Page 2 © 2011 D-Link Corporation. All rights reserved. Reproduction in any manner whatsoever without the written permission of D-Link Corporation is strictly forbidden. Trademarks used in this text: D-Link and the D-LINK logo are trademarks of D-Link Corporation; Microsoft and Windows are registered trademarks of Microsoft Corporation.
Page 3: Table Of Contents
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Table of Contents Intended Readers ............................... viii Typographical Conventions ............................viii Notes, Notices, and Cautions ............................. viii Web-based Switch Configuration ....................9 Introduction ................................... 9 Login to Web Manager ................................9 Web-based User Interface ...............................
Page 4 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide SMTP Service Settings ................................37 SMTP Service ..................................38 MAC Notification Settings ............................38 MAC Notification Global Settings ............................. 38 MAC Notification Port Settings ..............................38 SNMP Settings ................................39 SNMP View Table ..................................
Page 5 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide GVRP Settings ................................76 Asymmetric VLAN Settings ............................77 MAC-based VLAN Settings ............................77 PVID Auto Assign Settings ............................78 Port Trunking ................................78 LACP Port Settings ..............................80 Traffic Segmentation ..............................
Page 6 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide CFM Port Settings .................................. 120 CFM Loopback Settings ................................. 121 CFM Linktrace Settings ................................122 ERPS Settings ................................123 QoS ............................. 125 Advantages of QoS ................................125 Understanding QoS ................................126 Bandwidth Control ..............................
Page 7 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide SSH Settings ..................................158 SSH Authmode and Algorithm Settings ..........................158 SSH User Authentication Lists ............................... 160 Access Authentication Control ..........................161 Authentication Policy Settings ..............................162 Application Authentication Settings ............................162 Authentication Server Group ..............................
Page 8 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Authenticator Diagnostics ..............................232 Browse ARP Table ..............................234 Browse VLAN ................................234 IGMP Snooping ................................ 234 Browse IGMP Router Port..............................234 IGMP Snooping Group ................................235 IGMP Snooping Host ................................236 MLD Snooping ................................
Page 9: Intended Readers
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Intended Readers The DES-3200 Series User Manual contains information for setup and management of the Switch. This manual is intended for network managers familiar with network management concepts and terminology.
Page 10: Web-Based Switch Configuration
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Section 1 Web-based Switch Configuration Introduction Login to Web Manager Web-based User Interface Web Pages Introduction All software functions of the Switch can be managed, configured and monitored via the embedded web-based (HTML) interface.
Page 11: Web-Based User Interface
Function Area 1 Select the folder or window to be displayed. The folder icons can be opened to display the hyperlinked window buttons and subfolders contained within them. Click the D-Link logo to go to the D-Link website. Area 2 Presents a graphical near real-time image of the front panel of the Switch.
Page 12: Web Pages
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Web Pages When you connect to the management mode of the Switch with a Web browser, a login window is displayed. Enter a user name and password to access the Switch's management mode.
Page 13: Configuration
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Section 2 Configuration Device Information System Information Serial Port Settings IP Address Settings IPv6 Interface Settings IPv6 Route Settings IPv6 Neighbor Settings Port Configuration Static ARP Settings User Accounts...
Page 14: Device Information
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Device Information This window contains the main settings for all major functions on the Switch and appears automatically when you log on. To return to the Device Information window, click the DES-3200 Series folder. The Device Information window shows the Switch’s MAC Address (assigned by the factory and unchangeable), the Boot PROM Version, Firmware...
Page 15: Serial Port Settings
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Serial Port Settings The following window allows the Baud Rate and the Auto Logout to be changed as well as containing information about the Serial Port Settings. Click Configuration > Serial Port Settings to display this window: Figure 2 - 3.
Page 16: Ip Address Settings
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide IP Address Settings The IP address may initially be set using the console interface prior to connecting to it through the Ethernet. If the Switch IP address has not yet been changed, read the introduction of the DES-3200 Series CLI Reference Manual for more information.
Page 17 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide The IP Address Settings options are: Parameter Description Allows the entry of an IPv4 address, Subnet Mask, and a Default Gateway for the Switch. These Static fields should be of the form xxx.xxx.xxx.xxx, where each xxx is a number (represented in decimal form) between 0 and 255.
Page 18: Ipv6 Address Settings
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide IPv6 Address Settings Users can display the Switch’s current IPv6 interface settings. To view the following window, click Configuration > IPv6 Interface Settings: Figure 2 - 5. IPv6 Interface Settings window To configure IPv6 interface settings, enter an IPv6 Address and click Apply.
Page 19: Ipv6 Route Settings
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Parameter Description Interface Name The name of the IPv6 interface being displayed or modified. VLAN Name Display the VLAN name of the IPv6 interface. Admin. State Display the current administrator state.
Page 20: Port Configuration
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide The following parameters may be configured or viewed: Parameter Description Interface Name Enter the name of the IPv6 neighbor. To search for all the current interfaces on the Switch, go to the second Interface Name field in the middle part of the window, tick the All check box, and then click the Find button.
Page 21 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Parameter Description From Port/To Use the pull-down menus to select the port or range of ports to be configured. Port State Toggle this field to either enable or disable a given port or group of ports.
Page 22: Port Description Settings
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Port Description Settings The Switch supports a port description feature where the user may name various ports on the Switch. To view the following window, click Configuration > Port Configuration > Port Description Settings: Figure 2 - 9.
Page 23: Static Arp Settings
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Figure 2 - 10. Port Error Disabled window The following parameters are displayed: Parameter Description Port Displays the port that has been error disabled. Port State Describes the current running state of the port, whether Enabled or Disabled.
Page 24: User Accounts
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide User Accounts Use this window to control user privileges, create new users, and view existing User Accounts. To view this window, click Configuration > User Accounts: Figure 2 - 12. User Accounts window...
Page 25: System Log Configuration
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide User Account Management Add/Update/Delete User Accounts View User Accounts Table 2 - 1. Admin and User Privileges System Log Configuration This section contains information for configuring various attributes and properties for System Log Configurations, including System Log Settings and System Log Host.
Page 26 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Parameter Description Server ID Syslog server settings index (1-4). Severity This drop-down menu allows you to select the level of messages that will be sent. The options are Warning, Informational, and All.
Page 27: Dhcp Relay
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide DHCP Relay The relay hops count limit allows the maximum number of hops (routers) that the DHCP messages can be relayed through to be set. If a packet’s hop count is equal to or more than the hop count limit, the packet is dropped. The range is between 1 and 16 hops, with a default value of 4.
Page 28 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide check and policy settings will have no effect. DHCP Relay Agent This field can be toggled between Enabled and Disabled using the pull-down menu. It is Information Option 82 used to enable or disable the Switches ability to check the validity of the packet’s option 82...
Page 29 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Circuit ID sub-option format: VLAN Module Port 1 byte 1 byte 1 byte 1 byte 2 bytes 1 byte 1 byte a. Sub-option type b. Length c. Circuit ID type d.
Page 30: Dhcp Relay Interface Settings
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide DHCP Relay Interface Settings This window allows the user to set up a server, by IP address, for relaying DHCP/ BOOTP information to the Switch. The user may enter a previously configured IP interface on the Switch that will be connected directly to the DHCP server using the following window.
Page 31: Dhcp Auto Configuration Settings
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Figure 2 - 18. DHCP Local Relay Settings window The following parameters may be configured. Parameter Description DHCP Local Relay This is used to enable or disable DHCP Local Relay service on the Switch. The default is Operation State Disabled.
Page 32: Web Settings
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide To access this window, click Configuration > MAC Address Aging Time: Figure 2 - 20. MAC Address Aging Time window Web Settings Web-based management is Enabled by default. If you choose to disable this by selecting Disabled, you will lose the ability to configure the system through the Web interface as soon as these settings are applied.
Page 33: Cli Paging Settings
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide CLI Paging Settings CLI paging can be Enabled or Disabled in this window. It is Enabled by default. CLI paging settings are used when issuing a command which causes the console screen to rapidly scroll through several pages. This command will cause the console to pause at the end of each page.
Page 34: Firmware Information
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Firmware Information Information about current firmware images stored on the Switch can be viewed. To access this window, click Configuration > Firmware Information: Figure 2 - 25. Firmware Information window...
Page 35: Sntp Settings
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide SNTP Settings The SNTP Settings folder offers two windows: Time Settings and Time Zone Settings. Time Settings To configure the time settings for the Switch, click Configuration > SNTP Settings > Time Settings: Figure 2 - 26.
Page 36: Time Zone Settings
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Time Zone Settings The following window is used to configure time zones and Daylight Savings Time settings for SNTP. To configure the time zone settings for the Switch, click Configuration > SNTP Settings > Time Zone Settings: Figure 2 - 27.
Page 37 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide From: Day of the Enter the day of the week that DST will start on. Week From: Month Enter the month DST will start on. From: Time in Enter the time of day that DST will start on.
Page 38: Smtp Settings
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide SMTP Settings SMTP or Simple Mail Transfer Protocol is a function of the Switch that will send switch events to mail recipients based on e-mail addresses entered in the window below. The Switch is to be configured as a client of SMTP while the server is a remote device that will receive messages from the Switch, place the appropriate information into an e-mail and deliver it to recipients configured on the Switch.
Page 39: Smtp Service
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide SMTP Service This window is used to test the SMTP Service Settings configured in the previous window. To view the following window, click Configuration > SMTP Service: Figure 2 - 29. SMTP Service window To test to see if the SMTP settings are working properly, enter a Subject, Content, and then click the Send button.
Page 40: Snmp Settings
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Figure 2 - 31. MAC Notification Port Settings window The following parameters may be modified: Parameter Description From Port/To Select a port or group of ports to enable for MAC notification using the pull-down menus.
Page 41: Snmp View Table
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide SNMPv3 uses a more sophisticated authentication process that is separated into two parts. The first part is to maintain a list of users and their attributes that are allowed to act as SNMP managers. The second part describes what each user on that list can do as an SNMP manager.
Page 42: Snmp Group Table
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Parameter Description View Name Type an alphanumeric string of up to 32 characters. This is used to identify the new SNMP view being created. Subtree OID Type the Object Identifier (OID) Subtree for the view. The OID identifies an object tree (MIB tree) that will be included or excluded from access by an SNMP manager.
Page 43: Snmp User Table
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide centralized and distributed network management strategies. It includes improvements in the Structure of Management Information (SMI) and adds some security features. SNMPv3 - Specifies that the SNMP version 3 will be used. SNMPv3 provides secure access to devices through a combination of authentication and encrypting packets over the network.
Page 44: Snmp Community Table
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide SHA - Indicates that the HMAC-SHA authentication protocol will be used. Priv-Protocol by None - Indicates that no authorization protocol is in use. Password DES - Indicates that DES 56-bit encryption is in use based on the CBC-DES (DES-56) standard.
Page 45: Snmp Host Table
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide SNMP Host Table Use the SNMP Host Table window to set up SNMP trap recipients. To configure SNMP Host Table entries, click Configuration > SNMP Settings > SNMP Host Table Figure 2 - 36.
Page 46: Snmp Trap Configuration
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide SNMP Trap Configuration The following window is used to enable and disable trap settings for the SNMP function on the Switch. To view this window for configuration, click Configuration > SNMP Settings > SNMP Trap Configuration: Figure 2 - 38.
Page 47: Time Range Settings
Figure 2 - 40. Time Range Settings window Single IP Management Simply put, D-Link Single IP Management is a concept that will stack switches together over Ethernet instead of using stacking ports or modules. There are some advantages in implementing the "Single IP Management" feature: 1.
Page 48 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide It is connected to the CS through the CS management VLAN. 3. Candidate Switch (CaS) - This is a switch that is ready to join a SIM group but is not yet a member of the SIM group.
Page 49: Single Ip Settings
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Single IP Settings All switches are set as Candidate (CaS) switches as their factory default configuration and Single IP Management will be disabled. To enable SIM for the Switch using the Web interface, click Configuration > Single IP Management > Single IP Settings which will reveal the following window: Figure 2 - 41.
Page 50: Topology
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide After enabling the Switch to be a Commander Switch (CS), the Single IP Management folder will then contain four added links to aid the user in configuring SIM through the Web, including Topology, Firmware Upgrade and Configuration File Backup/Restore and Upload Log File.
Page 51 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide To view the Topology Map, click the View menu in the toolbar and then Topology, which will produce the following window. The Topology View will refresh itself periodically (20 seconds by default).
Page 52: Tool Tips
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Tool Tips In the Topology view window, the mouse plays an important role in configuration and in viewing device information. Setting the mouse cursor over a specific device in the topology window (tool tip) will display the same information about a specific device as the Tree view does.
Page 53: Right-Click
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Right-Click Right-clicking on a device will allow the user to perform various functions, depending on the role of the Switch in the SIM group and the icon associated with it.
Page 54: Commander Switch Icon
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Click Close to close the Property window. Commander Switch Icon Figure 2 - 49. Right-Clicking a Commander Icon The following options may appear for the user to configure: ...
Page 55: Menu Bar
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide  Expand - To expand the SIM group in detail.  Add to group - Add a candidate to a group. Clicking this option will reveal the following dialog for the user to enter a password for authentication from the Candidate Switch before being added to the SIM group.
Page 56: Firmware Upgrade
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Help  About - Will display the SIM information, including the current SIM version. Figure 2 - 55. About window Firmware Upgrade This window is used to upgrade firmware from the Commander Switch to the Member Switch. Member Switches will be listed in the table and will be specified by ID and Port (port on the CS where the MS resides), MAC Address, Model Name and Firmware Version.
Page 57: Upload Log File
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Upload Log File The following window is used to upload log files from SIM member switches to a specified PC. To upload a log file, enter the Server IP address of the SIM member switch and then enter a Path\Filename on your PC where you wish to save this file.
Page 58: Gratuitous Arp Settings
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Gratuitous ARP Settings This window allows you to have more detailed settings for the Gratuitous ARP. To view this window, click Configuration > Gratuitous ARP > Gratuitous ARP Settings: Figure 2 - 60.
Page 59: Arp Spoofing Prevention Settings
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide ARP Spoofing Prevention Settings ARP spoofing, also known as ARP poisoning, is a method to attack an Ethernet network which may allow an attacker to sniff data frames on a LAN, modify the traffic, or stop the traffic altogether (known as a Denial of Service - DoS attack).
Page 60: Pppoe Circuit Id Insertion Settings
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide PPPoE Circuit ID Insertion Settings When the setting is enabled, the system will insert the circuit ID tag to the received PPPoE discover and request packet if the tag is absent, and remove the circuit ID tag from the received PPPoE offer and session confirmation packet.
Page 61: L2 Features
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Section 3 L2 Features Jumbo Frame 802.1Q Static VLAN Q-in-Q 802.1v Protocol VLAN VLAN Trunk Settings GVRP Settings Asymmetric VLAN Settings MAC-based VLAN Settings PVID Auto Assign Settings...
Page 62: Vlans
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide VLANs Understanding IEEE 802.1p Priority Priority tagging is a function defined by the IEEE 802.1p standard designed to provide a means of managing traffic on a network where many different types of data may be transmitted simultaneously. It is intended to alleviate problems associated with the delivery of time critical data over congested networks.
Page 63: Ieee 802.1Q Vlans
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide IEEE 802.1Q VLANs Some relevant terms:  Tagging - The act of putting 802.1Q VLAN information into the header of a packet.  Untagging - The act of stripping 802.1Q VLAN information out of the packet header.
Page 64: Port Vlan Id
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide The tag is inserted into the packet header making the entire packet longer by four octets. All of the information originally contained in the packet is retained. Figure 3 - 3. IEEE 802.1Q Tag The EtherType and VLAN ID are inserted after the MAC source address, but before the original EtherType/Length or Logical Link Control.
Page 65: Tagging And Untagging
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Within the Switch, different PVIDs mean different VLANs (remember that two VLANs cannot communicate without an external router). So, VLAN identification based upon the PVIDs cannot create VLANs that extend outside a given switch (or switch stack).
Page 66: Q-In-Q Vlans
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Packets cannot cross VLANs. If a member of one VLAN wants to connect to another VLAN, the link must be through an external router. NOTE: If no VLANs are configured on the Switch, then all packets will be forwarded to any destination port.
Page 67 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide their customers, which will connect two or more customer LAN points without over-complicating configurations on the client's side. Not only will over-complication be avoided, but also now the administrator has over 4000 VLANs in which over 4000 VLANs can be placed, therefore greatly expanding the VLAN network and enabling greater support of customers utilizing multiple VLANs on the network.
Page 68: 802.1Q Static Vlan
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide 1. All ports must be configured for the SPVID and its corresponding TPID on the Service Provider’s edge switch. 2. All ports must be configured as Access Ports or Uplink ports. Access ports can only be Ethernet ports while Uplink ports must be Gigabit ports.
Page 69 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Figure 3 - 7. 802.1Q Static VLAN window – Add/Edit VLAN tab (Add) To return to the initial 802.1Q Static VLAN window, click the VLAN List tab at the top of the window. To change an existing 802.1Q static VLAN entry, click the corresponding Edit button.
Page 70 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide VLAN Name should be no more than 32 characters in length. Advertisement Enabling this function will allow the Switch to send out GVRP packets to outside sources, notifying that they may join the existing VLAN.
Page 71: Q-In-Q
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Figure 3 - 10. 802.1Q Static VLAN window – VLAN Batch Settings tab The following fields can be set in the VLAN Batch Settings tab: Parameter Description VID List (e.g.: 2-5) Enter a VLAN ID List that can be added, deleted or configured.
Page 72: Q-In-Q Settings
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Q-in-Q Settings To view this window, click L2 Features > Q-in-Q > Q-in-Q Settings: Figure 3 - 11. Q-in-Q Settings window The following fields can be set: Parameter...
Page 73: Vlan Translation Settings
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide VLAN Translation Settings VLAN translation translates the VLAN ID carried in the data packets it receives from private networks into those used in the Service Providers network. To view this window click L2 Features > Q-in-Q > VLAN Translation CVID Entry Settings: Figure 3 - 12.
Page 74 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Group ID (1-16) Select an ID number for the group, between 1 and 16. Group Name This is used to identify the new Protocol VLAN group. Type an alphanumeric string of up to 32 characters.
Page 75: 802.1V Protocol Vlan Settings
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide 802.1v Protocol VLAN Settings The window allows the user to configure Protocol VLAN settings. The lower half of the window displays any previously created settings. To view this window, click L2 Features > 802.1v Protocol VLAN > 802.1v Protocol VLAN Settings: Figure 3 - 14.
Page 76: Vlan Trunk Settings
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide VLAN Trunk Settings Enable VLAN on a port to allow frames belonging to unknown VLAN groups to pass through that port. This is useful if you want to set up VLAN groups on end devices without having to configure the same VLAN groups on intermediary devices.
Page 77: Gvrp Settings
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide GVRP Settings This window allows the user to determine whether the Switch will share its VLAN configuration information with other GARP VLAN Registration Protocol (GVRP) enabled switches. In addition, Ingress Checking can be used to limit traffic by filtering incoming packets whose PVID do not match the PVID of the port.
Page 78: Asymmetric Vlan Settings
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Asymmetric VLAN Settings Under normal circumstances, a pair of devices communicating in a VLAN environment will both send and receive using the same VLAN; however, there are some circumstances in which it is convenient to make use of two distinct VLANs, one used for A to transmit to B and the other used for B to transmit to A in these cases Asymmetric VLANs are needed.
Page 79: Pvid Auto Assign Settings
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide PVID Auto Assign Settings This enables or disables PVID Auto Assign on the Switch. PVID is the VLAN that the switch will use for forwarding and filtering purposes. If PVID Auto-Assign is Enabled, PVID will be possibly changed by previously set PVID or VLAN configurations.
Page 80 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide NOTE: If any ports within the trunk group become disconnected, packets intended for the disconnected port will be load shared among the other unlinked ports of the link aggregation group.
Page 81: Lacp Port Settings
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide (Member) Ports Choose the members of a trunked group. Up to eight ports per group can be assigned to a group. Flooding Ports These ports are designated for flooding broadcast, multicast, and DLF (unicast Destination Lookup Fail) packets from the CPU in a trunk group.
Page 82: Traffic Segmentation
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Traffic Segmentation Traffic segmentation is used to limit traffic flow from a single port to a group of ports on the Switch. This method of segmenting the flow of traffic is similar to using VLANs to limit traffic, but is more restrictive. It provides a method of directing traffic that does not increase the overhead of the Switch CPU.
Page 83: Layer 2 Protocol Tunneling Settings
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Layer 2 Protocol Tunneling Settings To view this window, click L2 Features > L2PT Settings: Figure 3 - 24. Layer 2 Tunneling Settings window The fields that can be configured are described below:...
Page 84: Bpdu Attack Protection Settings
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide BPDU Attack Protection Settings This menu is used to configure the BPDU protection function for the ports on the switch. In generally, there are two states in BPDU protection function. One is normal state, and another is under attack state. The under attack state have three modes: drop, block, and shutdown.
Page 85: Igmp Snooping
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide IGMP Snooping Internet Group Management Protocol (IGMP) snooping allows the Switch to recognize IGMP queries and reports sent between network stations or devices and an IGMP host. When enabled for IGMP snooping, the Switch can add or remove a port to a specific device based on IGMP messages passing through the Switch.
Page 86 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide The following fields can be set. Parameter Description VLAN ID This is the VLAN ID that, along with the VLAN Name, identifies the VLAN for which the user wishes to modify the IGMP Snooping Settings.
Page 87: Igmp Access Control Settings
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Select the desired member ports and click Apply. Click <<Back to go back to the IGMP Snooping Settings window. IGMP Access Control Settings This window is used to configure IGMP Access Control settings on the Switch.
Page 88: Igmp Snooping Multicast Vlan Settings
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide IGMP Snooping Multicast VLAN Settings This window is used to configure the IGMP Snooping Multicast VLAN settings on the Switch. To view this window, click L2 Features > IGMP Snooping > IGMP Snooping Multicast VLAN Settings: Figure 3 - 30.
Page 89: Ip Multicast Profile Settings
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide To add a multicast VLAN to a profile that has been created, click the corresponding hyperlinked Group List to reveal the following window: Figure 3 - 31. IGMP Snooping Multicast VLAN Group List Settings window Enter a Multicast Address and click Add.
Page 90 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Figure 3 - 34. Multicast Address Group List Settings window Enter the Multicast Address List starting with the lowest in the range, and click Add. To return to the IP Multicast...
Page 91: Limited Multicast Range Settings
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Limited Multicast Range Settings This window enables the user to configure the ports on the Switch that will be involved in the Limited IP Multicast Range. The user can configure the range of ports and associate an IP Multicast Profile to allow or disallow IGMP join requests to multicast groups defined in the profile.
Page 92: Mld Snooping Settings
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Figure 3 - 36. Max Multicast Group Settings window The following fields can be set: Parameter Description From Port/To Port Use the drop-down menus to choose a range of ports.
Page 93 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide 2. Multicast Listener Report, Version 1 – Comparable to the Host Membership Report in IGMPv2, and labeled as 131 in the ICMP packet header, this message is sent by the listening port to the Switch stating that it is interested in receiving multicast data from a multicast address in response to the Multicast Listener Query message.
Page 94 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide The following parameters may be viewed or modified: Parameter Description VLAN ID This is the VLAN ID that, along with the VLAN Name, identifies the VLAN for which the user wishes to modify the MLD Snooping Settings.
Page 95: Port Mirror
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Port Mirror The Switch allows you to copy frames transmitted and received on a port and redirect the copies to another port. You can attach a monitoring device to the mirrored port, such as a sniffer or an RMON probe, to view details about the packets passing through the first port.
Page 96 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide To view this window, click L2 Features > Loopback Detection Settings: Figure 3 - 41. Loopback Detection Settings window Parameter Description State Use the drop-down menu to enable or disable loopback detection. The default is Disabled.
Page 97: Spanning Tree
This Switch supports three versions of the Spanning Tree Protocol: STP, Rapid STP, and MSTP. STP will be familiar to most networking professionals. However, since RSTP and MSTP have been recently introduced to D-Link managed Ethernet switches, a brief introduction to the technology is provided below followed by a description of how to set up STP, RSTP, and MSTP.
Page 98: Port Transition States
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Port Transition States An essential difference between the three protocols is in the way ports transition to a forwarding state and in the way this transition relates to the role of the port (forwarding or not forwarding) in the topology. MSTP and RSTP combine the transition states disabled, blocking and listening used in STP and creates a single state Discarding.
Page 99: Stp Bridge Global Settings
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide STP Bridge Global Settings To open the following window, click L2 features > Spanning Tree > STP Bridge Global Settings: Figure 3 - 42. STP Bridge Global Settings window...
Page 100: Stp Port Settings
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide NOTE: The Hello Time cannot be longer than the Max. Age. Otherwise, a configuration error will occur. Observe the following formulas when setting the above parameters: Max. Age ≤ 2 x (Forward Delay - 1 second) Max.
Page 101 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide The following fields can be set: Parameter Description From Port/To Port A consecutive group of ports may be configured starting with the selected port. External Cost (0=Auto) External Cost - This defines a metric that indicates the relative cost of forwarding packets to the specified port list.
Page 102: Mst Configuration Identification
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide MST Configuration Identification The following windows in the MST Configuration Identification section allow the user to configure a MSTI instance on the Switch. These settings will uniquely identify a multiple spanning tree instance set on the Switch. The Switch initially possesses one CIST or Common Internal Spanning Tree of which the user may modify the parameters for but cannot change the MSTI ID for, and cannot be deleted.
Page 103: Stp Instance Settings
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide STP Instance Settings The following window displays MSTIs currently set on the Switch. To view the following table, click L2 Features > Spanning Tree > STP Instance Settings: Figure 3 - 45.
Page 104: Mstp Port Information
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide MSTP Port Information This window displays the current MSTP Port Information and can be used to update the port configuration for an MSTI ID. If a loop occurs, the MSTP function will use the port priority to select an interface to put into the forwarding state.
Page 105: Multicast Forwarding Settings
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide To add or edit an entry, define the following parameters and then click Add/Modify: Parameter Description VLAN ID (1-4094) The VLAN ID number of the VLAN on which the above Unicast MAC address resides.
Page 106: Multicast Filtering Mode
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Multicast Filtering Mode Users can configure the multicast filtering mode. To view this window, click L2 Features > Forwarding & Filtering > Multicast Filtering Mode: Figure 3 - 50. Multicast Filtering Mode window...
Page 107: Nlb Settings
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide NLB Settings The Network Load Balancing commands are used to configure the Switch to support Network Load Balancing (NLB), a proprietary Microsoft implementation of server clustering and load balancing, suitable for various stateless applications such as FTP, VPN and Web servers.
Page 108: Lldp Global Settings
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide LLDP Global Settings To view this window, click L2 Features > LLDP > LLDP Global Settings: Figure 3 - 52. LLDP Global Settings window The following parameters can be set:...
Page 109: Lldp Port Settings
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide LLDP Port Settings To view this window, click L2 Features > LLDP > LLDP Port Settings: Figure 3 - 53. LLDP Port Settings window The following parameters can be set:...
Page 110: Lldp Basic Tlvs Settings
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide LLDP Basic TLVs Settings This window is used to enable the settings for the Basic TLVs Settings. To view this window, click L2 Features > LLDP > LLDP Basic TLVs Settings: Figure 3 - 54.
Page 111: Lldp Dot1 Tlvs Settings
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide LLDP Dot1 TLVs Settings LLDP Dot1 TLVs are organizationally specific TLVs which are defined in IEEE 802.1 and used to configure an individual port or group of ports to exclude one or more of the IEEE 802.1 organizational port VLAN ID TLV data types from outbound LLDP advertisements.
Page 112: Lldp Dot3 Tlvs Settings
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide LLDP Dot3 TLVs Settings This window is used to configure an individual port or group of ports to exclude one or more IEEE 802.3 organizational specific TLV data type from outbound LLDP advertisements.
Page 113: Ethernet Oam
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Ethernet OAM Ethernet OAM (Operations, Administration, and Maintenance) is a data link layer protocol which provides network administrators the ability to monitor the health of the network and quickly determine the location of failing links or fault conditions on point-to-point and emulated point-to-point Ethernet link.
Page 114: Ethernet Oam Event Configuration
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Ethernet OAM Event Configuration To view this window, click L2 Features > Ethernet OAM > Ethernet OAM Event Configuration: Figure 3 - 58. Ethernet OAM Event Configuration window...
Page 115: Connectivity Fault Management (Cfm)
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Connectivity Fault Management (CFM) Connectivity Fault Management (CFM) or Ethernet Connectivity Fault Management is an end-to-end Ethernet layer OAM protocol. CFM is defined by IEEE 802.1ag and includes connectivity monitoring, fault notification and means of isolating faults on large Ethernet metropolitan-area networks (MANs) and WANs.
Page 116 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide An Outward facing MEP source frames toward the bridge port and can only be configured on routed ports. An Outward facing port drops all CFM frames at it level or lower coming from the bridge relay function side. It processes all CFM frames at its level, and drops all CFM frames at a lower level, coming from the bridge port.
Page 117: Cfm Settings
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide CFM Settings To view this window, click L2 Features > CFM > CFM Settings: Figure 3 - 60. CFM Settings window The following parameters can be set: Parameter...
Page 118: Cfm Ma Settings
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide CFM MA Settings To view this window, click on L2 Features > CFM > CFM Settings > Add MA button: Figure 3 - 61. CFM MA Settings window...
Page 119: Cfm Mep Settings
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide To view the MIP Port Table, click on the MIP Port Table button: Figure 3 - 62. CFM MIP Table window CFM MEP Settings To view this window, click on the Add MEP button in the CFM MA Settings window (L2 Features > CFM > CFM Settings): Figure 3 - 63.
Page 120 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Figure 3 - 64. CFM MEP Information window To re-configure the MEP entry, click on the Edit button. Parameter Description MEP State This is the MEP administrative state.
Page 121: Cfm Port Settings
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide CFM Port Settings To view this window, click L2 Features > CFM > CFM Port Settings: Figure 3 - 65. CFM Port Settings window The fields that can be configured are described below:...
Page 122: Cfm Loopback Settings
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide CFM Loopback Settings To view this window, click L2 Features > CFM > CFM Loopback Settings: Figure 3 - 66. CFM Loopback Settings window The fields that can be configured are described below:...
Page 123: Cfm Linktrace Settings
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide CFM Linktrace Settings On this page the user can configure the CFM link track message. To view this window, click L2 Features > CFM > CFM Linktrace Settings: Figure 3 - 67.
Page 124: Erps Settings
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide ERPS Settings This page is used to enable the Ethernet Ring Protection Switching (ERPS) function on the Switch. STP and LBD should be disabled on the ring ports before enabling ERPS.
Page 125 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide (ERPS Settings continued) Parameter Description RPL Port Specifies the ring port as the Ring Protection Link (RPL) port. The RPL remains idle and blocks traffic when all links on the ring are functioning. If there is a link failure on the ring however, the RPL port is unblocked by the RPL Owner node in order to allow an alternate path around the ring.
Page 126: Qos
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Section 4 Bandwidth Control Traffic Control Queue Bandwidth Control Settings 802.1p Default Priority 802.1p User Priority QoS Scheduling Settings Priority Mapping TOS Mapping DSCP Map Settings The Switch supports 802.1p priority queuing Quality of Service. The following section discusses the implementation of QoS (Quality of Service) and benefits of using 802.1p priority queuing.
Page 127: Understanding Qos
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Figure 4 - 1. Mapping QoS on the Switch The previous picture shows the default priority setting for the Switch. Class 3 has the highest priority of the four priority queues on the Switch.
Page 128: Bandwidth Control
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide For strict priority-based scheduling, any packets residing in the higher priority queues are transmitted first. Multiple strict priority queues empty based on their priority tags. Only when these queues are empty, are packets of lower priority transmitted.
Page 129: Traffic Control
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Traffic Control On a computer network, packets such as Multicast packets and Broadcast packets continually flood the network as normal procedure. At times, this traffic may increase due to a malicious endstation on the network or a malfunctioning device, such as a faulty network card.
Page 130 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide The following parameters can be set or are displayed: Parameter Description Traffic Control Settings From Port/To A consecutive group of ports may be configured starting with the selected port.
Page 131: Queue Bandwidth Control Settings
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Click Apply to implement the settings made. NOTE: Traffic Control cannot be implemented on ports that are set for Link Aggregation (Port Trunking). NOTE: Ports that are in the Shutdown rest mode will be seen as Discarding in Spanning Tree windows and implementations though these ports will still be forwarding BPDUs to the Switch’s CPU.
Page 132: 802.1P Default Priority
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide The following parameters can be set or are displayed: Parameter Description From Port/To A consecutive group of ports may be configured starting with the selected port. Port From Cos/To CoS Use to define the range of CoS value configured for the selected ports.
Page 133: Qos Scheduling Settings
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide To view this window, click QoS > 802.1p User Priority: Figure 4 - 6. 802.1p User Priority window Once a priority has been assigned to the port groups on the Switch, assign this Class to each of the eight levels of 802.1p priorities.
Page 134: Priority Mapping
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Priority Mapping This window is used to set up Priority Mapping. To view this window, click QoS > Priority Mapping: Figure 4 - 8. Priority Mapping window The following parameter may be set:...
Page 135: Tos Mapping
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide TOS Mapping This window is used to set up Type of Service (TOS) Mapping. To view this window, click QoS > ToS Mapping: Figure 4 - 9. TOS Mapping window...
Page 136: Dscp Mapping
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide DSCP Mapping This window is used to set up DSCP Mapping. To view this window, click QoS > DSCP Mapping: Figure 4 - 10. DSCP Mapping window The following parameters may be set:...
Page 137: Security
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Section 5 Security Safeguard Engine Trusted Host IP-MAC-Port Binding Port Security 802.1X RADIUS Attributes Assignment SSL Settings Access Authentication Control MAC-based Access Control DoS Prevention Settings DHCP Server Screening Settings...
Page 138 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Figure 5 - 1. Safeguard Engine Checking Interval Example on the Switch In Exhausted mode, two modes can be implemented to limit the bandwidth assigned to ARP packets, “Strict” and “Fuzzy”.
Page 139: Trusted Host
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide To configure the Switch’s Safeguard Engine, change the State to Enabled when the Safeguard Engine is enabled a green light will show on the gray bar at the top of this window, next to Safeguard. To set the Safeguard Engine for the...
Page 140: Imp Binding Global Settings
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide IMP Binding Global Settings This window is used to enable or disable the Trap Log State and DHCP Snoop state on the Switch. The Trap/Log field will enable and disable the sending of trap log messages for IP-MAC-port binding. When enabled, the Switch will send a trap message to the SNMP agent and the Switch log when an ARP packet is received that doesn’t match the IP-...
Page 141: Imp Binding Port Settings
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide IMP Binding Port Settings Select a port or a range of ports with the From Port and To Port fields. Enable or disable the port with the State, Allow Zero IP, Forward DHCP Packet, Mode, and SLT fields, and configure the port’s Max Entry value.
Page 142: Imp Binding Entry Settings
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Allow Zero IP Use the drop-down menu to enable or disable this feature. Zero IP configures the state which allows ARP packets with 0.0.0.0 source IP to bypass.
Page 143: Dhcp Snooping Entries
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide DHCP Snooping Entries This window is used to view dynamic entries on specific ports. To view particular port settings, enter the port number and click Find. To view all entries click View All, and to delete an entry, click Clear.
Page 144 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Figure 5 - 9. Port Security Port Settings window The following parameters can be set: Parameter Description From Port/To Port A consecutive group of ports may be configured starting with the selected port.
Page 145: Port Security Fdb Entries
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Port Security FDB Entries This window is used to clear the Port Lock Entries by individual ports. To clear entries enter the range of ports and click Clear.
Page 146: Authentication Server
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Authentication Server The Authentication Server is a remote device that is connected to the same network as the Client and Authenticator, must be running a RADIUS Server program and must be configured properly on the Authenticator (Switch). Clients connected to a port on the Switch must be authenticated by the Authentication Server (RADIUS) before attaining any services offered by the Switch on the LAN.
Page 147: Authentication Process
Figure 5 - 16. The 802.1X Authentication Process The D-Link implementation of 802.1X allows network administrators to choose between two types of Access Control used on the Switch, which are:...
Page 148: Understanding 802.1X Port-Based And Host-Based Network Access Control
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Port-based Access Control – This method requires only one user to be authenticated per port by a remote RADIUS server to allow the remaining users on the same port access to the network.
Page 149: Host-Based Network Access Control
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Host-based Network Access Control Figure 5 - 18. Example of Typical Host-based Configuration In order to successfully make use of 802.1X in a shared media LAN segment, it would be necessary to create “logical”...
Page 150: 802.1X Settings
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide 802.1X Settings To configure the 802.1X Settings, click Security > 802.1X > 802.1X Settings: Figure 5 - 19. 802.1X Settings window This window allows you to set the following features:...
Page 151: 802.1X User
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide (1-65535) the period of an EAP Request/Identity packet transmitted to the client. The default setting is 30 seconds. ReAuthPeriod A constant that defines a nonzero number of seconds between periodic reauthentication of the (1-65535) client.
Page 152: Authentication Radius Server
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Authentication RADIUS Server The RADIUS feature of the Switch allows you to facilitate centralized user administration as well as providing protection against a sniffing, active hacker. To configure the 802.1X User, click Security > 802.1X > Authentication RADIUS Server: Figure 5 - 21.
Page 153: Guest Vlan Configuration
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Guest VLAN Configuration On 802.1X security enabled networks, there is a need for non 802.1X supported devices to gain limited access to the network, due to lack of the proper 802.1X software or...
Page 154: Guest Vlan
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Guest VLAN To view the following window, click, Security > 802.1X > Guest VLAN: Figure 5 - 23. Guest VLAN window The following fields may be modified to enable the 802.1X Guest VLAN:...
Page 155: Reauthenticate Port(S)
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide To initialize ports, choose the range of ports in the From Port and To Port fields. Next, the user must specify the MAC address to be initialized by entering it into the MAC Address field and ticking the corresponding check box. To begin the initialization, click Apply.
Page 156: Ssl Settings
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Figure 5 - 27. Reauthenticate Port(s) window for MAC-based 802.1X To reauthenticate ports, first use the From Port and To Port drop-down menus to choose the range of ports. Then the user must specify the MAC address to be reauthenticated by entering it into the MAC Address field and ticking the corresponding check box.
Page 157: Download Certificate
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Download Certificate This window is used to download a certificate file for the SSL function on the Switch from a TFTP server. The certificate file is a data record used for authenticating devices on the network. It contains information on the owner, keys for authentication and digital signatures.
Page 158: Ssh
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide RSA with This ciphersuite combines the RSA key exchange, stream cipher RC4 encryption with 128- RC4_128_MD5 bit keys and the MD5 Hash Algorithm. Use the pull-down menu to enable or disable this ciphersuite.
Page 159: Ssh Settings
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide SSH Settings The following window is used to configure and view settings for the SSH server. To view this window, click Security > SSH > SSH Settings: Figure 5 - 29. SSH Settings window...
Page 160 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide The following algorithms may be set: Parameter Description SSH Authentication Mode Settings Password This parameter may be enabled if the administrator wishes to use a locally configured password for authentication on the Switch. The default is enabled.
Page 161: Ssh User Authentication Lists
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide SSH User Authentication Lists The following windows are used to configure parameters for users attempting to access the Switch through SSH. To access the following window, click Security > SSH > SSH User Authentication Lists: Figure 5 - 31.
Page 162: Access Authentication Control
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Access Authentication Control The TACACS/XTACACS/TACACS+/RADIUS commands allow users to secure access to the Switch using the TACACS/XTACACS/TACACS+/RADIUS protocols. When a user logs in to the Switch or tries to access the administrator level privilege, he or she is prompted for a password.
Page 163: Authentication Policy Settings
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Authentication Policy Settings This window offers an administrator-defined authentication policy for users trying to access the Switch. When Enabled, the device will check the Login Method List and choose a technique for user authentication upon login.
Page 164: Authentication Server Group
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Login Method List Using the pull-down menu, configure an application for normal login on the user level, utilizing a previously configured method list. The user may use the default Method List or other Method List configured by the user.
Page 165: Authentication Server
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Figure 5 - 36. Authentication Server Group window – Edit Server Group tab To add an Authentication Server Host to the list, enter its IP address in the IP Address field, choose the protocol associated with the IP address of the Authentication Server Host and click Add to add this Authentication Server Host to the group.
Page 166: Login Method Lists
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Parameter Description IP Address The IP address of the remote server host the user wishes to add. Port (1-65535) Enter a number between 1 and 65535 to define the virtual port number of the authentication protocol on a server host.
Page 167: Enable Method Lists
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Figure 5 - 38. Login Method Lists window The Switch contains one Method List that is set and cannot be removed, yet can be modified. To delete a Login Method List defined by the user, click the corresponding Delete button.
Page 168: Local Enable Password Settings
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide NOTE: To set the Local Enable Password, see the next section, entitled Local Enable Password. To view the following table, click Security > Access Authentication Control > Enable Method Lists: Figure 5 - 39.
Page 169: Mac-Based Access Control
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Figure 5 - 40. Local Enable Password Settings window To set the Local Enable Password, configure the following parameters and click Apply: Parameter Description Old Local Enable If a password was previously configured for this entry, enter it here in order to change it to...
Page 170 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Figure 5 - 41. MAC-based Access Control Settings window The following parameters may be viewed or set: Parameter Description Settings MBA Global State Use the radio button to globally enable or disable the MAC-based Access Control function on the Switch.
Page 171: Mac-Based Access Control Local Settings
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Authorization Attributes When enabled, authorized attributes (for example VLAN, 802.1p default priority, and ACL) assigned by the RADUIS server or local database. Which attributes will be accepted depends on the individual module’s setting.
Page 172: Dos Prevention Settings
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Figure 5 - 42. MAC-based Access Control Local Settings window To add a MAC address to the local authentication list, enter the MAC address and the target VLAN name into their appropriate fields and click Add.
Page 173: Dhcp Server Screening Settings
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Action Toggle between Drop and Mirror. Port Select the Port which the log will be mirrored to. Priority (0-7) Select the Priority for the mirror port. Rx Rate (64-1024000) Enter a value between 64 and 1024000 or tick the No Limit check box.
Page 174 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Figure 5 - 44. DHCP Screening Port Settings Use the radio buttons at the top of the menu to enable or disable the DHCP Server Screening trap and log state. Set the Illegal Server Log Suppression Duration time to 1 minute, 5 minutes (default) or 30 minutes.
Page 175: Dhcp Offer Permit Entry Setting
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide DHCP Offer Permit Entry Setting This function allows the user not only to restrict all DHCP Server packets but also to receive any specified DHCP server packet by any specified DHCP client, it is useful when one or more DHCP servers are present on the network and both provide DHCP services to different distinct groups of clients.
Page 176: Acl
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Section 6 ACL Configuration Wizard Access Profile List CPU Access Profile List ACL Finder ACL Flow Meter Access profiles allow the user to establish criteria to determine whether or not the Switch will forward packets based on the information contained in each packet's header.
Page 177: Access Profile List
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Service Type Use the drop-down menu to select from VLAN Name, Ethernet Type, 802.1P, or Any. Select Permit to specify that the packets that match the access profile are forwarded by the Action Switch, according to any additional rule added (see below).
Page 178 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Figure 6 - 47. Add ACL Profile window for Ethernet example There are four sets of Access Profile configuration windows; one for Ethernet (or MAC address-based) profile configuration, one for IP (IPv4) address-based profile configuration, one for the Packet Content and one for IPv6.
Page 179 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Selecting this option instructs the Switch to examine the VLAN identifier of each packet header and use this as the full or partial criterion for forwarding. 802.1p Selecting this option instructs the Switch to examine the 802.1p priority value of each packet header and use this as the, or part of the criterion for forwarding.
Page 180 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Figure 6 - 51. Add Access Rule window for Ethernet example To set the Access Rule for Ethernet, adjust the following parameters and click Apply. Parameter Description Type in a unique identifier number for this access. This value can be set from 1 to 65535.
Page 181 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Enter a priority value if you want to re-write the 802.1p user priority of a packet to the value Priority (0-7) entered in the Priority field, which meets the criteria specified previously in this command, before forwarding it on to the specified CoS queue.
Page 182 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Figure 6 - 54. Add ACL Profile window for IPv4 example Click on the boxes near the top of the window, which will then turn red and reveal parameters for configuration. To create a new entry, enter the appropriate information and click Create.
Page 183 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Destination Port Mask (0-FFFF) − Tick and specify a TCP port mask for the  destination port to filter, in hex form (hex 0x0-0xffff).  TCP Flag Bits – Tick URG (urgent), ACK (acknowledgement), PSH (push), RST (reset), SYN (synchronize), FIN (finish), or Check All to filter certain flag bits within the packets.
Page 184 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Figure 6 - 57. Add Access Rule window for IPv4 example The following parameters may be configured for the IP (IPv4) filter: Parameter Description Type in a unique identifier number for this access. This value can be set from 1 to 65535.
Page 185 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Source Port - Specifies that the Switch will examine each frame’s Universal Datagram Protocol (UDP) field for the source port. Mask (0-FFFF) - Specifies a UDP port mask for the destination port.
Page 186 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide a protocol TCP or UDP. Click Select and the following window will appear (this window will vary depending on whether TCP or UDP has been selected): Figure 6 - 60. Add ACL Profile window for IPv6 example Click on the boxes at the top of the table, which will then turn red and reveal parameters for configuration.
Page 187 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Figure 6 - 61. Access Profile List window for IPv6 example To view the configurations for a previously configured entry, click on the corresponding Show Details button, which will display the following window: Figure 6 - 62.
Page 188 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide The following parameters may be configured for IPv6: Parameter Description Access ID (1-65535) Type in a unique identifier number for this access. This value can be set from 1 to 65535.
Page 189 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide To view the configurations for a previously configured rule, click on the corresponding Show Details button, which will display the following Access Rule Detail Information window: Figure 6 - 65. Access Rule Detail Information window for IPv6 example To create a Packet Content ACL, click Add ACL Profile in the Access Profile List window and then use the drop- down menu to select a Profile ID between 1 and 512 and click the Packet Content ACL radio button.
Page 190 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide The following parameters can be set for Packet Content: Parameter Description MAC Address Tick either Source MAC Mask and enter the MAC source address mask or Destination MAC Mask and enter the MAC destination address mask.
Page 191 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Figure 6 - 68. Access Profile Detail Information window for Packet Content example To return to the Access Profile List window, click Show All Profiles. To add a rule to a previously configured entry, click on the corresponding Add/View Rules button and then Add Rule, which will reveal the following window: Figure 6 - 69.
Page 192 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide The following parameters may be configured for the Packet Content filter: Parameter Description Access ID (1-65535) Type in a unique identifier number for this access. This value can be set from 1 to 65535.
Page 193 (MAC Address). However, ARP is vulnerable as it can be easily spoofed and utilized to attack a LAN. For a more detailed explanation on how ARP works and how to employ D-Link’s advanced unique Packet Content ACL to prevent ARP spoofing attack, please see the section titled ARP...
Page 194: Cpu Interface Filtering
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide CPU Interface Filtering Due to a chipset limitation and needed extra switch security, the Switch incorporates CPU Interface filtering. This added feature increases the running security of the Switch by enabling the user to create a list of access rules for packets destined for the Switch’s CPU interface.
Page 195 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Figure 6 - 73. Add CPU ACL Profile window for Ethernet example Parameter Description Select Profile ID Use the drop-down menu to select a unique identifier number for this profile set. This value can (1-3) be set from 1 to 3.
Page 196 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Figure 6 - 74. CPU Access Profile List window for Ethernet example To view the settings of a previously correctly created profile, click the corresponding Show Details button on the following CPU Access Profile List window above.
Page 197 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Figure 6 - 77. (CPU) Add Access Rule window for Ethernet example Profile Information and the available configuration parameters viewable in the menu will vary depending on the options that were chosen in the Add CPU Access Profile menu.
Page 198 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Figure 6 - 78. CPU Access Rule List window for Ethernet example To view the configurations for previously configured rules, click on the corresponding Show Details button, which will display the following CPU Access Rule Detail Information window: Figure 6 - 79.
Page 199 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide The following parameters can be set for IPv4: Parameter Description Select Profile ID Enter an integer used to identify the access profile that will be configured with this command.
Page 200 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Figure 6 - 81. CPU Access Profile List window for IPv4 example To view the configurations for a previously configured entry, click on the corresponding Show Details button, which will display the following window: Figure 6 - 82.
Page 201 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide The following parameters may be configured for the IP (IPv4) filter: Parameter Description Access ID (1-5) Type in a unique identifier number for this access. This value can be set from 1 to 5.
Page 202 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide To create an IPv6 ACL, click Add CPU ACL Profile in the CPU Access Profile List window and then use the drop- down menu to select a Profile ID between 1 and 3 and click the IPv6 ACL radio button. Click Select and the following window will appear: Figure 6 - 86.
Page 203 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Figure 6 - 87. CPU Access Profile List window for IPv6 example To view the configurations for a previously configured entry, click on the corresponding Show Details button, which will display the following window: Figure 6 - 88.
Page 204 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide The following parameters may be configured for the IPv6: Parameter Description Access ID (1-5) Type in a unique identifier number for this access. This value can be set from 1 to 5.
Page 205 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Figure 6 - 92. Add CPU ACL Profile window for Packet Content example Click on the box at the top of the table, which will then turn red and reveal parameters for configuration. To create a new entry enter the correct information and click Create.
Page 206 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Figure 6 - 93. CPU Access Profile List window for Packet Content example To view the configurations for a previously configured entry, click on the corresponding Show Details button, which will display the following window: Figure 6 - 94.
Page 207 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Figure 6 - 95. (CPU) Add Access Rule window for Packet Content example The following parameters may be configured for the Packet Content filter: Parameter Description Select Profile ID Enter an integer used to identify the access profile that will be configured with this command.
Page 208: Acl Finder
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Figure 6 - 96. CPU Access Rule List window for Packet Content example To view the configurations for previously configured rule click on the corresponding Show Details Button which will display the following CPU Access Rule Detail Information window.
Page 209 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Parameter Description Profile ID The pre-configured Profile ID for which to configure the Flow Metering parameters. Access ID The pre-configured Access ID for which to configure the Flow Metering parameters.
Page 210: Monitoring
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Section 7 Monitoring Cable Diagnostics CPU Utilization Port Utilization Packet Size Memory Utilization Packets Errors Port Access Control Browse ARP Table Browse VLAN IGMP Snooping LLDP Ethernet OAM...
Page 211: Cpu Utilization
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide CPU Utilization This window displays the percentage of the CPU being used, expressed as an integer percentage and calculated as a simple average by time interval. To view this window, click Monitoring > CPU Utilization: Figure 7 - 2.
Page 212: Port Utilization
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Port Utilization This window displays the percentage of the total available bandwidth being used on the port. To view this window, click Monitoring > Port Utilization: Figure 7 - 3. Port Utilization window To select a port to view these statistics for, select the port by using the Port pull-down menu.
Page 213: Packet Size
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Packet Size The Web Manager allows packets received by the Switch, arranged in six groups and classed by size, to be viewed as either a line graph or a table. Two windows are offered. To select a port to view these statistics for, select the port by using the Port pull-down menu.
Page 214: Memory Utilization
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide The following fields can be set or viewed: Parameter Description Port Use the drop-down menu to choose the port that will display statistics. Time Interval Select the desired setting between 1s and 60s, where "s" stands for seconds. The default value is one second.
Page 215: Packets
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Packets The Web Manager allows various packet statistics to be viewed as either a line graph or a table. Six windows are offered. Received (Rx) These windows display the Rx packets on the Switch. To select a port to view these statistics for, select the port by using the Port pull-down menu.
Page 216 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide The following fields may be set or viewed: Parameter Description Port Use the drop-down menu to choose the port that will display statistics. Time Interval Select the desired setting between 1s and 60s, where "s" stands for seconds. The default value is one second.
Page 217: Umb_Cast (Rx)
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide UMB_cast (Rx) These windows display the UMB_cast Rx packets on the Switch. To select a port to view these statistics for, select the port by using the Port pull-down menu. The user may also use the real-time graphic of the Switch at the top of the Web page by simply clicking on a port.
Page 218: Transmitted (Tx)
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide The following fields may be set or viewed: Parameter Description Port Use the drop-down menu to choose the port that will display statistics. Time Interval Select the desired setting between 1s and 60s, where "s" stands for seconds. The default value is one second.
Page 219 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Figure 7 - 12. Transmitted (Tx) Table window (for Bytes and Packets) The following fields may be set or viewed: Parameter Description Port Use the drop-down menu to choose the port that will display statistics.
Page 220: Errors
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Errors The Web Manager allows port error statistics compiled by the Switch's management agent to be viewed as either a line graph or a table. Four windows are offered.
Page 221 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide The following fields can be set: Parameter Description Port Use the drop-down menu to choose the port that will display statistics. Time Interval Select the desired setting between 1s and 60s, where "s" stands for seconds. The default value is one second.
Page 222: Transmitted (Tx)
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Transmitted (TX) To select a port to view these statistics for, select the port by using the Port pull-down menu. The user may also use the real-time graphic of the Switch at the top of the Web page by simply clicking on a port.
Page 223 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide The following fields may be set or viewed: Parameter Description Port Use the drop-down menu to choose the port that will display statistics. Time Interval Select the desired setting between 1s and 60s, where "s" stands for seconds. The default value is one second.
Page 224: Port Access Control
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Port Access Control The following six windows are used to monitor 802.1X statistics of the Switch, on a per port basis. RADIUS Authentication This table contains information concerning the activity of the RADIUS authentication client on the client side of the RADIUS authentication protocol.
Page 225 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide The following information is displayed: Parameter Description InvalidServerAddresses The number of RADIUS Access-Response packets received from unknown addresses. Identifier The NAS-Identifier of the RADIUS authentication client. (This is not necessarily the same as sysName in MIB II.)
Page 226: Radius Account Client
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide RADIUS Account Client This window shows managed objects used for managing RADIUS accounting clients, and the current statistics associated with them. To view the RADIUS Account Client window, click Monitoring > Port Access Control > RADIUS Account Client: Figure 7 - 18.
Page 227 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide The following information is displayed: Parameter Description InvalidServerAddresses The number of RADIUS Accounting-Response packets received from unknown addresses. Identifier The NAS-Identifier of the RADIUS account. (This is not necessarily the same as sysName in MIB II.)
Page 228: Authenticator State
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Authenticator State The following section describes the 802.1X State on the Switch. To view the Authenticator State, click Monitoring > Port Access Control > Authenticator State: Figure 7 - 19. Authenticator State window This window displays the Authenticator State for individual ports on a selected device.
Page 229: Authenticator Statistics
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Authenticator Statistics This window contains the statistics objects for the Authenticator PAE associated with each port. An entry appears in this table for each port that supports the Authenticator function.
Page 230 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide The following fields can be viewed: Parameter Description Port The identification number assigned to the Port by the System in which the Port resides. Frames Rx The number of valid EAPOL frames that have been received by this Authenticator.
Page 231 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Authenticator Session Statistics This window contains the session statistics objects for the Authenticator PAE associated with each port. An entry appears in this table for each port that supports the Authenticator function.
Page 232 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide The following fields can be viewed: Parameter Description Port The identification number assigned to the Port by the System in which the Port resides. Octets Rx The number of octets received in user data frames on this port during the session.
Page 233: Authenticator Diagnostics
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Authenticator Diagnostics This window contains the diagnostic information regarding the operation of the Authenticator associated with each port. An entry appears in this table for each port that supports the Authenticator function.
Page 234 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Auth Timeout Counts the number of times that the state machine transitions from AUTHENTICATING to ABORTING, as a result of the Backend Authentication state machine indicating authentication timeout (authTimeout = TRUE).
Page 235: Browse Arp Table
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Browse ARP Table This window displays current ARP entries on the Switch. To search a specific ARP entry, enter an Interface Name or an IP Address at the top of the window and click Find. Click the Show Static button to display static ARP table entries.
Page 236: Igmp Snooping Group
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Figure 7 - 25. Browse Router Port window IGMP Snooping Group This window allows the Switch’s IGMP Snooping Group Table to be searched. IGMP snooping allows the Switch to read the Multicast Group IP address and source IP address from IGMP packets that pass through the Switch.
Page 237: Igmp Snooping Host
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Click View All Data Driven to display all the data driven groups learned in the IGMP Snooping Group Table. Click Clear Data Driven to clear the specific data driven groups learned in IGMP Snooping Group Table.
Page 238: Mld Snooping Group
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide MLD Snooping Group The following window allows the user to view MLD Snooping Groups present on the Switch. MLD Snooping is an IPv6 function comparable to IGMP Snooping for IPv4. The user may browse this table by VLAN present in the Switch by entering that VLAN Name in the empty field shown below, and clicking the Find button.
Page 239: Lldp Local Port Information
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide LLDP Local Port Information To view this window, click Monitoring > LLDP > LLDP Local Port Information: Figure 7 - 31. LLDP Local Port Information window LLDP Remote Port Information To view this window, click Monitoring >...
Page 240: Ethernet Oam
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Ethernet OAM This folder contains two windows to view Ethernet OAM Event Log information and Ethernet OAM Statistics. Browse Ethernet OAM Event Log This window allows the user to view the Ethernet OAM event log information. The Switch can buffer up to 1000 event logs.
Page 241: Connectivity Fault Management
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Connectivity Fault Management CFM Fault Table This window will display the fault conditions detected by the MEPs on the Switch. To view this window, click Monitoring > CFM > CFM Fault Table as shown below: Figure 7 - 35.
Page 242: Cfm Packet Counter
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide CFM Packet Counter This window displays the CFM packet Rx/Tx counters on the Switch. Enter the ports you wish to view and click Find. To view this window, click Monitoring > CFM > CFM Packet Counter as shown below: Figure 7 - 37.
Page 243: Mac-Based Access Control Authentication State
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide MAC-based Access Control Authentication State This window allows the user to view the MAC-based Access Control authentication information. Specify the port list to view and click Find. To remove an entry, enter the appropriate information and click Clear By Port. Click View All Hosts to see all the entries.
Page 244: Mac Address Table
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide MAC Address Table This allows the Switch's dynamic MAC address forwarding table to be viewed. When the Switch learns an association between a MAC address and a port number, it makes an entry into its forwarding table. These entries are then used to forward packets through the Switch.
Page 245: System Log
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide System Log The web manager allows the Switch's history log, as compiled by the Switch's management agent, to be viewed. To view the Switch history log, click Monitoring > System Log: Figure 7 - 42.
Page 246: Save And Tools
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Section 8 Save and Tools Save Configuration Save Log Save All Configuration File Upload & Download Upload Log File Reset Ping Test Download Firmware Reboot System The three Save windows include: Save Configuration, Save Log, and Save All. Each version of the window will aid the user in saving configurations to the Switch’s memory.
Page 247: Save Log
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Save Log Open the Save drop-down menu at the top of the Web manager and click Save Log to open the following window: Figure 8 - 2. Save Log window...
Page 248: Upload Log File
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Upload Log File To upload a log file, enter a Server IP address, use the radio button to select IPv4 and then enter a File name, or use the radio button to select IPv6, enter a Server IP, Interface Name, and File name.
Page 249: Ping Test
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Ping Test Users can Ping either an IPv4 address or an IPv6 address. Ping is a small program that sends ICMP Echo packets to the IP address you specify. The destination node then responds to or “echoes” the packets sent from the Switch. This is very useful to verify connectivity between the Switch and other nodes on the network.
Page 250: Download Firmware
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Download Firmware The Switch supports dual image storage for firmware file backup and restoration. The firmware images are indexed by ID number 1 or 2. To change the boot firmware image, use the Image ID drop-down menu to select the desired firmware file to backup or restore.
Page 251: Appendix A Technical Specification
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Appendix A Technical Specification General Protocols IEEE 802.3 10BASE-T Ethernet IEEE 802.3u 100BASE-TX Fast Ethernet IEEE 802.3ab 1000BASE-T Gigabit Ethernet IEEE 802.3z 1000BASE-T (SFP “Mini GBIC”) IEEE 802.1D Spanning Tree IEEE 802.1w Rapid Spanning Tree Protocol...
Page 252 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Physical and Environmental Power Consumption DES-3200-10: 12.7W DES-3200-18: 13.2W DES-3200-26: 13.8W DES-3200-28: 18.4W DES-3200-28F: 46.7W Internal Power Supply DES-3200-10/DES-3200-18: 34W AC Input: 100~240 VAC, 12V/2A, 5V/2A, 50~60Hz DES-3200-26: 24W AC Input: 100~240 VAC, 12V/2A, 50~60Hz DES-3200-28: 40W AC Input: 100~240 VAC, 12V/3.3A, 50~60Hz...
Page 253: Led Indicators
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide LED Indicators Location LED Indicative Color Status Description Solid Light Power on. Power Green Light off Power off. Solid Light Console on. Per Device Console Green Blinking POST is in progress/POST is failure.
Page 254: Appendix B System Log Entries
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Appendix B System Log Entries The following table lists all possible entries and their corresponding meanings that will appear in the System Log of this Switch. Category Event Description...
Page 255 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Configuration successfully Configuration successfully by console uploaded Informational uploaded by console (Username: <username>) Configuration upload was Configuration upload was unsuccessful! (Username: Warning unsuccessful <username>, IP: <ipaddr>) Configuration upload by...
Page 256 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Web (SSL) session timed Web (SSL) session timed out (Username: <username>, Informational IP: <ipaddr>) Successful login through Successful login through Telnet (Username: <username>, Telnet Informational Telnet IP: <ipaddr>) Login failed through Telnet (Username: <username>, IP:...
Page 257 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Successful login through Successful login through Console authenticated by AAA Console authenticated by Informational local method (Username: <username>) AAA local method Login failed through Login failed through Console authenticated by AAA local...
Page 258 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Successful login through Successful login through Console authenticated by AAA Console authenticated by Informational server <serverIP> (Username: <username>) AAA server Login failed through Login failed through Console authenticated by AAA server...
Page 259 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Successful Enable Admin through Console Successful Enable Admin through Console authenticated Informational authenticated by AAA by AAA local_enable method (Username: <username>) local_enable method Enable Admin failed through Console...
Page 260 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide method. Successful Enable Admin Successful Enable Admin through Telnet from <userIP> through Telnet authenticated by AAA none method (Username: Informational authenticated by AAA none <username>) method Successful Enable Admin Successful Enable Admin through SSH from <userIP>...
Page 261 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Enable Admin failed Enable Admin failed through SSH from <userIP> through SSH authenticated authenticated by AAA server <serverIP> (Username: Warning by AAA server <username>) Enable Admin failed Enable Admin failed through SSH from <userIP> due to...
Page 262 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Engine normal mode Safeguard Engine is in Safeguard Engine enters EXHAUSTED mode Warning exhausted mode Broadcast strom Packet Storm Port <portNum> Broadcast storm is occurring Warning occurrence Broadcast storm cleared Port <portNum>...
Page 263 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide restarted after interval time restarted. Port with VID loop Port <portNum> VID <vlanID> LBD loop occurred. Packet Critical occurred discard begun. Port with VID Loop Port <portNum> VID <vlanID> LBD recovered. Loop...
Page 264 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide BPDU attack automatically Port <portNum> recover from BPDU under protection state Informational recover automatically BPDU attack manually Port <portNum> recover from BPDU under protection state Informational recover manually CFM cross-connect.
Page 265 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide 1.3.6.1.2.1.17.0.1 (BRIDGE-MIB) topologyChange None RFC1493 1.3.6.1.2.1.17.0.2 (BRIDGE-MIB) risingAlarm alarmIndex rfc2819 1.3.6.1.2.1.16.0.1 alarmVariable (RMON-MIB) alarmSampleType alarmValue alarmRisingThreshold fallingAlarm alarmIndex rfc2819 1.3.6.1.2.1.16.0.2 alarmVariable (RMON-MIB) alarmSampleType alarmValue alarmFallingThreshold LldpRemTablesChange lldpStatsRemTablesInserts LLDP-MIB 1.0.8802.1.1.2.0.0.1...
Page 266 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Proprietary Trap List Trap Name/OID Variable Bind Format MIB Name SwIpMacBindingViolationTrap swIpMacBindingPortIndex IPMacBind-MIB 1.3.6.1.4.1.171.12.23.5.0.1 swlpMacBindingViolationIP swlpMacBindingViolationMac swIpMacBindingStopLearningTrap IPMacBind-MIB swIpMacBindingPortIndex 1.3.6.1.4.1.171.12.23.5.0.2 swIpMacBindingRecoverLearningTrap IPMacBind-MIB swIpMacBindingPortIndex 1.3.6.1.4.1.171.12.23.5.0.3 swMacBasedAuthLoggedSuccess swMacBasedAuthInfoMacIndex MBA-MIB 1.3.6.1.4.1.171.12.35.11.1.0.1...
Page 267 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide 1.3.6.1.4.1.171.12.8.6.0.13 swSingleIPMSMacAddr ifIndex swSingleIPMSLinkUp swSingleIPMSID SINGLE-IP-MIB 1.3.6.1.4.1.171.12.8.6.0.14 swSingleIPMSMacAddr ifIndex swSingleIPMSAuthFail swSingleIPMSID SINGLE-IP-MIB 1.3.6.1.4.1.171.12.8.6.0.15 swSingleIPMSMacAddr swSingleIPMSnewRoot swSingleIPMSID SINGLE-IP-MIB 1.3.6.1.4.1.171.12.8.6.0.16 swSingleIPMSMacAddr swSingleIPMSTopologyChange swSingleIPMSID SINGLE-IP-MIB 1.3.6.1.4.1.171.12.8.6.0.17 swSingleIPMSMacAddr swSingleIPMSrisingAlarm swSingleIPMSID SINGLE-IP-MIB 1.3.6.1.4.1.171.12.8.6.0.18...
Page 268 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide swL2macNotification des3200-10- L2mgmt.mib 1.3.6.1.4.1.171.11.113.1.1.2.20.0.2 des3200-18- 1.3.6.1.4.1.171.11.113.1.2.2.20.0.2 L2mgmt.mib 1.3.6.1.4.1.171.11.113.1.3.2.20.0.2 des3200-26- swL2macNotifyInfo L2mgmt.mib 1.3.6.1.4.1.171.11.113.1.4.2.20.0.2 des3200-28- L2mgmt.mib des3200-28f- L2mgmt.mib swL2PortLoopOccurred des3200-10- L2mgmt.mib 1.3.6.1.4.1.171.11.113.1.1.2.20.0.3 des3200-18- 1.3.6.1.4.1.171.11.113.1.2.2.20.0.3 L2mgmt.mib 1.3.6.1.4.1.171.11.113.1.3.2.20.0.3 des3200-26- swL2LoopDetectPortIndex L2mgmt.mib 1.3.6.1.4.1.171.11.113.1.4.2.20.0.3 des3200-28- L2mgmt.mib...
Page 269: Appendix C Radius Attributes Assignment
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Appendix C RADIUS Attributes Assignment The RADIUS Attributes Assignment on the DES-3200 is used in the following modules: 802.1X (Port-based and Host- based), and MAC-based Access Control. The description that follows explains the following RADIUS Attributes Assignment types: ...
Page 270 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide To assign 802.1p default priority by RADIUS Server, the proper parameters should be configured on the RADIUS Server. The tables below show the parameters for 802.1p default priority.
Page 271 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide If the user has configured the VLAN attribute of the RADIUS server (for example, VID 3) and the 802.1X, or MAC-based Access Control authentication is successful, the port will be added to VLAN 3. However, if the user does not configure the VLAN attribute and authenticates successfully, the port will be kept in its original VLAN.
Page 272: Appendix D Glossary
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Appendix D Glossary 1000BASE-SX: A short laser wavelength on multimode fiber optic cable for a maximum length of 2000 meters 1000BASE-LX: A long wavelength for a "long haul" fiber optic cable for a maximum length of 10 kilometers 1000BASE-T: 1000Mbps Ethernet implementation over Category 5E cable.
Page 273 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide IP address: Internet Protocol address. A unique identifier for a device attached to a network using TCP/IP. The address is written as four octets separated with full-stops (periods), and is made up of a network section, an optional subnet section and a host section.
Page 274 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide VLAN - Virtual LAN: A group of location- and topology-independent devices that communicate as if they are on a common physical LAN. VLT - Virtual LAN Trunk: A Switch-to-Switch link which carries traffic for all the VLANs on each Switch.
Page 275: Appendix E Warranty
DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide Appendix E Warranty...
Page 276 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide...
Page 277 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide...
Page 278 DES-3200 Series Layer 2 Ethernet Managed Switch WEB UI Reference Guide...

This manual is also suitable for:

Xstack des-3200 series Xstack des-3200-2bf

D-Link xStack Reference Manual

Web-Based Switch Configuration

Configuration

L2 Features

Qos

Security

Acl

Monitoring

Save and Tools

Appendix A Technical Specification

Appendix B System Log Entries

Appendix C RADIUS Attributes Assignment

Appendix D Glossary

Appendix E Warranty

Quick Links

Related Manuals for D-Link xStack

Summary of Contents for D-Link xStack