Wired Configuration Guide Product Model : DWS-3000 Series Unified Wired & Wireless Access System Release 2.1 April 2008 ©Copyright 2008. All rights reserved.
Wired Configuration Guide 2 © 2001- 2008 D-Link Corporation. All Rights Reserved.
Table of Contents List of Figures. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 List of Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 About This Book . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Document Organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . CLI/Web Examples - Slot/Port Designations . . . . . . . . . . . . . . . . . . . . . . .
Wired Configuration Guide Guest VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 Configuring the Guest VLAN by Using the CLI. . . . . . . . . . . . . . . . . . . . . . . . Configuring the Guest VLAN by Using the Web Interface. . . . . . . . . . . . . . . . 39 40 Configuring Dynamic VLAN Assignment . . . . . . . . . . . . . . . . . . . . . . . . . . 41 5 Storm Control. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
10 Link Layer Discovery Protocol . . . . . . . . . . . . . . . . . . . . . . . . . 69 CLI Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 Example #1: Set Global LLDP Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . Example #2: Set Interface LLDP Parameters. . . . . . . . . . . . . . . . . . . . . . . . . Example #3: Show Global LLDP Parameters . . . . . . . . . . . . . . . . . . . . . . . . Example #4 Show Interface LLDP Parameters .
Wired Configuration Guide IP ACL CLI Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 Example #1: Create ACL 179 and Define an ACL Rule . . . . . . . . . . . . . . . . . Example #2: Define the Second Rule for ACL 179 . . . . . . . . . . . . . . . . . . . . . Example #3: Apply the rule to Inbound Traffic on Port 0/2 . . . . . . . . . . . . . . 98 98 98 MAC ACL CLI Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Example #1: Enable DHCP Filtering for the Switch . . . . . . . . . . . . . . . . . . Example #2: Enable DHCP Filtering for an Interface . . . . . . . . . . . . . . . . . Example #3: Show DHCP Filtering Configuration . . . . . . . . . . . . . . . . . . . 146 146 146 Web Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146 22 Traceroute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149 CLI Example . . . . . . . . . . .
Wired Configuration Guide Interpreting Log Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167 CLI Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168 Example #1: show logging. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Example #2: show logging buffered. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Example #3: show logging traplogs . . . . . . . . . . . . . .
List of Figures List of Figures Figure 1. Web Interface Panel-Example .............................................................. 28 Figure 2. Web Interface Panel-Example .............................................................. 29 Figure 3. Configuring an SNMP V3 User Profile ................................................ 29 Figure 4. VLAN Example Network Diagram....................................................... 32 Figure 5. VLAN Configuration ...............................................
Wired Configuration Guide Figure 44. VRRP Configuration ........................................................................... 91 Figure 45. Virtual Router Configuration .............................................................. 92 Figure 46. Proxy ARP Configuration ................................................................... 94 Figure 47. IP ACL Example Network Diagram ................................................... 97 Figure 48. MAC ACL Configuration Page - Create New MAC ACL ........
List of Figures Figure 88. Create an Authentication List............................................................ 137 Figure 89. Configure the Authentication List ..................................................... 137 Figure 90. Set the User Login ............................................................................. 138 Figure 91. DWS-3000 with TACACS+.............................................................. 140 Figure 92. Add a TACACS+ Server ............................................
Wired Configuration Guide 12 © 2001- 2008 D-Link Corporation. All Rights Reserved.
List of Tables List of Tables Table 1. Quick Start up Software Version Information . . . . . . . . . . . . . . . . . . . . 22 Table 2. Quick Start up Physical Port Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 Table 3. Quick Start up User Account Management . . . . . . . . . . . . . . . . . . . . . . 23 Table 4. Quick Start up IP Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 Table 5. Uploading from Networking Device to Out-of-Band PC (XMODEM) . . . . .
Wired Configuration Guide 14 © 2001- 2008 D-Link Corporation. All Rights Reserved.
About This Book About This Book This document provides an understanding of the CLI and Web configuration options for D-Link DWS-3000 features. Document Organization This document shows examples of the use of the Unified Switch in a typical network. It describes the use and advantages of specific functions provided by the Unified Switch and includes information about configuring those functions using the command-line interface (CLI) and Web interface.
Wired Configuration Guide • Management - RADIUS - TACACS+ - DHCP Filtering - Traceroute - Configuration Scripting - Outbound Telnet - Pre-Login Banner - Simple Network Time Protocol (SNTP) - Syslog - Port Description CLI/Web Examples - Slot/Port Designations To help you understand configuration tasks, this document contains examples from the CLI and Web Interfaces. The examples are based on the D-Link DWS-3000 switch and use the slot/port naming convention for interfaces, e.g.
1 Getting Started Connect a terminal to the switch to begin configuration. In-Band and Out-of-Band Connectivity Ask the system administrator to determine whether you will configure the switch for in-band or out-of-band connectivity. To use the Web Interface, you must set up your system for in-band connectivity. Configuring for In-Band Connectivity In-band connectivity allows you to access the switch from a remote workstation using the Ethernet network.
Wired Configuration Guide Gateway IP address of the default router, if the switch is a node outside the IP range of the LAN MAC Address MAC address of the switch When you connect the switch to the network for the first time after setting up the BootP or DHCP server, it is configured with the information supplied above. The switch is ready for inband connectivity over the network.
1 Getting Started Subnet Subnet mask for the LAN. Gateway IP address of the default router, if the switch is a node outside the IP range of the LAN. 6. To enable these changes to be retained during a reset of the switch, type CTRL+Z to return to the main prompt, type save config at the main menu prompt, and type y to confirm the changes. 7. To view the changes and verify in-band information, issue the command: show network. 8.
Wired Configuration Guide Starting the Switch 1. Make sure that the switch console port is connected to a VT100 terminal or a VT100 terminal emulator via the RS-232 crossover cable. 2. Locate an AC power receptacle. 3. Deactivate the AC power receptacle. 4. Connect the switch to the AC receptacle. 5. Activate the AC power receptacle. When the power is turned on with the local terminal already connected, the switch goes through a power-on self-test (POST).
1 Getting Started Unified Switch Installation This section contains procedures to help you become acquainted quickly with the switch software. Before installing the Unified Switch, you should verify that the switch operates with the most recent firmware. Quick Starting the Networking Device 1. Configure the switch for In-band or Out-of-Band connectivity. In-band connectivity allows access to the Unified Switch locally or from a remote workstation.
Wired Configuration Guide This command saves the changes to the configuration file. You must be in the correct mode to execute the command. If you do not save the configuration, all changes are lost when you power down or reset the networking device. Quick Start up Software Version Information Table 1. Quick Start up Software Version Information Command Details show hardware Switch: 1 (Privileged EXEC Mode) System Description..................... D-Link DWS-3026 Machine Model.........................
1 Getting Started Quick Start up User Account Management Table 3. Quick Start up User Account Management Command show users (Privileged EXEC Mode) Details Displays all of the users who are allowed to access the networking device Access Mode - Shows whether the user is able to change parameters on the networking device(Read/Write) or is only able to view them (Read Only). As a factory default, the admin user has Read/Write access and the guest user has Read Only access.
Wired Configuration Guide Quick Start up IP Address To view the network parameters the operator can access the device by the following three methods. • • • Simple Network Management Protocol - SNMP Telnet Web Browser NOTE: Helpful Hint: The user should do a ‘copy system:running-config nvram:star- tup-config’ after configuring the network parameters so that the configurations are not lost Table 4.
1 Getting Started Quick Start up Uploading from Networking Device to Out-of-Band PC (XMODEM) Table 5. Uploading from Networking Device to Out-of-Band PC (XMODEM) Command copy nvram:startup-config (Privileged EXEC Mode) Details Starts the upload, displays the mode and type of upload, and confirms the upload is progressing.
Wired Configuration Guide Quick Start up Downloading from TFTP Server Before starting a TFTP server download, the operator must complete the Quick Start up for the IP Address. Table 7. Downloading from TFTP Server Command Details copy // > nvram:startup-config (Privileged EXEC Mode) Sets the destination (download) datatype to be an image (system:image) or a configuration file (nvram:startup-config).
2 Using the Web Interface This chapter is a brief introduction to the Web interface — it explains how to access the Webbased management panels to configure and manage the system. Tip: Use the Web interface for configuration instead of the CLI interface. Web configuration is quicker and easier than entering multiple required CLI commands. You can manage your switch through a Web browser and Internet connection. This is referred to as Web-based management.
Wired Configuration Guide Starting the Web Interface Follow these steps to start the switch Web interface: 1. Enter the IP address of the switch in the Web browser address field. 2. Enter the appropriate User Name and Password. The User Name and associated Password are the same as those used for the terminal interface. Click on the Login button. Figure 1. Web Interface Panel-Example 3. The System Description Menu displays as shown in Figure 2, with the navigation tree appearing to the left of the screen.
2 Using the Web Interface Figure 2. Web Interface Panel-Example Configuring an SNMP V3 User Profile Configuring an SNMP V3 user profile is a part of user configuration. Any user can connect to the switch using the SNMPv3 protocol, but for authentication and encryption, additional steps are needed. Use the following steps to configure an SNMP V3 new user profile. Figure 3. Configuring an SNMP V3 User Profile 1. From the LAN navigation menu, select LAN> Administration>User Accounts (see Figure 3).
Wired Configuration Guide 2. Using the User pull-down menu, select Create to create a new user. 3. Enter a new user name in the User Name field. 4. Enter a new user password in the Password field and then retype it in the Confirm Password field. NOTE: If SNMPv3 Authentication is to be implemented for this user, set a password of eight or more alphanumeric characters. 5. If you do not need authentication, go to Step 9. 6.
3 Virtual LANs Adding Virtual LAN (VLAN) support to a Layer 2 switch offers some of the benefits of both bridging and routing. Like a bridge, a VLAN switch forwards traffic based on the Layer 2 header, which is fast. Like a router, it partitions the network into logical segments, which provides better administration, security and management of multicast traffic. A VLAN is a set of end stations and the switch ports that connect them.
Wired Configuration Guide VLAN Configuration Example The diagram in this section shows a switch with four ports configured to handle the traffic for two VLANs. Port 0/2 handles traffic for both VLANs, while port 0/1 is a member of VLAN 2 only, and ports 0/3 and 0/4 are members of VLAN 3 only. The script following the diagram shows the commands you would use to configure the switch as shown in the diagram. Figure 4. VLAN Example Network Diagram 5NIFIED 3WITCH 0ORT 6,!. 0ORT 6,!.
3 Virtual LANs CLI Examples The following examples show how to create VLANs, assign ports to the VLANs, and assign a VLAN as the default VLAN to a port. Example #1: Create Two VLANs Use the following commands to create two VLANs and to assign the VLAN IDs while leaving the names blank.
Wired Configuration Guide (DWS-3024) (Interface 0/4)#exit (DWS-3024) (Config)#exit Example #4: Assign VLAN3 as the Default VLAN This example shows how to assign VLAN 3 as the default VLAN for port 0/2. (DWS-3024) (DWS-3024) (DWS-3024) (DWS-3024) (DWS-3024) #config (Config)#interface 0/2 (Interface 0/2)#vlan pvid 3 (Interface 0/2)#exit (Config)#exit Example #5: Assign IP Addresses to VLAN 2 (DWS-3024) #vlan database (DWS-3024) (Vlan)#vlan association subnet 192.168.10.10 255.255.255.
3 Virtual LANs To specify the handling of untagged frames on receipt use the LAN> L2 Features > VLAN > Port Configuration page. Figure 6. VLAN Port Configuration Private Edge VLANs Use the Private Edge VLAN feature to prevent ports on the switch from forwarding traffic to each other even if they are on the same VLAN. • • Protected ports cannot forward traffic to other protected ports in the same group, even if they have the same VLAN membership. Protected ports can forward traffic to unprotected ports.
Wired Configuration Guide CLI Example Example #1: switchport protected (DWS-3024) (DWS-3024) (DWS-3024) Press (DWS-3024) #config (Config)#interface 0/1 (Interface 0/1)#switchport protected ? Enter to execute the command. (Interface 0/1)#switchport protected Example #2: show switchport protected (DWS-3024) #show switchport protected 0/1 36 © 2001- 2008 D-Link Corporation. All Rights Reserved.
4 802.1X Network Access Control Port-based network access control allows the operation of a system’s port(s) to be controlled to ensure that access to its services is permitted only by systems that are authorized to do so. Port Access Control provides a means of preventing unauthorized access by supplicants or users to the services offered by a System.
Wired Configuration Guide simpler. At the start of service for a user, the RADIUS client that is configured to use accounting sends an accounting start packet specifying the type of service that it will deliver. Once the server responds with an acknowledgement, the client periodically transmits accounting data. At the end of service delivery, the client sends an accounting stop packet allowing the server to update specified statistics. The server again responds with an acknowledgement. 802.
4 802.1X Network Access Control Guest VLAN The Guest VLAN feature allows a switch to provide a distinguished service to unauthenticated users. This feature provides a mechanism to allow visitors and contractors to have network access to reach external network with no ability to surf internal LAN. When a client that does not support 802.1X is connected to an unauthorized port that is 802.1X-enabled, the client does not respond to the 802.1X requests from the switch.
Wired Configuration Guide Configuring the Guest VLAN by Using the Web Interface To enable the Guest VLAN features by using the Web interface, use the LAN> Security > 802.1x > 802.1X Setting page. To configure the Guest VLAN settings on a port, use the LAN> Security > 802.1x > 802.1X Port Setting page. 40 © 2001- 2008 D-Link Corporation. All Rights Reserved.
4 802.1X Network Access Control Configuring Dynamic VLAN Assignment The software also supports VLAN assignment for clients based on the RADIUS server authentication. To enable the switch to accept VLAN assignment by the RADIUS server, use the authorization network radius command in Global Config mode. To enable the VLAN Assignment Mode by using the Web interface, use the LAN> Security > 802.1x > 802.1X Setting page and select Enable from the VLAN Assignment Mode menu.
Wired Configuration Guide 42 © 2001- 2008 D-Link Corporation. All Rights Reserved.
5 Storm Control A traffic storm is a condition that occurs when incoming packets flood the LAN, which creates performance degradation in the network. The Unified Switch’s Storm Control feature protects against this condition. The Unified Switch provides broadcast, multicast, and unicast storm recovery for individual interfaces or for all interfaces. Unicast Storm Control protects against traffic whose MAC addresses are not known by the system.
Wired Configuration Guide Enter the storm-control threshold as percent of port speed. (DWS-3024) (Config)#storm-control broadcast all level 7 (DWS-3024) (Config)#exit (DWS-3024) Example #2: Set Multicast Storm Control for All Interfaces (DWS-3024) #config (DWS-3024) (Config)#storm-control multicast all ? level Press Enter to execute the command. Configure storm-control thresholds.
5 Storm Control Web Interface The Storm Control configuration options are available on the Port Configuration Web page under the Administration folder. Figure 8.
Wired Configuration Guide 46 © 2001- 2008 D-Link Corporation. All Rights Reserved.
6 Trunking (Link Aggregation) This section shows how to use the Trunking feature (also known as Link Aggregation) to configure port-channels by using the CLI and the Web interface. The Link Aggregation (LAG) feature allows the switch to treat multiple physical links between two end-points as a single logical link called a port-channel. All of the physical links in a given port-channel must operate in full-duplex mode at the same speed.
Wired Configuration Guide Figure 9 shows the example network. Figure 9.
6 Trunking (Link Aggregation) (DWS-3024) #show port-channel all PortLink Log. Channel Adm. Trap STP Mbr Port Port Intf Name Link Mode Mode Mode Type Ports Speed Active ------ ------------- ----- ---- ---- ------ ------- ------ --------- -----3/1 lag_10 Down En. En. Dis. Dynamic 3/2 lag_20 Down En. En. Dis.
Wired Configuration Guide Web Interface Configuration - LAGs/Port-channels To perform the same configuration using the Web interface, use the LAN> L2 Features > Trunking > Configuration page. Figure 10. Trunking Configuration To create the port-channels, specify port participation and enable Link Aggregation (LAG) support on the switch. 50 © 2001- 2008 D-Link Corporation. All Rights Reserved.
7 IGMP Snooping This section describes the Internet Group Management Protocol (IGMP) feature: IGMPv3 and IGMP Snooping. The IGMP Snooping feature enables the switch to monitor IGMP transactions between hosts and routers. It can help conserve bandwidth by allowing the switch to forward IP multicast traffic only to connected hosts that request multicast traffic.
Wired Configuration Guide Example #2: show mac-address-table igmpsnooping (DWS-3024) #show mac-address-table igmpsnooping ? Press Enter to execute the command.
7 IGMP Snooping Web Examples The following web pages are used in the IGMP Snooping feature. Click Help for more information on the web interface. Figure 11.
Wired Configuration Guide Figure 12. IGMP Snooping - Interface Configuration Page Figure 13. IGMP Snooping VLAN Configuration 54 © 2001- 2008 D-Link Corporation. All Rights Reserved.
7 IGMP Snooping Figure 14. IGMP Snooping - VLAN Status Page Figure 15.
Wired Configuration Guide Figure 16. IGMP Snooping - Multicast Router Configuration Page Figure 17. IGMP Snooping - Multicast Router VLAN Statistics Page 56 © 2001- 2008 D-Link Corporation. All Rights Reserved.
7 IGMP Snooping Figure 18.
Wired Configuration Guide 58 © 2001- 2008 D-Link Corporation. All Rights Reserved.
8 Port Mirroring This section describes the Port Mirroring feature, which can serve as a diagnostic tool, debugging tool, or means of fending off attacks. Overview Port mirroring selects network traffic from specific ports for analysis by a network analyzer, while allowing the same traffic to be switched to its destination. You can configure many switch ports as source ports and one switch port as a destination port. You can also configure how traffic is mirrored on a source port.
Wired Configuration Guide Example #2: Show the Port Mirroring Session (DWS-3024) #show monitor session 1 Session ID ---------1 Admin Mode ---------Enable Probe Port Mirrored Port Type -------------------------0/8 0/7 Rx,Tx (DWS-3024) #Monitor session ID “1” - “1” is a hardware limitation.
8 Port Mirroring Web Examples The following web pages are used with the Port Mirroring feature. Figure 19. Multiple Port Mirroring Figure 20.
Wired Configuration Guide Figure 21. System - Port Utilization Summary 62 © 2001- 2008 D-Link Corporation. All Rights Reserved.
9 Port Security This section describes the Port Security feature. Overview Port Security: • • • • • • Allows for limiting the number of MAC addresses on a given port. Packets that have a matching MAC address (secure packets) are forwarded; all other packets (unsecure packets) are restricted. Enabled on a per port basis. When locked, only packets with allowable MAC address will be forwarded. Supports both dynamic and static. Implement two traffic filtering methods. These methods can be used concurrently.
Wired Configuration Guide CLI Examples The following are examples of the commands used in the Port Security feature. Example #1: show port security (DWS-3024) #show port-security ? all dynamic static violation Press Enter to execute the command. Display port-security information for all interfaces Display port security information for a specific interface. Display dynamically learned MAC addresses. Display statically locked MAC addresses.
9 Port Security Web Examples The following Web pages are used in the Port Security feature. Figure 22. Port Security Administration Figure 23.
Wired Configuration Guide Figure 24. Port Security Statically Configured MAC Addresses To view Port Security status information, navigate to LAN> Monitoring > Port Security from the navigation panel. Figure 25. Port Security Dynamically Learned MAC Addresses 66 © 2001- 2008 D-Link Corporation. All Rights Reserved.
9 Port Security Figure 26.
Wired Configuration Guide 68 © 2001- 2008 D-Link Corporation. All Rights Reserved.
10 Link Layer Discovery Protocol The Link Layer Discovery Protocol (LLDP) feature allows individual interfaces on the switch to advertise major capabilities and physical descriptions. Network managers can view this information and identify system topology and detect bad configurations on the LAN. LLDP has separately configurable transmit and receive functions. Interfaces can transmit and receive LLDP information.
Wired Configuration Guide (DWS-3024) # Example #2: Set Interface LLDP Parameters The following commands configure interface 0/10 to transmit and receive LLDP information. (DWS-3024) #config (DWS-3024) (Config)#interface 0/10 (DWS-3024) (Interface 0/10)#lldp ? notification receive transmit transmit-mgmt transmit-tlv Enable/Disable LLDP remote data change notifications. Enable/Disable LLDP receive capability. Enable/Disable LLDP transmit capability. Include/Exclude LLDP management address TLV.
10 Link Layer Discovery Protocol Using the Web Interface to Configure LLDP The LLDP menu page contains links to the following features: • • • • LLDP Configuration LLDP Statistics LLDP Connections LLDP Configuration Use the LLDP Global Configuration page to specify LLDP parameters. Figure 27. LLDP Global Configuration The LLDP Global Configuration page contains the following fields: • • • • Transmit Interval (1-32768) — Specifies the interval at which frames are transmitted.
Wired Configuration Guide Use the LLDP Interface Configuration screen to specify transmit and receive functions for individual interfaces. Figure 28. LLDP Interface Configuration Interface Parameters • • • • • • 72 Interface — Specifies the port to be affected by these parameters. Transmit Mode — Enables or disables the transmit function. The default is disabled. Receive Mode — Enables or disables the receive function. The default is disabled.
10 Link Layer Discovery Protocol Figure 29. LLDP Interface Summary Figure 30. LLDP Statistics You can also use the pages in the LAN> Monitoring > LLDP Status folder to view information about local and remote devices.
Wired Configuration Guide 74 © 2001- 2008 D-Link Corporation. All Rights Reserved.
11 Denial of Service Attack Protection This section describes the D-Link DWS-3000 switch’s Denial of Service Protection feature. Overview Denial of Service: • • • • Spans two categories: - Protection of the Unified Switch - Protection of the network Protects against the exploitation of a number of vulnerabilities which would make the host or network unstable Compliant with Nessus. Nessus is a widely-used vulnerability assessment tool.
Wired Configuration Guide First Fragment Mode............................ Min TCP Hdr Size............................... TCP Fragment Mode.............................. TCP Flag Mode.................................. L4 Port Mode................................... ICMP Mode...................................... Max ICMP Pkt Size..............................
12 Port Routing The first networks were small enough for the end stations to communicate directly. As networks grew, Layer 2 bridging was used to segregate traffic, a technology that worked well for unicast traffic, but had problems coping with large quantities of multicast packets. The next major development was routing, where packets were examined and redirected at Layer 3.
Wired Configuration Guide • • ARP Mapping - responsible for maintaining the ARP Table used to correlate IP and MAC addresses. The table contains both static entries and entries dynamically updated based on information in received ARP frames. Routing Table Object - responsible for maintaining the routing table populated by local and static routes. CLI Examples The diagram in this section shows a Unified Switch configured for port routing.
12 Port Routing Example 2. Enabling Routing for Ports on the Switch Use the following commands to enable routing for ports on the switch. The default link-level encapsulation format is Ethernet. Configure the IP addresses and subnet masks for the ports. Network directed broadcast frames are dropped and the maximum transmission unit (MTU) size is 1500 bytes. config interface 0/2 routing ip address 192.150.2.2 255.255.255.0 exit exit config interface 0/3 routing ip address 192.130.3.1 255.255.255.
Wired Configuration Guide Using the Web Interface to Configure Routing Use the following screens to perform the same configuration using the Graphical User Interface: To enable routing for the switch, as shown in Example 1. Enabling routing for the Switch, use the LAN> L3 Features> IP > Configuration page. Figure 33. IP Configuration To configure routing on each interface, as shown in Example 2. Enabling Routing for Ports on the Switch, use the LAN> L3 Features > IP > Interface Configuration page.
13 VLAN Routing You can configure the Unified Switch with some ports supporting VLANs and some supporting routing. You can also configure the Unified Switch to allow traffic on a VLAN to be treated as if the VLAN were a router port. When a port is enabled for bridging (default) rather than routing, all normal bridge processing is performed for an inbound packet, which is then associated with a VLAN. Its MAC Destination Address (MAC DA) and VLAN ID are used to search the MAC address table.
Wired Configuration Guide Figure 35. VLAN Routing Example Network Diagram 5NIFIED 3WITCH 0HYSICAL 0ORT 6,!. 2OUTER 0ORT 0HYSICAL 0ORT 6,!. 2OUTER 0ORT 0HYSICAL 0ORT ,AYER 3WITCH ,AYER 3WITCH 6,!. 6,!. Example 1: Create Two VLANs The following commands show an example of how to create two VLANs with egress frame tagging enabled.
13 VLAN Routing Next specify the VLAN ID assigned to untagged frames received on the ports. config interface 0/1 vlan pvid 10 exit interface 0/2 vlan pvid 10 exit interface 0/3 vlan pvid 20 exit exit Example 2: Set Up VLAN Routing for the VLANs and the Switch. The following commands show how to enable routing for the VLANs: vlan database vlan routing 10 vlan routing 20 exit show ip vlan This returns the logical interface IDs that will be used in subsequent routing commands.
Wired Configuration Guide Using the Web Interface to Configure VLAN Routing You can perform the same configuration by using the Web Interface. Use the LAN> L2 Features > VLAN> VLAN Configuration page to create the VLANs, specify port participation, and configure whether frames will be transmitted tagged or untagged. Figure 36. VLAN Configuration Use the LAN> L2 Features > VLAN > Port Configuration page to specify the handling of untagged frames on receipt. Figure 37.
13 VLAN Routing Use the LAN> L3 Features > VLAN Routing > Configuration page to enable VLAN routing and configure the ports. Figure 38. VLAN Routing Configuration To enable routing for the switch, use the LAN> L3 Features > IP > Configuration page. Figure 39.
Wired Configuration Guide Use the LAN> L3 Features > IP > Interface Configuration page to enable routing for the ports and configure their IP addresses and subnet masks. Figure 40. IP Interface Configuration 86 © 2001- 2008 D-Link Corporation. All Rights Reserved.
14 Virtual Router Redundancy Protocol When an end station is statically configured with the address of the router that will handle its routed traffic, a single point of failure is introduced into the network. If the router goes down, the end station is unable to communicate. Since static configuration is a convenient way to assign router addresses, Virtual Router Redundancy Protocol (VRRP) was developed to provide a backup mechanism.
Wired Configuration Guide Figure 41. VRRP Example Network Configuration 5NIFIED 3WITCH ACTING AS 2OUTER 5NIFIED 3WITCH ACTING AS 2OUTER 0ORT 6IRTUAL 2OUTER )$ 6IRTUAL !DDR 0ORT 6IRTUAL 2OUTER )$ 6IRTUAL !DDR ,AYER 3WITCH (OSTS Example 1: Configuring VRRP on the Switch as a Master Router Enable routing for the switch. IP forwarding is then enabled by default.
14 Virtual Router Redundancy Protocol Assign virtual router IDs to the port that will participate in the protocol. config interface 0/2 ip vrrp 20 Specify the IP address that the virtual router function will recognize. Note that the virtual IP address on port 0/2 is the same as the port’s actual IP address, therefore this router will always be the VRRP master when it is active. And the priority default is 255. ip vrrp 20 ip 192.150.2.1 Enable VRRP on the port.
Wired Configuration Guide Enable VRRP on the port. ip vrrp 20 mode exit Using the Web Interface to Configure VRRP Use the following screens to perform the same configuration using the Graphical User Interface: To enable routing for the switch, use the LAN > L3 Features > IP > Configuration page. Figure 42. IP Configuration To enable routing for the ports and configure their IP addresses and subnet masks, use the LAN> L3 Features > IP > Interface Configuration page. 90 © 2001- 2008 D-Link Corporation.
14 Virtual Router Redundancy Protocol Figure 43. IP Interface Configuration To enable VRRP for the switch, use the LAN> L3 Features > VRRP > VRRP Configuration page. Figure 44. VRRP Configuration To configure virtual router settings, use the LAN> L3 Features > VRRP > Virtual Router Configuration page.
Wired Configuration Guide Figure 45. Virtual Router Configuration 92 © 2001- 2008 D-Link Corporation. All Rights Reserved.
15 Proxy Address Resolution Protocol (ARP) This section describes the Proxy Address Resolution Protocol (ARP) feature. Overview • • • • Proxy ARP allows a router to answer ARP requests where the target IP address is not the router itself but a destination that the router can reach. If a host does not know the default gateway, proxy ARP can learn the first hop. Machines in one physical network appear to be part of another logical network.
Wired Configuration Guide Example #2: ip proxy-arp DWS-3024) (Interface 0/24)#ip proxy-arp ? Press Enter to execute the command. (DWS-3024) (Interface 0/24)#ip proxy-arp Web Example The following web pages are used in the proxy ARP feature. Figure 46. Proxy ARP Configuration 94 © 2001- 2008 D-Link Corporation. All Rights Reserved.
16 Access Control Lists (ACLs) This section describes the Access Control Lists (ACLs) feature. Overview Access Control Lists (ACLs) are a collection of permit and deny conditions, called rules, that provide security by blocking unauthorized users and allowing authorized users to access specific resources. Normally ACLs reside in a firewall router or in a router connecting two internal networks. ACL Logging provides a means for counting the number of “hits” against an ACL rule.
Wired Configuration Guide • The order of the rules is important: when a packet matches multiple rules, the first rule takes precedence. Also, once you define an ACL for a given port, all traffic not specifically permitted by the ACL is denied access. MAC ACLs MAC ACLs are Layer 2 ACLs. You can configure the rules to inspect the following fields of a packet: • • • • • • • Source MAC address Source MAC mask Destination MAC address Destination MAC mask VLAN ID Class of Service (CoS) (802.
16 Access Control Lists (ACLs) ACL Configuration Process To configure ACLs, follow these steps: • • • • • Create a MAC ACL by specifying a name. Create an IP ACL by specifying a number. Add new rules to the ACL. Configure the match criteria for the rules. Apply the ACL to one or more interfaces. IP ACL CLI Example The script in this section shows you how to set up an IP ACL with two rules, one applicable to TCP traffic and one to UDP traffic. The content of the two rules is the same.
Wired Configuration Guide Example #1: Create ACL 179 and Define an ACL Rule After the mask has been applied, it permits packets carrying TCP traffic that matches the specified Source IP address, and sends these packets to the specified Destination IP address. config access-list 179 permit tcp 192.168.77.0 0.0.0.255 192.168.77.3 0.0.0.0 Example #2: Define the Second Rule for ACL 179 Define the rule to set similar conditions for UDP traffic as for TCP traffic. access-list 179 permit udp 192.168.77.0 0.0.0.
16 Access Control Lists (ACLs) Example #5: Specify MAC ACL Attributes (DWS-3024) (Config)#mac access-list extended mac1 (DWS-3024) (Config-mac-access-list)#deny ? any Enter a MAC Address. Configure a match condition for all the source MAC addresses in the Source MAC Address field. (DWS-3024) (Config-mac-access-list)#deny any ? any bpdu Enter a MAC Address. Configure a match condition for all the destination MAC addresses in the Destination MAC Address field.
Wired Configuration Guide Example #6 Configure MAC Access Group (DWS-3024) (Config)#interface 0/5 (DWS-3024) (Interface 0/5)#mac ? access-group Attach MAC Access List to Interface. (DWS-3024) (Interface 0/5)#mac access-group ? Enter name of MAC Access Control List. (DWS-3024) (Interface 0/5)#mac access-group mac1 ? in Enter the direction . (DWS-3024) (Interface 0/5)#mac access-group mac1 in ? <1-4294967295> Press Enter to execute the command.
16 Access Control Lists (ACLs) Example #7 Set up an ACL with Permit Action (DWS-3024) (Config)#mac access-list extended mac2 (DWS-3024) (Config-mac-access-list)#permit ? any Enter a MAC Address. Configure a match condition for all the source MAC addresses in the Source MAC Address field. (DWS-3024) (Config-mac-access-list)#permit any ? any Enter a MAC Address. Configure a match condition for all the destination MAC addresses in the Destination MAC Address field.
Wired Configuration Guide Web Examples Use the Web pages in this section to configure and view MAC access control list and IP access control lists. MAC ACL Web Pages The following figures show the pages available to view and configure MAC ACL settings. Figure 48. MAC ACL Configuration Page - Create New MAC ACL Figure 49. MAC ACL Rule Configuration - Create New Rule 102 © 2001- 2008 D-Link Corporation. All Rights Reserved.
16 Access Control Lists (ACLs) Figure 50. MAC ACL Rule Configuration Page - Add Destination MAC and MAC Mask Figure 51.
Wired Configuration Guide Figure 52. ACL Interface Configuration Figure 53. MAC ACL Summary 104 © 2001- 2008 D-Link Corporation. All Rights Reserved.
16 Access Control Lists (ACLs) Figure 54. MAC ACL Rule Summary IP ACL Web Pages The following figures show the pages available to view and configure standard and extended IP ACL settings. Figure 55.
Wired Configuration Guide Figure 56. IP ACL Configuration Page - Create a Rule and Assign an ID Figure 57. IP ACL Rule Configuration Page - Rule with Protocol and Source IP Configuration 106 © 2001- 2008 D-Link Corporation. All Rights Reserved.
16 Access Control Lists (ACLs) Figure 58.
Wired Configuration Guide Figure 59. IP ACL Summary Figure 60. IP ACL Rule Summary 108 © 2001- 2008 D-Link Corporation. All Rights Reserved.
17 Class of Service Queuing The Class of Service (CoS) feature lets you give preferential treatment to certain types of traffic over others. To set up this preferential treatment, you can configure the ingress ports, the egress ports, and individual queues on the egress ports to provide customization that suits your environment. The level of service is determined by the egress port queue to which the traffic is assigned.
Wired Configuration Guide CoS Mapping Table for Trusted Ports Mapping is from the designated field values on trusted ports’ incoming packets to a traffic class priority (actually a CoS traffic queue). The trusted port field-to-traffic class configuration entries form the Mapping Table the switch uses to direct ingress packets from trusted ports to egress queues.
17 Class of Service Queuing Figure 61.
Wired Configuration Guide Figure 62. CoS Configuration Example System Diagram 0ORT 0ORT 3ERVER You will configure the ingress interface uniquely for all cos-queue and VLAN parameters. configure interface 0/10 classofservice trust dot1p classofservice dot1p-mapping 6 3 vlan priority 2 exit interface 0/8 cos-queue min-bandwidth 0 0 5 5 10 20 40 0 cos-queue strict 6 exit exit You can also set traffic shaping parameters for the interface.
17 Class of Service Queuing Web Examples The following web pages are used for the Class of Service feature. Figure 63. 802.1p Priority Mapping Page Figure 64.
Wired Configuration Guide Figure 65. IP DSCP Mapping Configuration Page Figure 66. CoS Interface Configuration Page 114 © 2001- 2008 D-Link Corporation. All Rights Reserved.
17 Class of Service Queuing Figure 67. CoS Interface Queue Configuration Page Figure 68.
Wired Configuration Guide 116 © 2001- 2008 D-Link Corporation. All Rights Reserved.
18 Differentiated Services Differentiated Services (DiffServ) is one technique for implementing Quality of Service (QoS) policies. Using DiffServ in your network allows you to directly configure the relevant parameters on the switches and routers rather than using a resource reservation protocol. This section explains how to configure the Unified Switch to identify which traffic class a packet belongs to, and how it should be handled to provide the desired quality of service.
Wired Configuration Guide • The Unified Switch supports the Traffic Conditioning Policy type which is associated with an inbound traffic class and specifies the actions to be performed on packets meeting the class rules: - Marking the packet with a given DSCP, IP precedence, or CoS - Policing packets by dropping or re-marking those that exceed the class’s assigned data rate - Counting the traffic within the class Service – Assigns a policy to an interface for inbound traffic.
18 Differentiated Services 2. Create a DiffServ class of type “all” for each of the departments, and name them. Define the match criteria -- Source IP address -- for the new classes. class-map match-all finance_dept match srcip 172.16.10.0 255.255.255.0 exit class-map match-all marketing_dept match srcip 172.16.20.0 255.255.255.0 exit class-map match-all test_dept match srcip 172.16.30.0 255.255.255.0 exit class-map match-all development_dept match srcip 172.16.40.0 255.255.255.0 exit 3.
Wired Configuration Guide queue attribute. It is presumed that the switch will forward this traffic to interface 0/5 based on a normal destination address lookup for internet traffic. interface 0/5 cos-queue min-bandwidth 0 25 25 25 25 0 0 0 exit exit Adding Color-Aware Policing Attribute Policing in the DiffServ feature uses either “color blind” or “color aware” mode. Color blind mode ignores the coloration (marking) of the incoming packet.
18 Differentiated Services 3. View information about the DiffServ policy and class configuration. In the following example, the interface specified is interface 0/1. The policy is attached to interfaces 0/1 through 0/4. (DWS-3024) #show diffserv service 0/1 in DiffServ Admin Mode............................ Interface...................................... Direction...................................... Operational Status............................. Policy Name....................................
Wired Configuration Guide Figure 70. DiffServ Configuration Figure 71. DiffServ Class Configuration 122 © 2001- 2008 D-Link Corporation. All Rights Reserved.
18 Differentiated Services Figure 72. DiffServ Class Configuration - Add Match Criteria Figure 73.
Wired Configuration Guide Figure 74. DiffServ Class Configuration Figure 75. DiffServ Class Summary 124 © 2001- 2008 D-Link Corporation. All Rights Reserved.
18 Differentiated Services Figure 76. DiffServ Policy Configuration Figure 77.
Wired Configuration Guide Figure 78. DiffServ Policy Class Definition Figure 79. Assign Queue 126 © 2001- 2008 D-Link Corporation. All Rights Reserved.
18 Differentiated Services Figure 80. DiffServ Policy Summary Figure 81.
Wired Configuration Guide Figure 82. DiffServ Service Configuration Figure 83. DiffServ Service Summary 128 © 2001- 2008 D-Link Corporation. All Rights Reserved.
18 Differentiated Services Configuring the Color-Aware Attribute by Using the Web The following screens show the additional steps to take to configure the finance_dept class with a color-aware attribute. 1. Add a new class to serve as the auxiliary traffic class. A. From the Class Selector menu on the DiffServ Class Configuration page, select Create. B. After the screen refreshes, enter color_class in the Class field. C. Select All as the Class Type. D. Click Submit.
Wired Configuration Guide C. After the screen refreshes, enter values for the Committed Rate and Committed Burst Size fields. D. Click Configure Selected Attribute. The DiffServ Policy Attribute Summary page appears so you can view information about all of the policies and their attributes configured on the system. 130 © 2001- 2008 D-Link Corporation. All Rights Reserved.
18 Differentiated Services DiffServ for VoIP Configuration Example One of the most valuable uses of DiffServ is to support Voice over IP (VoIP). VoIP traffic is inherently time-sensitive: for a network to provide acceptable service, a guaranteed transmission rate is vital. This example shows one way to provide the necessary quality of service: how to set up a class for UDP traffic, have that traffic marked on the inbound side, and then expedite the traffic on the outbound side.
Wired Configuration Guide Configuring DiffServ VoIP Support Example Enter Global Config mode. Set queue 5 on all ports to use strict priority mode. This queue shall be used for all VoIP packets. Activate DiffServ for the switch. config cos-queue strict 5 diffserv Create a DiffServ classifier named 'class_voip' and define a single match criterion to detect UDP packets.
19 RADIUS Making use of a single database of accessible information – as in an Authentication Server – can greatly simplify the authentication and management of users in a large network. One such type of Authentication Server supports the Remote Authentication Dial In User Service (RADIUS) protocol as defined by RFC 2865. For authenticating users prior to access, the RADIUS standard has become the protocol of choice by administrators of large accessible networks.
Wired Configuration Guide RADIUS server cannot be contacted. This authentication list is then associated with the default login. Figure 85. RADIUS Servers in a DWS-3000 Network Unified Switch (NAS) When a user attempts to log in, the switch prompts for a username and password. The switch then attempts to communicate with the primary RADIUS server at 10.10.10.10. Upon successful connection with the server, the login credentials are exchanged over an encrypted channel.
19 RADIUS Configuring RADIUS by Using the Web Interface The following Web screens show how to perform the configuration described in the example. Figure 86.
Wired Configuration Guide Figure 87. Configuring the RADIUS Server 136 © 2001- 2008 D-Link Corporation. All Rights Reserved.
19 RADIUS Figure 88. Create an Authentication List Figure 89.
Wired Configuration Guide Figure 90. Set the User Login 138 © 2001- 2008 D-Link Corporation. All Rights Reserved.
20 TACACS+ TACACS+ (Terminal Access Controller Access Control System) provides access control for networked devices via one or more centralized servers. Similar to RADIUS, this protocol simplifies authentication by making use of a single database that can be shared by many clients on a large network. TACACS+ is based on the TACACS protocol described in RFC1492. TACACS+ uses TCP to ensure reliable delivery and a shared key configured on the client and daemon server to encrypt all messages.
Wired Configuration Guide Figure 91. DWS-3000 with TACACS+ Unified Switch When a user attempts to log into the switch, the NAS or switch prompts for a user name and password. The switch attempts to communicate with the highest priority configured TACACS+ server at 10.10.10.10. Upon successful connection with the server, the switch and server exchange the login credentials over an encrypted channel.
20 TACACS+ Configuring TACACS+ by Using the Web Interface The following Web screens show how to perform the configuration described in the example. Figure 92. Add a TACACS+ Server Figure 93.
Wired Configuration Guide Figure 94. Create an Authentication List (TACACS+) Figure 95. Configure the Authentication List (TACACS+) 142 © 2001- 2008 D-Link Corporation. All Rights Reserved.
20 TACACS+ Figure 96.
Wired Configuration Guide 144 © 2001- 2008 D-Link Corporation. All Rights Reserved.
21 DHCP Filtering This section describes the Dynamic Host Configuration Protocol (DHCP) Filtering feature. Overview DHCP filtering provides security by filtering untrusted DHCP messages. An untrusted message is a message that is received from outside the network or firewall, and that can cause traffic attacks within network. You can use DHCP Filtering as a security measure against unauthorized DHCP servers.
Wired Configuration Guide CLI Examples The commands shown below show examples of configuring DHCP Filtering for the switch and for individual interfaces.
21 DHCP Filtering Use the DHCP Filtering Configuration page to configure the DHCP Filtering admin mode on the switch. Figure 97. DHCP Filtering Configuration Use the DHCP Filtering Interface Configuration page to configure DHCP Filtering on specific interfaces. Figure 98. DHCP Filtering Interface Configuration To view the DHCP Filtering settings on each interface, use the DHCP Filter Binding Information page under LAN > Monitoring > DHCP Filter Summary.
Wired Configuration Guide Figure 99. DHCP Filter Binding Information 148 © 2001- 2008 D-Link Corporation. All Rights Reserved.
22 Traceroute This section describes the Traceroute feature. Use Traceroute to discover the routes that packets take when traveling on a hop-by-hop basis to their destination through the network.
Wired Configuration Guide (DWS-3024) (DWS-3024) #traceroute ? Enter IP address. #traceroute 216.109.118.74 ? Press Enter to execute the command. Enter port no. (DWS-3024) #traceroute 216.109.118.74 Tracing route over a maximum of 20 hops 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 150 10.254.24.1 10.254.253.1 63.237.23.33 63.144.4.1 63.144.1.141 205.171.21.89 205.171.8.154 205.171.8.222 205.171.251.34 209.244.219.181 209.244.11.9 4.68.121.146 4.79.228.2 216.115.96.185 216.109.120.
23 Configuration Scripting Configuration Scripting allows you to generate a text-formatted script file that shows the current configuration of the system. You can generate multiple scripts and upload and apply them to more than one switch. Overview Configuration Scripting: • • • • • • Provides scripts that can be uploaded and downloaded to the system. Provides flexibility to create command configuration scripts. Can be applied to several switches. Can save up to ten scripts or 500K of memory.
Wired Configuration Guide list show validate Lists all configuration script files present on the switch. Displays the contents of configuration script. Validate the commands of configuration script. Example #2: script list and script delete (DWS-3024) #script list Configuration Script Name ------------------------basic.scr running-config.scr Size(Bytes) ----------93 3201 2 configuration script(s) found. 1020706 bytes free. (DWS-3024) #script delete basic.
23 Configuration Scripting Example #5: copy nvram: script Use this command to upload a configuration script. (DWS-3024) #copy nvram: script running-config.scr tftp://192.168.77.52/running-config.scr Mode......................... Set TFTP Server IP........... TFTP Path.................... TFTP Filename................ Data Type.................... Source Filename.............. TFTP 192.168.77.52 ./ running-config.scr Config Script running-config.
Wired Configuration Guide Example #7: Validate another Configuration Script (DWS-3024) #script validate default.scr network parms vlan database exit configure lineconfig exit spanning-tree interface 0/1 exit interface 0/2 exit interface 0/3 exit ... continues exit exit Configuration 154 172.30.4.2 255.255.255.0 0.0.0.0 configuration name 00-18-00-00-00-10 through interface 0/26 ... script 'default.scr' validation succeeded. © 2001- 2008 D-Link Corporation. All Rights Reserved.
24 Outbound Telnet This section describes the Outbound Telnet feature. Overview Outbound Telnet: • • • • Feature establishes an outbound telnet connection between a device and a remote host. When a telnet connection is initiated, each side of the connection is assumed to originate and terminate at a “Network Virtual Terminal” (NVT). Server and user hosts do not maintain information about the characteristics of each other’s terminals and terminal handling conventions. Must use a valid IP address.
Wired Configuration Guide Example #1: show network (DWS-3024) >telnet 192.168.77.151 Trying 192.168.77.151... (DWS-3024) User:admin Password: (DWS-3024)>enable Password: (DWS-3024)#show network IP Address...............................192.168.77.151 Subnet Mask..............................255.255.255.0 Default Gateway..........................192.168.77.127 Burned In MAC Address....................00:10:18.82.04:E9 Locally Administered MAC Address.........00:00:00:00:00:00 MAC Address Type................
24 <0-5> Outbound Telnet Configure the maximum number of outbound telnet sessions allowed. (DWS-3024) (Line)#session-limit 5 (DWS-3024) (Line)#session-timeout ? <1-160> Enter time in minutes. (DWS-3024) (Line)#session-timeout 15 Web Example You can set up the Outbound Telnet session through the Web interface. You can: • • • Enable or disable administration mode Set how many sessions you want Set the session time outs Figure 100.
Wired Configuration Guide 158 © 2001- 2008 D-Link Corporation. All Rights Reserved.
25 Pre-Login Banner This section describes the Pre-Login Banner feature. Overview Pre-Login Banner: • • • • Allows you to create message screens when logging into the CLI Interface By default, no Banner file exists Banner can be uploaded or downloaded File size cannot be larger than 2K The Pre-Login Banner feature is only for the CLI interface. CLI Example To create a Pre-Login Banner, follow these steps: 1. On your PC, using Notepad or another text editor, create a banner.
Wired Configuration Guide (DWS-3024) #copy tftp://192.168.77.52/banner.txt nvram:clibanner Mode...........................................TFTP Set TFTP Server IP.............................192.168.77.52 TFTP Path......................................./ TFTP Filename..................................banner.txt Data Type......................................
26 Simple Network Time Protocol (SNTP) This section describes the Simple Network Time Protocol (SNTP) feature. Overview SNTP: • • • • • Used for synchronizing network resources Adaptation of NTP Provides synchronized network timestamp Can be used in broadcast or unicast mode SNTP client implemented over UDP which listens on port 123 CLI Examples The following are examples of the commands used in the SNTP feature.
Wired Configuration Guide Example #3: show sntp server (DWS-3024) #show sntp server Server Server Server Server Server Server Server IP Address: Type: Stratum: Reference Id: Mode: Maximum Entries: Current Entries: 81.169.155.234 ipv4 3 NTP Srv: 212.186.110.32 Server 3 1 SNTP Servers -----------IP Address: Address Type: Priority: Version: Port: Last Update Time: Last Attempt Time: Last Update Status: Total Unicast Requests: Failed Unicast Requests: 81.169.155.
26 Simple Network Time Protocol (SNTP) Example #6: configuring sntp server (DWS-3024)(Config) #sntp server 192.168.10.234 ? <1-3> Press Enter to execute the command. Enter SNTP server priority from 1 to 3. Example #7: configure sntp client port (DWS-3024)(Config) #sntp client port 1 ? <6-10> Press Enter to execute the command. Enter value in the range (6 to 10). Poll interval is 2^(value) in seconds.
Wired Configuration Guide Figure 102. SNTP Global Status Page 164 © 2001- 2008 D-Link Corporation. All Rights Reserved.
26 Simple Network Time Protocol (SNTP) Figure 103. SNTP Server Configuration Page Figure 104.
Wired Configuration Guide 166 © 2001- 2008 D-Link Corporation. All Rights Reserved.
27 Syslog This section provides information about the Syslog feature. Overview Syslog: • • • Allows you to store system messages and/or errors Can store to local files on the switch or a remote server running a syslog daemon Method of collecting message logs from many systems Interpreting Log Files <130> JAN 01 00:00:06 A B A. B. C. D. E. F. G. H I. 0.0.0.0-1 C UNKN [0x800023]: D E bootos.
Wired Configuration Guide CLI Examples The following are examples of the commands used in the Syslog feature.
27 Syslog Example #3: show logging traplogs (DWS-3024) #show logging traplogs Number of Traps Since Last Reset............... 16 Trap Log Capacity.............................. 256 Number of Traps Since Log Last Viewed..........
Wired Configuration Guide Example #5: logging port configuration (DWS-3024) #config (DWS-3024) (Config)#logging ? buffered cli-command console host syslog Buffered (In-Memory) Logging Configuration. CLI Command Logging Configuration. Console Logging Configuration. Enter IP Address for Logging Host Syslog Configuration.
27 Syslog Web Examples The following web pages are used with the Syslog feature. Figure 105. Log - Syslog Configuration Page Figure 106.
Wired Configuration Guide Figure 107. Log - Hosts Configuration Page - Add Host Figure 108. Log - Hosts Configuration Page 172 © 2001- 2008 D-Link Corporation. All Rights Reserved.
28 Port Description The Port Description feature lets you specify an alphanumeric interface identifier that can be used for SNMP network management. CLI Example Use the commands shown below for the Port Description feature. Example #1: Enter a Description for a Port This example specifies the name “Test” for port 0/10: config interface 0/10 description Test exit exit Example #2: Show the Port Description show port description 0/10 Interface.......0/10 ifIndex.........10 Description.....Test MAC Address..
Wired Configuration Guide Configuring Port Description with the Web Interface Use the following Web screen to enter Port Description information. Figure 109. Port Configuration Screen - Set Port Description 174 © 2001- 2008 D-Link Corporation. All Rights Reserved.