Manual Product Model: xStack ® DGS-3200 Series Layer 2 Managed Gigabit Ethernet Switch Release 1.
_____________________________________________ Information in this document is subject to change without notice. © 2009 D-Link Computer Corporation. All rights reserved. Reproduction in any manner whatsoever without the written permission of D-Link Computer Corporation is strictly forbidden. Trademarks used in this text: D-Link and the D-LINK logo are trademarks of D-Link Computer Corporation; Microsoft and Windows are registered trademarks of Microsoft Corporation.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Table of Contents Intended Readers........................................................................................................................................................................... ix Typographical Conventions ...........................................................................................................................................................................ix Notes, Notices, and Cautions ........
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Telnet Settings.............................................................................................................................................................................. 23 Password Encryption.................................................................................................................................................................... 23 CLI Paging Settings ................................................
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Traffic Segmentation.................................................................................................................................................................... 70 IGMP Snooping ........................................................................................................................................................................... 70 IGMP Snooping Settings ................................................
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Guest VLAN .............................................................................................................................................................................. 107 802.1X (Port-Based and Host-Based Access Control)............................................................................................................... 108 Authentication Server .......................................................................
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Access Profile List ..................................................................................................................................................................... 149 CPU Access Profile List............................................................................................................................................................. 163 Time Range Settings .....................................................
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Download Firmware................................................................................................................................................................... 215 Reboot System ........................................................................................................................................................................... 215 Appendix A – Mitigating ARP Spoofing Attacks Using Packet Content ACL ..
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Intended Readers The DGS-3200 Series Manual contains information for setup and management of the Switch. This manual is intended for network managers familiar with network management concepts and terminology. Typographical Conventions Convention Description [] In a command line, square brackets indicate an optional entry. For example: [copy filename] means that optionally you can type copy followed by the name of the file.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Notes, Notices, and Cautions A NOTE indicates important information that helps make better use of the device. A NOTICE indicates either potential damage to hardware or loss of data and tells how to avoid the problem. A CAUTION indicates a potential for property damage, personal injury, or death. Safety Cautions Use the following safety guidelines to ensure your own personal safety and to help protect your system from potential damage.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch • Do not push any objects into the openings of the system. Doing so can cause fire or electric shock by shorting out interior components. • Use the product only with approved equipment. • Allow the product to cool before removing covers or touching internal components. • Operate the product only from the type of external power source indicated on the electrical ratings label.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch CAUTION: Installing systems in a rack without the front and side stabilizers installed could cause the rack to tip over, potentially resulting in bodily injury under certain circumstances. Therefore, always install the stabilizers before installing components in the rack. After installing system/components in a rack, never pull more than one component out of the rack on its slide assemblies at one time.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Lithium Battery Precaution CAUTION: Incorrectly replacing the lithium battery of the Switch may cause the battery to explode. Replace this battery only with the same or equivalent type recommended by the manufacturer. Discard used batteries according to the manufacturer’s instructions. Protecting Against Electrostatic Discharge Static electricity can harm delicate components inside the system.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Section 1 Web-based Switch Configuration Introduction Logging onto the Web Manager Web-Based User Interface Introduction All software functions of the Switch can be managed, configured, and monitored via the embedded web-based (HTML) interface. Manage the Switch from remote stations anywhere on the network through a standard browser, such as Internet Explorer 5.5 or later, Netscape 8.0 or later, or Firefox 2.0 or later.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Web-based User Interface The user interface provides access to various Switch configuration and management windows, allows the user to view performance statistics, and permits graphical monitoring of the system status. Areas of the User Interface The figure below shows the user interface. Three distinct areas divide the user interface, as described in the table. Area 2 Area 3 Area 1 Figure 1- 2.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Web Pages When connecting to the management mode of the Switch with a web browser, a login screen is displayed. Enter a user name and password to access the Switch's management mode.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Section 2 Configuration Device Information System Information Serial Port Settings IP Address IPv6 Interface Settings IPv6 Route Table IPv6 Neighbor Settings Port Configuration Static ARP Settings User Accounts System Log Configuration System Severity Settings DHCP/BOOTP Relay DHCP Local Relay Settings DHCP Auto Configuration Settings MAC Address Aging Time Web Settings Telnet Settings Password Encryption CLI Paging Settings Firmware Informat
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 2- 1. Device Information window System Information The user can enter a System Name, System Location, and System Contact to aid in defining the Switch. To view the following window, click Configuration > System Information: Figure 2- 2. System Information window The fields that can be configured are described below: Parameter Description System Name Enter a system name for the Switch, if so desired.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Serial Port Settings The user can adjust the Baud Rate and the Auto Logout values. To view the following window, click Configuration > Serial Port Settings: Figure 2- 3. Serial Port Settings window Baud Rate This field specifies the baud rate for the serial port on the Switch. There are four possible baud rates to choose from, 9600, 19200, 38400 and 115200.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch NOTE: The Switch’s factory default IP address is 10.90.90.90 with a subnet mask of 255.0.0.0 and a default gateway of 0.0.0.0. To use the DHCP or BOOTP protocols to assign the Switch an IP address, subnet mask, and default gateway address: Use the radio button at the top of the window to choose either DHCP or BOOTP. This selects the method the Switch assigns an IP address on the next reboot.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Setting the Switch’s IP Address using the Console Interface Each Switch must be assigned its own IP Address, which is used for communication with an SNMP network manager or other TCP/IP application (for example BOOTP, TFTP). The Switch’s default IP address is 10.90.90.90. The default Switch IP address can be changed to meet the specification of your networking address scheme.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch The following parameters may be configured or viewed: Parameter Description Interface Name The name of the IPv6 interface being modified. VLAN Name Enter the VLAN name of the IPv6 interface. IPv6 Address Enter the IPv6 address of the interface to be modified. Admin. State Toggle the state between Enabled and Disabled. NS Retransmit Time (04294967295) Enter a value between 0 and 4294967295.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch IPv6 Neighbor Settings The user can configure the Switch’s IPv6 neighbor settings. The Switch’s current IPv6 neighbor settings will be displayed in the table at the bottom of this window. To view the following window, click Configuration > IPv6 Neighbor Settings: Figure 2- 8. IPv6 Neighbor Settings window Enter the Interface Name, Neighbor IPv6 Address, and the Link Layer MAC Address and then click the Add button.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Port Configuration The Port Configuration folder contains three windows: Port Settings, Port Description, and Port Error Disabled. Port Settings To view the following window, click Configuration > Port Configuration > Port Settings: Figure 2- 9. Port Settings window To configure switch ports: 1. Choose the port or sequential range of ports using the From Port and To Port pull-down menus. 2.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Address Learning Enable or disable MAC address learning for the selected ports. When Enabled, destination and source MAC addresses are automatically listed in the forwarding table. When address learning is Disabled, MAC addresses must be manually entered into the forwarding table. This is sometimes done for reasons of security or efficiency.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Port State Describes the current running state of the port, whether enabled or disabled. Connection Status This field will read the uplink status of the individual ports, whether enabled or disabled. Reason Describes the reason why the port has been error-disabled, such as it has become a shutdown port for storm control.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch User Accounts The Switch allows the control of user privileges. To view the following window, click Configuration > User Accounts: Figure 2- 13. User Accounts window To add a new user, type in a User Name and New Password and retype the same password in the Confirm New Password field. Choose the level of privilege (Admin or User) from the Access Right drop-down menu. Figure 2- 14.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Management Admin User Configuration Yes Read-only Network Monitoring Yes Read-only Community Strings and Trap Stations Yes Read-only Update Firmware and Configuration Files Yes No System Utilities Yes No Factory Reset Yes No User Account Management Add/Update/Delete User Accounts Yes No View User Accounts Yes No Table 2- 1.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch System Log Host The Switch can send Syslog messages to up to four designated servers using the System Log Server. To view the following window, click Configuration > System Log Configuration > System Log Host: Figure 2- 16. System Log Host window The following parameters may be configured or viewed: Parameter Description Host ID Syslog server settings index (1 to 4). Host IP Address The Ipv4 address of the Syslog server.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Description System Severity Choose how the alerts are used from the drop-down menu. Select Log to send the alert of the Severity Type configured to the Switch’s log for analysis. Choose Trap to send it to an SNMP agent for analysis, or select All to send the chosen alert type to an SNMP agent and the Switch’s log for analysis.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch DHCP Relay Agent Information Option 82 State This field can be toggled between Enabled and Disabled using the pull-down menu. It is used to enable or disable the DHCP Relay Agent Information Option 82 on the Switch. The default is Disabled. Enabled –When this field is toggled to Enabled, the relay agent will insert and remove DHCP relay information (option 82 field) in messages between DHCP servers and clients.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch The Implementation of DHCP Relay Agent Information Option 82 The config dhcp_relay option_82 command configures the DHCP relay agent information option 82 setting of the Switch. The formats for the circuit ID sub-option and the remote ID sub-option are as follows: NOTE: For the circuit ID sub-option of a standalone switch, the module field is always zero. Circuit ID sub-option format: 1. 2. 3. 4. 5.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch DHCP/BOOTP Relay Interface Settings Users can set up a server, by IP address, for relaying DHCP/BOOTP information to the Switch. The user may enter a previously configured IP interface on the Switch that will be connected directly to the DHCP/BOOTP server using this window. Properly configured settings will be displayed in the DHCP/BOOTP Relay Interface Table at the bottom of the window, once the user clicks the Apply button.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Description DHCP Local Relay Global State Enable or disable the DHCP Local Relay Global State. The default is Disabled. VLAN Name This is the VLAN Name that identifies the VLAN the user wishes to apply the DHCP Local Relay operation. State Enable or disable the Config DHCP Local Relay for VLAN state. DHCP/BOOTP Local Relay VID List This is a list of VLAN IDs the user wishes to apply the DHCP/BOOTP Local Relay operations.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch MAC Address Aging Time Users can configure the MAC Address aging time on the Switch. To view the following window, click Configuration > MAC Address Aging Time: Figure 2 - 23. MAC Address Aging Time window Enter a value between 10 and 875 seconds.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Telnet Settings Users can configure Telnet Settings on the Switch. To view the following window, click Configuration > Telnet Settings: Figure 2 - 25. Telnet Settings window The following parameters may be configured or viewed: Parameter Description Telnet Status Telnet configuration is Enabled by default. If you do not want to allow configuration of the system through Telnet choose Disabled.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch CLI Paging Settings Users can stop the scrolling of multiple pages beyond the limits of the console when using the Command Line Interface. To view the following window, click Configuration > CLI Paging Settings: Figure 2 - 27. CLI Paging Settings window The following parameter may be configured or viewed: Parameter Description CLI Paging Status Command Line Interface paging stops each page at the end of the console.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch From States the IP address of the origin of the firmware. There are five ways firmware may be downloaded to the Switch. Boot-up files are denoted by an asterisk (*) next to the file. R – If the IP address has this letter attached to it, it denotes a firmware upgrade through the Console Serial Port (RS-232). T – If the IP address has this letter attached to it, it denotes a firmware upgrade through Telnet.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Dual Configuration Settings Users can display dual configuration settings on the Switch. The Switch allows two firmware images to be stored in its memory and either can be configured to be the boot-up firmware for the Switch. The user may select a boot-up firmware image for the Switch by clicking the Boot button to select it. This will instruct the Switch to use this newly selected firmware the next time the Switch is restarted.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch SMTP Settings SMTP or Simple Mail Transfer Protocol is a function of the Switch that will send switch events to mail recipients based on e-mail addresses entered in the window below. The Switch is to be configured as a client of SMTP while the server is a remote device that will receive messages from the Switch, place the appropriate information into an e-mail and deliver it to recipients configured on the Switch.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Ping Test Users can Ping either an IPv4 address or an IPv6 address. Ping is a small program that sends ICMP Echo packets to the IP address you specify. The destination node then responds to or “echoes” the packets sent from the Switch. This is very useful to verify connectivity between the Switch and other nodes on the network. To view the following window, click Configuration > Ping Test: Figure 2 - 32.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch SNTP Settings SNTP or Simple Network Time Protocol is used by the Switch to synchronize the clock of the computer. The SNTP Settings folder contains two windows: Time Settings and TimeZone Settings. Time Settings Users can configure the time settings for the Switch. To view the following window, click Configuration > SNTP Settings > Time Settings: Figure 2 - 33.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch TimeZone Settings Users can configure time zones and Daylight Savings Time settings for SNTP. To view the following window, click Configuration > SNTP Settings > TimeZone Settings: Figure 2 - 34. TimeZone Settings window The following parameters can be set: Parameter Description Daylight Saving Time State Use this pull-down menu to enable or disable the DST Settings.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch To: Month Enter the month that DST will end. To: Time In HH:MM Enter the time DST will end. DST Annual Settings – Using annual mode will enable DST seasonal time adjustment. Annual mode requires that the DST beginning and ending date be specified concisely. For example, specify to begin DST on April 3 and end DST on October 14. From: Month Enter the month DST will start on, each year.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch MAC Notification Port Settings Users can set MAC notification for individual ports on the Switch. To view the following window, click Configuration > MAC Notification Settings > MAC Notification Port Settings: Figure 2 - 36. MAC Notification Port Settings window To change MAC notification settings for a port or group of ports on the Switch, configure the following parameters.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch SNMP Settings Simple Network Management Protocol (SNMP) is an OSI Layer 7 (Application Layer) designed specifically for managing and monitoring network devices. SNMP enables network management stations to read and modify the settings of gateways, routers, switches, and other network devices. Use SNMP to configure system features for proper operation, monitor performance and detect potential problems in the Switch, switch group or network.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch SNMP Global State Settings SNMP global state settings can be enabled or disabled. To view the following window, click Configuration > SNMP Settings > SNMP Global State Settings: Figure 2 - 37. SNMP Global State Settings window Click the Apply button to let your change take effect. SNMP View Table Users can assign views to community strings that define which MIB objects can be accessed by a remote SNMP manager.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch SNMP Group Table An SNMP Group created with this table maps SNMP users (identified in the SNMP User Table) to the views created in the previous window. To view the following window, click Configuration > SNMP Settings > SNMP Group Table: Figure 2 - 39. SNMP Group Table window To delete an existing SNMP Group Table entry, click the Delete button next to the corresponding entry.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch SNMP User Table This window displays all of the SNMP User’s currently configured on the Switch. To view the following window, click Configuration > SNMP User Table: Figure 2 - 40. SNMP User Table window To delete an existing SNMP User Table entry, click the Delete button corresponding to the entry to delete. To display the detailed entry for a given user, click on the View button.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch SNMP Community Table Users can create an SNMP community string to define the relationship between the SNMP manager and an agent. The community string acts like a password to permit access to the agent on the Switch. One or more of the following characteristics can be associated with the community string: • An Access List of IP addresses of SNMP managers that are permitted to use the community string to gain access to the Switch’s SNMP agent.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch SNMP Host Table Users can set up SNMP trap recipients for IPv4. To view the following window, click Configuration > SNMP Settings > SNMP Host Table: Figure 2 - 42. SNMP Host Table window To add a new entry to the Switch’s SNMP Host Table, enter the information at the top of the window and then click the Apply button. To delete an existing SNMP Host Table entry, click the Delete button corresponding to the entry to delete.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch SNMP v6Host Table Users can set up SNMP trap recipients for IPv6. To view the following window, click Configuration > SNMP Settings > SNMP v6Host Table: Figure 2 - 43. SNMP v6Host Table window To add a new entry to the Switch’s SNMP v6Host Table, enter the information at the top of the window and then click the Apply button. To delete an existing SNMP v6Host Table entry, click the Delete button corresponding to the entry to delete.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch SNMP Engine ID The Engine ID is a unique identifier used for SNMP V3 implementations on the Switch. To view the following window, click Configuration > SNMP Settings > SNMP Engine ID: Figure 2 - 44. SNMP Engine ID window To change the Engine ID, type the new Engine ID value in the space provided.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Single IP Management Simply put, D-Link Single IP Management is a concept that will stack switches together over Ethernet instead of using stacking ports or modules. There are some advantages in implementing the “Single IP Management” feature: 1. SIM can simplify management of small workgroups or wiring closets while scaling the network to handle increased bandwidth demand. 2. SIM can reduce the number of IP address needed in your network.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch • A MS can become a CaS by: • Being configured as a CaS through the CS. • If report packets from the CS to the MS time out. • The user can manually configure a CaS to become a CS • The CaS can be configured through the CS to become a MS. After configuring one switch to operate as the CS of a SIM group, additional DGS-3200 Series switches may join the group by manually configuring the Switch to be a MS.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Single IP Settings The Switch is set as a Candidate (CaS) as the factory default configuration and Single IP Management is disabled. To enable SIM for the Switch using the Web interface, click Configuration > Single IP Management > SIM Settings: Figure 2 - 47. Single IP Settings window for Candidate (disabled) Change the SIM State to Enabled using the pull-down menu and click Apply.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 2 - 49. Single IP Settings window for Commander (enabled) Topology This window will be used to configure and manage the Switch within the SIM group and requires Java script to function properly on your computer. The Java Runtime Environment on your server should initiate and lead you to the Topology window, as seen below. Figure 2 - 50.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch CS will have no entry in this field. Speed Displays the connection speed between the CS and the MS or CaS. Remote Port Displays the number of the physical port on the MS or CaS to which the CS is connected. The CS will have no entry in this field. MAC Address Displays the MAC Address of the corresponding Switch. Model Name Displays the full Model Name of the corresponding Switch.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Member switch of other group Layer 2 candidate switch Layer 3 candidate switch Unknown device Non-SIM devices Tool Tips In the Topology view window, the mouse plays an important role in configuration and in viewing device information. Setting the mouse cursor over a specific device in the topology window (tool tip) will display the same information about a specific device as the Tree view does. See the window below for an example.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 2 - 53. Port Speed Utilizing the Tool Tip Right-Click Right-clicking on a device will allow the user to perform various functions, depending on the role of the Switch in the SIM group and the icon associated with it. Group Icon Figure 2 - 54. Right-Clicking a Group Icon The following options may appear for the user to configure: • Collapse – To collapse the group that will be represented by a single icon.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 2 - 55. Property window Parameter Description Device Name This field will display the Device Name of the switches in the SIM group configured by the user. If no Device Name is configured by the name, it will be given the name default and tagged with the last six digits of the MAC Address to identify it. Module Name Displays the full module name of the switch that was right-clicked.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Member Switch Icon Figure 2 - 57. Right-Clicking a Member icon The following options may appear for the user to configure: • Collapse – To collapse the group that will be represented by a single icon. • Expand – To expand the SIM group, in detail. • Remove from group – Remove a member from a group. • Configure – Launch the web management to configure the Switch. • Property – To pop up a window to display the device information.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Menu Bar The Single IP Management window contains a menu bar for device configurations, as seen below. Figure 2 - 60. Menu Bar of the Topology View The five menus on the menu bar are as follows. File • Print Setup – Will view the image to be printed. • Print Topology – Will print the topology map. • Preference – Will set display properties, such as polling interval, and the views to open at SIM startup.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Firmware Upgrade The Commander Switch may be used for firmware upgrades of member switches. Member Switches will be listed in the table and will be specified by Port (port on the CS where the MS resides), MAC Address, Model Name and Version. To specify a certain Switch for firmware download, click its corresponding check box under the Port heading.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Section 3 Layer 2 Features Jumbo Frame Egress Filter Settings 802.1Q VLAN 802.1V Protocol VLAN MAC Based VLAN Settings GVRP Settings PVID Auto Assign Settings Trunking VLAN Trunk Settings LACP Port Settings Traffic Segmentation IGMP Snooping MLD Snooping Settings Port Mirroring Loopback Detection Settings Spanning Tree Forwarding and Filtering The following section will aid the user in configuring security functions for the Switch.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Egress Filter Settings Users can configure an egress filter on specific ports for unknown unicast and unregistered multicast packets. The Switch drops all unknown unicast/multicast packets on egress ports when it detects unknown unicast/multicast packets for egress ports. Therefore, a user can select which port is permitted or not permitted to receive unknown unicast/multicast packets.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch VLAN Description A Virtual Local Area Network (VLAN) is a network topology configured according to a logical scheme rather than the physical layout. VLANs can be used to combine any collection of LAN segments into an autonomous user group that appears as a single LAN. VLANs also logically segment the network into different broadcast domains so that packets are forwarded only between ports within the VLAN.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch • Forwarding rules between ports – decides whether to filter or forward the packet. • Egress rules – determines if the packet must be sent tagged or untagged. Figure 3 - 3. IEEE 802.1Q Packet Forwarding 802.1Q VLAN Tags The figure below shows the 802.1Q VLAN tag. There are four additional octets inserted after the source MAC address. Their presence is indicated by a value of 0x8100 in the EtherType field.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 3 - 4. IEEE 802.1Q Tag The EtherType and VLAN ID are inserted after the MAC source address, but before the original EtherType/Length or Logical Link Control. Because the packet is now a bit longer than it was originally, the Cyclic Redundancy Check (CRC) must be recalculated. Figure 3 - 5. Adding an IEEE 802.1Q Tag Port VLAN ID Packets that are tagged (are carrying the 802.1Q VID information) can be transmitted from one 802.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Tagged packets are forwarded according to the VID contained within the tag. Tagged packets are also assigned a PVID, but the PVID is not used to make packet-forwarding decisions, the VID is. Tag-aware switches must keep a table to relate PVIDs within the Switch to VIDs on the network. The Switch will compare the VID of a packet to be transmitted to the VID of the port that is to transmit the packet.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch VLAN Name VID Switch Ports System (default) 1 5, 6, 7 Engineering 2 9, 10 Sales 5 1, 2, 3, 4 Table 3 - 1. VLAN Example – Assigned Ports Port-based VLANs Port-based VLANs limit traffic that flows into and out of switch ports. Thus, all devices connected to a port are members of the VLAN(s) the port belongs to, whether there is a single computer directly connected to a switch, or an entire department.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch The VLAN List tab lists all previously configured VLANs by VLAN ID and VLAN Name. To delete an existing 802.1Q VLAN, click the corresponding Delete button. To create a new 802.1Q VLAN or modify an existing 802.1Q VLAN, click the Add/Edit VLAN tab. A new tab will appear, as shown below, to configure the port settings and to assign a unique name and number to the new VLAN.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 3 - 8. Find VLAN tab of the 802.1Q VLAN window To create a VLAN Batch entry click the VLAN Batch Settings tab, as shown below. Figure 3 - 9. VLAN Batch Settings tab of the 802.1Q VLAN window The following fields can be set in the VLAN Batch Settings windows: Parameter Description VID List (e.g 2-5) Enter a VLAN ID List that can be added, deleted or configured.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Untagged Specifies the port as 802.1Q untagged. Use the drop-down menu to designate the port as untagged. Forbidden Specifies the port as not being a member of the VLAN and that the port is forbidden from becoming a member of the VLAN dynamically. Use the drop-down menu to designate the port as forbidden. Click Apply to implement changes made. NOTE: The Switch supports up to 4k static VLAN entries.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch 802.1v Protocol VLAN The 802.1v Protocol VLAN folder contains two windows: 802.1v Protocol Group Settings and 802.1v Protocol VLAN Settings. 802.1v Protocol Group Settings The user can create Protocol VLAN groups and add protocols to that group. The 802.1v Protocol VLAN Group Settings support multiple VLANs for each protocol and allows the user to configure the untagged ports of different protocols on the same physical port.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 3 - 11. 802.1v Protocol VLAN Settings window The following fields can be set: Parameter Description Group ID Highlight the corresponding RADIUS button to select a previously configured Group ID from the drop-down menu. Group Name Highlight the corresponding RADIUS button to select a previously configured Group Name from the drop-down menu. VID (1-4094) Highlight the RADIUS button to enter the VID.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch MAC Based VLAN Settings Users can create new MAC-based VLAN entries and search, edit, and delete existing entries. When an entry is created for a port, the port will automatically become the untagged member port of the specificed VLAN. When a static MAC-based VLAN entry is created for a user, the traffic from this user will be able to be serviced under the specified VLAN regardless of the authentication function operating on this port.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Description From Port This drop-down menu allows the selection of the beginning port for a range of ports that will be included in the Port-based VLAN. To Port This drop-down menu allows the selection of the ending port for a range of ports that will be included in the Port-based VLAN. PVID This field is used to manually assign a PVID to a VLAN. The Switch's default is to assign all ports to the default VLAN with a VID of 1.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Trunking Understanding Port Trunk Groups Port trunk groups are used to combine a number of ports together to make a single high-bandwidth data pipeline. The Switch supports up to five port trunk groups with two to eight ports in each group. A potential bit rate of 8000 Mbps can be achieved. Figure 3 - 15. Example of Typical Port Trunk Group The Switch treats all ports in a trunk group as a single port.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch The Switch allows the creation of up to five link aggregation groups, each group consisting of 2 to 8 links (ports). The (optional) Gigabit ports can only belong to a single link aggregation group. All of the ports in the group must be members of the same VLAN, and their STP status, static multicast, traffic control; traffic segmentation and 802.1p default priority configurations must be identical. Port locking, port mirroring and 802.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch VLAN Trunk Settings Enable VLAN on a port to allow frames belonging to unknown VLAN groups to pass through that port. This is useful if you want to set up VLAN groups on end devices without having to configure the same VLAN groups on intermediary devices. Refer to the following figure for an illustrated example. Suppose you want to create VLAN groups 1 and 2 (V1 and V2) on devices A and B.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch LACP Port Settings In conjunction with the Trunking window, users can create port trunking groups on the Switch. Using the following window, the user may set which ports will be active and passive in processing and sending LACP control frames. To view the following window, click L2 Features > LACP Port Settings: Figure 3 - 18.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Traffic Segmentation Traffic segmentation is used to limit traffic flow from a single or group of ports, to a group of ports. This method of segmenting the flow of traffic is similar to using VLANs to limit traffic, but is more restrictive. It provides a method of directing traffic that does not increase the overhead of the Master switch CPU. To view the following window, click L2 Features > Traffic Segmentation: Figure 3 - 19.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch The following parameters may be viewed or modified: Parameter Description VID (VLAN ID) This is the VLAN ID that, along with the VLAN Name, identifies the VLAN the user wishes to modify the IGMP Snooping Settings for. VLAN Name This is the VLAN Name that, along with the VLAN ID, identifies the VLAN the user wishes to modify the IGMP Snooping Settings for.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Description VLAN Name Click this button and enter the VLAN to be configured (or use the VID List). VID List Click this button and enter the VID List to be configured (or use the VLAN Name). State Enable or disable data driven learning of IGMP snooping groups. Age Out Enable or disable aging on this entry. Max Learned Entry (1-256) Enter the maximum number of groups that can be learned by the data driven method.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Description ISM VLAN Global State Enable or disable the IGMP Snooping Multicast (ISM) VLAN Global State. VLAN Name Enter the name of the new Multicast VLAN to be created. This name can be up to 32 characters in length. This field will display the pre-created name of a Multicast VLAN in the Modify window. State Use the pull-down menu to enable or disable the selected Multicast VLAN. Member Port (e.g.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 3 - 24. IP Multicast Profile Settings window The following fields can be set: Parameter Description Profile ID Enter a Profile ID between 1 and 24. Profile Name Enter a name for the IP Multicast Profile. To change an entry, click the corresponding Modify button in the Multicast Address List column. The Multicast Address Group List Settings window opens.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch To add a new range, enter the appropriate information and then click Add. To delete an entry, enter the information and click Delete. Max Multicast Group Settings Users can configure the ports on the switch that will be a part of the maximum filter group, up to a maximum of 256. To view the following window, click L2 Features > IGMP Snooping > Max Multicast Group Settings: Figure 3- 27.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch 4. Multicast Listener Report, Version 2 - Comparable to the Host Membership Report in IGMPv3, and labeled as 143 in the ICMP packet header, this message is sent by the listening port to the Switch stating that it is interested in receiving multicast data from a multicast address in response to the Multicast Listener Query message. Users can configure the settings for MLD snooping.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Port Mirroring The Switch allows you to copy frames transmitted and received on a port and redirect the copies to another port. You can attach a monitoring device to the mirrored port, such as a sniffer or an RMON probe, to view details about the packets passing through the first port. This is useful for network monitoring and troubleshooting purposes. To view the following window, click L2 Features > Port Mirroring: Figure 3 - 29.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Loopback Detection Settings The Loopback Detection function is used to detect the loop created by a specific port. This feature is used to temporarily shutdown a port on the Switch when a CTP (Configuration Testing Protocol) packet has been looped back to the Switch. When the Switch detects CTP packets received from a port or a VLAN, this signifies a loop on the network.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Trap Status Set the desired trap status: None, Loop Detected, Loop Cleared, or Both. Interval (1-32767) Set a Loopdetect Interval between 1 and 32767 seconds. The default is 10 seconds. Recover Time (0 or 601000000) Time allowed (in seconds) for recovery when a Loopback is detected. The Loopdetect Recover Time can be set at 0 seconds, or 60 to 1000000 seconds. Entering 0 will disable the Loopdetect Recover Time. The default is 60 seconds.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch The IEEE 802.1D-2004 Rapid Spanning Tree Protocol (RSTP) evolved from the 802.1D-1998 STP standard. RSTP was developed in order to overcome some limitations of STP that impede the function of some recent switching innovations, in particular, certain Layer 3 functions that are increasingly handled by Ethernet switches. The basic function and much of the terminology is the same as STP.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch STP Bridge Global Settings Use the STP Status radio buttons to enable or disable STP globally, and use the STP Version drop-down menu to choose the STP method. To view the following windows, click L2 Features > Spanning Tree > STP Bridge Global Settings: Figure 3 - 32. STP Bridge Global Settings window – RSTP (default) Figure 3 - 33. STP Bridge Global Settings window – MSTP Figure 3 - 34.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Description STP Status Use the radio button to globally enable or disable STP. STP Version Use the pull-down menu to choose the desired version of STP: STP - Select this parameter to set the Spanning Tree Protocol (STP) globally on the switch. RSTP - Select this parameter to set the Rapid Spanning Tree Protocol (RSTP) globally on the Switch.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 3 - 35. STP Port Settings window It is advisable to define an STP Group to correspond to a VLAN group of ports. The following STP Port Settings fields can be set: Parameter Description From Port The beginning port in a consecutive group of ports to be configured. To Port The ending port in a consecutive group of ports to be configured.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch received, it automatically loses edge port status. Choosing the False parameter indicates that the port does not have edge port status. Alternatively, the Auto option is available. Restricted Role Use the drop-down menu to toggle Restricted Role between True and False. If set to True, the port will never be selected to be the Root port. The default is False.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch STP Instance Settings This window displays MSTIs currently set on the Switch and allows users to change the Priority of the MSTIs. To view the following window, click L2 Features > Spanning Tree > STP Instance Settings: Figure 3 - 37. STP Instance Settings window To modify an entry on the table at the top of the window, click the corresponding Edit button.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch MSTP Port Information This window displays the current MSTI configuration information and can be used to update the port configuration for an MSTI ID. If a loop occurs, the MSTP function will use the port priority to select an interface to put into the forwarding state. Set a higher priority value for interfaces to be selected for forwarding first.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Forwarding & Filtering The Forwarding & Filtering folder contains three windows: Unicast Forwarding, Multicast Forwarding, and Multicast Filtering Mode. Unicast Forwarding Users can set up unicast forwarding on the Switch. To view the following window, click L2 Features > Forwarding & Filtering > Unicast Forwarding: Figure 3 - 39.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Description VID The VLAN ID of the VLAN the corresponding MAC address belongs to. Multicast MAC Address The static destination MAC address of the multicast packets. This must be a multicast MAC address. Port Allows the selection of ports that will be members of the static multicast group and ports that are either forbidden from joining dynamically, or that can join the multicast group dynamically, using GMRP.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Section 4 QoS Bandwidth Control Traffic Control 802.p Default Priority 802.1p User Priority QoS Scheduling Mechanism QoS is an implementation of the IEEE 802.1p standard that allows network administrators a method of reserving bandwidth for important functions that require a large bandwidth or have a high priority, such as VoIP (voice-over Internet Protocol), web browsing applications, file server applications or video conferencing.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch see if it has the proper identifying tag. Then the user may forward these tagged packets to designated classes of service on the Switch where they will be emptied, based on priority. For example, let’s say a user wishes to have a video conference between two remotely set computers. The administrator can add priority tags to the video packets being sent out, utilizing the Access Profile commands.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Bandwidth Control The bandwidth control settings are used to place a ceiling on the transmitting and receiving data rates for any selected port. To view the following window, click QoS > Bandwidth Control: Figure 4 - 2. Bandwidth Control window The following parameters can be set or are displayed: Parameter Description From Port The beginning port of a consecutive group of ports to be configured.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Traffic Control On a computer network, packets such as Multicast packets and Broadcast packets continually flood the network as normal procedure. At times, this traffic may increase do to a malicious endstation on the network or a malfunctioning device, such as a faulty network card. Thus, switch throughput problems will arise and consequently affect the overall performance of the switch network.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch and is no longer operational until the user manually resets the port using the Port Settings window (Configuration > Port Configuration> Port Settings). Choosing this option obligates the user to configure the Time Interval setting as well, which will provide packet count samplings from the Switch’s chip to determine if a Packet Storm is occurring.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch 802.1p Default Priority The Switch allows the assignment of a default 802.1p priority to each port on the Switch. To view the following window, click QoS > 802.1p Default Priority: Figure 4 - 4. 802.1p Default Priority window This page allows the user to assign a default 802.1p priority to any given port on the Switch. The priority and effective priority tags are numbered from 0, the lowest priority, to 7, the highest priority.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch QoS Scheduling Mechanism The Scheduling Mechanism drop-down menu allows a selection between a Weight Fair and a Strict mechanism for emptying the priority classes. To view the following window, click QoS > QoS Scheduling Mechanism: Figure 4 - 6. QoS Scheduling Mechanism window The Scheduling Mechanism has the following parameters. Parameter Description Strict The highest class of service is the first to process traffic.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Section 5 Security Safeguard Engine Trusted Host IP-MAC-Port Binding Port Security DHCP Server Screening Guest VLAN 802.1X SSL Settings SSH Access Authentication Control MAC Based Access Control Web Authentication (Web-based Access Control) JWAC Multiple Authentication IGMP Access Control Settings Safeguard Engine Periodically, malicious hosts on the network will attack the Switch by utilizing packet flooding (ARP Storm) or other methods.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 5 - 1. Safeguard Engine example For every consecutive checking interval that reveals a packet flooding issue, the Switch will double the time it will discard ingress ARP and IP broadcast packets and packets from untrusted IP addresses. In the example above, the Switch doubled the time for dropping ARP and IP broadcast packets when consecutive flooding issues were detected at 5-second intervals.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Description Safeguard Engine State Use the radio button to globally enable or disable Safeguard Engine settings for the Switch. Rising Threshold (20% - 100%) Used to configure the acceptable level of CPU utilization before the Safeguard Engine mechanism is enabled. Once the CPU utilization reaches this percentage level, the Switch will move into Exhausted mode, based on the parameters provided in this window.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch IP-MAC-Port Binding The IP network layer uses a four-byte address. The Ethernet link layer uses a six-byte MAC address. Binding these two address types together allows the transmission of data between the layers. The primary purpose of IP-MAC-port binding is to restrict the access to a switch to a number of authorized users.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 5 - 5. IMP Port Settings window The following fields can be set or modified: Parameter Description From Port/To Port Select a range of ports to set for IP-MAC-port binding. State Use the pull-down menu to enable or disable these ports for IP-MAC-port binding. Enabled (Strict) This mode provides a stricter method of control.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch IMP Entry Settings This table is used to create static IP-MAC-binding port entries and view all IMP entries on the Switch. Click Find to search for an entry. Click View All for the table to display all entries and click Delete All to remove all static entries. To view the following window, click Security > IP-MAC-Port Binding > IMP Entry Settings: Figure 5 - 6.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Description Port Use the drop-down menu to select the desired port. Ports (e.g.: 1, 7-12) Specify the ports for which to view DHCP snooping entries. Tick the All check box to configure this entry for all ports on the Switch. Click Apply to implement changes. MAC Block List This table is used to view unauthorized devices that have been blocked by IP-MAC binding restrictions.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Port Security The Port Security folder contains two windows: Port Security Settings and Port Lock Entries. Port Security Settings A given port’s (or a range of ports') dynamic MAC address learning can be locked such that the current source MAC addresses entered into the MAC address forwarding table can not be changed once the port lock is enabled. The port can be locked by changing the Admin State pull-down menu to Enabled and clicking Apply.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Port Lock Entries Users can remove an entry from the port security entries learned by the Switch and entered into the forwarding database. To view the following window, click Security > Port Security > Port Lock Entries: Figure 5 - 10.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch DHCP Server Screening The DHCP Server Screening folder contains two windows: DHCP Screening Port Settings and DHCP Offer Filtering. DHCP Screening Port Settings The Switch supports DHCP Server Screening, a feature that denies access to rogue DHCP servers. When the DHCP server filter function is enabled, all DHCP server packets will be filtered from a specific port.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 5 - 12. DHCP Offer Filtering window The user may set the following parameters: Parameter Description Server IP Address The IP address of the DHCP server to be filtered. Client’s MAC Address The MAC address of the DHCP client. Only multiple legal DHCP servers on the network need to be entered in this field. If there is only one iegal DHCP server on the network, no input to this field is allowed.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Guest VLAN On 802.1X security-enabled networks, there is a need for non802.1X supported devices to gain limited access to the network, due to lack of the proper 802.1X software or incompatible devices, such as computers running Windows 98 or older operating systems, or the need for guests to gain access to the network without full authorization or local authentication on the Switch.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Description VLAN Name Enter the pre-configured VLAN name to create as an 802.1X guest VLAN. Port Set the ports to be enabled for the 802.1X guest VLAN. Click Apply to implement the 802.1X guest VLAN settings entered. Only one VLAN may be assigned as the 802.1X guest VLAN. 802.1X (Port-Based and Host-Based Access Control) The IEEE 802.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Authentication Server The Authentication Server is a remote device that is connected to the same network as the Client and Authenticator, must be running a RADIUS Server program and must be configured properly on the Authenticator (Switch). Clients connected to a port on the Switch must be authenticated by the Authentication Server (RADIUS) before attaining any services offered by the Switch on the LAN.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Client The Client is simply the endstation that wishes to gain access to the LAN or switch services. All endstations must be running software that is compliant with the 802.1X protocol. For users running Windows XP and Windows Vista, that software is included within the operating system. All other users are required to attain 802.1X client software from an outside source.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Understanding 802.1X Port-based and Host-based Network Access Control The original intent behind the development of 802.1X was to leverage the characteristics of point-to-point in LANs. As any single LAN segment in such infrastructures has no more than two devices attached to it, one of which is a Bridge Port.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Host-Based Network Access Control RADIUS Server Ethernet Switch … 802.1X Client 802.1X Client 802.1X Client 802.1X Client 802.1X Client 802.1X Client 802.1X Client 802.1X Client 802.1X Client 802.1X Client 802.1X Client 802.1X Client Network access controlled port Network access uncontrolled port Figure 5 - 22. Example of Typical Host-Based Configuration In order to successfully make use of 802.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 5 - 23. 802.1X Settings window Use the From Port and To Port drop-down menus to configure the settings by port(s): This window allows setting of the following features: Parameter Description Auth Mode Choose the 802.1X authenticator mode, Disabled, Port Based, or MAC Based. Auth Protocol Choose the authenticator protocol, Local or RADIUS EAP. From Port Enter the beginning port of the range of ports to be set.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch attempts by the client to authenticate. The Switch cannot provide authentication services to the client through the interface. If Auto is selected, it will enable 802.1X and cause the port to begin in the unauthorized state, allowing only EAPOL frames to be sent and received through the port. The authentication process begins when the link state of the port transitions from down to up, or when an EAPOLstart frame is received.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Initialize Port(s) Existing 802.1X port and host settings are displayed and can be configured using the two windows below. To initialize ports for the port side of 802.1X, the user must first enable 802.1X by port in the 802.1X Settings window. To view the following window, click Security > 802.1X > Initialize Port(s): Figure 5 - 25. Initialize Port(s) window for Port-based 802.1X This window allows initialization of a port or group of ports.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Reauthenticate Port(s) Users can display and configure reauthenticate ports for 802.1X port and host using the two windows below. To reauthenticate ports for the port side of 802.1X, the user must first enable 802.1X by port in the 802.1X Settings window To view the following window, click Security > 802.1X > Reauthenticate Port(s): Figure 5 - 27. Reauthenticate Port(s) window for Port-based 802.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Authentic RADIUS Server The RADIUS feature of the Switch allows the user to facilitate centralized user administration as well as providing protection against a sniffing, active hacker. The Web manager offers three windows. To view the following window, click Security > 802.1X > Authentic RADIUS Server: Figure 5 - 29.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch SSL Settings Secure Sockets Layer, or SSL, is a security feature that will provide a secure communication path between a host and client through the use of authentication, digital signatures and encryption.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 5 - 30. SSL Settings window To set up the SSL function on the Switch, configure the parameters in the SSL Settings section described below and click Apply. To set up the SSL ciphersuite function on the Switch, configure the parameters in the SSL Ciphersuite Settings section described below and click Apply. To download SSL certificates, configure the parameters in the SSL Certificate Download section described below and click Download.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Key File Name Enter the path and the filename of the key file to download. This file must have a .der extension (Ex. c:/pkey.der) Click Apply to implement changes made. NOTE: Certain implementations concerning the function and configuration of SSL are not available on the web-based management of this Switch and need to be configured using the command line interface.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 5 - 31. SSH Configuration window To configure the SSH server on the Switch, modify the following parameters and click Apply: Parameter Description SSH Server Status Use the radio buttons to enable or disable SSH on the Switch. The default is Disabled. Max Session (1-8) Enter a value between 1 and 8 to set the number of users that may simultaneously access the Switch. The default setting is 8.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Description SSH Authentication Mode Settings Password This may be enabled or disabled to choose if the administrator wishes to use a locally configured password for authentication on the Switch. This parameter is enabled by default. Public Key This may be enabled or disabled to choose if the administrator wishes to use a public key configuration set on a SSH server, for authentication. This parameter is enabled by default.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch SSH User Authentication Mode Users can configure parameters for users attempting to access the Switch through SSH. To view the following window, click Security > SSH > SSH User Authentication Mode: Figure 5 - 33. SSH User Authentication Mode window In the window above, the User Account “ctsnow” has been previously set using the User Accounts window in the Configuration folder.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Access Authentication Control The TACACS / XTACACS / TACACS+ / RADIUS commands allow users to secure access to the Switch using the TACACS / XTACACS / TACACS+ / RADIUS protocols. When a user logs in to the Switch or tries to access the administrator level privilege, he or she is prompted for a password.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Authentication Policy and Parameter Settings Users can enable an administrator-defined authentication policy for users trying to access the Switch. When enabled, the device will check the Login Method List and choose a technique for user authentication upon login. To view the following window, click Security > Access Authentication Control > Authentication Policy and Parameter Settings: Figure 5 - 34.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch section, for more information. Enable Method List Using the pull-down menu, configure an application for normal login on the user level, utilizing a previously configured method list. The user may use the default Method List or other Method List configured by the user. See the Enable Method Lists window, in this section, for more information Click Apply to implement changes made.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 5 - 37. Edit Server Group tab of the Authentication Server Group window To add an Authentication Server Host to the list, enter its name in the Group Name field, IP address in the IP Address field, use the drop-down menu to choose the Protocol associated with the IP address of the Authentication Server Host, and then click Add to add this Authentication Server Host to the group.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 5 - 38. Authentication Server Host window Configure the following parameters to add an Authentication Server Host: Parameter Description IP Address The IP address of the remote server host to add. Protocol The protocol used by the server host. The user may choose one of the following: TACACS - Enter this parameter if the server host utilizes the TACACS protocol.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Login Method Lists User-defined or default Login Method List of authentication techniques can be configured for users logging on to the Switch. The sequence of techniques implemented in this command will affect the authentication result. For example, if a user enters a sequence of techniques, for example TACACS - XTACACS- local, the Switch will send an authentication request to the first TACACS host in the server group.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Enable Method Lists Users can set up Method Lists to promote users with user level privileges to Administrator (Admin) level privileges using authentication methods on the Switch. Once a user acquires normal user level privileges on the Switch, he or she must be authenticated by a method on the Switch to gain administrator privileges on the Switch, which is defined by the Administrator.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Configure Local Enable Password Users can configure the locally enabled password for Enable Admin. When a user chooses the "local_enable" method to promote user level privileges to administrator privileges, he or she will be prompted to enter the password configured here that is locally set on the Switch. To view the following window, click Security > Access Authentication Control > Configure Local Enable Password: Figure 5 - 41.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch MAC-based Access Control MAC-based Access Control is a method to authenticate and authorize access using either a port or host. For port-based MAC, the method decides port access rights, while for host-based MAC, the method determines the MAC access rights. A MAC user must be authenticated before being granted access to a network. Both local authentication and remote RADIUS server authentication methods are supported.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Description MBA Global State Toggle to globally enable or disable the MAC-based Access Control function on the Switch. Method Use this drop-down menu to choose the type of authentication to be used when authentication MAC addresses on a given port. The user may choose between the following methods: Local – Use this method to utilize the locally set MAC address database as the authenticator for MAC-based Access Control.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch MAC-based Access Control Local Settings Users can set a list of MAC addresses, along with their corresponding target VLAN, which will be authenticated for the Switch. Once a queried MAC address is matched in this window, it will be placed in the VLAN associated with it here. The Switch administrator may enter up to 128 MAC addresses to be authenticated using the local method configured here.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 5 - 45.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Conditions and Limitations 1. If the client is utilizing DHCP to attain an IP address, the authentication VLAN must provide a DHCP server or a DHCP relay function so that client may obtain an IP address. 2. Certain functions exist on the Switch that will filter HTTP packets, such as the Access Profile function.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Click Apply to implement changes made. NOTE: To enable the Web Authentication function, the redirection path field must have the URL of the website that users will be directed to once they enter the limited resource, pre-configured VLAN. Users that attempt to apply settings without the Redirection Page field set will be prompted with an error message and Web Authentication will not be enabled. The URL should follow the form http(s)://www.dlink.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Confirmation Retype the password entered in the previous field. VLAN Name Click the button and enter a VLAN Name in this field. VLAN ID (1-4094) Click the button and enter a VID in this field. Config WAC User User Name Enter the user name that has been guest-authenticated through this process, to be mapped to a previously configured VLAN with limited rights. Old Password Enter the previous password in this field.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch hours). State Use this drop-down menu to enable the configured ports as WAC ports. Idle Time (1-1440) If there is no traffic during the Idle Time parameter, the host will be moved back to the unauthenticated state. Enter a value between 0 and 1440 minutes. A value of 0 indicates the Idle state of the authenticated host on the port will never be checked. The default value is infinite.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch correct response. NOTE: This IP does not respond to ARP requests or ICMP packets. HTTP(s) Port (165535) This parameter specifies the TCP port that the JWAC Switch listens to and uses to finish the authenticating process. UDP Filtering This parameter enables or disables JWAC UDP Filtering. When UDP Filtering is Enabled, all UDP and ICMP packets except DHCP and DNS packets from unauthenticated hosts will be dropped.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Click Apply to implement changes made. JWAC Port Settings Users can configure JWAC port settings for the Switch. To view the following window, click Security > JWAC > JWAC Port Settings: Figure 5 - 50.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch JWAC User Settings Users can configure JWAC user settings for the Switch. To view the following window, click Security > JWAC > JWAC User Settings: Figure 5 - 51. JWAC User Settings window To set the User Account settings for the JWAC by the Switch, complete the following fields and then click the Add button. To clear the current JWAC user settings in the table at the bottom of the window, click the Delete All button.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch JWAC Customize Page Users can configure JWAC page settings for the Switch. To view the following window, click Security > JWAC > JWAC Customize Page: Figure 5 - 53. JWAC Customize Page window Complete the JWAC authentication information on this window to set the JWAC page settings. Enter a name for the Authentication in the first field and then click the Apply button. Next, enter a User Name and a Password and then click the Enter button.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Any (MAC, 802.1X or WAC) Mode Figure 5 - 54. Any (MAC, 802.1X or WAC) Mode In the diagram above the Switch port has been configured to allow clients to authenticate using 802.1X, MBAC, or WAC. When a client tries to connect to the network, the Switch will try to authenticate the client using one of these methods and if the client passes they will be granted access to the network. Any (MAC, 802.1X or JWAC) Mode Figure 5 - 55. Any (MAC, 802.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch 802.1X & IMPB Mode Figure 5 - 56. 802.1X & IMPB Mode This mode adds an extra layer of security by checking the IP MAC-Binding Port Binding (IMPB) table before trying one of the supported authentication methods. The IMPB Table is used to create a ‘white list’ that checks if the IP streams being sent by authorized hosts have been granted or not. In the above diagram the Switch port has been configured to allow clients to authenticate using 802.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch This mode adds an extra layer of security by checking the IP MAC-Binding Port Binding (IMPB) table before trying one of the supported authentication methods. The IMPB Table is used to create a ‘white-list’ that checks if the IP streams being sent by authorized hosts have been granted or not. In the above diagram, the Switch port has been configured to allow clients to authenticate using either WAC or JWAC.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch can be enabled on a port at the same time. In Any (MAC, 802.1X or WAC/JWAC mode, whether an individual security module is active on a port depends on its system state. As system states of WAC and JWAC are mutually exclusive, only one of them will active on a port at the same time. Authorized Mode y 802.1X+IMPB means 802.1X will be verified first, and then IMPB will be verified. Both authentication methods need to be passed.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch IGMP Access Control Settings (IGMP Authentication) Users can set IGMP authentication, otherwise known as IGMP access control, on individual ports on the Switch. When the Authentication State is Enabled, and the Switch receives an IGMP join request, the Switch will send the access request to the RADIUS server to do the authentication.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Section 6 ACL Access Profile List CPU Access Profile List Time Range Settings Access Profile List Access profiles allow you to establish criteria to determine whether the Switch will forward packets based on the information contained in each packet's header. The Switch supports four Profile Types, Ethernet ACL, IPv4 ACL, IPv6 ACL, and Packet Content ACL. Creating an access profile is divided into two basic parts.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 2. Add ACL Profile window for Ethernet ACL The following parameters can be set for the Ethernet ACL type: Parameter Description Select Profile ID Use the drop-down menu to select a unique identifier number for this profile set. This value can be set from 1 to 200. Select ACL Type Select profile based on Ethernet (MAC Address), IPv4 address, IPv6 address, or packet content.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch To view the setting details for a created profile, click the Show Details button for the corresponding entry on the Access Profile List window, revealing the following window: Figure 6 - 3. Access Profile Detail Information window for Ethernet The window shown below is the Add ACL Profile window for IPv4: Figure 6 - 4.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch 802.1Q VLAN Selecting this option instructs the Switch to examine the 802.1Q VLAN identifier of each packet header and use this as the full or partial criterion for forwarding. IPv4 DSCP Selecting this option instructs the Switch to examine the DiffServ Code part of each packet header and use this as the, or part of the criterion for forwarding. IPv4 Source IP Mask Enter an IP address mask for the source IP address.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 6. Add ACL Profile window for IPv6 The following parameters can be set for the IPv6 ACL type: Parameter Description Select Profile ID Use the drop-down menu to select a unique identifier number for this profile set. This value can be set from 1 to 200. Select ACL Type Select profile based on Ethernet (MAC Address), IPv4 address, IPv6 address, or packet content.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch To view the setting details for a created profile, click the Show Details button for the corresponding entry on the Access Profile List window, revealing the following window: Figure 6 - 7. Access Profile Detail Information window for IPv6 The window shown below is the Add ACL Profile window for Packet Content: Figure 6 - 8.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Packet Content Allows users to examine up to four specified offset chunks within a packet, one at a time. A chunk mask presents four bytes. Four offset chunks can be selected from a possible 32 predefined offset chunks as described below: offset_chunk_1, offset_chunk_2, offset_chunk_3, offset_chunk_4.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 10. Access Rule List window for Ethernet To remove a previously created rule, click the corresponding Delete Rules button. To add a new Access Rule, click the Add Rule button: Figure 6 - 11. Add Access Rule window for Ethernet To set the Access Rule for Ethernet, adjust the following parameters and click Apply. Parameter Description Access ID (1-200) Type in a unique identifier number for this access.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Replace DSCP (063) Select this option to instruct the Switch to replace the DSCP value (in a packet that meets the selected criteria) with the value entered in the adjacent field. When an ACL rule is added to change both the priority and DSCP of an IPv4 packet, only one of them can be modified due to a chip limitation. Currently the priority is changed when both the priority and DSCP are set to be modified.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 14. Add Access Rule window for IPv4 To set the Access Rule for IP, adjust the following parameters and click Apply. Parameter Description Access ID (1-200) Type in a unique identifier number for this access. This value can be set from 1 to 200. Auto Assign – Ticking this check box will instruct the Switch to automatically assign an Access ID for the rule being created.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch check box. The default setting is No Limit. Time Range Name Tick the check box and enter the name of the Time Range settings that has been previously configured in the Time Range Settings window. This will set specific times when this access rule will be implemented on the Switch. Ports When a range of ports is to be configured, the Auto Assign check box MUST be ticked in the Access ID field of this window.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 17. Add Access Rule window for IPv6 To set the Access Rule for IPv6, adjust the following parameters and click Apply. Parameter Description Access ID (1-200) Type in a unique identifier number for this access. This value can be set from 1 to 200. Auto Assign – Ticking this check box will instruct the Switch to automatically assign an Access ID for the rule being created.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch rate is 640kbit/sec.) The user many select a value between 1 and 156249 or tick the No Limit check box. The default setting is No Limit. Time Range Name Tick the check box and enter the name of the Time Range settings that has been previously configured in the Time Range Settings window. This will set specific times when this access rule will be implemented on the Switch.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 20. Add Access Rule window for Packet Content To set the Access Rule for Packet Content, adjust the following parameters and click Apply. Parameter Description Access ID (1200) Type in a unique identifier number for this access. This value can be set from 1 to 200. Auto Assign – Ticking this check box will instruct the Switch to automatically assign an Access ID for the rule being created.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch 156249) rate is 640kbit/sec.) The user many select a value between 1 and 156249 or tick the No Limit check box. The default setting is No Limit. Time Range Name Tick the check box and enter the name of the Time Range settings that has been previously configured in the Time Range Settings window. This will set specific times when this access rule will be implemented on the Switch.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 22. CPU Access Profile List window This window displays the CPU Access Profile List entries created on the Switch (one CPU access profile of each type has been created for explanatory purposes). To view the configurations for an entry, click the corresponding Show Details button. To add an entry to the CPU Acces Profile List, click the Add ACL Profile button. This will open the Add CPU ACL Profile window, as shown below.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 23. Add CPU ACL Profile window for Ethernet Parameter Description Select Profile ID (1-5) Use the drop-down menu to select a unique identifier number for this profile set. This value can be set from 1 to 5. Select ACL Type Select profile based on Ethernet (MAC Address), IPv4 address, IPv6 address, or packet content mask. This will change the window according to the requirements for the type of profile.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch To view the settings of a previously correctly created profile, click the corresponding Show Details button on the CPU Access Profile List window to view the following window: Figure 6 - 24. CPU Access Profile Detail Information window for Ethernet The window shown below is the Add CPU ACL Profile window for IP (IPv4). Figure 6 - 25. Add CPU ACL Profile window for IP (IPv4) The following parameters may be configured for the IP (IPv4) filter.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch and use this as the, or part of the criterion for forwarding. IPv4 DSCP Selecting this option instructs the Switch to examine the DiffServ Code part of each packet header and use this as the, or part of the criterion for forwarding. Source IP Mask Enter an IP address mask for the source IP address. Destination IP Mask Enter an IP address mask for the destination IP address.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 27. Add CPU ACL Profile window for IPv6 The following parameters may be configured for the IPv6 filter. Parameter Description Select Profile ID Use the drop-down menu to select a unique identifier number for this profile set. This value can be set from 1 to 5. Select ACL Type Select profile based on Ethernet (MAC Address), IPv4 address, IPv6 address, or packet content mask.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch To view the settings of a previously correctly created profile, click the corresponding Show Details button on the CPU Access Profile List window to view the following window: Figure 6 - 28. CPU Access Profile Detail Information window for IPv6 The window shown below is the Add CPU ACL Profile window for Packet Content. Figure 6 - 29.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch specified: • 0-15 - Enter a value in hex form to mask the packet from the beginning of the packet to the 15th byte. • 16-31 – Enter a value in hex form to mask the packet from byte 16 to byte 31. • 32-47 – Enter a value in hex form to mask the packet from byte 32 to byte 47. • 48-63 – Enter a value in hex form to mask the packet from byte 48 to byte 63. • 64-79 – Enter a value in hex form to mask the packet from byte 64 to byte 79.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 32. Add Access Rule window for Ethernet To set the Access Rule for Ethernet, adjust the following parameters and click Apply. Parameter Description Access ID (1-100) Type in a unique identifier number for this access. This value can be set from 1 to 100. Action Select Permit to specify that the packets that match the access profile are forwarded by the Switch, according to any additional rule added (see below).
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch To establish the rule for a previously created CPU Access Profile: To configure the Access Rules for IP, open the CPU Access Profile List window and click Add/View Rules for an IP entry. This will open the following window. Figure 6 - 34. CPU Access Rule List window for IPv4 To remove a previously created rule, click the corresponding Delete Rules button. To add a new Access Rule, click the Add Rule button: Figure 6 - 35.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Ports Ticking the All Ports check box will denote all ports on the Switch. To view the settings of a previously correctly configured rule, click the corresponding Show Details button on the CPU Access Rule List window to view the following window: Figure 6 - 36.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch To set the Access Rule for IPv6, adjust the following parameters and click Apply. Parameter Description Access ID (1-100) Type in a unique identifier number for this access. This value can be set from 1 to 100. Action Select Permit to specify that the packets that match the access profile are forwarded by the Switch, according to any additional rule added (see below).
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 41. Add Access Rule window for Packet Content To set the Access Rule for Packet Content, adjust the following parameters and click Apply. Parameter Description Access ID (1-100) Type in a unique identifier number for this access. This value can be set from 1 to 100. Action Select Permit to specify that the packets that match the access profile are forwarded by the Switch, according to any additional rule added (see below).
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 42. CPU Access Rule Detail Information window for Packet Content Time Range Settings In conjunction with the Access Profile feature, the time range settings determine a starting point and an ending point, based on days of the week, when an Access Profile configuration will be enabled on the Switch. Once configured here, the time range settings are to be applied to an access profile rule using the Access Profile table.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Section 7 Monitoring Device Environment Cable Diagnostic CPU Utilization Port Utilization Packet Size Packets Errors Port Access Control Browse ARP Table Browse VLAN Browse Router Port Browse MLD Router Port Browse Session Table IGMP Snooping Group MLD Snooping Group WAC Authenticating State JWAC Host Table MAC Address Table System Log MAC-based Access Control State Device Environment The device environment feature displays the Switch intern
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Cable Diagnostic The cable diagnostics feature is designed primarily for administrators or customer service representatives to verify and test copper cables; it can rapidly determine the quality of the cables and the types of error. To view the following window, click Monitoring > Cable Diagnostic: Figure 7 - 2.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 7 - 3. CPU Utilization window To view the CPU utilization by port, use the real-time graphic of the Switch and/or switch stack at the top of the web page by simply clicking on a port. Click Apply to implement the configured settings. The window will automatically refresh with new updated statistics.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Port Utilization Users can display the percentage of the total available bandwidth being used on the port. To view the following window, click Monitoring > Port Utilization: Figure 7 - 4. Port Utilization window To select a port to view these statistics for, select the port by using the Port pull-down menu. The user may also use the real-time graphic of the Switch at the top of the web page by simply clicking on a port.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Packet Size Users can display packets received by the Switch, arranged in six groups and classed by size, as either a line graph or a table. Two windows are offered. To select a port to view these statistics for, select the port by using the Port pull-down menu. The user may also use the real-time graphic of the Switch at the top of the web page by simply clicking on a port.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Description Port Use the drop-down menu to choose the port that will display statistics. Time Interval Select the desired setting between 1s and 60s, where "s" stands for seconds. The default value is one second. Record Number Select number of times the Switch will be polled between 20 and 200. The default value is 200.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Packets The Web manager allows various packet statistics to be viewed as either a line graph or a table. Six windows are offered. Received (RX) To select a port to view these statistics for, select the port by using the Port pull-down menu. The user may also use the real-time graphic of the Switch at the top of the web page by simply clicking on a port. To view the following windows, click Monitoring > Packets > Received (RX): Figure 7 - 7.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch The following fields may be set or viewed: Parameter Description Port Use the drop-down menu to choose the port that will display statistics. Time Interval Select the desired setting between 1s and 60s, where "s" stands for seconds. The default value is one second. Record Number Select number of times the Switch will be polled between 20 and 200. The default value is 200. Bytes Counts the number of bytes received on the port.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch UMB_cast (RX) To select a port to view these statistics for, select the port by using the Port pull-down menu. The user may also use the real-time graphic of the Switch at the top of the web page by simply clicking on a port. To view the following windows, click Monitoring > Packets > UMB_cast (RX): Figure 7 - 9.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Description Port Use the drop-down menu to choose the port that will display statistics. Time Interval Select the desired setting between 1s and 60s, where "s" stands for seconds. The default value is one second. Record Number Select number of times the Switch will be polled between 20 and 200. The default value is 200. Unicast Counts the total number of good packets that were received by a unicast address.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 7 - 12. Transmitted (TX) Table window (for Bytes and Packets) The following fields may be set or viewed: Parameter Description Port Use the drop-down menu to choose the port that will display statistics. Time Interval Select the desired setting between 1s and 60s, where "s" stands for seconds. The default value is one second. Record Number Select number of times the Switch will be polled between 20 and 200.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Errors The Web manager allows port error statistics compiled by the Switch's management agent to be viewed as either a line graph or a table. Four windows are offered. Received (RX) To select a port to view these statistics for, select the port by using the Port pull-down menu. The user may also use the real-time graphic of the Switch at the top of the web page by simply clicking on a port.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch The following fields can be set: Parameter Description Port Use the drop-down menu to choose the port that will display statistics. Time Interval Select the desired setting between 1s and 60s, where "s" stands for seconds. The default value is one second. Record Number Select number of times the Switch will be polled between 20 and 200. The default value is 200.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Transmitted (TX) To select a port to view these statistics for, select the port by using the Port pull-down menu. The user may also use the real-time graphic of the Switch at the top of the web page by simply clicking on a port. To view the following windows, click Monitoring > Errors > Transmitted (TX): Figure 7- 15.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Description Port Use the drop-down menu to choose the port that will display statistics. Time Interval Select the desired setting between 1s and 60s, where "s" stands for seconds. The default value is one second. Record Number Select number of times the Switch will be polled between 20 and 200. The default value is 200.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Port Access Control The following windows are used to monitor 802.1X statistics of the Switch, on a per port basis. To view the Port Access Control windows, open the Monitoring folder and click Port Access Control. There are seven monitoring windows in this section. Authenticator State The following section describes the 802.1x Status on the Switch. Users can view the Authenticator State.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 7 - 18. Authenticator State window – MAC-Based 802.1X This window displays the Authenticator State for individual ports on a selected device. A polling interval between 1 and 60 seconds can be set using the drop-down menu at the top of the window and clicking OK.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Authenticator Statistics Users can display tatistics objects for the Authenticator PAE associated with each port. An entry appears in this table for each port that supports the Authenticator function. To view the following window, click Monitoring > Port Access Control > Authenticator Statistics: Figure 7 - 19.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Tx Req The number of EAP Request frames (other than Rq/Id frames) that have been transmitted by this Authenticator. Rx RespId The number of EAP Resp/Id frames that have been received by this Authenticator. Rx Resp The number of valid EAP Response frames (other than Resp/Id frames) that have been received by this Authenticator.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Authenticator Session Statistics Users can display session statistics objects for the Authenticator PAE associated with each port. An entry appears in this table for each port that supports the Authenticator function. To view the following window, click Monitoring > Port Access Control > Authenticator Session Statistics: Figure 7 - 20.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Frames Tx The number of user data frames transmitted on this port during the session. ID A unique identifier for the session, in the form of a printable ASCII string of at least three characters. Authentic Method The authentication method used to establish the session. Valid Authentic Methods include: (1) Remote Authentic Server - The Authentication Server is external to the Authenticator’s System.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Authenticator Diagnostics Users can display diagnostic information regarding the operation of the Authenticator associated with each port. An entry appears in this table for each port that supports the Authenticator function. To view the following window, click Monitoring > Port Access Control > Authenticator Diagnostics: Figure 7 - 21.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch successful authentication of the Supplicant (authSuccess = TRUE). Auth Timeout Counts the number of times that the state machine transitions from AUTHENTICATING to ABORTING, as a result of the Backend Authentication state machine indicating authentication timeout (authTimeout = TRUE).
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch RADIUS Authentication Users can display information concerning the activity of the RADIUS authentication client on the client side of the RADIUS authentication protocol. To view the following window, click Monitoring > Port Access Control > RADIUS Authentication: Figure 7 - 22. RADIUS Authentication window The user may also select the desired time interval to update the statistics, between 1s and 60s, where “s” stands for seconds.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch server. AccessResponses The number of malformed RADIUS Access-Response packets received from this server. Malformed packets include packets with an invalid length. Bad authenticators or Signature attributes or known types are not included as malformed access responses. BadAuthenticators The number of RADIUS Access-Response packets containing invalid authenticators or Signature attributes received from this server.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch addresses. Identifier The NAS-Identifier of the RADIUS accounting client. (This is not necessarily the same as sysName in MIB II.) ServerAddr The (conceptual) table listing the RADIUS accounting servers with which the client shares a secret. ServerPortNumber The UDP port the client is using to send requests to this server.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Browse ARP Table Users can display current ARP entries on the Switch. To search a specific ARP entry, enter an Interface Name or an IP Address at the top of the window and click Find. Click the Show Static button to display static ARP table entries. To clear the ARP Table, click Clear All. To view the following window, click Monitoring > Browse ARP Table: Figure 7 - 24.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Browse Router Port Users can display which of the Switch’s ports are currently configured as router ports. A router port configured by a user (using the console or Web-based management interfaces) is displayed as a static router port, designated by S. A router port that is dynamically configured by the Switch is designated by D, while a Forbidden port is designated by F.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Browse Session Table Users can display the management sessions since the Switch was last rebooted. To view the following window, click Monitoring > Browse Session Table: Figure 7 - 28. Browse Session Table window IGMP Snooping Group Users can view the Switch’s IGMP Snooping Group Table. IGMP Snooping allows the Switch to read the Multicast Group IP address and the corresponding MAC address from IGMP packets that pass through the Switch.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch MLD Snooping Group Users can view MLD Snooping Groups present on the Switch. MLD Snooping is an IPv6 function comparable to IGMP Snooping for IPv4. To view the following window, click Monitoring > MLD Snooping Group: Figure 7 - 30. MLD Snooping Group window The user may browse this table by either VLAN Name or VID List present in the Switch by entering that VLAN Name/VID List in the empty field shown below, and clicking the Find button.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch WAC Authenticating State Users can display the current WAC authentication state and delete WAC authentication state settings. To view the following window, click Monitoring > WAC Authenticating State: Figure 7 - 31.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch JWAC Host Table Users can display Japanese Web-based Access Control Host Table information. To view the following window, click Monitoring > JWAC Host Table: Figure 7 - 32. JWAC Host Table window The following fields and settings can be viewed: Parameter Description Port List Enter a port or range of ports. Find Click this button to initiate the search function.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch MAC Address Table This allows the Switch's dynamic MAC address forwarding table to be viewed. When the Switch learns an association between a MAC address and a port number, it makes an entry into its forwarding table. These entries are then used to forward packets through the Switch. To view the following window, click Monitoring > MAC Address Table: Figure 7 - 33.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch System Log Users can view the history log as compiled by the Switch's management agent. To view the following window, click Monitoring > System Log: Figure 7 - 34. System Log window The Switch can record event information in its own logs, to designated SNMP trap receiving stations, and to the PC connected to the console manager. Click Next to go to the next page of the System Log window.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch MAC-based Access Control Authentication State Users can display MAC-based Access Control Authentication State information. To view the following window, click Monitoring > MAC-based Access Control Authentication State: Figure 7 - 35. MAC-based Access Control Authentication State window To display MAC-based Access Control Authentication State information, select a port using the Port drop-down menu and then click Apply.
Section 8 Save Services and Tools Save Configuration ID 1 Save Configuration ID 2 Save Log Save All Configuration File Backup & Restore Upload Log File Reset Download Firmware Reboot System The four Save windows include: Save Configuration 1, Save Configuration 2, Save Log, and Save All. Each version of the window will aid the user in saving configurations to the Switch’s memory. The options include: • Save Configuration_ID_1 to save the configuration file indexed as Image file 1.
Save Configuration ID 2 Open the Save drop-down menu at the top of the Web manager and click Save Configuration ID 2 to open the following window: Figure 8 - 2. Save Configuration ID 2 window Save Log Open the Save drop-down menu at the top of the Web manager and click Save Log to open the following window: Figure 8 - 3. Save Log window Save All Open the Save drop-down menu at the top of the Web manager and click Save All to open the following window: Figure 8 - 4.
Configuration File Backup & Restore The Switch supports dual image storage for configuration file backup and restoration. The firmware and configuration images are indexed by ID number 1 or 2. To change the boot firmware image, use the Configuration ID drop-down menu to select the desired configuration file to backup or restore. The default Switch settings will use image ID 1 as the boot configuration or firmware.
Download Firmware The following window is used to download firmware for the Switch. Figure 8 - 8. Download Firmware window Enter the Server IP address in the first field and and specify the path/file name of the firmware in the third field. Select either IPv4 or IPv6. Select the desired Image ID, Active, 1 or 2. Click Download to initiate the file transfer. Reboot System The following window is used to restart the Switch. Figure 8 - 9.
Appendix A – Mitigating ARP Spoofing Attacks Using Packet Content ACL How Address Resolution Protocol works Address Resolution Protocol (ARP) is the standard method for finding a host’s hardware address (MAC address) when only its IP address is known. However, this protocol is vulnerable because crackers can spoof the IP and MAC information in the ARP packets to attack a LAN (known as ARP spoofing).
Figure 2 When the switch floods the frame of ARP request to the network, all PCs will receive and examine the frame but only PC B will reply the query as the destination IP matched (see Figure 3). Figure 3 When PC B replies to the ARP request, its MAC address will be written into “Target H/W Address” in the ARP payload shown in Table 3. The ARP reply will be then encapsulated into an Ethernet frame again and sent back to the sender. The ARP reply is in a form of Unicast communication. Table 3.
The switch will also examine the “Source Address” of the Ethernet frame and find that the address is not in the Forwarding Table. The switch will learn PC B’s MAC and update its Forwarding Table.
How ARP Spoofing Attacks a Network ARP spoofing, also known as ARP poisoning, is a method to attack an Ethernet network which may allow an attacker to sniff data frames on a LAN, modify the traffic, or stop the traffic altogether (known as a Denial of Service – DoS attack). The principle of ARP spoofing is to send the fake, or spoofed ARP messages to an Ethernet network. Generally, the aim is to associate the attacker's or random MAC address with the IP address of another node (such as the default gateway).
Figure 5 Prevent ARP Spoofing via Packet Content ACL D-Link managed switches can effectively mitigate common DoS attacks caused by ARP spoofing via a unique Package Content ACL. For the reason that basic ACL can only filter ARP packets based on packet type, VLAN ID, Source, and Destination MAC information, there is a need for further inspections of ARP packets.
Configuration The configuration logic is as follows: 1. 2. Only if the ARP matches Source MAC address in Ethernet, Sender MAC address and Sender IP address in ARP protocol can pass through the switch. (In this example, it is the gateway’s ARP.) The switch will deny all other ARP packets which claim they are from the gateway’s IP. The design of Packet Content ACL on the Switch enables users to inspect any offset chunk.
Appendix B – Switch Log Entries The following table lists all possible entries and their corresponding meanings that will appear in the System Log of this Switch.
Configuration successfully uploaded Configuration upload was unsuccessful Log message successfully uploaded Log message upload was unsuccessful Interface Console Web Configuration successfully uploaded by console (Username: , IP: , MAC: ) Configuration upload by console was unsuccessful! (Username: , IP: , MAC: ) Log message successfully uploaded by console (Username: , IP: , MAC: ) Log message upload by console was u
Telnet Login failed through Web (SSL) Login failed through Web (SSL) (Username: , IP: , MAC: ) Warning Logout through Web (SSL) Logout through Web (SSL) (Username: , IP: , MAC: ) Informational Web (SSL) session timed out Web (SSL) session timed out (Username: , IP: , MAC: ) Informational Successful login through Telnet Successful login through Telnet (Username: , IP: , MAC: ) Informational
AAA SSH server is enabled SSH server is enabled Informational SSH server is disabled SSH server is disabled Informational Authentication Policy is enabled Authentication Policy is enabled (Module: AAA) Informational Authentication Policy is disabled Authentication Policy is disabled (Module: AAA) Informational Successful login through Console authenticated by AAA local method Successful login through Console authenticated by Informational AAA local method (Username: ) Login failed t
AAA local method AAA local method (Username: , MAC: ) Successful login through Console authenticated by AAA none method Successful login through Console authenticated by Informational AAA none method (Username: ) Successful login through Web authenticated by AAA none method Successful login through Web from authenticated Informational by AAA none method (Username: , MAC: ) Successful login through Web (SSL) authenticated by AAA none method Succ
) Successful login through Web (SSL) authenticated by AAA server Successful login through Web(SSL) from authenticated by AAA server (Username: , MAC: ) Informational Login failed through Web (SSL) authenticated by AAA server Login failed through Web (SSL) from authenticated by AAA server (Username: , MAC: ) Warning Login failed through Web (SSL) due to AAA server timeout or improper configuration Login failed thro
(Username: , MAC: ) Successful Enable Admin through Telnet authenticated by AAA local_enable method Successful Enable Admin through Telnet from authenticated by AAA local_enable method (Username: , MAC: ) Informational Successful Enable Admin through SSH authenticated by AAA local_enable method Successful Enable Admin through SSH from authenticated by AAA local_enable method (Username: , MAC: ) Informational Enable Admin faile
Enable Admin failed through Console authenticated by AAA server Enable Admin failed through Console authenticated by AAA server (Username: ) Warning Enable Admin failed through Console due to AAA server timeout or improper configuration Enable Admin failed through Console due to AAA server timeout or improper configuration (Username: ) Warning Successful Enable Admin through Web authenticated by AAA server Successful Enable Admin through Web from authenticated
IP-MACPORT Binding IP and Password Changed Enable Admin failed through Telnet due to AAA server timeout or improper configuration Enable Admin failed through Telnet from due to AAA server timeout or improper configuration (Username: , MAC: ) Warning Successful Enable Admin through SSH authenticated by AAA server Successful Enable Admin through SSH from authenticated by AAA server (Username: , MAC: ) Informational Enable Admin failed
Safeguard Engine Packet Storm Safeguard Engine is in normal mode Safeguard Engine enters NORMAL mode Informational Safeguard Engine is in filtering packet mode Safeguard Engine enters EXHAUSTED mode Warning Broadcast strom occurrence Port Broadcast storm is occurring Warning Broadcast storm cleared Port Broadcast storm has cleared Informational Multicast storm occurrence Port Multicast storm is occurring Warning Multicast storm cleared Port
Ingress bandwidth assigned from RADIUS server after RADIUS client authenticated by RADIUS server successfully. This Ingress bandwidth will assign to the port. Egress bandwidth assigned from RADIUS server after RADIUS client authenticated by RADIUS server successfully. This egress bandwidth will assign to the port.
Appendix C – Trap Logs This table lists the trap logs found on the DGS-3200 Series Switches. MACNotifyTrap This trap indicates the MAC address 1.3.6.1.4.1.171.11.101.1.2.100.1.2.0.1 variations in the address table. PortSecVioTrap When the port security trap is 1.3.6.1.4.1.171.11.101.1.2.100.1.2.0.2 enabled, new MAC addresses that violate the pre-defined port security configuration will trigger trap messages to be sent out. PortLoopOccurredTrap This trap is sent when a Port loop 1.3.6.1.4.1.171.11.101.
FilterDetectedTrap This trap is sent when an illegal 1.3.6.1.4.1.171.12.37.100.0.1 DHCP server is detected. The same illegal DHCP server IP address detected is just sent once to the trap receivers within the log ceasing unauthorized duration. SingleIPMSColdStart The commander switch will send 1.3.6.1.4.1.171.12.8.6.0.11 swSingleIPMSColdStart notification to the indicated SingleIPMSWarmStart The commander switch will send 1.3.6.1.4.1.171.12.8.6.0.
linkDown A linkDown trap signifies that the 1.3.6.1.6.3.1.1.5.3 sending protocol entity recognizes a failure in one of the communication links represented in the agent's configuration. linkUp A linkUp trap signifies that the 1.3.6.1.6.3.1.1.5.4 sending protocol entity recognizes that one of the communication links represented in the agent's configuration has come up. authenticationFailure An authenticationFailure trap 1.3.6.1.6.3.1.1.5.
Appendix D – Password Recovery Procedure This document describes the procedure for resetting passwords on D-Link Switches. Authenticating any user who tries to access networks is necessary and important. The basic authentication method used to accept qualified users is through a local login, utilizing a Username and Password. Sometimes, passwords get forgotten or destroyed, so network administrators need to reset these passwords.
Appendix E – Glossary 1000BASE-SX: A short laser wavelength on multimode fiber optic cable for a maximum length of 2 kilometers. 1000BASE-LX: A long wavelength for a "long haul" fiber optic cable for a maximum length of 10 kilometers. 100BASE-FX: 100Mbps Ethernet implementation over fiber. 100BASE-TX: 100Mbps Ethernet implementation over Category 5 and Type 1 Twisted Pair cabling. 10BASE-T: The IEEE 802.3 specification for Ethernet over Unshielded Twisted Pair (UTP) cabling.
latency: The delay between the time a device receives a packet and the time the packet is forwarded out of the destination port. line speed: See baud rate. main port: The port in a resilient link that carries data traffic in normal operating conditions. MDI - Medium Dependent Interface: An Ethernet port connection where the transmitter of one device is connected to the receiver of another device.
Subject to the terms and conditions set forth herein, D-Link Systems, Inc. (“D-Link”) provides this lifetime product warranty for hardware: • • Only for products purchased, delivered and used within the fifty states of the United States, the District of Columbia, U.S. Possessions or Protectorates, U.S. Military Installations, or addresses with an APO or FPO, and; Only with proof of purchase.
Limitation of Liability: TO THE MAXIMUM EXTENT PERMITTED BY LAW, D-LINK IS NOT LIABLE UNDER ANY CONTRACT, NEGLIGENCE, STRICT LIABILITY OR OTHER LEGAL OR EQUITABLE THEORY FOR ANY LOSS OF USE OF THE PRODUCT, INCONVENIENCE OR DAMAGES OF ANY CHARACTER, WHETHER DIRECT, SPECIAL, INCIDENTAL OR CONSEQUENTIAL (INCLUDING, BUT NOT LIMITED TO, DAMAGES FOR LOSS OF GOODWILL, LOSS OF REVENUE OR PROFIT, WORK STOPPAGE, COMPUTER FAILURE OR MALFUNCTION, FAILURE OF OTHER EQUIPMENT OR COMPUTER PROGRAMS TO WHICH D-LINK’S PRODUCT
Product Registration Register your D-Link product online at http://support.dlink.com/register/ Product registration is entirely voluntary and failure to complete or return this form will not diminish your warranty rights.
LIMITED WARRANTY (Exclude USA, Europe, China and Taiwan) D-Link provides this limited warranty for its product only to the person or entity who originally purchased the product from D-Link or its authorized reseller or distributor. D-Link would fulfill the warranty obligation according to the local warranty policy in which you purchased our products.
Link Service Office is provided in the back of this manual. FAILURE TO PROPERLY COMPLETE AND TIMELY RETURN THE REGISTRATION CARD MAY AFFECT THE WARRANTY FOR THIS PRODUCT. Submitting A Claim. Any claim under this limited warranty must be submitted in writing before the end of the Warranty Period to an Authorized D-Link Service Office. The claim must include a written description of the Hardware defect or Software nonconformance in sufficient detail to allow D-Link to confirm the same.
GOODWILL, WORK STOPPAGE, COMPUTER FAILURE OR MALFUNCTION, LOSS OF INFORMATION OR DATA CONTAINED IN, STORED ON, OR INTEGRATED WITH ANY PRODUCT RETURNED TO D-LINK FOR WARRANTY SERVICE) RESULTING FROM THE USE OF THE PRODUCT, RELATING TO WARRANTY SERVICE, OR ARISING OUT OF ANY BREACH OF THIS LIMITED WARRANTY, EVEN IF D-LINK HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Tech Support Technical Support You can find software updates and user documentation on the DLink website. D-Link provides free technical support for customers within the United States and within Canada for the duration of the service period, and warranty confirmation service, during the warranty period on this product. U.S. and Canadian customers can contact D-Link technical support through our website, or by phone.
Technical Support United Kingdom (Mon-Fri) Home Wireless/Broadband 0871 873 3000 (9.00am–06.00pm, Sat 10.00am-02.00pm) Managed, Smart, & Wireless Switches, or Firewalls 0871 873 0909 (09.00am – 05.30pm) (BT 10ppm, other carriers may vary.) Ireland (Mon-Fri) All Products 1890 886 899 (09.00am-06.00pm, Sat 10.00am-02.00pm) €0.05ppm peak, €0.045ppm off peak Times Internet http://www.dlink.co.uk ftp://ftp.dlink.co.uk Technische Unterstützung Deutschland: Österreich: Schweiz: Web: http://www.dlink.
Assistance technique Assistance technique D-Link par téléphone : 0 820 0803 03 0,12 €/min la minute : Lundi – Vendredi de 9h à 13h et de 14h à 19h Samedi 9h à 13h et de 14h à 16h Assistance technique D-Link sur internet : http://www.dlink.fr Asistencia Técnica Asistencia Técnica Telefónica de D-Link: +34 902 30 45 45 0,067 €/min De Lunes a Viernes de 9:00 a 14:00 y de 15:00 a 18:00 http://www.dlink.es Supporto tecnico Supporto Tecnico dal lunedì al venerdì dalle ore 9.00 alle ore 19.
Pomoc techniczna Telefoniczna pomoc techniczna firmy D-Link: 0 801 022 021 Pomoc techniczna firmy D-Link świadczona przez Internet: URL: http://www.dlink.pl e-mail: serwis@dlink.pl Technická podpora Web: http://www.dlink.cz/suppport/ E-mail: support@dlink.cz Telefon: 225 281 553 Telefonická podpora je v provozu: PO- PÁ od 09.00 do 17.00 Land Line 1,78 CZK/min - Mobile 5.40 CZK/min Technikai Támogatás Tel. : 06 1 461-3001 Fax : 06 1 461-3004 Land Line 14,99 HUG/min - Mobile 49.
Teknistä tukea asiakkaille Suomessa: Arkisin klo. 9 - 21 numerosta : 06001 5557 Internetin kautta : http://www.dlink.fi Teknisk Support D-Link Teknisk Support via telefon: 0900-100 77 00 Vardagar 08.00-20.00 D-Link Teknisk Support via Internet: http://www.dlink.se Assistência Técnica Assistência Técnica da D-Link na Internet: http://www.dlink.pt e-mail: soporte@dlink.
Tehnička podrška Hvala vam na odabiru D-Link proizvoda. Za dodatne informacije, podršku i upute za korištenje uređaja, molimo vas da posjetite D-Link internetsku stranicu na www.dlink.eu www.dlink.biz/hr Tehnična podpora Zahvaljujemo se vam, ker ste izbrali D-Link proizvod. Za vse nadaljnje informacije, podporo ter navodila za uporabo prosimo obiščite D-Link - ovo spletno stran www.dlink.eu www.dlink.biz/sl Suport tehnica Vă mulţumim pentru alegerea produselor D-Link.
Technical Support You can find software updates and user documentation on the D-Link website. Tech Support for customers in Australia: Tel: 1300-766-868 24/7(24Hrs, 7days a week) technical support http://www.dlink.com.au e-mail: support@dlink.com.au India: Tel: 1800-222-002 9.00 AM to 9.00 PM. All days http://www.dlink.co.in/support/productsupport.
Technical Support You can find software updates and user documentation on the D-Link website. Tech Support for customers in Egypt: Tel: +202-2919035 or +202-2919047 Sunday to Thursday 9:00am to 5:00pm http://support.dlink-me.com Email: support.eg@dlink-me.com Iran: Te: +98-21-88880918,19 Saturday to Thursday 9:00am to 5:00pm http://support.dlink-me.com Email : support.ir@dlink-me.com & support@dlink.ir Israel: Magshimim 20 St.
Техническая поддержка Обновления программного обеспечения и документация доступны на Интернет-сайте D-Link. D-Link предоставляет бесплатную поддержку для клиентов в течение гарантийного срока. Клиенты могут обратиться в группу технической поддержки D-Link по телефону или через Интернет. Техническая поддержка D-Link: +7(495) 744-00-99 Техническая поддержка через Интернет http://www.dlink.ru e-mail: support@dlink.
SOPORTE TÉCNICO Usted puede encontrar actualizaciones de softwares o firmwares y documentación para usuarios a través de nuestro sitio www.dlinkla.
Suporte Técnico Você pode encontrar atualizações de software e documentação de usuário no site da D-Link Brasil. A D-Link fornece suporte técnico gratuito para clientes no Brasil durante o período de vigência da garantia deste produto. Suporte Técnico para clientes no Brasil: Telefone São Paulo +11-2185-9301 Segunda à sexta Das 8h30 às 18h30 Demais Regiões do Brasil 0800 70 24 104 E-mail: e-mail: suporte@dlinkbrasil.com.
D-Link 友訊科技 台灣分公司 技術支援資訊 如果您還有任何本使用手冊無法協助您解決的產品相關問題,台灣 地區用戶可以透過我們的網站、電子郵件或電話等方式與D-Link台灣 地區技術支援工程師聯絡。 D-Link 免付費技術諮詢專線 0800-002-615 服務時間:週一至週五,早上9:00到晚上9:00 (不含周六、日及國定假日) 網 站:http://www.dlink.com.tw 電子郵件:dssqa_service@dlink.com.tw 如果您是台灣地區以外的用戶,請參考D-Link網站全球各地 分公司的聯絡資訊以取得相關支援服務。 產品保固期限、台灣區維修據點查詢,請參考以下網頁說明: http://www.dlink.com.
Dukungan Teknis Update perangkat lunak dan dokumentasi pengguna dapat diperoleh pada situs web D-Link. Dukungan Teknis untuk pelanggan: Dukungan Teknis D-Link melalui telepon: Tel: +62-21-5731610 Dukungan Teknis D-Link melalui Internet: Email : support@dlink.co.id Website : http://support.dlink.co.
Technical Support この度は弊社製品をお買い上げいただき、誠にありがとうご ざいます。 下記弊社 Web サイトからユーザ登録及び新製品登録を 行っていただくと、ダウンロードサービスにて サポート情報、ファームウェア、ユーザマニュアルを ダウンロードすることができます。 ディーリンクジャパン Web サイト URL:http://www.dlink-jp.
技术支持 您可以在 D-Link 的官方網站找到產品的軟件升級和使用手冊 办公地址:北京市东城区北三环东路 36 号 环球贸易中心 B 座 26F 02-05 室 邮编: 100013 技术支持中心电话:8008296688/ (028)66052968 技术支持中心传真:(028)85176948 维修中心地址:北京市东城区北三环东路 36 号 环球贸易中心 B 座 26F 02-05 室 邮编: 100013 维修中心电话:(010) 58257789 维修中心传真:(010) 58257790 网址:http://www.dlink.com.
