D-Link DES-3200-10 manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240

Ir a la página of

Buen manual de instrucciones

Las leyes obligan al vendedor a entregarle al comprador, junto con el producto, el manual de instrucciones D-Link DES-3200-10. La falta del manual o facilitar información incorrecta al consumidor constituyen una base de reclamación por no estar de acuerdo el producto con el contrato. Según la ley, está permitido adjuntar un manual de otra forma que no sea en papel, lo cual últimamente es bastante común y los fabricantes nos facilitan un manual gráfico, su versión electrónica D-Link DES-3200-10 o vídeos de instrucciones para usuarios. La condición es que tenga una forma legible y entendible.

¿Qué es un manual de instrucciones?

El nombre proviene de la palabra latina “instructio”, es decir, ordenar. Por lo tanto, en un manual D-Link DES-3200-10 se puede encontrar la descripción de las etapas de actuación. El propósito de un manual es enseñar, facilitar el encendido o el uso de un dispositivo o la realización de acciones concretas. Un manual de instrucciones también es una fuente de información acerca de un objeto o un servicio, es una pista.

Desafortunadamente pocos usuarios destinan su tiempo a leer manuales D-Link DES-3200-10, sin embargo, un buen manual nos permite, no solo conocer una cantidad de funcionalidades adicionales del dispositivo comprado, sino también evitar la mayoría de fallos.

Entonces, ¿qué debe contener el manual de instrucciones perfecto?

Sobre todo, un manual de instrucciones D-Link DES-3200-10 debe contener:
- información acerca de las especificaciones técnicas del dispositivo D-Link DES-3200-10
- nombre de fabricante y año de fabricación del dispositivo D-Link DES-3200-10
- condiciones de uso, configuración y mantenimiento del dispositivo D-Link DES-3200-10
- marcas de seguridad y certificados que confirmen su concordancia con determinadas normativas

¿Por qué no leemos los manuales de instrucciones?

Normalmente es por la falta de tiempo y seguridad acerca de las funcionalidades determinadas de los dispositivos comprados. Desafortunadamente la conexión y el encendido de D-Link DES-3200-10 no es suficiente. El manual de instrucciones siempre contiene una serie de indicaciones acerca de determinadas funcionalidades, normas de seguridad, consejos de mantenimiento (incluso qué productos usar), fallos eventuales de D-Link DES-3200-10 y maneras de solucionar los problemas que puedan ocurrir durante su uso. Al final, en un manual se pueden encontrar los detalles de servicio técnico D-Link en caso de que las soluciones propuestas no hayan funcionado. Actualmente gozan de éxito manuales de instrucciones en forma de animaciones interesantes o vídeo manuales que llegan al usuario mucho mejor que en forma de un folleto. Este tipo de manual ayuda a que el usuario vea el vídeo entero sin saltarse las especificaciones y las descripciones técnicas complicadas de D-Link DES-3200-10, como se suele hacer teniendo una versión en papel.

¿Por qué vale la pena leer los manuales de instrucciones?

Sobre todo es en ellos donde encontraremos las respuestas acerca de la construcción, las posibilidades del dispositivo D-Link DES-3200-10, el uso de determinados accesorios y una serie de informaciones que permiten aprovechar completamente sus funciones y comodidades.

Tras una compra exitosa de un equipo o un dispositivo, vale la pena dedicar un momento para familiarizarse con cada parte del manual D-Link DES-3200-10. Actualmente se preparan y traducen con dedicación, para que no solo sean comprensibles para los usuarios, sino que también cumplan su función básica de información y ayuda.

Índice de manuales de instrucciones

  • Página 1

    ® User Manual Product Model: DES-3200-10/18/28/28F Layer 2 Managed Ethernet Switch Release 1.1[...]

  • Página 2

    . ___________________ __________________ __________________ ___________________ _______ Information in this document is subject to change without notice. © 2009 D-Link Corporation. All rights reserved. Reproduction in any manner whatsoever without th e written pe rmission of D-Link Corporati on is strictly forbidd en. Trademarks used in this text:[...]

  • Página 3

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual ii Table of Contents Intended Readers .............................................................................................................................. ......................... viii  Typographical Conv entions ............................................[...]

  • Página 4

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual iii SMTP Settings .............................................................................................................................. .............................. 35  SMTP Service Settings ..................................................................[...]

  • Página 5

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual iv VLAN Trunk Settings .............................................................................................................................. .................... 71  GVRP Settings ...............................................................................[...]

  • Página 6

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual v Priority Mapping .............................................................................................................................. .......................... 112  TOS Mapping ..............................................................................[...]

  • Página 7

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual vi MAC-based Access Control Local Settin gs ........................................................................................................................... 14 8  DoS Prevention Settings ......................................................................[...]

  • Página 8

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual vii Browse Session Table .............................................................................................................................. ................ 211  MAC Address Table ............................................................................[...]

  • Página 9

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Intended Readers The DES-3200-10/18/28/28F User M anual contains information for setup and management of the Switch. This manual is intended for network ma nagers familiar with netwo rk management conce pts and terminology. Typographical Conventions Convention Descriptio[...]

  • Página 10

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Section 1 Web-based Switch Configuration Introduction Login to Web Manager Web-based User Interface Web Pages Introduction All software functions of the Switch can be managed, c onfigured and monitored via the embedded web-ba sed (HTML) interface. The Switch can be manag[...]

  • Página 11

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Web-based User Interface The user interface provides access to various Switch co nfigurati on and management wind ows, allows you to view performance statistics, and permits you t o graphically monitor the system status. Areas of the User Interface The figure below shows[...]

  • Página 12

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual NOTICE : Any changes m ade to the Switch configuration during the current session must be saved in the Save Configuration window ( Save > Save Configuration ) or use the command line interface (CLI) command sav e config . Web Pages When you connect to the management m[...]

  • Página 13

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Section 2 Configuration Device Information System Information Serial Port Settings IP Address Settings IPv6 Interface Settings IPv6 Route Settings IPv6 Neighbor Settings Port Configuration Static ARP Settings User Accounts System Log Configuration DHCP Relay DHCP Auto Co[...]

  • Página 14

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Device Information This window contains the main settings for all major functi ons on the Switch an d appears automatically when you log on. To return to the Device Information window, click the DES-3200-10/18/28/28F folder. The Device Information window shows the Switch[...]

  • Página 15

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Serial Port Settings The following window allo ws the Baud Rate and the Auto Logout to be cha nged as well as containing information about the Serial Port Settings. Click Configuration > Serial Port Setti ngs to display this window: Figure 2 - 3. Serial Port Settings [...]

  • Página 16

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual 4. If no VLANs have been previously configured on the Switch, you can use the default Management VLAN Name. The default VLAN contains all of the Switch po rts as members. If VLANs have been previously configured on the Switch, the Managem ent VLAN Name of the VLAN that c[...]

  • Página 17

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual IPv6 Address Settings Users can display the Switch’s cu rrent IPv6 interface settings. To view the following window, click Configuration > IPv6 Interface Settings : Figure 2 - 5. IPv6 Interface Settings window To configure IPv6 interface settings, enter an IPv6 Addr[...]

  • Página 18

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Parameter Description Interface Name The name of the IPv6 interface being displaye d or modified. VLAN Name Display the VLAN name of the IPv6 interface. Admin. State Display the current administrator state. IPv6 Address Enter the IPv6 address of the interface to be modif[...]

  • Página 19

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Parameter Description Interface Name Enter the name of the IPv6 neighbor. To search fo r all the current interface s on the Switch, go to the second Interface Name field in the middle pa rt of the window, tick t he All check box, and then click the Find button. Neighbor [...]

  • Página 20

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Parameter Description From Port/To Port Use the pull-down menus to select the port or range of ports to be configured. State Toggle this field to either enable or disable a given port or g roup of ports. Speed/Duplex Toggle the Speed/Duplex field to either select the spe[...]

  • Página 21

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Port Description Settings The Switch supports a port description feature where the user may name various ports on the Switch. To view the following window, click Configuration > Port Configuration > Port Descrip tion Settings : Figure 2 - 9. Port Description Settin[...]

  • Página 22

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 2 - 10. Port Error Disabled windo w The following parameters are di splayed: Parameter Description Port Displays the port that has been error di sabled. Port State Describes the current runni ng state of the port, whether Enabled or Disabled. Connection Status Thi[...]

  • Página 23

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual User Accounts Use this window to control user privileges, creat e new users, and view existing User Account s. To view this window, click Configuration > User Accounts : Figure 2 - 12. User Accounts window The following fields can be set: Parameter Description User Na[...]

  • Página 24

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual User Account Management Add/Update/Delete User Accounts Yes No View User Accounts Yes No Table 2 - 1. Admin and User Privileges System Log Configuration This section contains information for configuri ng variou s attributes and properties for System Log Configuratio ns, [...]

  • Página 25

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Parameter Description Server ID Syslog server settings index (1-4). Severity This drop-down menu allows you to select the level of messages that will be sent. The options are Warning , Inform ational , and All . Server IP Address The IP address of the Syslog server. Faci[...]

  • Página 26

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual DHCP Relay The relay hops count limit allows the maximum number of hops (routers) that the DHCP messages can be relayed through to be set. If a packet’s hop count is equal to or m ore than the hop count limit, the packet i s dropped. The range is between 1 and 16 hops,[...]

  • Página 27

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual check and policy setting s will have no effect. DHCP Relay Agent Information Option 82 Check This field can be toggled betwe en Enabled and Disabled using the pull-do wn menu. It is used to enable or disable the Switches ability to check the validity of the packet’ s o[...]

  • Página 28

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Circuit ID sub-option format: a. b. c. d. e. f . g. 1 6 0 4 VLAN Module Port 1 byte 1 byte 1 byt e 1 byte 2 bytes 1 byte 1 byte a. Sub-option type b. Length c. Circuit ID type d. Length e. VLAN: the incoming VLAN ID of DHCP client packet. f. Module: For a standalone swit[...]

  • Página 29

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual DHCP Relay Interface Settings This window allows the user to set up a server, by IP address, for relaying DHCP/ BOOTP information to the Switch. The user may enter a prev iously configured IP interface on the S witch that will be connecte d directly to the DHCP server us[...]

  • Página 30

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual State This is used to enable or di sable the DHCP local relay for the specified VLAN. DHCP Auto Configuration Settings The DHCP automatic configuration function on the Switch will load a previously sa ved configuration file for current use. When DHCP auto configuration i[...]

  • Página 31

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Telnet Settings Telnet configuration is Enabled by default. If you do not want to allow conf i guration of the system through Telnet choose Disabled. The TCP ports are numbered be tween 1 and 65535 . The "well-kn own" TCP port for the Telnet protocol is 23 . To[...]

  • Página 32

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Firmware Information Information about current firmware images stored on the Switch can be viewed. To access this window, click Configuration > Firmware Information : Figure 2 - 25. Firmware Information windo w This window hold s the following information: Parameter D[...]

  • Página 33

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual SNTP Settings The SNTP Settings folder offers two windows: Time Settings and Time Zone Settings . Time Settings To configure the time settings for the Switch, click Configura tion > SNTP Settings > Time Settings : Figure 2 - 26. Time Settings window The following p[...]

  • Página 34

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Time Zone Settings The following window is u sed to configure time z ones and Daylight Savings Time settings for SNTP. To configure the time zone settings for t he Switch, clic k Configuration > SNTP Setting s > Time Zone Settings : Figure 2 - 27. Time Zone Setting[...]

  • Página 35

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual From: Day of the Week Enter the day of the week t hat DST will start on. From: Month Enter the month DST will start on. From: Time in HH:MM Enter the time of day that DST will start on. To: Which Week of the Month Enter the week of the month the DST will end. To: Day of [...]

  • Página 36

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual SMTP Settings SMTP or Simple Mail Transfer Protocol is a function of t he Switch that will send switch events to mail recipients based on e-mail addresses entere d in the window below. The Switch is to be configured as a client of SMTP while the server is a remote device[...]

  • Página 37

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual SMTP Service This window is used to test the SMTP Servic e Settings configured i n the previous window. To view the following window, click Configuration > SMTP Service : Figure 2 - 29. SMTP Service window To test to see if the SMTP settings are working properly, ente[...]

  • Página 38

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 2 - 31. MAC Notification Por t Setting s windo w The following parameters may be modif ied: Parameter Description From Port/To Port Select a port or group of ports to enable fo r MAC notification using the pull-do wn menus. State Enable MAC Notification for the po[...]

  • Página 39

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual SNMPv3 uses a more sophisti cated authentication process th at is sepa rated into two parts. The first part is to maintain a list of users and their attributes that are allowed to act as SNMP managers. The secon d part describes what each user on that list c an do as an [...]

  • Página 40

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Parameter Description View Name Type an alphanumeric string of up to 32 cha racters . This is used to identify the new SNMP view being created. Subtree OID Type the Object Identifier (OID) Subtree for the view. The OID i dentifies an object tree (MIB tree) that will be i[...]

  • Página 41

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual centralized and distributed network managem ent strategies. It includes improvements in the Structure of Management Information (S MI) and adds some security features. SNMPv3 - Specifies that the SNMP version 3 will be used. SNMPv3 prov ides secure access to devices thro[...]

  • Página 42

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Priv-Protocol by based on the CBC-DES (DES-56) Password None - Indicates that no authorizat ion p rotocol is in use. DES - Indicates that DES 56-bit encryption is in use standard. Auth-Protocol by Key cates that the HMAC-MD5-9 6 authentication level will be used. MD5 - I[...]

  • Página 43

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual SNMP Host Table indow to set up SNMP trap recipients. To configure SNM P Host Table entries, click Configuration > SNMP Settings > SNM P Host Ta ble Use the SNMP Host Table w Figure 2 - 36. SNMP Host Table window The following parameters can set: Parameter Descript[...]

  • Página 44

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual SNMP Trap Configuration The following window is us ed to enable and disable trap settings for the SNMP function on th e Switch. To view this window for configuratio n, click Configuration > SNMP Settings > SNMP Trap Configuration : Figure 2 - 38. SNMP Trap Configur[...]

  • Página 45

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Time Range Settings This window is used in con junction with the Access Prof ile feature to determine a starting p oint and an ending point, based on days of the week, when an Access Profile configuration will be enabl ed on the Switch. Once configured here, the time ran[...]

  • Página 46

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual It is connected to the CS through the CS management VLAN. 3. Candidate Switch (CaS ) - This is a switch that is ready to join a SIM group but is not yet a member of the SIM group. The Candidate Switch may join the SIM group of a switch by m anually configuring it to be a[...]

  • Página 47

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Single IP Settings All switches are set as Candidate (CaS) switches as their factory default configurat ion and Single IP Management will be disabled. To enable SIM for the Sw itch using the Web interface, click Configuration > Single IP Managemnet > Single IP Sett[...]

  • Página 48

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual After enabling the Switch to be a Commander Swit ch (CS), the Single IP Management folder will then contain four added links to aid the user in config uring SIM through the Web, including Topology , Firmware Upgrade and Configuration File Backup/Restore and Upload Log Fi[...]

  • Página 49

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Model Name Displays the full model name of the corresponding Switch. To view the Topology Map, click the View menu in the toolbar and then Topolo gy , which will produce the following window. The Topology View will refre sh itself periodically (20 seconds by defaul t). F[...]

  • Página 50

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Non-SIM devic es Tool Tips In the Topology view window, the m ouse plays an important role in configuration and in viewing device i nformation. Setting the mouse cursor over a specific device in the topology window (tool tip) will display the same inform ation about a sp[...]

  • Página 51

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Right-Click Right-clicking on a device will allow the user to perform vari ous functions, depe nding on the role of the Switch in the SIM group and the icon associated with it. Group Icon Figure 2 - 47. Right-Clicking a Group Icon Figure 2 - 48. Property window This wind[...]

  • Página 52

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Commander Switch Icon Figure 2 - 49. Right-Clicking a Commander Icon The following options may appear for th e user to configure: y Collapse - To collapse the group that w ill be represented by a single icon. y Expand - To expand the SIM group, in d etail. y Property - T[...]

  • Página 53

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual y Add to group - Add a candidate to a group. Cli cking this opt ion will reveal the following dialog for the user to enter a password for authentic ation from the Candidate Switch before being added to the SIM group. Click OK to enter the password or Cancel to exit the w[...]

  • Página 54

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Help y About - Will displ ay the SIM information, including the current SIM version. Figure 2 - 55. About windo w Firmware Upgrade This window is used to upgrade firmwa re from the Comman der Switch to the Member Switch. Member Switches will be listed in the table and wi[...]

  • Página 55

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Upload Log File The following window is used to upload log files from SIM me mber switches to a specified PC. To upload a log file, enter the Server IP address of the SIM member switch and then enter a PathFilename on yo ur PC where you wish to save this file. Click Upl[...]

  • Página 56

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Gratuitous ARP Settings This window allows you to have more deta iled settings for the Gratui tous ARP. To view this window, click Configuration > Gra tuitous ARP > Gratuitous ARP Settings : Figure 2 - 60. Gratuitous ARP Settings window The following fields can be [...]

  • Página 57

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual ARP Spoofing Prevention Settings ARP spoofing, also known as A RP poisoning, is a method to attack an Ethe rnet network which may allow an attacker to sniff data frames on a LAN, modify t he traffic, or stop the traffic altogether (known as a Denial of Service - DoS atta[...]

  • Página 58

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Section 3 L2 Features Jumbo Frame 802.1Q Static VLAN Q-in-Q 802.1v Protocol VLAN VLAN Trunk Settings GVRP Settings Asymmetric VLAN Settings MAC-based VLAN Settings PVID Auto Assign Settings Port Trunking LACP Port Settings Traffic Segmentation BPDU Tunneling Settings IGM[...]

  • Página 59

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual VLANs Understanding IEEE 802.1p Priority Priority tagging is a function defined by the IEEE 802.1p standard designed to provide a means of managi ng traffic on a network where many different types of data may be trans mitted simultaneously. It is intended to alleviate pr[...]

  • Página 60

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual IEEE 802.1Q VLANs Some relevant terms: y Tagging - The act of putting 802.1Q VLAN information into the header of a pa cket. y Untagging - The act of stripping 802.1Q VLAN information out of the packet header. y Ingress port - A port on a switch where packets are flowing [...]

  • Página 61

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 3 - 3. IEEE 802.1Q Tag The EtherType and VLAN ID a re inserted after the MAC sour ce address, but b efore the original EtherType/Length or Logical Link Control. Because the packet is now a bit l onger than it was o riginally, the Cyclic Redundancy Check (CRC) must[...]

  • Página 62

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Every physical port on a switch ha s a PVID. 802.1Q ports are also a ssigned a PVID, for use within the Switch. If no VLANs are defined on the Switch, all ports are then assigned to a default VLAN with a PVID equal to 1. Untagged packets are assigned the PVID of the port[...]

  • Página 63

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual NOTE: If no VLANs are configured on the Switch, t hen all packets will be forwarded to any destination port. Packets with unknown source addresses w ill be flooded to all ports. Broadcast and multicast packets will also be floode d to all ports. An example is presented b[...]

  • Página 64

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual over 4000 VLANs ca n be placed, ther efore greatly expanding the VLAN network and enabling g reater support of customers utilizing multiple VLANs on the network. Q-in-Q VLANs are basicall y VLAN tags placed within ex isting IEEE 802.1Q V LANs which we will call SPVIDs (S[...]

  • Página 65

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual 2. All ports must be configured as Acce ss Ports or Uplink ports. Access port s can only be Ethernet ports while Uplink ports must be Gi gabit ports. 3. Provider Edge switches must a llow frames of at least 1522 bytes or more, due to the addition of the SPVID tag. 4. Acc[...]

  • Página 66

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 3 - 7. 802.1Q Static VLAN windo w – Add/Edit VLAN tab (Add) To return to the initial 802.1Q Static VLAN window, click the VLAN List tab at the top of the window. To change an existing 802.1Q static VLAN entry, click the corresponding Edit butt on. A new window w[...]

  • Página 67

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual VLAN Name should be no more than 32 characte rs in length. Advertisement Enabling this function will allow the Switch to send out GVRP packets to outside sources, notifying that they may join the existing VLAN. Port Settings Allows an individual port to be specified as m[...]

  • Página 68

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 3 - 10. 802.1Q Static VLAN window – VLAN Batch Settings tab The following fields can be set in the VLAN Batch Settings tab: Parameter Description VID List (e.g.: 2-5) Enter a VLAN ID List that can be added, deleted or co nfigured. Advertisement Enabling this fun[...]

  • Página 69

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Q-in-Q Settings To view this window, click L2 Features > Q-in -Q > Q-in-Q Settings : Figure 3 - 11. Q-in-Q Settings window The following fields can be set: Parameter Description Q-in-Q Global Settings Click the radio button to enable or disable the Q-in -Q Global S[...]

  • Página 70

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual VLAN Translation Settings VLAN translation tran slates the VLAN ID carried in t he dat a packets it receive s from pr ivate networks into those used in the Service Providers network . To view this window click L2 Fea tures > Q-in-Q > VLAN Translation CVID En try Se[...]

  • Página 71

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Parameter Description Group ID (1-16) Select an ID number for the group, between 1 an d 16. Group Name This is used to identify the new Protocol VLAN group. Type an alphanumeric stri ng of up to 32 characte rs. Protocol This fun ction maps packets to protocol-defined VLA[...]

  • Página 72

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Port List (e.g.: 1-6) Select the specified ports you wish to configure by e ntering the port number in this field, or ti ck the Select All Ports box. Search Port List This function allows the user to search all pr eviously configured port list settings and di splay them [...]

  • Página 73

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual GVRP Settings This window allows the user to d etermine whether the Swit ch will share it s VLAN configuration information with other GARP VLAN Registration Protocol (GVRP) enabled swit ches . In addition, Ingress Checking can be used to limit traffic by filtering incomi[...]

  • Página 74

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual the port to compare the VID tag of an incoming packet with the PVID number assigned to the port. If the two are different, the port filters (drops) the packet. Disabled disables ing ress fil- tering. Ingress Checking is Enabled by default. Acceptable Frame Typ e This fie[...]

  • Página 75

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual PVID Auto Assign Settings This enables or disables PVID Auto Assign on the Switch. PVID is the VLAN that the switch will use for forwarding and filtering purposes. If PVID Auto-Assign is Enabled , PVID will be possibly changed by previously set PVID or VLAN configuration[...]

  • Página 76

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual NOTE: If any ports withi n the trunk group beco me disconnected, pa ckets intended for the disconnected port will be l oad shared among the other unlinked ports of the lin k aggregation group. Link aggregation allows se veral ports to be grouped together and to act as a [...]

  • Página 77

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual (Member) Ports Choose the members of a trunked group. Up to eight ports per group can be assigned to a group. Flooding Ports These ports are desi gnated for flooding broadca st , multicast, and DLF (u nicast Destination Lookup Fail) packets from the CPU i n a trun k grou[...]

  • Página 78

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Traffic Segmentation Traffic segmentation is used to limit traffic flow from a single port to a group of ports on the Switch. This method of segmenting the flow of traffic is simil ar to using VLANs to lim it tra ffic, but is more restri ctive. It provides a method of di[...]

  • Página 79

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual BPDU Tunneling Settings To view this window, click L2 Features > BPDU Tun neling Settings : Figure 3 - 24. BPDU Tunneling Settings window IGMP Snooping Internet Group Management Protocol (I GMP) snooping allows the Switch to recogni ze IGMP queries and report s sent b[...]

  • Página 80

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 3 - 26. IGMP Snooping Settings (Edit) w indo w The following fields can be set. Parameter Description VLAN ID This is the VLAN ID that, along with the VLAN Name, identifies the VLAN for which the user wishes to modify the IGMP Snooping Settings. VLAN Name This is [...]

  • Página 81

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 3 - 27. IGMP Snooping Router Ports Settings window Select the desired member ports and cli ck Apply . Click <<Back to go back to the IGMP Snooping Settings wind ow. IGMP Access Control Settings This window is used to con figure IGMP Access Control setting s [...]

  • Página 82

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual IGMP Snooping Multicast VLAN Settings This window is used to con figure the IGMP Snoopi ng Multicast VLAN settings on the Switch. To view this window, click L2 Features > IGMP Snooping > IGM P Snooping Multicast VLAN Settings : Figure 3 - 29. IGMP Snooping Multicas[...]

  • Página 83

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 3 - 30. IGMP Snooping Multicast VLAN Group List Settings window Enter a Multicast Address and click Add . The new information will be displayed in the table at the bottom of the window. Click Show IGMP Snooping Multicast VLAN Entries to return to the IGMP Snooping[...]

  • Página 84

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 3 - 33. Multicast Address Group List Settings window Enter the Multicast Address List sta rting with the lowest in the range, and click Add . To return to the IP Multicast Profile Settings window, click th e <<Back button. 83[...]

  • Página 85

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Limited Multicast Range Settings This window enabl es the user to configure t he ports on the Swit ch that will be involved in the Limited IP Multica st Range. The user can configure the range of ports and associ at e an IP Multicast Profile to allow or disallow IGMP joi[...]

  • Página 86

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 3 - 35. Max Multicast Group Settings window The following fields can be set: Parameter Description From Port/To Port Use the drop-down menus to choose a range of po rts. Max Group (1-1024) Enter the maximum number of the multicast groups. The ra nge is from 1 to 1[...]

  • Página 87

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual 2. Multicast Listener Report, Version 1 – Compara ble to the Host Membership Report in IGMPv2, and labeled as 131 in the ICMP packet header, this message is sent by the listenin g port to the Switch stating that it is interested in receiving multicast data from a multi[...]

  • Página 88

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual The following parameters may be viewed or modifie d: Parameter Description VLAN ID This is the VLAN ID that, along with the VLAN Name, identifies the VLAN for which the user wishes to modify the MLD Snooping Settings. VLAN Name This is the VLAN Nam e that, along with the[...]

  • Página 89

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Port Mirror The Switch allows you to copy frames transmitted and rece ived on a port and redirect the cop ies to another port. You can attach a monitoring device to the mirro red port, such as a sniffer or an RMON probe, to view details about the packets passing through [...]

  • Página 90

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Loopback Detection Settings The Loopback Detection function is u sed to detect the l oop created by a specific p ort . This feature is used to temporarily shutdown a port on the Switch when a CTP (C onfiguration Testing Protocol) packet has been looped back to the Switch[...]

  • Página 91

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Spanning Tree This Switch supports three version s of the Spanning Tree Protocol: STP, Rapid STP, and MSTP. STP will be familiar to most networking professionals. Ho wever, since RSTP and MSTP have been recently introduced to D-Link managed Ethernet switches, a brief i n[...]

  • Página 92

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Port Transition States An essential difference between the three protocols is in the way ports transition to a forwar ding state and in the way this transition relates to the rol e of the port (forwarding or not fo rwarding) in the topology. MSTP and RSTP combine the tra[...]

  • Página 93

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual STP Bridge Global Settings To open the following wind ow, click L2 features > Spanning Tree > STP Bridge Global Settings : Figure 3 - 41. STP Bridge Global Settings window The following parameters can be set: Parameter Description STP State Use the radio buttons to[...]

  • Página 94

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual NOTE: The Hello Time cannot be longer than the Max. Age. Otherwise, a configuration error will o ccur. Observe the following formulas when setting the above parameters: Max. Age ≤ 2 x (Forward Delay - 1 second) Max. Age ≥ 2 x (Hello Time + 1 second) STP Port Settings[...]

  • Página 95

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual The following fields can be set: Parameter Description From Port/To Port A consecutive group of ports may be confi gured sta rting with the selected port. External Cost (0=Auto ) External Cost - This d efines a metric that indicates th e relative cost of forwarding packe[...]

  • Página 96

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual MST Configuration Identification The following windows in t he MST Configuration Identification se ction allow the user to configure a MSTI instance o n the Switch. These settings will uniquely identify a multiple spanning tre e instance set on the Switch. The Switch ini[...]

  • Página 97

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual STP Instance Settings The following window displ ays MSTIs currently set on the Switch. To view the following table, click L2 Features > Spanning Tree > STP Instance Settings : Figure 3 - 44. STP Instance Settings windo w The following information can be set: Param[...]

  • Página 98

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual MSTP Port Information This window displays the current MSTP Port Information and can be used to upd ate the port configuration for an MSTI ID. If a loop occurs, the MSTP function will use the port priority to select an interface to put into the forwarding state. Set a hi[...]

  • Página 99

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual To add or edit an entry, define the following parameter s and then click Add/Modify : Parameter Description VLAN ID (1-4094) The VLAN ID number of the VLAN on which the above Unicast MAC addre ss resides. MAC Address The MAC address to whi ch packets will be stat ically [...]

  • Página 100

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Multicast Filtering Mode Users can configure the mu lticast filtering mode. To view this window, click L2 Features > For warding & Filtering > Multicast Filtering Mod e : Figure 3 - 49. Multicast Filtering Mode w indo w The following parameters can be set: Para[...]

  • Página 101

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual LLDP Global Settings To view this window, click L2 Features > LLDP > LLDP Global Settings : Figure 3 - 50. LLDP Global Settings windo w The following parameters can be set: Parameter Description LLDP State Used to enable or disable LLDP on the Switch. LLDP Forward [...]

  • Página 102

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual LLDP Port Settings To view this window, click L2 Features > LLDP > LLDP Port Settings : Figure 3 - 51. LLDP Port Settings w indo w The following parameters can be set: Parameter Description From Port/To Port Use the pull-down menu to select a ra nge of ports to be [...]

  • Página 103

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual LLDP Basic TLVs Settings This window is used to enable the settin gs for the Basic TLVs Settings. To view this window, click L2 Features > LLDP > LLDP Basic TLVs Settings : Figure 3 - 52. LLDP Basic TLVs Settings window Use the drop-down menus to enable or disable [...]

  • Página 104

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual LLDP Dot1 TLVs Settings LLDP Dot1 TLVs are organizationally specific TLVs whi ch are defined in IEEE 802.1 and used to configure an individual port or group of ports to exclude one or more of the IEEE 802.1 organizatio nal port vlan ID TLV data types from outbound LLDP a[...]

  • Página 105

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual LLDP Dot3 TLVs Settings This window is used to configure an individual port or group of ports to exclude one or more IEEE 802.3 organizational specific TLV data type from outbound LLDP adve rtisements. To view this window, click L2 Features > LLDP > LLDP Dot3 TLVs [...]

  • Página 106

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Section 4 QoS Bandwidth Control Traffic Control 802.1p Default Priority 802.1p User Priority QoS Scheduling Settings Priority Mapping TOS Mapping DSCP Map Settings The Switch supports 802.1p priority queuing Quality of Serv ice. The following section discusses the implem[...]

  • Página 107

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual The previous picture shows the default priori ty setting for the Swit ch. Class 3 has the highest priority of the four priority queues on the Switch. In order to implement QoS, the user is required to instru ct the Sw itch to examine the header of a packet to see if it h[...]

  • Página 108

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Bandwidth Control The bandwidth cont rol settings are used to place a ceiling on the transmitting and receiving dat a rates for any select ed port. To view this window, click QoS > Ba ndwidth Contr ol : Figure 4 - 2. Bandwidth Control w indow The following parameters [...]

  • Página 109

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual The Switch will also scan and mo nitor packets coming into t he Switch by mon itoring the Switch’s chip counter. This method is only viable for Broadca st and Multicast storms becau se the chip only has counters for these t wo types of packets. Once a storm ha s been d[...]

  • Página 110

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Acti on Select the method of traffic Control from the pull-down menu. The choices are: Drop – Utilizes the hardware Traffic Control mechan ism, which means the S w itch’s hardware will determine the Packet Storm based on the Threshol d value stated and drop packets u[...]

  • Página 111

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual NOTE: Ports that are in S hutdown rest mode will be seen as link down in all windows and screens u ntil the user recovers these ports. 802.1p Default Priority The Switch allows the assignment of a defaul t 802.1p prio rity to each port on the Switch. To view this window,[...]

  • Página 112

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 4 - 5. 802.1p User Priority windo w Once a priority has been assign ed to the port groups on the Switch, assign this Cla ss to each of the eight levels of 802.1p priorities. The following parameter m ay be set: Parameter Description Class ID This field is used to [...]

  • Página 113

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Priority Mapping This window is used to set up Priority M apping. To view this window, click QoS > Priority Mapping : Figure 4 - 7. Priority Mapping window The following parameter m ay be set: Parameter Description From Port/To Port Select a range of ports to configur[...]

  • Página 114

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual TOS Mapping This window is used to set up Type of Service (TOS) Mapping. To view this window, click QoS > ToS Mapping : Figure 4 - 8. TOS Mapping windo w The following parameter m ay be set: Parameter Description Class ID This field is used to ente r a Class ID betwee[...]

  • Página 115

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual DSCP Mapping This window is used to set up DSCP Ma pping. To view this window, click QoS > DSCP Mapping : Figure 4 - 9. DSCP Mapping windo w The following parameters may be set: Parameter Description DSCP Value This field is used to enter a DSCP value in the space pro[...]

  • Página 116

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Section 5 Security Safeguard Engine Trusted Host IP-MAC-Port Binding Port Security DHCP Server Screening Settings 802.1X SSL Settings SSH Access Authentication Control MAC-based Access Control DoS Prevention Settings Safeguard Engine Periodically, malicious ho sts on the[...]

  • Página 117

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual In Exhausted mode, two modes can be implemented to limit the bandwidth assigned to ARP packets, “Strict” and “Fuzzy”. In Strict mode, the Switch will drop all ARP packets. The Switch will reluctantl y process any packets not destined fo r the Switch and broadcast[...]

  • Página 118

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Trusted Host Use the Security IP Management to permit remote stations to manage the Switch. If o ne or more designated management stations are defined by the user, only the chos en stations, as defined by IP address, will be allowe d management privilege through the We b[...]

  • Página 119

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual DHCP Snoop State Use the pull-down menu to enable or disable the DHCP Snooping State for IP-MAC-port binding. ARP Inspection When this is Enabled , the Switch will filter ARP pa ckets which have unauthorized sender MACs, IP addresses, and ingre ss ports. ARP inspection i[...]

  • Página 120

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual hardware until the S/W learns the entries for t he ports. The po rt will check ARP packets and IP packets by IP-MAC-port binding entries. When the pa cket is found by the entry, the MAC address will be set to dynamic. If the packet is not found by the entry, the MAC addr[...]

  • Página 121

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual DHCP Snooping Entries This window is used to view dynami c entries on specific ports. To view particular port settings, enter the port numb er and click Find . To view all entries click Vie w All , and to delete an entry, click Clear . To view this window click, Security[...]

  • Página 122

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 5 - 9. Port Security Port Settings window The following parameters can be set: Parameter Description From Port/To Port A consecutive group of ports may be co nfi gured starting with the selected port. Admin State This pull-down menu allows you to enable or di sabl[...]

  • Página 123

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Port Security FDB Entries This window is used to clear the Port Lock Entries by i ndividual ports. To clear entries enter the range of ports and click Clear . To view the following window click, Security > Port Security > Port Security FDB Entries : Figure 5 - 10. [...]

  • Página 124

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Authentication Server The Authentication Server is a remote device that is connec ted to the same net work as the Client and Authenticator, must be running a RA DIUS Server program and must be conf igured p roperly on the Authenticator (Swit ch). Clients connected to a p[...]

  • Página 125

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual NOTE: When configuring the Authentication Protocol as local, the Switch has two roles: Authenticator and Authentication Server. Client The Client is simply the endstation that wishes to gain ac cess to the LAN or switch services. All endstations must be running software [...]

  • Página 126

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual 1. Port-Based Access Control – This method requires o n ly one user to be authenticated per port by a remote RADIUS server to allow the remai ning users on the same port access to the network. 2. MAC-Based Access Control – Usin g this method, the Switch will automati[...]

  • Página 127

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual MAC-Based Network Access Control 802.1X Client Network access controlled port Network access uncontrolled port RAD IUS Ser ve r Ethernet Sw itch 802.1X Client 802.1X Client 802.1X Client 802.1X Clien t 802.1X Client 802.1X Clien t 802.1X Client 802.1X Clien t 802.1X Clie[...]

  • Página 128

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual 802.1X Settings To configure the 802.1X Settings, click Security > 802.1X > 802.1X Setting s : Figure 5 - 19. 802.1X Settings window This window allows you to set the followi ng features: Parameter Description 802.1X Use the radio buttons to en able or disable 802.[...]

  • Página 129

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual (1-65535) the period of an EAP Request/Identity packet transm itted to the client. The default setting i s 30 seconds. ReAuthPeriod (1-65535) A constant that defines a nonzero number of seconds between p eriodic re authenticatio n of the client. The default setting is 36[...]

  • Página 130

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Authentication RADIUS Server The RADIUS feature of the Switch al lows you to facilit ate centralized user administr ation as well as providing protection against a sniffing, active hacker. To configure the 802.1X User, click Security > 802.1X > Authentic ation RADI[...]

  • Página 131

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Guest VLAN Configuration On 802.1X security enabled networks, there is a need fo r non 802.1X supported devices to gain limited access to the network, due to lack of the proper 802.1X softwa re or incompatible devices, such as computers run ning Windows 98 or lower opera[...]

  • Página 132

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Guest VLAN To view the following window, click, Security > 802.1X > Guest VLAN : Figure 5 - 23. Guest VLAN window The following fields may be modified to enable the 802.1X Gue st VLAN: Parameter Description VLAN Name Enter the pre-configured VLAN nam e to create as[...]

  • Página 133

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual To initialize ports, choose the rang e of ports in the From Port and To Port fields. Next, the user must speci fy the MAC address to be initialized by enter ing it into the MAC Address field and ticking t he corresponding ch eck box. To begin the initialization, click Ap[...]

  • Página 134

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 5 - 27. Reauthenticate Port(s) wind o w for MAC-based 802.1X To reauthenticate ports, first use the From Port and To Po rt drop-down menus to choose the range of ports. Then the user must specify the MA C addr ess to be reauthent icated by enter ing it into the MA[...]

  • Página 135

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual supports SSLv3 and TLSv1. Other ve rsions of SSL may not be compatible with this S witch and may cause p roblems upon authentication and transfer of message s from client to host. Download Certificate This window is used to download a certificate file for the SSL functio[...]

  • Página 136

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual RSA with RC4_128_MD5 This ciphersu ite combines the RSA key excha nge, stream cipher RC4 encryption with 128 - bit keys and the MD5 Hash Algorithm. Use t he pull-down menu to enable or disable this ciphersuite. This field is enabled by defa ult. RSA with 3DES EDE CBC SHA[...]

  • Página 137

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual SSH Settings The following window is u sed to configure and view settings for the SSH se rver. To view this window, click Security > SSH > SSH Settings : Figure 5 - 29. SSH Settings window To configure the SSH server on the Switch, modify the following parameters a[...]

  • Página 138

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 5 - 30. SSH Authmode and Algorithm Setti ngs window The following algorithms m ay be set: Parameter Description SSH Authentication Mode Settings Password This parameter may be enable d if the administrator wishes to use a locally configu red password for authentic[...]

  • Página 139

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Public Key Algorithm HMAC-RSA Tick the check box to enable the HMAC (Hash for Message Authentication Code) mechanism utilizing the RS A encryption algorithm. The default is enabled. HMAC-DSA Tick the check box to enable the HMAC (Hash for Message Authentication Code) mec[...]

  • Página 140

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual conjunction with the Host Based ch oice in the Auth. Mode field. Click Apply to implement changes made. NOTE: To set the SSH User Authentication pa rameters on the Switch, a User Accou nt must be previously configured. For more information on config uring local User Acco[...]

  • Página 141

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual the device successfully through the RADI US server or through the local met hod, 3 kin ds of privilege levels can be assigned to the user and the user can not use the “enable admin” comman d to promote to the admin privilege level. NOTE: TACACS, XTACACS and TACACS+ a[...]

  • Página 142

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 5 - 34. Application's Authentic ation Setting s window The following parameters can be set: Parameter Description Application Lists the configuration applications on the Swit ch. The user may configure the Login Method List and Enable Method List for a uthent[...]

  • Página 143

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual To modify a particular group, click on its corresponding Edit button or click the Edit Server Group tab at the top of this window, the following tab will be displayed: Figure 5 - 36. Authentication Server Group window – Edit Server Group tab To add an Authentication Se[...]

  • Página 144

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Parameter Description IP Address The IP address of the remote server host the user wishes to add. Port (1-65535) Enter a number between 1 and 65535 to define the virtual port number of the authentication protocol on a server host. The default port number is 49 for TACACS[...]

  • Página 145

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 5 - 38. Login Method Lists w indo w The Switch contains one Method List that is set and c annot be remove d, yet can be modified. To delete a Login Method List defined by the us er, click the corressponding Delete button. To modify a Login Method List, click on it[...]

  • Página 146

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 5 - 39. Enable Method Lists windo w To delete an Enable Method List defi ned by the user, click the the Delete button. To modify an Enable Method Li st, click on its corresp onding Edit button. To define an Enable Login Method List, set the followi ng parameters a[...]

  • Página 147

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Parameter Description Old Local Enable Password (Max: 15 characters) If a password was previously configure d for this entry, enter it here in order to change it to a new password New Local Enable Password Enter the new password that you wish to set on the Switch to auth[...]

  • Página 148

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 5 - 41. MAC-based Access Co ntrol Settings windo w The following parameters may be viewed or set: Parameter Description Settings MBA Global State Use the radio button to globally enable or disable the MAC-ba sed Access Control function on the Switch. Meth od Use t[...]

  • Página 149

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Config Guest VLAN VLAN Name Enter a Guest VLAN name. Clicking the hyperlinked name will send the Web manager to the Guest VLAN configuration windo w. VLAN ID (1-4094) Enter a VLAN ID number between 1 and 4094 . Member Ports (e.g.: 1-5, 9) Displays the list of ports that [...]

  • Página 150

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual DoS Prevention Settings The Switch supports Denial of Service (DoS ) prevention to mitigate DoD atta cks fro m hackers or other malicious sources. To view this window, click Security > DoS Prevention Settings : Figure 5 - 43. DoS Prevention Settings windo w Set the fo[...]

  • Página 151

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Section 6 ACL ACL Configuration Wizard Access Profile List CPU Access Profile List ACL Finder ACL Flow Meter Access profiles allow th e user to establish criteria to determine wh ether or not the Switch will forward pa ckets based on the information contained in each pac[...]

  • Página 152

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Serv ice Ty pe Use the drop-down menu to select from VLAN Name , Ethernet Type , 802.1P , or Any . Acti on Select Permit to specify that the packets that mat ch the access profile are forwarded by the Switch, according to any additional rule adde d (see below). Select De[...]

  • Página 153

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 6 - 3. Add ACL Profile windo w for Ethernet example There are four sets of Access Profile configuration wi ndows; one for Ethe rnet (or MAC address-based) profile configuration, one for IP (IPv4) addre ss-based profile configurati on, one fo r the Packet Content a[...]

  • Página 154

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Selecting this option instructs the Switch to examine the VLAN identifier of each packe t header and use this as the full or partial criterion for forwarding. 802.1p Selecting this option instructs the Switch to examine the 802.1p priority value of each packet header and[...]

  • Página 155

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 6 - 7. Add Access Rule w indo w for Ethernet example To set the Access Rule for Ethernet, adjust the followi ng parameters and click Apply . Parameter Description Access ID (1-65535) Type in a unique identifier number for this access. Thi s value can be set from 1[...]

  • Página 156

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual in the config mirror port command. Port Mirrori ng must be enabled and a target port must be set. Priority (0-7) Enter a priority value if you want to re-write the 802.1p default priority of a packet to the value entered in the Priority field, which meets the criteria sp[...]

  • Página 157

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 6 - 10. Add ACL Profile window for IPv4 example Click on the boxes near the top of the wi ndow, which will then turn red and rev eal parameters for configuration. To create a new entry, enter the appropriate information and click Create . To return to the Access P[...]

  • Página 158

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual within the packets, by checking the boxes co rr esponding to the flag bits of the TCP field. Source Port Mask (0-FFFF) − Tick an d specify a TCP port mask for the source port to filter, in hex form (hex 0x0-0xffff). Destination Port Mask (0-FFFF) − Ti ck and specify [...]

  • Página 159

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 6 - 12. Access Profile Detail Information w indo w for IPv4 example To return to the Access P rofile List window, click Sho w All Profiles . To add a rule to a previously confi gured entry, click on the corresponding Add/View Rules button, and then click Add Rule [...]

  • Página 160

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual ICMP Code - Specifies that the Switch wi ll examine each fram e’s ICMP Code field. IGMP Type ____ e.g. (0-255) - Specifies that the Switch will examine each frame’s IGMP Type field. TCP Source Port - Specifies a TCP port for the sou rce port. Mask (0-FFFF) - Specifie[...]

  • Página 161

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual To view the configurations for a previously configured rule, click on the corresponding Sho w Details button, which will display the following Access Rule Detail Information window: Figure 6 - 15. Access Rule Detail Inform ation window for IPv4 example To create an IPv6 [...]

  • Página 162

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual IPv6 Flow Label Ticking this check box will inst ruct the Switch to examine the flow label field of the IPv6 header. The flow label field is use d by a source to label sequence s of packets such as non- default quality of service or real time service packets. IPv6 Addres[...]

  • Página 163

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 6 - 19. Add Access Rule window for IPv6 example The following parameters may be confi gured for IPv6: Parameter Description Access ID (1-65535) Type in a unique identifier number for this access. Thi s value can be set from 1 to 65535 . Auto Assign – Ticking thi[...]

  • Página 164

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Switch. Replace Priority Enter a replace priority ma nually if you want to re-wri te the 802.1p default priorit y of a packet to the value entered in the Priority field, which meets the crite ria specif ied previously in this command, before forwa rding it on to the spec[...]

  • Página 165

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 6 - 22. Add ACL Profile window for Packet Content example Click on the boxes at the top of the table, which will then turn red and reveal parameters fo r configuration. To create a new entry enter the correct information and cli ck Create . To return to the Access[...]

  • Página 166

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual With this advanced unique Packet Content Mask (als o kno wn as Packet Content Access Control List - ACL), the D-Link xStack ® switch family can effectively mi tigate some network attacks like the common ARP Spoofing attack that is wide spread t oday. This is why the Pac[...]

  • Página 167

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 6 - 25. Add Access Rule window for Packet Content e xample The following parameters may be confi gur ed for the Packet Content filter: Parameter Description Access ID (1-65535) Type in a unique identifier number for this access. Thi s value can be set from 1 to 65[...]

  • Página 168

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual must be set. Priority (0-7) Enter a priority value if you want to re-write the 802 .1p default priority of a packet to the value entered in the Priority field, which meet s the criteria specified prev iously in this command, before forwa rding it on to the specified CoS [...]

  • Página 169

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual CPU Interface Filtering Due to a chipset limitation and neede d extra switch security, the Switch incorporates CP U Interface filtering. This added feature increases the running secu ri ty of the Switch by enabling the user to create a list of access rules for packets de[...]

  • Página 170

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 6 - 29. Add CPU ACL Profile w indo w for Ethernet example Parameter Description Select Profile ID (1-3) Use the drop-do wn menu to select a unique identifie r number fo r this profile set. This value can be set from 1 to 3 . Select ACL Type Select profile base d o[...]

  • Página 171

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 6 - 30. CPU Access Profile List window for Ethernet exa m ple To view the settings of a previously co rrectly created profile, cli ck the corresponding Show Details button on the following CPU Access Profile List win dow above. The following window o pens: Figure [...]

  • Página 172

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 6 - 33. (CPU) Add Access Rule window for Ethernet example To set the Access Rule for Ethernet, adjust the followi ng parameters and click Apply . Parameter Description Access ID (1-5) Type in a unique identifier number for th is access. This value can be set from [...]

  • Página 173

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 6 - 35. CPU Access Rule Detail In formation windo w for Ethernet example To create an IPv 4 ACL, click Add CPU ACL Profile in the CPU Access Profil e List window. This will open the Add CPU ACL Profile window. Use the drop-down menu to select a Profile ID between [...]

  • Página 174

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual IPv4 Address Tick either Source IP Mask and enter the IPv4 source address mask or De stination IP Mask and enter the IPV4 destination address mask. ICMP Tick ICMP to specify that the Switch will ex amine the Internet Control Message Protocol (ICMP) field within each pack[...]

  • Página 175

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 6 - 37. CPU Access Profile List window for IPv4 example To view the configurations for a previo us ly configured entry, cl ick on the corresp onding Show Details button, which will display the following window: Figure 6 - 38. CPU Access Profile Detail Information [...]

  • Página 176

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 6 - 39. (CPU) Add Access Rule window for IPv4 example The following parameters may be confi gured for the IP (IPv4) filter: Parameter Description Access ID (1-5) Type in a unique identifier number for this access. Thi s value can be set from 1 to 5 . DSCP Selectin[...]

  • Página 177

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual To view the configurations for a previously configured rule, click on the corresponding Sho w Details button, which will display the following CPU Access Rule Detail Information window: Figure 6 - 41. CPU Access Rule Detail Information wind o w for IPv4 example To create[...]

  • Página 178

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual default quality of service or real time service packets. IPv6 Address IPv6 Source Address – Enter an IPv6 addres s to be used as the source address. IPv6 Destination Address – Enter an IPv6 address that will be used as the destination address. NOTE: At any one time t[...]

  • Página 179

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 6 - 45. (CPU) Add Access Rule window for IPv6 example The following parameters may be confi gured for the IPv6: Parameter Description Access ID (1-5) Type in a unique identifier number for this access. Thi s value can be set from 1 to 5 . Flow Label Specifies the [...]

  • Página 180

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 6 - 47. CPU Access Rule Detail Information wind o w for IPv6 example To create a Packet Content ACL, click Add CPU ACL Profile in the CPU Access Profile List window and then use the drop-down menu to select a Profile ID between 1 and 3 and click the Packet Content[...]

  • Página 181

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual common ARP Spoofing attack that is wide spread t oday. This is why the Packet Content ACL is able to inspect any specified content of a packet in different proto col layers. Click Apply to implement changes made. Click Create to view the new CPU Access Profile List entry[...]

  • Página 182

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 6 - 51. (CPU) Add Access Rule window for Packet Content ex ample The following parameters may be confi gur ed for the Packet Content filter: Parameter Description Acti on Select Permit to specify that the packets that match the access profile are forwarded by the [...]

  • Página 183

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 6 - 52. CPU Access Rule List window for Packet Content example To view the configurations for previo usly configured rule cli ck on the corresponding Show Details Button which will display the following CPU Access Rule Detail Infor mation window. Figure 6 - 53. CP[...]

  • Página 184

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Parameter Description Profile ID The pre-configured Profile ID for which to configure th e Flow Metering parameters. Access ID (1-65535) The pre-configured Access ID for which to configure the Flow Meteri ng parameters. Enter the appropriate information an d click Find .[...]

  • Página 185

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Section 7 Monitoring Cable Diagnostic CPU Utilization Port Utilization Packet Size Memory Utilization Packets Errors Port Access Control Browse ARP Table Browse VLAN IGMP Snooping LLDP MBA Authentication State Browse Session Table MAC Address Table System Log Cable Diagn[...]

  • Página 186

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 7 - 2. CPU Utilization window To view the CPU utilization by po rt, us e the real-time graphic of the Switch at the top of the Web page by simply clicking on a port. Click Apply to implement the configured settings. The window will automatically refresh with new u[...]

  • Página 187

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 7 - 3. Port Utilization window To select a p ort to view these statistics for, select the port by using the Port pull-down menu. The user may also use the real-time graphic of the Switch at the t op of the Web pag e by simply clicking on a port. Change the view pa[...]

  • Página 188

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 7 - 4. Packet Size windo w To view the Packet Size Table window, click the link View Table , which will show the following table: Figure 7 - 5. Packet Size Table window The following fields can be set or viewe d: Parameter Description Port Use the drop-down menu t[...]

  • Página 189

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual 65-12 7 The total number of packets (including bad packets) received that were between 65 and 127 octets in length inclusive (excluding framing bits but including FCS octets). 128-255 The total number of packets (including bad packets) received that were between 128 an d[...]

  • Página 190

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 7 - 7. Received (Rx) window (for Bytes and Packets) To view the Received (Rx) Table window, click View Table . Figure 7 - 8. Received (Rx) Table window (for Bytes and Packets) The following fields may be set or viewed: Parameter Description Port Use the drop-down [...]

  • Página 191

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Packets Counts the number of packets received on the port. Unicast Counts the total number of good packet s that were received by a unicast address. Multicast Counts the total number of good packets that were received by a multica st address. Broadcast Counts the total n[...]

  • Página 192

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 7 - 10. UMB_cast (Rx) Table window (for Unicast, Multicast, and Broadcast Pac kets ) The following fields may be set or viewed: Parameter Description Port Use the drop-down menu to choose t he port that will display statist ics. Time Interval Select the desired se[...]

  • Página 193

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 7 - 11. Transmitted (Tx) window (for Bytes and Packets) To view the Transmitted (Tx) Table window, click the link View Table . Figure 7 - 12. Transmitted (Tx) Table windo w (for Bytes and Packets) The following fields may be set or viewed: Parameter Description Po[...]

  • Página 194

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Packets Counts the number of packets successfully sent on the port. Unicast Counts the total number of good packet s that were transmitted by a unicast address. Multicast Counts the total number of good packets that were transmitted by a multicast address. Broadcast Coun[...]

  • Página 195

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 7 - 14. Received (Rx) Table window (for errors) The following fields can be set: Parameter Description Port Use the drop-down menu to choose t he port that will display statist ics. Time Interval Select the desired setting between 1s and 60s , where " s "[...]

  • Página 196

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Transmitted (TX) To select a p ort to view these statistics for, select the port by using the Port pull-down menu. The user may also use the real-time graphic of the Switch at the t op of the Web pag e by simply clicking on a port. To view the following graph of error pa[...]

  • Página 197

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Record Number Select number of times the Switch will be polled between 20 and 200 . The default value is 200 . ExDefer Counts the number of packets for which the first transmission attempt on a particular interface was delayed becaus e the medium wa s busy. CRC Error Cou[...]

  • Página 198

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual RADIUS Authentication This table contains inform ation concerning the activity of the RA DIUS authentication client on the client side of the RADIUS authentication protocol. To view the RADIUS Authentica tion window, click Monitoring > P ort Access Control > RADIUS[...]

  • Página 199

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual authentication server. AccessAcce pts The number of RADIUS Access-A ccept packets (valid or invalid) received from this server. AccessRejects The number of RADIUS Access-Reject pa cket s (valid or invalid) received from this server. AccessChallenges The number of RADIUS [...]

  • Página 200

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 7 - 18. RADIUS Account Client window The user may also select the desired time interval to update the statistics, between 1s and 60s , where “s” stands for seconds. The default value is one second. To cle ar the current statisti cs sh own, click the Clear butt[...]

  • Página 201

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual responses. BadAuthenticators The number of RADIUS Accounting-Respon se packets, which contained invalid authenticators, received from this server. PendingRequests The number of RADIUS Account ing-Request packet s sent to this server that have not yet timed out or receive[...]

  • Página 202

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual This window displ ays the Authenticator State for indivi dual ports on a selecte d device. A polling interval between 1s and 60s seconds can be set using the d rop-down menu at the top of the window and clicki ng OK . The information on this window i s described as follo[...]

  • Página 203

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual The following fields can be viewed: Parameter Description Port The identification number assi gned to the Port by the System in which the Port resides. Frames Rx The number of valid EAPOL frames that have been received by this Authenticator. Frames Tx The number of EAPOL[...]

  • Página 204

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 7 - 21. Authenticator Session Statistics window The user may select the desired time inte rval to update the statistics, between 1s and 60s , where “s” stands for seconds. The default value is one second. The following fields can be viewed: Parameter Descripti[...]

  • Página 205

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual 1) Supplicant Logoff 2) Port Failure 3) Supplicant Restart 4) Reauthentication Failure 5) AuthControlledPortControl set to ForceUnauthorized 6) Port re-initialization 7) Port Administratively Disabled 8) Not Terminated Yet UserName The User-Name representing the identity[...]

  • Página 206

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Parameter Description Port The identification number assigned to the Port by the System in wh ich the Port resides. Connect Enter Counts the n umber of times that the state machine transitions to the CONNECTING state from any other state. Connect LogOff Counts the number[...]

  • Página 207

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Bac Auth Fail Counts the number of times that the state machine re ceives a Reject message from the Authentication Server (i.e., aFail becomes TR UE, causing a transition from RESPONSE to FAIL). Indicates that the Supplicant has not authenticated to the Au thentication S[...]

  • Página 208

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual To view this window, click Monitoring > IGMP Snooping > Bro wse IGMP Router Port : Figure 7 - 25. Browse Router Port window IGMP Snooping Group This window allows the S witch’s IGMP Snooping Group Ta bl e to be searched. IGMP snooping allo ws the Switch to read t[...]

  • Página 209

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Enter the appropriate information and click Find . The searched entries will be shown in the IGMP Snooping Group Table. Click View All to see all the entries. Click View All Data Driven to display all the data driven groups learned in the IGMP Snooping Group Table. Click[...]

  • Página 210

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 7 - 28. Browse MLD Router Port window MLD Snooping Group The following window all ows the user to view MLD Snooping Groups present on the Switch. MLD Snoopi ng is an IPv6 function comparable to IGMP Snooping for IPv4. The user ma y browse thi s table by VLAN prese[...]

  • Página 211

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Figure 7 - 30. LLDP Statistics Sy stem window LLDP Local Port Information To view this window, click Monitoring > LLDP > LLDP Local Port Information : Figure 7 - 31. LLDP Local Port Information window LLDP Remote Port Information To view this window, click Monitori[...]

  • Página 212

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual MBA Authentication State This window allows the user to view the MAC-base d Access Control authentication informat ion. Specify the port list to view and click Find . To remove an entry, enter the appropriate informatio n and click Clear By Port . Click View All Hosts to[...]

  • Página 213

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual MAC Address Enter a MAC address for th e forw arding table to be browsed by. Find Allows the user to move to a sector of the database corresponding to a user defined port, VLAN, or MAC address. Clear Dynamic Entries Click this button will allow the user to delete all dyn[...]

  • Página 214

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Section 8 Save and Tools Save Configuration Save Log Save All Configuration File Upload & Download Upload Log File Reset Ping Test Download Firmware Reboot System The three Save windows include: Save Configuration , Save Log , and Save All . Each version of the windo[...]

  • Página 215

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Save Log Open the Save drop-down menu at the top of the Web manager and cli ck Save Log to open the following window: Figure 8 - 2. Save Log window Save All Open the Save drop-down menu at the top of the Web manager and cli ck Save All to open the following window: Figur[...]

  • Página 216

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Upload Log File To upload a log file, enter a Server IP addre ss, use the radio button to sel ect IPv4 and then enter a File name, or use the radio button to select IPv6, enter a Serv er IP, Interface Name, and File nam e. Click Upload . Open the Tools drop-down menu on [...]

  • Página 217

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Ping Test Users can Ping either an I Pv4 address or an IPv6 address. Pin g is a small program that send s ICMP Echo packets to the IP address you specify. The destinati on node then respond s to or “echoes” the packets sent from the Switch. This is very useful to ver[...]

  • Página 218

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Download Firmware The Switch supports dual image storage for firmware file backup and restoration . The fi rmware images are indexed by ID number 1 or 2. To change the boot firmware image, u se the Image ID drop-down menu to select the desired firmware file to backup or [...]

  • Página 219

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Appendix A Mitigating ARP Spoofing Attacks Using Packet Content ACL Address Resolution Protocol (ARP ) is the standard me thod for finding a host's har dware address (MAC address) when only its IP address is known. This protocol is vulner able beca use it can spoof [...]

  • Página 220

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual address FF-FF-FF-FF- FF-FF 00-20-5C-01-11-11 Table-2 (Ethernet frame format) When the switch receive s the frame, it will check the “Source A ddress” in the Ethernet frame’s header. If the addre ss is not in its Forwarding Tabl e, the switch will learn PC A’s MAC[...]

  • Página 221

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual When PC B replies to the ARP request, its MAC address will be written into “Target H/W A ddress” in the ARP payload shown in Table-3. The ARP reply will b e then encapsulated into the Ethernet frame again an d sent back to the se nder. The ARP reply is in a form of U[...]

  • Página 222

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual How ARP spoofing attacks a net work ARP spoofing, also known as A RP poisoning, is a method to attack an Ethe rnet network which may allow an attacker to sniff data frames on a LAN, modify t he traffic, or stop the traffic altogether (known as a Denial of Service - DoS a[...]

  • Página 223

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Destination address Source address Ethernet typ e H/W t ype Protocol typ e H/W address length Protocol address length Operation Sender H/W address Sender protocol address Target H/W address Target protocol address Gratuitous ARP Ethernet (6-byte) (6-byte) (2-byte) (2-b y[...]

  • Página 224

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual • Prevent ARP spoofing via packe t con tent ACL Concerning the common DoS attack today cau sed by the ARP spoofing, D-Link manage d switch can effectively mitigate it via its unique Packet Content ACL. For that reason the basic ACL can only filter ARP packet s based on[...]

  • Página 225

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Offset C hunk Offset Chunk0 Offset Chunk1 Offset Chunk2 Offset Chunk3 Offset Chunk4 Offset Chunk5 Offset Chunk6 Offset Chunk7 Offset Chunk8 Offset Chunk9 Offset Chunk10 Offset Chunk11 Offset Chunk12 Offset Chunk13 Offset Chunk14 Offset Chunk15 By te 127 3 7 11 15 19 23 2[...]

  • Página 226

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual 225[...]

  • Página 227

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Appendix B System Log Entries The following table lists all possible entries and their corr esponding meani ngs that will appear in the System Log of this Switch. Category Event Description Log Information Se verity system System warm start [Uint <unitID>,] System [...]

  • Página 228

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual unsuccessful (Usernam e: <username>) Log message successfully uploaded Log message successfully uploaded by con sole (Username: <userna me>) Informational Log message upload wa s unsuccessful Log message upload by consol e was unsuccessful! (Username: <use[...]

  • Página 229

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual STP Topology changed Topology changed Informational New Root selected New Root selected Informational BPDU Loop Back on po rt BPDU Loop Back o n Port <unitID:portNum> Warning Spanning Tree Protocol is enabled Spanning Tree Protocol is enabled Informational Spanning[...]

  • Página 230

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Successful login through Telnet authenticated by AAA local method Successful login through Telnet from <userIP > authenticated by AAA local method (Username: <username>) Informational Login failed through Tel net authenticated by AAA local method Login failed[...]

  • Página 231

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Login failed through Web(SSL) due to AAA server timeout or improper configuration Login failed through Web(SSL) from <userIP> due to AAA server timeout or improper config uration (Username: <username>) Warning Successful login through Telnet authenticated by [...]

  • Página 232

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Successful Enable Admin through Console authenticated by AAA none method Successful Enable Admin through Con sole authenticated by AAA none method (User name: <username>) Informational Successful Enable Admin through Web authenticated by AAA none method Successful [...]

  • Página 233

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual improper configuration. <username>) Login failed through Web from user due to AAA server timeout or improper configuration. Login failed through Web from <userIP> due to AAA server timeout or improper config uration (Username: <username>) Warning Enable[...]

  • Página 234

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Broadcast st orm clear ed Po rt <por tNum> Broadcast storm has cleared Informational Multicast storm occurrence Port <portNum > Multicast storm is occurring Warning Multicast storm c leared Port <portNum> Mu lticast storm has cleared Informational Port [...]

  • Página 235

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual system reco ver learn ing WAC recovers from stop learning state. Warning MAC Login OK MAC-AC login successful (MAC: <macaddr>, Port: <[unitID:]portNum>, VID: <vid>) Information Login fail MAC-AC login rejected (M AC: <macaddr>, Port: <[unitID:][...]

  • Página 236

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Port recover from BPDU under attacking state automatically Port <[unitID:] portNum> recover from BPDU un der attacking state automatically Informational DHCP Detect untrusted DHCP server IP address Detected untrusted DHCP serv er(IP: <ipaddr>, Port: <[unit[...]

  • Página 237

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual 236 1.3.6.1.4.1.171.12.23.5.0.2 swIpMacBindingRecoverL earningTrap 1.3.6.1.4.1.171.12.23.5.0.3 swIpMacBindin gPortIndex V2 IPMacBind-MIB Warning swMacBasedAuthLogg edSuccess 1.3.6.1.4.1.17 1.12.35.11.1.0.1 swMacBasedAuthInfoMacInd ex swMacBasedAuthInfoPortInd ex swMacBas[...]

  • Página 238

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual Appendix C Glossary 1000BASE-SX: A short laser wavelengt h on multimode fiber optic cable for a m aximum length of 2000 meters 1000BASE-LX: A long wavelength for a "long haul" fiber opti c cable for a maximum length of 10 kilometers 1000BASE-T: 1000Mbps Etherne[...]

  • Página 239

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual half duplex: A system that allows packets to be transmitted and re ce ived, but not at the same time. Contrast with full duplex. IP address: Internet Protocol address. A unique identifier fo r a device attached to a network using TCP/IP. The address is written as four oc[...]

  • Página 240

    xStack ® DES-3200-10/18/28/28F Layer 2 Eth ernet Man ag ed Switch User Manual UDP - User Datagram Protocol: An Internet stan dard protocol that allo ws an application progra m on one device to send a datagram to an application progra m on another device. VLAN - Virtual LAN: A group of loca tion- and topology-independent dev ice s that communicate [...]