-3028 series supports MLD v1 snooping, but for MLD v2 snooping is carried out in awareness state.
Page 129 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 7- 31. MLD Snooping Settings - Edit window The following parameters may be viewed or modified: Parameter Description VLAN ID This is the VLAN ID that, along with the VLAN Name, identifies the VLAN for which to modify the MLD Snooping Settings.
Page 130: Mld Snooping Router Port Settings
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch setting of 260 seconds. Done Timer (1-16711450 sec) Specifies the maximum amount of time a router can remain in the Switch after receiving a done message from the group without receiving a node listener report.
Page 131: Spanning Tree
This Switch supports three versions of the Spanning Tree Protocol; 802.1d STP, 802.1w Rapid STP and MSTP. 802.1d STP will be familiar to most networking professionals. However, since 802.1w RSTP has been recently introduced to D-Link managed Ethernet switches, a brief introduction to the technology is provided below followed by a description of how to set up 802.1d STP and 802.1w RSTP.
Page 132: W Rapid Spanning Tree
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch This protocol will also tag BPDU packets so receiving devices can distinguish spanning tree instances, spanning tree regions and the VLANs associated with them. An MSTI ID will classify these instances. MSTP will connect multiple spanning trees with a Common and Internal Spanning Tree (CIST).
Page 133: Edge Port
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch RSTP is capable of a more rapid transition to a forwarding state - it no longer relies on timer configurations - RSTP compliant bridges are sensitive to feedback from other RSTP compliant bridge links. Ports do not need to wait for the topology to stabilize before transitioning to a forwarding state.
Page 134: Stp Bridge Global Settings
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch The LoopBack Detection feature can only prevent BPDU loops on designated ports. It can detect a loop condition occurring on the user’s side connected to the edge port, but it cannot detect the LoopBack condition on the elected root port of STP on another...
Page 135 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 7- 36. STP Bridge Global Settings window – STP Compatible The following parameters can be set: Parameter Description Spanning Tree Protocol Use the pull-down menu to enable or disable STP globally on the Switch. The default is Disabled.
Page 136 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch on the Switch. MSTP  Select this parameter to set the Multiple Spanning Tree Protocol (MSTP) globally on the Switch TX Hold Count (1-10) Used to set the maximum number of Hello packets transmitted per interval. The count can be specified from 1 to 10.
Page 137: Stp Port Settings
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch STP Port Settings STP can be set up on a port per port basis. To view the STP Port Settings window click L2 Features > Spanning Tree > STP Port Settings: Figure 7- 37.
Page 138 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch will be chosen to forward packets. Hello Time This can be set from 1 to 2 seconds. This is the interval between two transmissions of BPDU packets sent by the Root Bridge to tell all other switches that it is indeed the Root Bridge.
Page 139: Mst Configuration Identification
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch MST Configuration Identification The following windows in the MST Configuration Identification section allow the user to configure a MSTI instance on the Switch. These settings will uniquely identify a multiple spanning tree instance set on the Switch. The Switch initially possesses one CIST or Common Internal Spanning Tree of which the user may modify the parameters for but cannot change the MSTI ID for, and cannot be deleted.
Page 140 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch The user may configure the following parameters to create a MSTI in the Switch. Parameter Description MSTI ID Enter a number between 1 and 4 to set a new MSTI on the Switch.
Page 141: Stp Instance Settings
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 7- 41. Instance ID Settings window – modify The user may configure the following parameters for a MSTI on the Switch. Parameter Description MSTI ID Displays the MSTI ID previously set by the user.
Page 142: Mstp Port Information
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Click the Modify button to change the priority of the MSTI. This will open the Instance ID Settings window to configure. Figure 7- 43. Instance ID Settings - modify priority window...
Page 143 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 7- 45. MSTI Settings window The following parameters can be viewed or set: Parameter Description Instance ID Displays the MSTI ID of the instance being configured. An entry of 0 in this field denotes the CIST (default MSTI).
Page 144: Loopback Detection Settings
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Loopback Detection Settings The Loopback Detection function is used to detect the loop created by a specific port. This feature is used to temporarily shutdown a port on the Switch when a CTP (Configuration Testing Protocol) packet has been looped back to the switch.
Page 145: Lldp
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Interval (1-32767) Set a Loopdetect Interval between 1 and 32767 seconds. The default is 10 seconds. Recover Time Time allowed (in seconds) for recovery when a Loopback is detected. The Loopdetect (0 or 60-1000000) Recover Time can be set at 0 seconds, or 60 to 1000000 seconds.
Page 146 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 7- 47. LLDP Operation State Settings window The following parameters can be set: Parameter Description LLDP Operation When this function is Enabled, the switch can start to transmit LLDP packets and receive and State process the LLDP packets.
Page 147: Basic Lldp Port Settings
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Basic LLDP Port Settings The following window is used to set up LLDP on individual port(s) on the Switch. To view this window click L2 Features > LLDP > Basic LLDP Port Settings.
Page 148: 802.1 Extension Lldp Port Settings
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Parameter Description From/To Select a port or group of ports using the pull-down menus. Notification State Used to configure each port for sending notification to configured SNMP trap receiver(s).
Page 149 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 7- 49. 802.1 Extension LLDP Port Settings Table window...
Page 150: Extension Lldp Port Settings
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch The following parameters can be set or displayed: Parameter Description From/To Select a port or group of ports using the pull-down menus. Port VLAN ID Use the drop-down menu to toggle Port VLAN ID between Enabled and Disabled.
Page 151 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 7- 50. 802.3 Extension LLDP Port Settings Table window The following parameters can be set or displayed: Parameter Description From/To Select a port or group of ports using the pull-down menus.
Page 152: Lldp Management Address Settings
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Configuration/Status Disabled. Link Aggregation Use the drop-down menu to toggle Link Aggregation between Enabled and Disabled. Maximum Frame Use the drop-down menu to toggle Maximum Frame Size between Enabled and Disabled.
Page 153: Lldp Statistics
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Parameter Description From/To Select a port or group of ports using the pull-down menus. Address Type Displays the IPV4 Address type. Address Enter the LLDP management address in this field.
Page 154: Lldp Management Address Table
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch LLDP Management Address Table The following window is used to make entries to and display the LLDP Management Address Table. To view this window click L2 Features > LLDP > LLDP Management Address Table.
Page 155 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 7- 54. LLDP Local Port Brief Table window Click the View button to display additional information about entries on the LLDP Local Port Brief Table.
Page 156: Lldp Remote Port Table
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch LLDP Remote Port Table The following window is used to display the LLDP Remote Port Brief Table. To view this window click L2 Features > LLDP > LLDP Remote Port Table.
Page 157: Cos
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Section 8 Port Bandwidth 802.1p Default Priority 802.1p User Priority CoS Scheduling Mechanism CoS Output Scheduling Priority Settings TOS Priority Settings DSCP Priority Settings Port Mapping Priority Settings MAC Priority The Switch supports 802.1p priority queuing Quality of Service.
Page 158: Understanding Cos
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 8- 1. An Example of the Default CoS Mapping on the Switch The picture above shows the default priority setting for the Switch. Class-3 has the highest priority of the four priority classes of service on the Switch.
Page 159 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch For weighted round-robin queuing, the number of packets sent from each priority queue depends upon the assigned weight. For a configuration of eight CoS queues, A~H with their respective weight value: 8~1, the packets are sent in the following sequence: A1, B1, C1, D1, E1, F1, G1, H1, A2, B2, C2, D2, E2, F2, G2, A3, B3, C3, D3, E3, F3, A4, B4, C4, D4, E4, A5, B5, C5, D5, A6, B6, C6, A7, B7, A8, A1, B1, C1, D1, E1, F1, G1, H1.
Page 160: Port Bandwidth
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Port Bandwidth The bandwidth control settings are used to place a ceiling on the transmitting and receiving data rates for any selected port. To view this window click CoS > Port Bandwidth.
Page 161: 802.1P Default Priority
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Parameter Description From/To A consecutive group of ports may be configured starting with the selected port. Type This drop-down menu allows you to select between RX (receive,) TX (transmit,) and Both.
Page 162 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 8- 3. 802.1p Default Priority window This window allows you to assign a default 802.1p priority to any given port on the Switch. The priority tags are numbered from 0, the lowest priority, to 7, the highest priority.
Page 163: 802.1P User Priority
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch 802.1p User Priority When using 802.1p priority mechanism, the packet is examined for the presence of a valid 802.1p priority tag. If the tag is present, the packet is assigned to a programmable egress queue based on the value of the tagged priority. The tagged priority can be designated to any of the available queues.
Page 164: Cos Output Scheduling
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch The Scheduling Mechanism has the following parameters. Parameter Description Strict Denoting a Strict scheduling will set the highest queue to be emptied first while the other queues will follow the weighted round-robin scheduling scheme.
Page 165: Priority Settings
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Priority Settings The Priority Setting window will allow users to configure the CoS priority settings on a port per port basis. When CoS tagged packets arrive on the switch, they are mapped to the settings configured here. For example, if a port has been assigned a MAC priority, the packet that has the CoS priority assigned to a MAC address will be sent to the CoS queue configured for that MAC address.
Page 166 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 8- 7. Priority Settings window...
Page 167: Tos Priority Settings
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Configure the following Priority Setting parameters: Parameter Description From/To Users may select a port or group of ports to assign ToS priority settings, based on the following Main Select field.
Page 168: Dscp Priority Settings
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch DSCP Priority Settings When using the DSCP/TOS priority mechanism, the packet is classified based on the DSCP/TOS field in the IP header. If the tag is present, the packet is assigned to a programmable egress queue based on the value of the tagged priority. The tagged priority can be designated to any of the available queues.
Page 169: Port Mapping Priority Settings
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Port Mapping Priority Settings When using the port-based priority mechanism, the port-based priority (high or low) assigned to each ingress port determines the egress queue assigned to frames arriving via the given ingress port. The frames will be assigned to either the highest queue or the lowest queue.
Page 170: Mac Priority
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch MAC Priority When using the MAC Priority mechanism, the packet is classified based on the MAC address field priority in the MAC priority table entries. To configure a destination MAC address for a CoS queue, users must adhere to the following steps: 1.
Page 171: Acl
Time Range The DES-3028/28P/28G/52/52P Switches allow you to configure a time period when each Access Profile will be active. Use the window below to name the time range and then specify when the Access Profile that will be configured below will be active. To view this window click ACL >...
Page 172 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch To add an entry to the Access Profile Table, click the Add button. This will open the Access Profile Configuration window, as shown below. There are three Access Profile Configuration windows; one for Ethernet (or MAC address-based) profile configuration, one for IP address-based profile configuration and one for the Packet Content Mask.
Page 173 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Ethernet Type Selecting this option instructs the Switch to examine the Ethernet type value in each frame's header. The window shown below is the Access Profile Configuration window for IP.
Page 174 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Destination IP Mask Enter an IP address mask for the destination IP address. DSCP Selecting this option instructs the Switch to examine the DiffServ Code part of each packet header and use this as the, or part of the criterion for forwarding.
Page 175 (64-79) – Enter a value in hex form to mask the packet from byte 64 to byte  With this advanced unique Packet Content Mask (also known as Packet Content Access Control List - ACL), D-Link xStack switch family can effectively mitigate some network attacks...
Page 176 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch like the common ARP Spoofing attack that is wide spread today. This is the reason why Packet Content ACL is able to inspect any specified content of a packet in different protocol layers.
Page 177 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Parameter Description Profile ID This is the identifier number for this profile set. Mode Select Permit to specify that the Switch, according to any additional rule, forward the packets that match the access profile added (see below).
Page 178 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 9- 8. Access Rule Display window (IP) To configure the Access Rule for Ethernet, open the Access Profile Table and click Modify for an Ethernet entry. If no entry exists only the Add button will be displayed however when an entry already exists a corresponding Modify button will also be displayed.
Page 179 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 9- 10. Access Rule Configuration window (Ethernet) To set the Access Rule for Ethernet, adjust the following parameters and click Apply. Parameters Description Profile ID This is the identifier number for this profile set.
Page 180 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Switch. The replace priority feature can only be used with DSCP value and cannot be used with the Ethernet Rule. For more information on priority queues, CoS queues and mapping for 802.1p, see the QoS section of this manual.
Page 181 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 9- 12. Access Rule Table window (Packet Content Mask) The user may search for the settings of a particular Access ID by entering that ID into the Access ID field above and clicking Find.
Page 182 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Switch and will be filtered. Rx Rate (No Limit:0) Enter an Rx Rate in kbps. Access Type in a unique identifier number between 1 and 65535 for this access or use Auto Assign.
Page 183: Cpu Interface Filtering
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch CPU Interface Filtering Due to a chipset limitation and the need for extra switch security, the DES-30xx switch series incorporates CPU Interface filtering. This added feature increases the running security of the Switch by enabling the user to create a list of access rules for packets destined for the Switch’s CPU interface.
Page 184 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 9- 17. CPU Interface Filtering Configuration window – Ethernet Parameter Description Profile ID (1-3) Type in a unique identifier number for this profile set. This value can be set from 1 to 3.
Page 185 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch The following is the CPU Interface Filtering Configuration window for IP. Figure 9- 18. CPU Interface Filtering Configuration window - IP The following parameters can be modified: Parameter Description Profile ID (1-3) Type in a unique identifier number for this profile set.
Page 186 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Select ICMP to instruct the Switch to examine the Internet Control Message Protocol (ICMP) field in each frame's header. Select Type to further specify that the access profile will apply an ICMP type ...
Page 187 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch The following is the CPU Interface Filtering Configuration window for the Packet Content Mask. Figure 9- 19. CPU Interface Filtering Configuration window - Packet Content This window will aid the user in configuring the Switch to mask packet headers beginning with the offset value specified. The...
Page 188 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Click Apply to implement changes made. To establish the rule for a previously created CPU Access Profile: Click ACL > CPU Interface Filtering > CPU Interface Filtering Profile Table.
Page 189 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 9- 22. CPU Interface Filtering Rule Configuration window – Ethernet To set the CPU Access Rule for Ethernet, adjust the following parameters and click Apply. Parameters Description Profile ID This is the identifier number for this profile set.
Page 190 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Port The CPU Access Rule may be configured on a per-port basis by entering the port number of the Switch. Time Range Click the check box and enter the name of the Time Range settings that have been previously configured in the Time Range window.
Page 191 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 9- 25. CPU Interface Filtering Rule Configuration window – IP Configure the following Access Rule Configuration settings for IP: Parameter Description Profile ID This is the identifier number for this profile set.
Page 192 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch in the Access Rule Table to view the following window: To view the settings of a previously correctly configured rule, click Figure 9- 26. CPU Interface Filtering Entry Display window - IP The following window is the CPU Interface Filtering Rule Table for Packet Content.
Page 193 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 9- 28. CPU Interface Filtering Rule Configuration window - Packet Content Mask To set the Access Rule for Ethernet, adjust the following parameters and click Apply. Parameters Description Profile ID This is the identifier number for this profile set.
Page 194 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch the packet to the 15th byte. value (16-31) - Enter a value in hex form to mask the packet from byte 16 to byte  value (32-47) - Enter a value in hex form to mask the packet from byte 32 to byte ...
Page 195: Security
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Section 10 Security Traffic Control Port Security Port Lock Entries IP-MAC-Port Binding 802.1X Trusted Host Access Authentication Control Traffic Segmentation DoS Attack Prevention Traffic Control On a computer network, packets such as Multicast packets and Broadcast packets continually flood the network as normal procedure.
Page 196 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 10- 1. Traffic Control Settings window Once the switch is in rest mode, the method of recovering this port is to manually recoup it using the Port Configuration window in the Administration folder and selecting the disabled port and returning it to an Enabled status alternatively the user can wait for the auto-recovery function which will occur after 5 minutes, the auto-recovery function cannot be configured by the user.
Page 197 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch The user may set the following parameters: Parameter Description Traffic Trap Configuration Traffic Trap Enable sending of Storm Trap messages when the type of action taken by the Traffic Control function in handling a Traffic Storm is one of the following: None –...
Page 198 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch NOTE: Ports that are in the rest mode will be seen as Discarding in Spanning Tree windows and implementations though these ports will still be forwarding BPDUs to the Switch’s CPU.
Page 199: Port Security
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Port Security A given ports’ (or a range of ports') dynamic MAC address learning can be locked such that the current source MAC addresses entered into the MAC address forwarding table can not be changed once the port lock is enabled.
Page 200: Port Lock Entries
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Port Lock Entries The Port Lock Entries Table window is used to remove an entry from the port security entries learned by the Switch and entered into the forwarding database. To view the following window, click Security > Port Lock Entries: Figure 10- 3.
Page 201: Ip-Mac-Port Binding
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch IP-MAC-Port Binding The IP network layer uses a four-byte address. The Ethernet link layer uses a six-byte MAC address. Binding these two address types together allows the transmission of data between the layers. The primary purpose of IP-MAC binding is to restrict the access to a switch to a number of authorized users.
Page 202 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 10- 5. IMP Port Settings window The following fields can be set or modified: Parameter Description From Port…To Port Select a port or range of ports to set for IP-MAC Binding.
Page 203: Imp Entry Settings
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch the entries for the ports. The port will check ARP packets and IP packets by IP-MAC-PORT Binding entries. When the packet is found by the entry, the MAC address will be set to dynamic.
Page 204: Dhcp Snooping Entries
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch DHCP Snooping Entries This table is used to view dynamic entries on specific ports. To view particular port settings, enter the port number and click Find. To view all entries click View All, and to delete an entry, click Clear.
Page 205: Ssl
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Secure Sockets Layer or SSL is a security feature that will provide a secure communication path between a host and client through the use of authentication, digital signatures and encryption. These security functions are implemented through the use of a...
Page 206 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 10- 9. Download Certificate and Ciphersuite window To download certificates, set the following parameters and click Apply. Parameter Description Certificate Type Enter the type of certificate to be downloaded. This type refers to the server responsible for issuing certificates.
Page 207 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Ciphersuite RSA with RC4 128 This ciphersuite combines the RSA key exchange, stream cipher RC4 encryption with 128- bit keys and the MD5 Hash Algorithm. Use the pull-down menu to enable or disable this ciphersuite.
Page 208: Ssh
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch SSH is an abbreviation of Secure Shell, which is a program allowing secure remote login and secure network services over an insecure network. It allows a secure login to remote host computers, a safe method of executing commands on a remote end node, and will provide secure encrypted and authenticated communication between two non-trusted hosts.
Page 209: Ssh Authentication Mode And Algorithm Settings
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Parameter Description SSH Server Status Use the pull-down menu to enable or disable SSH on the Switch. The default is Disabled. Max Session (1-8) Enter a value between 1 and 8 to set the number of users that may simultaneously access the Switch.
Page 210 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch The following algorithms may be set: Parameter Description SSH Authentication Mode and Algorithm Settings Password This parameter may be enabled if the administrator wishes to use a locally configured password for authentication on the Switch.
Page 211: Ssh User Authentication
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch SSH User Authentication The following windows are used to configure parameters for users attempting to access the Switch through SSH. To access the following window, click Security > SSH > SSH User Authentication Mode.
Page 212 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch 802.1X 802.1X Port-Based and Host-Based Access Control The IEEE 802.1X standard is a security measure for authorizing and authenticating users to gain access to various wired or wireless devices on a specified Local Area Network by using a Client and Server based access control model. This is accomplished by using a RADIUS server to authenticate users trying to access a network by relaying Extensible Authentication Protocol over LAN (EAPOL) packets between the Client and the Server.
Page 213 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Authentication Server The Authentication Server is a remote device that is connected to the same network as the Client and Authenticator, must be running a RADIUS Server program and must be configured properly on the Authenticator (Switch). Clients connected to a port on the Switch must be authenticated by the Authentication Server (RADIUS) before attaining any services offered by the Switch on the LAN.
Page 214: Authentication Process
Figure 10- 19. The 802.1X Authentication Process The D-Link implementation of 802.1X allows network administrators to choose between two types of Access Control used on the Switch, which are: 1. Port-Based Access Control – This method requires only one user to be authenticated per port by a remote RADIUS server to allow the remaining users on the same port access to the network.
Page 215 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch detects events that indicate the attachment of an active device at the remote end of the link, or an active device becoming inactive. These events can be used to control the authorization state of the Port and initiate the process of authenticating the attached device if the Port is unauthorized.
Page 216: Radius Attributes Assignment
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch 802.1X Host-based Access Control RADIUS Server Ethernet Switch … 802.1X 802.1X 802.1X 802.1X 802.1X 802.1X 802.1X 802.1X 802.1X 802.1X 802.1X 802.1X Client Client Client Client Client Client Client Client...
Page 217: Guest Vlans
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Attribute-Specific field Used to assign the Unit (Kbits) Required bandwidth of the port If the user has configured the bandwidth attribute of the RADIUS server (for example, ingress bandwidth 1000Kbps) and the 802.1X authentication is successful, the device will assign the correct bandwidth (according to the RADIUS server) to the port.
Page 218: Limitations Using The Guest Vlan
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Limitations Using the Guest VLAN 1. Guest VLANs are only supported for port-based. Host-based cannot undergo this procedure. 2. Ports supporting Guest VLANs cannot be GVRP enabled and vice versa.
Page 219: 802.1X Authenticator Settings
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch 802.1X Authenticator Settings To configure the 802.1X Authenticator Settings, click Security > 802.1X > 802.1X Authenticator Settings: Figure 10- 23. 802.1X Authenticator Settings window To configure the settings by port, click on its corresponding Ports link, which will display the following table to configure:...
Page 220 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 10- 24. 802.1X Authenticator Settings window (Modify) This window allows users to set the following features: Parameter Description From/To] Enter the port or ports to be set. AdmDir Sets the administrative-controlled direction to either In or Both.
Page 221 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch SuppTimeout This value determines timeout conditions in the exchanges between the Authenticator and the client. The default setting is 30 seconds. ServerTimeout This value determines timeout conditions in the exchanges between the Authenticator and the authentication server.
Page 222: Local Users
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Local Users This window will allow the user to set different local users on the Switch. To view this window click Security > 802.1X > 802.1X User. Figure 10- 25. Local Users Configuration window Enter a User Name, Password and confirmation of that password.
Page 223: 802.1X Capability Settings
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch 802.1X Capability Settings This window will allow the user to set the capability settings for individual ports or range of ports on the Switch. To view this window click Security > 802.1X >...
Page 224: Initializing Ports For Port Based 802.1X
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 10- 27. Configure 802.1X Guest VLAN window The following fields may be modified to enable the guest 802.1X VLAN: Parameter Description Enter the pre-configured VLAN name to create as a Guest 802.1X VLAN.
Page 225: Initializing Ports For Host Based 802.1X
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Parameter Description From and To Select ports to be initialized. Auth PAE State The Authenticator PAE State will display one of the following: Initialize, Disconnected, Connecting, Authenticating, Authenticated, Aborting, Held, ForceAuth, ForceUnauth, and N/A.
Page 226: Reauthenticate Port(S) For Port Based 802.1X
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Reauthenticate Port(s) for Port Based 802.1X This window allows reauthentication of a port or group of ports by using the pull-down menus From and To and clicking Apply. The Reauthenticate Port Table displays the current status of the reauthenticated port(s) once Apply has been clicked.
Page 227: Reauthenticate Port(S) For Host-Based 802.1X
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Reauthenticate Port(s) for Host-based 802.1X To reauthenticate ports for the Host side of 802.1X, the user must first enable 802.1X by MAC address in the DES-30xx Web Management Tool window. Click Security > 802.1X > Reauthenticate Port(s) to open the following window: Figure 10- 31.
Page 228: Trusted Host
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Parameter Description RADIUS Timeout (1- This field is used to set the time the Switch will wait for a response from the Radius Server. The 255 Sec) user may set a time between 0 and 255 seconds. The default setting is 5 seconds.
Page 229: Access Authentication Control
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Add Trusted Host IP Enter a list of Trusted Host IP Submasks that will be given permission to access the Switch. Submask Access Authentication Control The TACACS/XTACACS/TACACS+/RADIUS commands allow users to secure access to the Switch using the TACACS/XTACACS/TACACS+/RADIUS protocols.
Page 230: Authentication Policy And Parameter Settings
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Authentication Policy and Parameter Settings This command will enable an administrator-defined authentication policy for users trying to access the Switch. When enabled, the device will check the Login Method List and choose a technique for user authentication upon login.
Page 231: Authentication Server Group
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Parameter Description Application Lists the configuration applications on the Switch. The user may configure the Login Method List and Enable Method List for authentication for users utilizing the Console (Command Line Interface) application, the Telnet application, SSH and the WEB (HTTP) application.
Page 232: Authentication Server Host
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 10- 37. Add a Server Host to Server Group (radius) window To add an Authentication Server Host to the list, enter its IP address in the IP Address field, choose the protocol associated with the IP address of the Authentication Server Host and click Add to Group to add this Authentication Server Host to the group.
Page 233 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 10- 39. Authentication Server Host Settings window To add an Authentication Server Host, click the Add button, revealing the following window: Figure 10- 40. Authentication Server Host Settings – Add window To edit an Authentication Server Host, click the IP address hyperlink, revealing the following window: Figure 10- 41.
Page 234 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch TACACS+ - Enter this parameter if the server host utilizes the TACACS+  protocol. RADIUS - Enter this parameter if the server host utilizes the RADIUS protocol.  Port (1-65535) Enter a number between 1 and 65535 to define the virtual port number of the authentication protocol on a server host.
Page 235: Login Method Lists
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Login Method Lists This command will configure a user-defined or default Login Method List of authentication techniques for users logging on to the Switch. The sequence of techniques implemented in this command will affect the authentication result. For example, if a user enters a sequence of techniques, for example TACACS –...
Page 236: Enable Method Lists
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 10- 44. Login Method List – Add window To define a Login Method List, set the following parameters and click Apply: Parameter Description Method List Name Enter a method list name defined by the user of up to 15 characters.
Page 237 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch To view the following table, click Security > Access Authentication Control > Enable Method Lists: Figure 10- 45. Enable Method List Settings window To delete an Enable Method List defined by the user, click the under the Delete heading corresponding to the entry desired to be deleted.
Page 238 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch methods to this method list: local_enable - Adding this parameter will require the user to be authenticated  using the local enable password database on the Switch. The user in the next section entitled Local Enable Password must set the local enable password.
Page 239: Configure Local Enable Password
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Configure Local Enable Password This window will configure the locally enabled password for the Enable Admin command. When a user chooses the "local_enable" method to promote user level privileges to administrator privileges, he or she will be prompted to enter the password configured here that is locally set on the Switch.
Page 240: Traffic Segmentation
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Traffic Segmentation Traffic segmentation is used to limit traffic flow from a single port to a group of ports on a single Switch. This method of segmenting the flow of traffic is similar to using VLANs to limit traffic, but is more restrictive. It provides a method of directing traffic that does not increase the overhead of the Master switch CPU.
Page 241: Dos Attack Prevention
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 10- 52. Setup Forwarding ports window This window allows the user to determine which port on a given switch will be allowed to forward packets to other ports on that switch.
Page 242 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 10- 53. DoS Attack Prevention window The following parameters may be set. Parameter Description Type Select the type of attack from the list below or choose All to select all attack types.
Page 243 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch TCP SYNFIN – A TCP SYNFIN works by using SYN and FIN bits set into the TCP packets. These packets will leave the victim unable to get normal SYN packets and a large amount of these packets will result in the victim being blocked in CLOSE WAIT.
Page 244 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 10- 56. DoS Smurf Attack Prevention window – Summary window Figure 10- 57. DoS TCP Null Scan Prevention window – Summary window Figure 10- 58. DoS TCP Xmascan Prevention window – Summary window...
Page 245 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 10- 59. DoS TCP SYNFIN Prevention window – Summary window Figure 10- 60. DoS TCP SYN SrcPort less 1024 Prevention window – Summary window...
Page 246: Monitoring
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Section 11 Monitoring CPU Utilization Port Utilization Packets Packet Errors Packet Size MAC Address Switch Log IGMP Snooping Group Browse Router Port VLAN Status MLD Snooping Group Browse MLD Snooping Router Port Static ARP Settings ARP –FDB...
Page 247: Port Utilization
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 11- 1. CPU Utilization graph The window will automatically refresh with new updated statistics. The information is described as follows: Parameter Description Time Interval Select the desired setting between 1s and 60s, where "s" stands for seconds. The default value is one second.
Page 248: Packets
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 11- 2. Port Utilization window The user may use the real-time graphic of the Switch at the top of the web page to view utilization statistics per port by clicking on a port.
Page 249: Received (Rx)
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Received (RX) The following graph displays packets received by the Switch. To select a port to view these statistics for, use the Port pull-down menu. The user may also use the real-time graphic of the Switch at the top of the web page by simply clicking on a port. To view this window click Monitoring >...
Page 250 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 11- 4. Rx Packets Analysis Table The following fields may be set or viewed: Parameter Description Time Interval Select the desired setting between 1s and 60s, where "s" stands for seconds. The default value is one second.
Page 251: Umb Cast (Rx)
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch UMB Cast (RX) The following graph displays UMB cast packets received by the Switch. To select a port to view these statistics for, use the Port pull-down menu. The user may also use the real-time graphic of the Switch at the top of the web page by simply clicking on a port.
Page 252 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 11- 6. Rx Packets Analysis window (table for Unicast, Multicast, and Broadcast Packets) The following fields may be set or viewed: Parameter Description Time Interval Select the desired setting between 1s and 60s, where "s" stands for seconds. The default value is one second.
Page 253: Transmitted (Tx)
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Transmitted (TX) The following graph displays the packets transmitted from the Switch. To select a port to view these statistics for, use the Port pull-down menu. The user may also use the real-time graphic of the Switch at the top of the web page by simply clicking on a port.
Page 254 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 11- 8. Tx Packets Analysis window (table for Bytes and Packets) The following fields may be set or viewed: Parameter Description Time Interval Select the desired setting between 1s and 60s, where "s" stands for seconds. The default value is one second.
Page 255: Packet Errors
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Packet Errors The Web Manager allows port error statistics compiled by the Switch's management agent to be viewed as either a line graph or a table. Four windows are offered.
Page 256 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 11- 10. Rx Error Analysis window (table) The following fields can be set: Parameter Description Time Interval Select the desired setting between 1s and 60s, where "s" stands for seconds. The default value is one second.
Page 257: Transmitted (Tx)
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Transmitted (TX) The following graph displays error packets received by the Switch. To select a port to view these statistics for, select the port by using the Port pull-down menu. The user may also use the real-time graphic of the Switch at the top of the web page by simply clicking on a port.
Page 258 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 11- 12. Tx Error Analysis window (table) The following fields may be set or viewed: Parameter Description Time Interval Select the desired setting between 1s and 60s, where "s" stands for seconds. The default value is one second.
Page 259: Packet Size
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Packet Size The Web Manager allows packets received by the Switch, arranged in six groups and classed by size, to be viewed as either a line graph or a table. Two windows are offered. To select a port to view these statistics for, select the port by using the Port pull-down menu.
Page 260 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 11- 14. Rx Size Analysis window (table) The following fields can be set or viewed: Parameter Description Time Interval Select the desired setting between 1s and 60s, where "s" stands for seconds. The default value is one second.
Page 261: Mac Address
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch MAC Address This allows the Switch's dynamic MAC address forwarding table to be viewed. When the Switch learns an association between a MAC address and a port number, it makes an entry into its forwarding table. These entries are then used to forward packets through the Switch.
Page 262 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch The following fields can be viewed or set: Parameter Description VLAN Name Enter a VLAN Name by which to browse the forwarding table. MAC Address Enter a MAC address by which to browse the forwarding table.
Page 263: Switch Log
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Switch Log The Web manager allows the Switch's history log, as compiled by the Switch's management agent, to be viewed. To view the Switch history log, click Monitoring > Switch Log.
Page 264: Igmp Snooping Group
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch IGMP Snooping Group This window allows the Switch’s IGMP Snooping Group Table to be viewed. IGMP Snooping allows the Switch to read the Multicast Group IP address and the corresponding MAC address from IGMP packets that pass through the Switch. The number of IGMP reports that were snooped is displayed in the Reports field.
Page 265: Browse Router Port
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Browse Router Port This window displays which of the Switch’s ports are currently configured as router ports. A router port configured by a user (using the console or Web-based management interfaces) is displayed as a static router port, designated by S. A router port that is dynamically configured by the Switch is designated by D.
Page 266: Browse Mld Snooping Router Port
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 11- 20. MLD Snooping Group window The following field can be viewed: Parameter Description The VLAN ID to identify the MLD multicast group. VLAN Name The VLAN name of the MLD multicast group.
Page 267: Static Arp Settings
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Static ARP Settings This window will show current ARP entries on the Switch. To clear the ARP Table, click Clear All. To view this window click Monitoring > Static ARP Settings.
Page 268 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 11- 25. ARP-FDB window To search for information regarding a specific entry, enter the appropriate information and click Find. The ARP-FDB entries will be displayed in the ARP-FDB Table, to add an entry to the IP-MAC-Port Binding Table click the corresponding Add button.
Page 269: Gratuitous Arp Settings
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Gratuitous ARP Settings This window will show the Gratuitous ARP Settings on the Switch. An ARP announcement (also known as Gratuitous ARP) is a packet (usually an ARP Request) containing a valid SHA (Sender Hardware Address) and SPA (Sender Protocol Address) for the host which sent it, with TPA (Target Protocol Address) equal to SPA.
Page 270: Session Table
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Interval After making the desired changes, click Apply to implement the new Gratuitous ARP Table entry. Session Table The Session Table allows the user to view detailed information on the current configuration session of the Switch. Information such as the Session ID of the user, initial Login Time, Live Time, configuration connection From the Switch, Level and Name of the user are displayed.
Page 271 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Parameter Description Server The identification number assigned to each RADIUS Authentication server that the client shares a secret with. UDP Port The UDP port the client is using to send requests to this server.
Page 272: Radius Accounting
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch RADIUS Accounting This window shows managed objects used for managing RADIUS accounting clients, and the current statistics associated with them. It has one row for each RADIUS authentication server that the client shares a secret with. To view the RADIUS Accounting, click Monitoring >...
Page 273: Reset
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch UnknownTypes The number of RADIUS packets of unknown type which were received from this server on the accounting port. PacketsDropped The number of RADIUS packets, which were received from this server on the accounting port and dropped for some other reason.
Page 274: Reboot System
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Reboot System The following window is used to restart the Switch. Figure 11- 32. Reboot System window Clicking the Yes radio button will instruct the Switch to save the current configuration to non-volatile RAM before restarting the Switch.
Page 275: Logout
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Logout Click the Logout button on the Logout window to immediately exit the Switch. Figure 11- 34. Logout window...
Page 276: Technical Specifications
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Appendix A Technical Specifications General IEEE 802.3 10BASE-T Ethernet Protocols IEEE 802.3u 100BASE-TX Fast Ethernet IEEE 802.3ab 1000BASE-T Gigabit Ethernet IEEE 802.3z 1000BASE-T (SFP “Mini GBIC”) IEEE 802.1D/s/w Spanning Tree IEEE 802.1Q VLAN...
Page 277 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Input: DES-3028/DES-3052/DES-3028G - 100~240V, AC/0.5A, 50~60Hz Internal Power Supply DES-3052P - 100~240V, AC/5A, 50~60Hz DES-3028P - 100~240V, AC/2.9A, 50~60Hz Output: DES-3028/DES-3052/DES-3028G: 12V, 3.3A (Max) DES-3028P: 12V, 3.3A/50V, 3.7A (Max) DES-3052P: 12V,10.5A/50V,7.5A (Max)
Page 278 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch PoE Features DES-3028P:Random 12 ports PoE Capable Ports DES-3052P:Random 24 ports Max 15.4W per port DES-3028P: Per port 15.4W (Default), Output capacity for DES-3028P185W Power feeding for PoE DES-3052P: Per port 15.4W (Default),...
Page 279 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch LED indicators Location LED Indicative Color Status Description Solid Light Power On Power Green Light off Power Off Solid Light Console on Per Device Console Green Blinking POST is in progress/ POST is failure.
Page 280 Store and Forward Switching Capacity 12.8Gbps for DES-3028/DES-3028P/DES-3028G 17.6Gbps for DES-3052/DES-3052P 64 Byte system packet forwarding rate 9.5 million packets per second for DES-3028/DES-3028P/DES-3028G 13.1 million packets per second for DES-3052/DES-3052P Priority Queues 4 Priority Queues per port MAC Address Table...
Page 281 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch 1. DEM-310GT (1000BASE-LX) 2. DEM-311GT (1000BASE-SX) 3. DEM-314GT (1000BASE-LH) 4. DEM-315GT (1000BASE-ZX) 5. DEM-210 (Single Mode 100BASE-FX) 6. DEM-211 (Multi Mode 100BASE-FX) WDM Transceiver Supported: 1.DEM-330T (TX-1550/RX-1310nm),up to 10km,Single-Mode 2.DEM-330R (TX-1310/RX-1550nm), up to 10km,Single-Mode...
Page 282: System Log Entries
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Appendix B System Log Entries The following table lists all possible entries and their corresponding meanings that will appear in the System Log of this Switch. Category Event Description...
Page 283 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Configuration download by console was Configuration download by Warning unsuccessful console was unsuccessful! (Username: <username>) Configuration successfully uploaded Configuration successfully Informational uploaded (Username: <username>, IP: <ipaddr>) Configuration successfully uploaded by...
Page 284 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Logout through Web Logout through Web (Username: Informational <username>, IP: <ipaddr>) Successful login through Web (SSL) Successful login through Web Informational (SSL) (Username: <username>, IP: <ipaddr>) Login failed through Web (SSL)
Page 285 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Logout through SSH Logout through SSH (Username: Informational <username>, IP: <ipaddr>) SSH session timed out SSH session timed out Informational (Username: <username>, IP: <ipaddr>) SSH server is enabled SSH server is enabled...
Page 286 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Successful login through SSH Successful login through SSH from Informational authenticated by AAA local method <userIP> authenticated by AAA local method (Username: <username>) Login failed through SSH authenticated by...
Page 287 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Login failed through Web due to AAA Login failed through Web from Warning server timeout or improper configuration <userIP> due to AAA server timeout or improper configuration (Username:<username>) Successful login through Web (SSL)
Page 288 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Successful Enable Admin through Web Successful Enable Admin through Informational authenticated by AAA local_enable Web from <userIP> authenticated method by AAA local_enable method (Username: <username>) Enable Admin failed through Web...
Page 289 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Successful Enable Admin through Web Successful Enable Admin through Informational (SSL) authenticated by AAA none Web(SSL) from <userIP> method. authenticated by AAA none method (Username: <username>) Successful Enable Admin through Telnet...
Page 290 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Enable Admin failed through Web(SSL) Enable Admin failed through Warning due to AAA server timeout or improper Web(SSL) due to AAA server configuration timeout or improper configuration (Username: <username>)
Page 291 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch IP:<ipaddr>,MAC:<macaddr>) Safeguard Engine Safeguard Engine enters Safeguard Engine is in normal mode Informational NORMAL mode Safeguard Engine enters Safeguard Engine is in exhausted mode Warning EXHAUSTED mode Packet Storm Port <portNum>...
Page 292: Standard Trap List
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch 802.1x Authentication failure from Warning 802.1x Authentication failure (Username: <user_account>, Port <portNum>, MAC: <macaddr>) 802.1x Authentication failure for the radius server <server_ip> 802.1x Authentication failure for the radius Warning...
Page 293: Proprietary Trap List
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch 1.3.6.1.6.3.1.1.5.4 ifAdminStatus (IF-MIB) ifOperStatus newRoot None rfc1493 1.3.6.1.2.1.17.0.1 (BRIDGE-MIB) topologyChange None rfc1493 1.3.6.1.2.1.17.0.2 (BRIDGE-MIB) Proprietary Trap List Trap Name/OID Variable Bind Format MIB Name swPktStormCleared swPktStormCtrlPortIndex PKT-STORM-CTRL-MIB 1.3.6.1.4.1.171.12.25.5.0.2 swPktStormOccurred...
Page 294 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch 1.3.6.1.4.1.171.11.63.11.2.20.0.1...
Page 295: Cable Lengths
DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Appendix C Cable Lengths Use the following table to as a guide for the maximum cable lengths. Standard Media Type Maximum Distance Mini-GBIC 1000BASE-LX, Single-mode fiber module 10km 1000BASE-SX, Multi-mode fiber module...
Page 296: Password Recovery Procedure
This document will explain how the Password Recovery feature can help network administrators reach this goal. The following steps explain how to use the Password Recovery feature on D-Link devices to easily recover passwords. Complete these steps to reset the password: For security reasons, the Password Recovery feature requires the user to physically access the device.
Page 297 DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Command Parameters accounts. reset password The reset password command resets the password of the specified {<username>} user. If a username is not specified, the password of all users will be reset.
Page 298: Glossary
Appendix E Glossary 1000BASE-SX: A short laser wavelength on multimode fiber optic cable for a maximum length of 2000 meters 1000BASE-LX: A long wavelength for a "long haul" fiber optic cable for a maximum length of 10 kilometers 100BASE-FX: 100Mbps Ethernet implementation over fiber. 100BASE-TX: 100Mbps Ethernet implementation over Category 5 and Type 1 Twisted Pair cabling.
Page 299 LAN - Local Area Network: A network of connected computing resources (such as PCs, printers, servers) covering a relatively small geographic area (usually not larger than a floor or building). Characterized by high data rates and low error rates. latency: The delay between the time a device receives a packet and the time the packet is forwarded out of the destination port. line speed: See baud rate.
Page 300: Arp Packet Content Acl
This protocol is vulnerable so hackers can spoof the IP and MAC information in the ARP packets to attack a LAN (known as ARP spoofing). This document is intended to introduce ARP protocol, ARP spoofing attacks, and the countermeasure devised by D-Link to put an end to ARP spoofing attacks. How Address Resolution Protocol works In the process of ARP, PC A will, firstly, issue an ARP request to query PC B’s MAC address.
Page 301 When the switch receives the frame, it will check the “Source Address” in the Ethernet frame’s header. If the address is not in its Forwarding Table, the switch will learn PC A’s MAC and the associated port and enter them in its Forwarding Table. Forwarding Table Port1 00-20-5C-01-11-11 In addition, when the switch receives the broadcasted ARP request, it will flood the frame to all ports except the source port, port...
Page 302 Protocol Protocol Operation Sender Sender Target Target type type address address protocol protocol H/W address H/W address length length address address 10.10.10.1 10.10.10.2 ARP reply 00-20-5C-01-11-11 00-20-5C-01-22-22 Table – 3 (ARP Payload) When PC B replies to the query, “Destination Address” in the Ethernet frame it will change to PC A’s MAC address. The “Source Address”...
Page 303 How ARP spoofing attacks a network ARP spoofing, also known as ARP poisoning, is a method to attack an Ethernet network which may allow an attacker to sniff data frames on a LAN, modify the traffic, or stop the traffic altogether (known as a Denial of Service - DoS attack). The principle of ARP spoofing is to send the fake, or spoofed ARP messages to an Ethernet network.
Page 304 Gratuitous ARP Ethernet Header Destination Source address Ethernet H/W type Protocol Protocol Operation Sender H/W Sender Target H/W Target address type type address address address protocol address protocol length length address address (6-byte) (6-byte) (2-byte) (2-byte) (2-byte) (1-byte) (1-byte) (2-byte) (6-byte) (4-byte) (6-byte)
Page 305 Configuration: The design of the Packet Content ACL on the DES-3028 series can inspect any specified content in the first 20 bytes of an ARP packet (up to 80 bytes in total at one time). It utilizes offsets to match individual fields in the Ethernet Frame. An offset contains 16 bytes and the switch supports 5 offsets with each offset being divided into a four 4-byte values in a HEX format.
Page 308: Fcc Warning
FCC Warning This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment.
Page 309 Fiber Optic Ports - Optical Safety The following safety warnings apply to all optical devices used in equipment that are removable or directly installed in an I/O module or chassis system. Such devices include but are not limited to gigabit interface converters (GBICs), small form factor pluggable (SFP) modules (or mini-GBICs), XENPAK transceivers, and XFP laser optic modules.
Page 310: Warranties/Registration
Ninety (90) days D-Link’s sole obligation shall be to repair or replace the defective Hardware at no charge to the original owner. Such repair or replacement will be rendered by D- Link at an Authorized D-Link Service Office. The replacement Hardware need not be new or of an identical make, model or part; D-Link may in its discretion may replace the defective Hardware (or any part thereof) with any reconditioned product that D-Link reasonably determines is substantially equivalent (or superior) in all material respects to the defective Hardware.
Page 311: Copyright Statement
OF THE PRODUCT IS WITH THE PURCHASER OF THE PRODUCT. Limitation of Liability: TO THE MAXIMUM EXTENT PERMITTED BY LAW, D-LINK IS NOT LIABLE UNDER ANY CONTRACT, NEGLIGENCE, STRICT LIABILITY OR OTHER LEGAL OR EQUITABLE THEORY FOR ANY LOSS OF USE OF THE PRODUCT, INCONVENIENCE OR DAMAGES OF ANY...
Page 312 The customer must submit with the product as part of the claim a written description of the Hardware defect or Software nonconformance in sufficient detail to allow D-Link to confirm the same, along with proof of purchase of the product (such as a copy of the dated purchase invoice for the product) if the product is not registered.
Page 313 SERVICE) RESULTING FROM THE USE OF THE PRODUCT, RELATING TO WARRANTY SERVICE, OR ARISING OUT OF ANY BREACH OF THIS LIMITED WARRANTY, EVEN IF D-LINK HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE SOLE REMEDY FOR A BREACH OF THE FOREGOING LIMITED WARRANTY IS REPAIR, REPLACEMENT OR REFUND OF THE DEFECTIVE OR NON- CONFORMING PRODUCT.
Page 314: Product Registration
Product Registration Register your D-Link product online at http://support.dlink.com/register/ Product registration is entirely voluntary and failure to complete or return this form will not diminish your warranty rights.
Page 315: Limited Warranty
(90) days after any repaired or replaced Hardware is delivered. If a material defect is incapable of correction, or if D-Link determines in its sole discretion that it is not practical to repair or replace the defective Hardware, the price paid by the original purchaser for the defective Hardware will be refunded by D-Link upon return to D-Link of the defective Hardware.
Page 316 The packaged product shall be insured and shipped to Authorized D-Link Service Office with all shipping costs prepaid. D-Link may reject or return any product that is not packaged and shipped in strict compliance with the foregoing requirements, or for which an RMA number is not visible from the outside of the package.
Page 317 This limited warranty provides specific legal rights and the product owner may also have other rights which vary from state to state. Trademarks Copyright .2002 D-Link Corporation. Contents subject to change without prior notice. D-Link is a...
Page 318 No part of this publication may be reproduced in any form or by any means or used to make any derivative such as translation, transformation, or adaptation without permission from D-Link Corporation/D-Link Systems Inc., as stipulated by the United States Copyright Act of 1976. FCC Warning This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules.
Page 319: Tech Support
Tech Support Technical Support You can find software updates and user documentation on the D-Link website. D-Link provides free technical support for customers within the United States and within Canada for the duration of the service period, and warranty confirmation service, during the warranty period on this product.
Page 320: Technical Support
Technical Support United Kingdom (Mon-Fri) Home Wireless/Broadband 0871 873 3000 (9.00am–06.00pm, Sat 10.00am-02.00pm) Managed, Smart, & Wireless Switches, or Firewalls 0871 873 0909 (09.00am – 05.30pm) (BT 10ppm, other carriers may vary.) Ireland (Mon-Fri) All Products 1890 886 899 (09.00am-06.00pm, Sat 10.00am-02.00pm) €0.05ppm peak, €0.045ppm off peak Times Internet http://www.dlink.co.uk...
Page 321: Assistance Technique
Assistance technique Assistance technique D-Link par téléphone : 0 820 0803 03 0,12 €/min la minute : Lundi – Vendredi de 9h à 13h et de 14h à 19h Samedi 9h à 13h et de 14h à 16h Assistance technique D-Link sur internet : http://www.dlink.fr...
Page 322: Pomoc Techniczna
Pomoc techniczna Telefoniczna pomoc techniczna firmy D-Link: 0 801 022 021 Pomoc techniczna firmy D-Link świadczona przez Internet: URL: http://www.dlink.pl e-mail: serwis@dlink.pl Technická podpora Web: http://www.dlink.cz/suppport/ E-mail: support@dlink.cz Telefon: 225 281 553 Telefonická podpora je v provozu: PO- PÁ od 09.00 do 17.00 Land Line 1,78 CZK/min - Mobile 5.40 CZK/min...
Page 323 Teknistä tukea asiakkaille Suomessa: Arkisin klo. 9 - 21 numerosta : 06001 5557 Internetin kautta : http://www.dlink.fi Teknisk Support D-Link Teknisk Support via telefon: 0900-100 77 00 Vardagar 08.00-20.00 D-Link Teknisk Support via Internet: http://www.dlink.se Assistência Técnica Assistência Técnica da D-Link na Internet: http://www.dlink.pt...
Page 324 D-Link - ovo spletno stran www.dlink.eu www.dlink.biz/sl Suport tehnica Vă mulţumim pentru alegerea produselor D-Link. Pentru mai multe informaţii, suport şi manuale ale produselor vă rugăm să vizitaţi site-ul D-Link www.dlink.eu www.dlink.ro...
Page 325 Technical Support You can find software updates and user documentation on the D-Link website. Tech Support for customers in Australia: Tel: 1300-766-868 24/7(24Hrs, 7days a week) technical support http://www.dlink.com.au e-mail: support@dlink.com.au India: Tel: 1800-222-002 9.00 AM to 9.00 PM. All days http://www.dlink.co.in/support/productsupport.aspx...
Page 326 Technical Support You can find software updates and user documentation on the D-Link website. Tech Support for customers in Egypt: Tel: +202-2919035 or +202-2919047 Sunday to Thursday 9:00am to 5:00pm http://support.dlink-me.com Email: support.eg@dlink-me.com Iran: Te: +98-21-88880918,19 Saturday to Thursday 9:00am to 5:00pm http://support.dlink-me.com...
Page 327 Техническая поддержка Обновления программного обеспечения и документация доступны на Интернет-сайте D-Link. D-Link предоставляет бесплатную поддержку для клиентов в течение гарантийного срока. Клиенты могут обратиться в группу технической поддержки D-Link по телефону или через Интернет. Техническая поддержка D-Link: +7(495) 744-00-99 Техническая поддержка через Интернет...
Page 328 SOPORTE TÉCNICO Usted puede encontrar actualizaciones de softwares o firmwares y documentación para usuarios a través de nuestro sitio www.dlinkla.com SOPORTE TÉCNICO PARA USUARIOS EN LATINO AMERICA Soporte técnico a través de los siguientes teléfonos de D-Link PAIS NUMERO HORARIO...
Page 329 Você pode encontrar atualizações de software e documentação de usuário no site da D-Link Brasil. A D-Link fornece suporte técnico gratuito para clientes no Brasil durante o período de vigência da garantia deste produto. Suporte Técnico para clientes no Brasil: Telefone São Paulo +11-2185-9301...
Page 330 D-Link D-Link...
Page 331 Dukungan Teknis Update perangkat lunak dan dokumentasi pengguna dapat diperoleh pada situs web D-Link. Dukungan Teknis untuk pelanggan: Dukungan Teknis D-Link melalui telepon: Tel: +62-21-5731610 Dukungan Teknis D-Link melalui Internet: Email : support@dlink.co.id Website : http://support.dlink.co.id...
Page 332 Technical Support この度は弊社製品をお買い上げいただき、誠にありがとうございます。下記弊社 Web サイトからユーザ登録及び新製品登録を行っていただくと、ダウンロードサービスにてサポート情報、ファームウェア、ユーザマニュアルをダウンロードすることができます。ディーリンクジャパン Web サイト URL:http://www.dlink-jp.com...
Page 333 技術支持您可以在 D-Link 的官方網站找到產品的軟件升級和使用手冊办公地址：北京市东城区北三环东路 36 号环球贸易中心 B 座 26F 02-05 室邮编: 100013 技术支持中心电话：8008296688/ (028)66052968 技术支持中心传真：(028)85176948 维修中心地址：北京市东城区北三环东路 36 号环球贸易中心 B 座 26F 02-05 室邮编: 100013 维修中心电话：(010) 58257789 维修中心传真：(010) 58257790 网址：http://www.dlink.com.cn 办公时间：周一到周五，早09:00到晚18:00...

This manual is also suitable for:

Des-3028p Des-3052 Des-3052p Des-3028g

D-Link DES-3028 User Manual

Preface

Intended Readers

Typographical Conventions

Notes, Notices, and Cautions

Safety Instructions

Introduction

Des-3028/28P/28G/52/52P

Installation

Connecting the Switch

Introduction to Switch Management

Management Options

Web-Based Switch Configuration

Introduction

Administration

Device Information

IP Address

Port Configuration

DHCP/BOOTP Relay

User Accounts

Cable Diagnostics

Port Mirroring

System Log Settings

Log Settings

SNTP Settings

MAC Notification Settings

TFTP Services

Multiple Image Services

Ping Test

Safeguard Engine

SNMP Manager

Poe System

Single IP Settings

Forwarding & Filtering

SMTP Service

L2 Features

Vlans

Trunking

IGMP Snooping

MLD Snooping

Spanning Tree

Loopback Detection Settings

Lldp

Cos

Port Bandwidth

802.1P Default Priority

802.1P User Priority

Cos Scheduling Mechanism

Cos Output Scheduling

Priority Settings

TOS Priority Settings

DSCP Priority Settings

Port Mapping Priority Settings

MAC Priority

Acl

Time Range

Access Profile Table

CPU Interface Filtering

Security

Traffic Control

Port Security

Port Lock Entries

IP-MAC-Port Binding

Ssl

Ssh

802.1X

Trusted Host

Access Authentication Control

Traffic Segmentation

Dos Attack Prevention

Monitoring

CPU Utilization

Port Utilization

Packets

Packet Errors

Packet Size

MAC Address

Switch Log

IGMP Snooping Group

Browse Router Port