D-Link DWS-3000 инструкция обслуживания

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174

Идти на страницу of

Хорошее руководство по эксплуатации

Законодательство обязывает продавца передать покупателю, вместе с товаром, руководство по эксплуатации D-Link DWS-3000. Отсутствие инструкции либо неправильная информация, переданная потребителю, составляют основание для рекламации в связи с несоответствием устройства с договором. В законодательстве допускается предоставлении руководства в другой, чем бумажная форме, что, в последнее время, часто используется, предоставляя графическую или электронную форму инструкции D-Link DWS-3000 или обучающее видео для пользователей. Условием остается четкая и понятная форма.

Что такое руководство?

Слово происходит от латинского "instructio", тоесть привести в порядок. Следовательно в инструкции D-Link DWS-3000 можно найти описание этапов поведения. Цель инструкции заключается в облегчении запуска, использования оборудования либо выполнения определенной деятельности. Инструкция является набором информации о предмете/услуге, подсказкой.

К сожалению немного пользователей находит время для чтения инструкций D-Link DWS-3000, и хорошая инструкция позволяет не только узнать ряд дополнительных функций приобретенного устройства, но и позволяет избежать возникновения большинства поломок.

Из чего должно состоять идеальное руководство по эксплуатации?

Прежде всего в инструкции D-Link DWS-3000 должна находится:
- информация относительно технических данных устройства D-Link DWS-3000
- название производителя и год производства оборудования D-Link DWS-3000
- правила обслуживания, настройки и ухода за оборудованием D-Link DWS-3000
- знаки безопасности и сертификаты, подтверждающие соответствие стандартам

Почему мы не читаем инструкций?

Как правило из-за нехватки времени и уверенности в отдельных функциональностях приобретенных устройств. К сожалению само подсоединение и запуск D-Link DWS-3000 это слишком мало. Инструкция заключает ряд отдельных указаний, касающихся функциональности, принципов безопасности, способов ухода (даже то, какие средства стоит использовать), возможных поломок D-Link DWS-3000 и способов решения проблем, возникающих во время использования. И наконец то, в инструкции можно найти адресные данные сайта D-Link, в случае отсутствия эффективности предлагаемых решений. Сейчас очень большой популярностью пользуются инструкции в форме интересных анимаций или видео материалов, которое лучше, чем брошюра воспринимаются пользователем. Такой вид инструкции позволяет пользователю просмотреть весь фильм, не пропуская спецификацию и сложные технические описания D-Link DWS-3000, как это часто бывает в случае бумажной версии.

Почему стоит читать инструкции?

Прежде всего здесь мы найдем ответы касательно конструкции, возможностей устройства D-Link DWS-3000, использования отдельных аксессуаров и ряд информации, позволяющей вполне использовать все функции и упрощения.

После удачной покупки оборудования/устройства стоит посвятить несколько минут для ознакомления с каждой частью инструкции D-Link DWS-3000. Сейчас их старательно готовят или переводят, чтобы они были не только понятными для пользователя, но и чтобы выполняли свою основную информационно-поддерживающую функцию.

Содержание руководства

  • Страница 1

    W ired Configur a tion Guide Product Mo del : DWS-3000 Series Unif ied W ired & W ire less A ccess System Rel e as e 2 . 1 Apri l 2008 ©Cop yright 2008 . All righ ts reser v ed.[...]

  • Страница 2

    2 © 2001 - 2008 D-Lin k Corporat ion. All Ri ghts Re served. Wired Config uration Guide[...]

  • Страница 3

    3 T able of Content s List of Fig ures. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 List of T ables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 About This Bo ok . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Document Or ganization [...]

  • Страница 4

    4 © 2001 - 2008 D-Lin k Corporat ion. All Ri ghts Re served. Wired Config uration Guide Guest VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 Configuring the Guest VLA N by Using the CLI. . . . . . . . . . . . . . . . . . . . . . . . 39 Configuring the Guest VLA N by Using the W eb Int erface[...]

  • Страница 5

    5 10 Link Layer Discovery P r otocol . . . . . . . . . . . . . . . . . . . . . . . . . 69 CLI Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 Example #1: Set Global LLDP Paramet ers . . . . . . . . . . . . . . . . . . . . . . . . . . 69 Example #2: Set Interface LLDP Parameters . . . . . . .[...]

  • Страница 6

    6 © 2001 - 2008 D-Lin k Corporat ion. All Ri ghts Re served. Wired Config uration Guide IP ACL CLI Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 Example #1: Cr eate ACL 179 and Def ine an ACL Rule . . . . . . . . . . . . . . . . . 98 Example #2: Define the Secon d Rule for ACL 179 . . . . . . . . . . [...]

  • Страница 7

    7 Example #1: Enable DHCP Filteri ng for the Switch . . . . . . . . . . . . . . . . . . 146 Example #2: Enable DHCP Filteri ng for an Interf ace . . . . . . . . . . . . . . . . . 146 Example #3: Show DHCP Filtering Con figuration . . . . . . . . . . . . . . . . . . . 146 W eb Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [...]

  • Страница 8

    8 © 2001 - 2008 D-Lin k Corporat ion. All Ri ghts Re served. Wired Config uration Guide Interpr eting Log Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167 CLI Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168 Example #1: sh ow logging . . . . . . . [...]

  • Страница 9

    9 List of Figures List of Figures Figure 1. Web Interfa ce Panel-Example .............................................................. 28 Figure 2. Web Interfa ce Panel-Example .............................................................. 29 Figure 3. Configuring an SNMP V3 User Profile ................................................ 29 Figure 4[...]

  • Страница 10

    10 © 2001- 2008 D-Link C orporation. All Right s Rese rved. Wired Confi guration Guide Figure 44. VRRP Configuration ........................................................................... 91 Figure 45. Virtual Router Configuration .............................................................. 92 Figure 46. Proxy ARP Configuration ............[...]

  • Страница 11

    11 List of Figures Figure 88. Create an Authentication List ............................................................ 137 Figure 89. Configure the Authentication List ..................................................... 137 Figure 90. Set the User Login ............................................................................. 138 Figure 91.[...]

  • Страница 12

    12 © 2001- 2008 D-Link C orporation. All Right s Rese rved. Wired Confi guration Guide[...]

  • Страница 13

    13 List o f T ables List of T ables Table 1. Quick Start up Software Version Information . . . . . . . . . . . . . . . . . . . . 22 Table 2. Quick Start up Physical Port Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 Table 3. Quick Start up User Account Management . . . . . . . . . . . . . . . . . . . . . . 23 Table 4. Quick Star[...]

  • Страница 14

    14 © 2001- 2008 D-Link C orporation. All Right s Rese rved. Wired Config uration Guide[...]

  • Страница 15

    Docu ment Orga nization 15 About Th is Book About This Book This docu ment prov ides an und erstanding o f the CLI an d W eb configurati on options for D-Link DWS-300 0 feature s. Document Organization This docu ment shows exa mples of th e use of t he Unified Swit ch in a ty pical netw ork. It descri bes the use and advant ages of sp ecific func t[...]

  • Страница 16

    16 © 2001- 2008 D-Link C orporation. All Right s Rese rved. Wired Config uration Guide • Management - RADIUS - T A CACS+ - DHCP Filter ing - T racer oute - Configur ati on Scr ipt in g - Outbound T elnet - Pre-Logi n Banner - Simple Net work T ime Protoc ol (SNTP) - Syslog - Port Desc ription CLI/W eb Examples - S lot/Port Designations T o help [...]

  • Страница 17

    In-Band an d Out-of-Ba nd Connect ivity 17 1 Getting S t arted Connect a termin al to the swi tch to begi n configu ration. In-Band and Out-of-Band Connectivity Ask the sy stem adminis trator to determine whether you wi ll confi gure the switch for i n-band or out-of -band connecti vity . T o use the W eb Inte rface, you must set up your syst em fo[...]

  • Страница 18

    18 © 2001- 2008 D-Link C orporation. All Right s Rese rved. Wired Config uration Guide Gateway IP add ress of the default r outer , if the switc h is a node outside the IP range of the L AN MAC Address MAC address of t he switch When you conne ct the swi tch to t he network for the firs t time af ter setti ng up the Boot P or DHCP server , it i s [...]

  • Страница 19

    In-Band an d Out-of-Ba nd Connect ivity 19 1 Ge tting St arted Subne t Subnet mask for the LAN. Gateway IP addre ss of the default rout er , if the switc h is a node out side the IP range of the LAN. 6. T o enable these cha nges to be retai ned during a res et of th e switch, type CTRL+ Z to retu rn to the mai n prompt, type save config at the mai [...]

  • Страница 20

    20 © 2001- 2008 D-Link C orporation. All Right s Rese rved. Wired Config uration Guide S t ar ting the Switch 1. Make sure t hat the swit ch console port is connected to a VT100 termina l or a VT100 ter - minal emul ator via the RS-232 cros sover cabl e. 2. Locate a n AC power recepta cle. 3. Deactiva te the AC power r eceptacle. 4. Connect t he s[...]

  • Страница 21

    Unifie d Switch Ins tallat ion 21 1 Ge tting St arted Unified Switch Inst allation This sec tion contain s procedur es to hel p you become acqua inted qui ckly with the switch softw are . Befo re ins tall ing th e Un i fied Swit ch, y ou s h oul d veri fy th a t the switc h o perat es w i t h th e mos t recent firmware. Quick S tarting the Networki[...]

  • Страница 22

    22 © 2001- 2008 D-Link C orporation. All Right s Rese rved. Wired Config uration Guide This command s aves the cha nge s t o the confi gur ati on f il e. Y ou must be in the co rr ect mode t o execute the comman d. If you do not save the c onfigurati on, all cha nges are lost when you power down or reset t he networki ng device . Quick S t art up [...]

  • Страница 23

    Unifie d Switch Ins tallat ion 23 1 Ge tting St arted Quick S t art up User Acco unt Management Ta b l e 3 . Quick S tar t up User Accoun t Management Comm and Det ai ls show users (Pri vile ged E XEC M ode) Displays all of the users who ar e allowed to access the network- ing device Access Mode - Shows whether th e user is able to change parameter[...]

  • Страница 24

    24 © 2001- 2008 D-Link C orporation. All Right s Rese rved. Wired Config uration Guide Quick S tart up IP Address T o view the network p arameters th e operato r can acce ss the devi ce by the fol lowing thr ee methods. • Simple Net work Management Protocol - SNMP • Te l n e t • We b B r o w s e r NOTE: Helpful Hint: T he user sho uld do a ?[...]

  • Страница 25

    Unifie d Switch Ins tallat ion 25 1 Ge tting St arted Quick S t art up Uploading from Networki ng D evice to O ut-of-B and PC (X MODE M) Quick S t art up Downloadin g from Out-of-B and P C to Ne tworking Device (X MODEM) Ta b l e 5 . Uploading fr om Networking Device to Out-of-Band PC ( XMODEM) Command Det ails copy nvram:startup-config <url>[...]

  • Страница 26

    26 © 2001- 2008 D-Link C orporation. All Right s Rese rved. Wired Config uration Guide Quick S t art up Downlo ading from TFTP Serve r Before s tarting a TFTP serve r download, the opera tor mus t complete the Quick Star t up for the IP Addres s. Quick S tart up Facto ry Defaults Ta b l e 7 . Downloading fr om TFTP Server Command Details copy <[...]

  • Страница 27

    Configur ing for W eb Acce ss 27 2 Using the W eb Interface This chap ter is a brief in troducti on to the W eb inte rface — it explains how to access t he W eb- based mana gement panel s to configur e and manage the system. Ti p : Use the W eb interfa ce for con figuration instead o f the CLI i nterface . W eb conf igurati on is quic ker and eas[...]

  • Страница 28

    28 © 2001- 2008 D-Link C orporation. All Right s Rese rved. Wired Config uration Guide S t arting the Web Interface Follow th ese steps to start the swit ch W eb interface : 1. E nter th e IP addr ess of th e swi tc h in the W eb br ow se r ad dre ss fie ld. 2. Enter t he appr opr ia te User Na me an d Password. The User Name and associat ed Pas s[...]

  • Страница 29

    S t arting the We b Interface 29 2 Using the Web In terface Figure 2. W eb Interface Panel-Exa mple Configuring an SNMP V3 User Profile Configur ing an SNMP V3 user pr ofile is a par t of use r c onfi gur at io n. Any us er can connect to the swit ch using th e SNMPv3 proto col, but for authe nticati on and encrypti on, addition al st eps are need [...]

  • Страница 30

    30 © 2001- 2008 D-Link C orporation. All Right s Rese rved. Wired Config uration Guide 2. Using the User pul l-down menu, s elect Cr eate to crea te a ne w u se r . 3. E nter a new u ser n a me in the User N a me fi eld . 4. E nter a new u ser p a ssw o rd i n the P ass w ord fi eld and th en r etype it in the C onfir m Pass wor d fi el d. NOTE: I[...]

  • Страница 31

    31 3 Vi r t u a l L A N s Adding V irtual LAN (VLAN) sup port to a Layer 2 switch o ffe rs some of the benefits of both bridgin g and routi ng. Like a b ridge, a VLAN swi tch forwa rds traf fic based on the Layer 2 head er , wh ich is fast . Lik e a rou ter, it partit ion s the n etw o rk in to log i cal s egm ents , whic h provides better admi nis[...]

  • Страница 32

    32 © 2001- 2008 D-Link C orporation. All Right s Rese rved. Wired Config uration Guide VLAN Config uration Example The d iagr am in this se ctio n sh o ws a sw itc h with four por t s con figur ed to han d le th e traffic for two VLANs. Port 0/ 2 hand les traf f ic for both VLANs, while por t 0/ 1 is a member of VLAN 2 only , and ports 0 /3 and 0/[...]

  • Страница 33

    CLI Exam ples 33 3 V irtual LANs CLI Ex amples The fol lowi ng exa mples sho w how to crea te VLANs, assign ports t o the VLANs, an d a ss ign a VLAN as the de fault VLAN to a port. Example #1 : Create T wo VLANs Use the fol lowing com mands to crea te two VLANs and to a ssign the VLAN IDs while leaving the names blank. (DWS-3024) #vlan database (D[...]

  • Страница 34

    34 © 2001- 2008 D-Link C orporation. All Right s Rese rved. Wired Config uration Guide (DWS-3024) (Interface 0/4)#exit (DWS-3024) (Config)#exit E xample #4 : Assign VLAN3 as the Default V LAN This exampl e shows how to as sign VLAN 3 as t he default VLAN f or port 0/2. (DWS-3024) #config (DWS-3024) (Config)#interface 0/2 (DWS-3024) (Interface 0/2)[...]

  • Страница 35

    Private E dge VLANs 35 3 V irtual LANs T o specif y the handli ng of untagg ed frames on re ceipt use the LAN> L2 Featur es > VLAN > Port Confi guration page. Figure 6. VLAN Port Configuration Private Edge VLANs Use the Pr ivate Edge VLAN feature to prevent ports on the switch fr om forwardi ng traf fic to each oth er even if they are on t[...]

  • Страница 36

    36 © 2001- 2008 D-Link C orporation. All Right s Rese rved. Wired Config uration Guide CLI Example Exampl e #1: sw itchport p rotected (DWS-3024) #config (DWS-3024) (Config)#interface 0/1 (DWS-3024) (Interface 0/1)#switchport protected ? <cr> Press Enter to execute the command. (DWS-3024) (Interface 0/1)#switchport protected Exampl e #2: sho[...]

  • Страница 37

    37 4 802.1X Network Access Control Port-ba sed network access control allows t he operation of a sys tem’ s port( s) to be controll ed to ensu re th a t acc ess to its s ervic es is perm itte d onl y by sy ste m s tha t are autho riz ed to d o so. Port Acce ss Control provides a means of preve nting unau thorized access by supplican ts or users t[...]

  • Страница 38

    38 © 2001- 2008 D-Link C orporation. All Right s Rese rved. Wired Config uration Guide simpler . At the start of service for a user , the RADIUS cli ent that is configured t o use accounti ng sends a n accounti ng start packet spe cifying the type of se rvice th at it wil l deliver . Once the s erver re sponds with an a cknowledgeme nt, the cl ien[...]

  • Страница 39

    Guest VLAN 39 4 802.1X N etwork Acces s Control Guest VL AN The Guest VLAN featu re allows a switch to provid e a distingu ished service to unau thenticate d users. Th is featu re provide s a mechanism to allow vis itors and con tractors t o have networ k acces s to reach ext ern al netw ork with n o ab il ity to su rf int erna l LA N . When a cli [...]

  • Страница 40

    40 © 2001- 2008 D-Link C orporation. All Right s Rese rved. Wired Config uration Guide Configuring the Guest VLAN by U sing the Web Interface T o enable the Guest VLAN features by using the W eb i nterface, us e the LAN> Security > 802.1x > 8 02.1X Settin g page. T o configure the Guest VLAN sett ings on a po rt, use the LAN> Securi ty[...]

  • Страница 41

    Config uring Dyna mic VLAN As signment 41 4 802.1X N etwork Acces s Control Configuri ng Dy namic VLAN A ssig nment The soft ware also s upports VLAN as signment for clients based on th e RADIUS server authe nti cat ion. T o enable the swit ch to accept VLAN assignme nt by the RADIUS ser ver , use the authorization network radius co mmand in Glo ba[...]

  • Страница 42

    42 © 2001- 2008 D-Link C orporation. All Right s Rese rved. Wired Config uration Guide[...]

  • Страница 43

    CLI Exam ple 43 5 S torm Control A traffic stor m is a c ond ition tha t occu rs wh en in com ing pa cke ts flo od th e LA N, whi ch c reate s perfor mance degradati on i n the net work . The Unified Swi tc h’ s S t orm Control fea tur e pr ot ect s against this con ditio n. The Unifi ed Switch provi des broadcas t, multica st, and unicas t storm[...]

  • Страница 44

    44 © 2001- 2008 D-Link C orporation. All Right s Rese rved. Wired Config uration Guide <rate> Enter the storm-control threshold as percent of port speed. (DWS-3024) (Config)#storm-control broadcast all level 7 (DWS-3024) (Config)#exit (DWS-3024) Example #2 : Set Multic ast S torm Control for All Interfaces (DWS-3024) #config (DWS-3024) (Conf[...]

  • Страница 45

    Web In terface 45 5 S torm Control We b I n t e r f ac e The S torm Contro l configur ation opti ons are ava ilable on th e Port Conf iguratio n W eb page under th e Administr ation folde r . Figure 8. Port Configuration (S torm Control)[...]

  • Страница 46

    46 © 2001- 2008 D-Link C orporation. All Right s Rese rved. Wired Config uration Guide[...]

  • Страница 47

    CLI Exam ple 47 6 T r unking (Link Aggregation) This sec tion shows h ow to use th e T runking feature (also known as Link Aggre gation) to configur e port-c hannels by using the CLI and the W eb inte rface. The Link Aggr egation (LAG) featur e allows the switch to treat multi ple physi cal links between two end -points as a si ngl e logi ca l li n[...]

  • Страница 48

    48 © 2001- 2008 D-Link C orporation. All Right s Rese rved. Wired Config uration Guide Figure 9 shows the ex ample networ k. Figure 9. LAG/Port-channel Example Network Diagram Example 1: Create two port-channels : (DWS-3024) #config (DWS-3024) (Config)#port-channel lag_10 (DWS-3024) (Config)#port-channel lag_20 (DWS-3024) (Config)#exit Use the sho[...]

  • Страница 49

    CLI Exam ple 49 6 T runking (Lin k Aggregation) (DWS-3024) #show port-channel all Port- Link Log. Channel Adm. Trap STP Mbr Port Port Intf Name Link Mode Mode Mode Type Ports Speed Active ------ ------------- ----- ---- ---- ------ ------- ------ --------- ------ 3/1 lag_10 Down En. En. Dis. Dynamic 3/2 lag_20 Down En. En. Dis. Dynamic E xample 2: [...]

  • Страница 50

    50 © 2001- 2008 D-Link C orporation. All Right s Rese rved. Wired Config uration Guide W eb Interface Configuration - LAGs/ Port-channels T o perform the same c onfigura tion using th e W eb interface, use the LAN> L2 Fea tures > T runking > Configura tion page. Figure 10. T run king Co nfig urat ion T o create the por t-channe ls, speci [...]

  • Страница 51

    Over view 51 7 IGMP Snooping This sect ion describ es the Internet Group Management Proto col (IGMP) feat ure: IGMPv3 and IGMP Snoopi ng. The IGMP Snooping fe ature ena bles the s witch to mon itor IGMP transa ctions betwee n hosts a nd r outers. It can hel p c onserve ban dwidt h by all owing t he swit ch to for war d IP mu ltic a st tra ffic on l[...]

  • Страница 52

    52 © 2001- 2008 D-Link C orporation. All Right s Rese rved. Wired Config uration Guide E xamp le # 2: show mac-address-table igmpsnooping (DWS-3024) #show mac-address-table igmpsnooping ? <cr> Press Enter to execute the command. (DWS-3024) #show mac-address-table igmpsnooping MAC Address Type Description Interfaces ----------------------- --[...]

  • Страница 53

    Web E xamples 53 7 IG MP Snooping W eb Examples The foll owing web page s are used in the IGMP Sno oping featur e. Click Help fo r more inform ation on the web int erface. Figure 1 1. IGMP Snoo ping - Gl obal Co nfigura tion and S tatus Page[...]

  • Страница 54

    54 © 2001- 2008 D-Link C orporation. All Right s Rese rved. Wired Config uration Guide Figure 12. IG MP Sn oopin g - Int erface Config ura tion Pag e Figure 13. IG MP Sn oopin g VL AN Co nfiguratio n[...]

  • Страница 55

    Web E xamples 55 7 IG MP Snooping Figure 14. IG MP Snoopin g - VLAN Status Page Figure 15. IG MP Sn oopin g - Mu lticas t Rout er S t atistics Pag e[...]

  • Страница 56

    56 © 2001- 2008 D-Link C orporation. All Right s Rese rved. Wired Config uration Guide Figure 16. IG MP Snoopin g - Multi cast Rout er Co nfigur at ion Page Figure 17. IGMP Sn oopin g - Multicast Router VLAN S t atis ti cs Page[...]

  • Страница 57

    Web E xamples 57 7 IG MP Snooping Figure 18. IGMP Sn ooping - Multicast Router VLAN Configuration Page[...]

  • Страница 58

    58 © 2001- 2008 D-Link C orporation. All Right s Rese rved. Wired Config uration Guide[...]

  • Страница 59

    Over view 59 8 Port Mirroring This sec tion desc ribes the Por t Mirroring f eature, wh ich can se rve as a diagn ostic to ol, debugging tool, or mea ns of fend ing of f atta cks. Ove rview Port mir roring se lects net work traf fic from specif ic ports for analysi s by a networ k analyzer , while al lowing the same traf fic to be switche d to its [...]

  • Страница 60

    60 © 2001- 2008 D-Link C orporation. All Right s Rese rved. Wired Config uration Guide Example #2: Show the Port Mirr oring Session (DWS-3024) #show monitor session 1 Session ID Admin Mode Probe Port Mirrored Port Type ---------- ---------- ---------- ------------- ----- 1 Enable 0/8 0/7 Rx,Tx (DWS-3024 ) #Monitor session I D “1” - “1” i s[...]

  • Страница 61

    W eb Examples 61 8 Port Mi rroring W eb Examples The foll owing web page s are used with the Po rt Mirror ing feat ure. Figure 19. Multip le Port Mi rrorin g Figure 20. Multiple Port Mirroring - Add Sour ce Ports[...]

  • Страница 62

    62 © 2001- 2008 D-Link C orporation. All Right s Rese rved. Wired Config uration Guide Figure 21. Syst em - Port Util izatio n Summary[...]

  • Страница 63

    Over view 63 9 Port Security This sect io n d es crib es t he Po rt Sec uri ty fe at ure . Ove rview Port Secu rity: • Allows fo r limiting t he number of MAC addresses on a given po rt. • Packets t h at ha ve a matchin g MAC a ddre ss ( sec ure packe ts ) are for ward ed; all ot her p ack - ets (un secure pac kets) ar e restri cted. • Enable[...]

  • Страница 64

    64 © 2001- 2008 D-Link C orporation. All Right s Rese rved. Wired Config uration Guide CLI Ex amples The foll owing are e xamples of t he commands us ed in the P ort Securit y feature . Example #1 : show port secur ity (DWS-3024) #show port-security ? <cr> Press Enter to execute the command. all Display port-security information for all inte[...]

  • Страница 65

    W eb Examples 65 9 P ort Secu ri ty W eb Examples The foll owing W eb pages are used in the Port Secur ity featur e. Figure 22. Port Security A dministration Figure 23. Port Security Int erface Configuration[...]

  • Страница 66

    66 © 2001- 2008 D-Link C orporation. All Right s Rese rved. Wired Config uration Guide Figure 24. Port Security St atically Configured MAC Addresses T o view Port Securi ty statu s informat ion, navig ate to LAN> Monitori ng > Port Security from the navigation pa nel. Figure 25. Port Security D ynamically Learned MAC A ddresses[...]

  • Страница 67

    W eb Examples 67 9 P ort Secu ri ty Figure 26. Port Security Violation S tatus[...]

  • Страница 68

    68 © 2001- 2008 D-Link C orporation. All Right s Rese rved. Wired Config uration Guide[...]

  • Страница 69

    CLI Exam ples 69 10 Link Layer Discovery Protocol The Link Layer Discover y Pr ot ocol (LLDP) fe at ure allows i ndi vi dual interf ac es on the swi tc h to adver tise majo r capabilit ies and ph ysical descr iptions . Network manag ers can view t his informat ion and id entify s ystem topology a nd detect bad confi gurations on t he LAN. LLDP has [...]

  • Страница 70

    70 © 2001- 2008 D-Link C orporation. All Right s Rese rved. Wired Config uration Guide (DWS-3024) # Example #2 : Set Inter face LLDP Parameter s The foll owing comman ds configu re inter face 0/10 to transmi t and recei ve LLDP inf ormation. (DWS-3024) #config (DWS-3024) (Config)#interface 0/10 (DWS-3024) (Interface 0/10)#lldp ? notification Enabl[...]

  • Страница 71

    Using t he We b Interface to Configure LL DP 71 10 Link L ayer Disco very Protoc ol Using the W eb Interface to Con figure LLDP The LLDP menu page con tains li nks to the followin g feature s: • LLDP Configur ation • LLDP S tatisti cs • LLDP Connecti ons • LLDP Configur ation Use the LLDP Gl obal Confi guration page to speci fy LLDP paramet[...]

  • Страница 72

    72 © 2001- 2008 D-Link C orporation. All Right s Rese rved. Wired Config uration Guide Use t he LL DP In terf a ce Co nfig urat ion sc reen to sp ecif y tran smit and re cei ve fun ctio n s fo r indivi dual inte rfaces. Figure 28. LLDP Interface Configuration Inter face P ara m eters • Inte rface — Specif ies th e port to b e affecte d by th e[...]

  • Страница 73

    Using t he We b Interface to Configure LL DP 73 10 Link L ayer Disco very Protoc ol Figure 29. LLDP I nterface Summary Figure 30. LLDP S tatis ti cs Y ou ca n also use the pages in t he LAN> Monitoring > LLDP S tatus folde r to view inform ation ab out local and remote devices.[...]

  • Страница 74

    74 © 2001- 2008 D-Link C orporation. All Right s Rese rved. Wired Config uration Guide[...]

  • Страница 75

    Over view 75 11 Denial of Service Att ack Protection This sec tion desc ribes the D-Li nk DWS-3000 swit ch’ s Denial of Service Protect ion feature . Ove rview Denial of Service: • Spans two categor ie s: - Protect ion of th e Unified Switc h - Protect ion of th e network • Protect s against the exploit ation of a number of vulnerabil ities w[...]

  • Страница 76

    76 © 2001- 2008 D-Link C orporation. All Right s Rese rved. Wired Config uration Guide First Fragment Mode............................ Enable Min TCP Hdr Size............................... 20 TCP Fragment Mode.............................. Enable TCP Flag Mode.................................. Disable L4 Port Mode.................................[...]

  • Страница 77

    Port Rou ting Config uration 77 12 Port Routing The fir st network s were small enough for the end st ations to c ommunicat e directly . As networks grew , Laye r 2 bridging was used to s egregate traf fic, a tec hnology th at worked wel l for uni cast tra ffic, b ut had p roblems cop ing with lar ge quantities of multic ast packe ts. The next majo[...]

  • Страница 78

    78 © 2001- 2008 D-Link C orporation. All Right s Rese rved. Wired Config uration Guide • ARP Mappi ng - r espo nsibl e for main tain ing th e AR P T abl e used to co rrel ate IP and MA C address es. The table contain s both st atic ent ri es and entr ies dynami cal ly upd at ed b ase d o n inform ation i n receive d ARP frames. • Routing T abl[...]

  • Страница 79

    CLI Exam ples 79 12 Port Routing Example 2. Enabli ng Routing for Ports on the Switch Use the f ollowing c ommands to enab le routi ng for por ts on the sw itch. The d efault link -level encapsul ation fo rmat is Et hernet. Conf igure th e IP addres ses and su bnet masks f or the por ts. Network di rected br oadcast f rames are dro pped and the max[...]

  • Страница 80

    80 © 2001- 2008 D-Link C orporation. All Right s Rese rved. Wired Config uration Guide Using the W eb Interface to Con figure Ro uting Use the f ollowing s creens to perform the s ame configur ation using the Graphi cal User Inte rface: T o enable routing fo r t he swi tch, as shown i n Exampl e 1. Ena bl ing routing for th e Swit ch , u se the LA[...]

  • Страница 81

    VLAN Rou ting Con figuration 81 13 VLAN Routing Y ou can con figure t he Unified Swit ch with some ports support ing VLANs and s ome support ing routing. Y ou can also conf igure th e Unified Switch to all ow traff ic on a VLAN to be trea ted as if the VLAN were a rou ter port . When a port i s e nabled for bri dging (de fau lt ) rather tha n r out[...]

  • Страница 82

    82 © 2001- 2008 D-Link C orporation. All Right s Rese rved. Wired Config uration Guide Figure 35. VLAN Routing Ex ample Net work Diagram Example 1: Create T wo VLANs The foll owing comman ds show an example of how to cr eate two VLANs with egress f rame tagging enabled. vlan database vlan 10 vlan 20 exit config interface 0/1 vlan participation inc[...]

  • Страница 83

    CLI Exam ples 83 13 VLAN Routi ng Next spec ify the VLAN I D assigned to u ntagged fr ames recei ved on the ports. config interface 0/1 vlan pvid 10 exit interface 0/2 vlan pvid 10 exit interface 0/3 vlan pvid 20 exit exit Example 2: Set Up VLAN Routing for the VLANs and the Switch. The foll owing comman ds show how to enable rou ting for the VLANs[...]

  • Страница 84

    84 © 2001- 2008 D-Link C orporation. All Right s Rese rved. Wired Config uration Guide Using the W eb Inte rface to Configure VLAN Routing Y ou ca n perform the s ame configu ration by using the W eb Interf ace. Use the LAN> L2 Feature s > VLAN> V L AN Configura tion page to create the VLANs, specify por t parti cipation , and con figure [...]

  • Страница 85

    Using the Web In terface to Configure VL AN Routing 85 13 VLAN Routi ng Use the LAN> L3 Feature s > VLAN Routing > Configura tion page to enable VLAN routing and confi gure the po rts. Figure 38. VLAN Routing Configuration T o enable routing for the s witch, use the LAN> L3 Featur es > IP > Configurat ion page. Figure 39. Enabli n[...]

  • Страница 86

    86 © 2001- 2008 D-Link C orporation. All Right s Rese rved. Wired Config uration Guide Use the LAN> L3 Feature s > IP > Interf ace Configurati on page to enab le routing f or the ports a nd configur e their IP addresses and subnet masks. Figure 40. IP Interface Configuration[...]

  • Страница 87

    CLI Exam ples 87 14 V irtual Router Redundancy Protocol When an e nd station i s statical ly configur ed with the address o f the router that wil l handle its routed t raf fic, a singl e point o f failure i s introd uced into the network . If the r outer goe s down, the end s tation is u nable to c ommunicate. Si nce static configura tion is a co n[...]

  • Страница 88

    88 © 2001- 2008 D-Link C orporation. All Right s Rese rved. Wired Config uration Guide Figure 41. VRRP Example Netwo rk Configuration Example 1: Configuring VRRP on the Swit ch as a Master Router Enab le rou tin g fo r th e sw i tch . IP fo rwar din g is th en e nable d by d efa ult. config ip routing exit Configur e the IP ad dresses a nd subnet [...]

  • Страница 89

    CLI Exam ples 89 14 V irtual Router Red undancy Protocol Assi gn vi r tua l route r ID s to th e por t tha t w ill pa rtic ipat e in th e pro tocol . config interface 0/2 ip vrrp 20 Specify the IP addr ess that the virt ual router function will reco gnize. Note that the vir tual IP address on port 0/ 2 is t he same a s the port’ s a ctu al I P ad[...]

  • Страница 90

    90 © 2001- 2008 D-Link C orporation. All Right s Rese rved. Wired Config uration Guide Enable VRRP on the port. ip vrrp 20 mode exit Using the W eb Interface to Con figure VRRP Use the f ollowing s creens to perform the s ame configur ation using the Graphi cal User Inte rface: T o enable routing for the s witch, use the LAN > L3 Featur es >[...]

  • Страница 91

    Using th e Web Interface to Configure VRRP 91 14 V irtual Router Red undancy Protocol Figure 43. IP Interface Configuration T o enable VRRP for the swi tch, use th e LAN> L3 Feature s > VRRP > VRRP Configurat ion pag e. Figure 44. VRRP Confi gurat io n T o configure vir tual router setting s, use the LAN> L3 Featur es > VRRP > V i[...]

  • Страница 92

    92 © 2001- 2008 D-Link C orporation. All Right s Rese rved. Wired Config uration Guide Figure 45. V irtu al Rout er Configuratio n[...]

  • Страница 93

    Over view 93 15 Proxy Address Resol ution Protocol (ARP) This sec tion desc ribes the Pr oxy Address Re solution Protocol (ARP) feature. Ove rview • Proxy ARP allows a rout er to answe r ARP requests wh ere the t arget I P address is not the router itself but a destin ation tha t the router can reac h. • If a hos t does not know the defaul t ga[...]

  • Страница 94

    94 © 2001- 2008 D-Link C orporation. All Right s Rese rved. Wired Config uration Guide Example #2 : ip proxy-ar p DWS-3024) (Interface 0/24)#ip proxy-arp ? <cr> Press Enter to execute the command. (DWS-3024) (Interface 0/24)#ip proxy-arp W eb Example The foll owing web page s are used in the pr oxy ARP feature. Figure 46. Proxy ARP Configura[...]

  • Страница 95

    Over view 95 16 Access Control List s (ACLs) This sect ion d escr i b es t he Ac ces s Con tro l L ists (AC Ls) fe atu re. Ove rview Access Cont rol List s (ACLs) are a collecti on of permi t and deny conditions, c alled rul es, that provide securit y by blocking un authorize d users an d allowing authoriz ed users to a ccess speci fic reso u rce s[...]

  • Страница 96

    96 © 2001- 2008 D-Link C orporation. All Right s Rese rved. Wired Config uration Guide • The o rder o f th e rules is im por tant: w he n a pack et ma tch es mu ltiple rul es, th e fir s t rul e takes pr ecedence. Also, once yo u define a n ACL for a gi ven port, all traf fic not sp ecifi- cally p ermitted by t he ACL is denied a ccess. MAC ACLs[...]

  • Страница 97

    ACL Confi guration Pro cess 97 16 Ac cess Contro l List s (ACLs) ACL Configuration Process T o configure ACLs, fol low these steps: • Create a MAC ACL by specifyi ng a name. • Create a n IP ACL by specif ying a number . • Add n e w ru le s to th e A C L. • Conf igure the matc h cr ite ria for t he rul es . • Appl y th e A C L t o on e or [...]

  • Страница 98

    98 © 2001- 2008 D-Link C orporation. All Right s Rese rved. Wired Config uration Guide Example #1: Create ACL 179 and Define an ACL Rule After t he mask has be en applie d, it permits packets car rying TCP tr aff ic that match es the specif ied Source IP address , and sends these pack ets to t he specif ied Destinat ion IP addr ess. config access-[...]

  • Страница 99

    MAC ACL CLI E xamples 99 16 Ac cess Contro l List s (ACLs) Example #5 : Specify MAC ACL Attr ibutes (DWS-3024) (Config)#mac access-list extended mac1 (DWS-3024) (Config-mac-access-list)#deny ? <srcmac> Enter a MAC Address. any Configure a match condition for all the source MAC addresses in the Source MAC Address field. (DWS-3024) (Config-mac-[...]

  • Страница 100

    100 © 2001- 2008 D -Link Corp oration. Al l Rights Reserved. Wired Config uration Guide Example #6 Configure MAC Acces s Group (DWS-3024) (Config)#interface 0/5 (DWS-3024) (Interface 0/5)#mac ? access-group Attach MAC Access List to Interface. (DWS-3024) (Interface 0/5)#mac access-group ? <name> Enter name of MAC Access Control List. (DWS-30[...]

  • Страница 101

    MAC ACL CLI Examples 101 16 Ac cess Contro l List s (ACLs) Example #7 Set up an ACL with Permit Action (DWS-3024) (Config)#mac access-list extended mac2 (DWS-3024) (Config-mac-access-list)#permit ? <srcmac> Enter a MAC Address. any Configure a match condition for all the source MAC addresses in the Source MAC Address field. (DWS-3024) (Config[...]

  • Страница 102

    102 © 2001- 2008 D -Link Corp oration. Al l Rights Reserved. Wired Config uration Guide W eb Examples Use the W eb pages in thi s section to configure and view MAC access cont rol list and IP access control lists. MAC ACL Web Pages The foll owing figur es show the pages avail able to vi ew and configur e MAC ACL setting s. Figure 48. MAC ACL Co nf[...]

  • Страница 103

    Web Ex amples 103 16 Ac cess Contro l List s (ACLs) Figure 50. MAC ACL Rule Co nfiguration Page - Add Destination MAC and MAC Mask Figure 51. MAC ACL Rule Co nfig uration Page - V iew the Current Settings[...]

  • Страница 104

    104 © 2001- 2008 D -Link Corp oration. Al l Rights Reserved. Wired Config uration Guide Figure 52. ACL Interface Configuration Figure 53. MAC ACL Sum mary[...]

  • Страница 105

    Web Ex amples 105 16 Ac cess Contro l List s (ACLs) Figure 54. MAC ACL Rule S ummary IP ACL Web Pages The foll owing figur es show the pages avai lable to vi ew and confi gure sta ndard and ex tended IP ACL sett ings. Figure 55. IP ACL Configura tion Page - Create a New IP ACL[...]

  • Страница 106

    106 © 2001- 2008 D -Link Corp oration. Al l Rights Reserved. Wired Config uration Guide Figure 56. IP ACL Configura ti on Page - Create a Rule and Assign an ID Figure 57. IP ACL Rule Con fi gur ation Page - Rule with Protocol and Source IP Configuration[...]

  • Страница 107

    Web Ex amples 107 16 Ac cess Contro l List s (ACLs) Figure 58. Attach IP ACL to an Interfa ce[...]

  • Страница 108

    108 © 2001- 2008 D -Link Corp oration. Al l Rights Reserved. Wired Config uration Guide Figure 59. IP ACL Su mm ary Figure 60. IP ACL Ru le Sum mary[...]

  • Страница 109

    Ingress Port Configu ration 109 17 Class of Service Queuing The Class of Serv ice (CoS) f eature let s you give preferen tial tr eatment t o certain types of traf fic o ver other s. T o set u p this pre ferenti al trea tment, you ca n configur e the ing ress ports, the egr ess ports , and indiv idual queu es on the e gress port s to prov ide custom[...]

  • Страница 110

    1 10 © 2001- 2008 D-Link Corporati on. All Rights Rese rved. Wired Config uration Guide CoS Mapping T able for T rusted Ports Mapping is from the de signated field val ues on trust ed ports’ incoming pa ckets to a t raf fic class pr iority (act ually a CoS traff ic queue). The trus ted port fiel d-to-traf fic class con figuration entrie s form t[...]

  • Страница 111

    CLI Exam ples 1 1 1 17 Class of Service Queui ng Figure 61. CoS Ma ppin g and Queue Con figura tion Continui ng t his example , you c onfi gur ed the egress Port 0/8 f or s tr ic t pr io ri ty on queue 6, a nd a set a weig hted schedul ing scheme fo r queues 5-0. As suming queu e 5 has a hig her we ig hti ng than queu e 1 (re lativ e weight value s[...]

  • Страница 112

    1 12 © 2001- 2008 D-Link Corporati on. All Rights Rese rved. Wired Config uration Guide Figure 62. CoS Configurat ion Exam ple Sy stem Diag ram Y ou will c onfigure the ingre ss interfa ce uniquely for all co s-queue an d VLAN parameters. configure interface 0/10 classofservice trust dot1p classofservice dot1p-mapping 6 3 vlan priority 2 exit inte[...]

  • Страница 113

    W eb Examples 1 13 17 Class of Service Queui ng W eb Examples The foll owing web page s are used for the Cl ass of Ser vice featur e. Figure 63. 802.1p Priority Mappin g Page Figure 64. CoS T rust Mode Co nfigurat ion Pag e[...]

  • Страница 114

    1 14 © 2001- 2008 D-Link Corporati on. All Rights Rese rved. Wired Config uration Guide Figure 65. IP DSCP Mapp ing Configuration Page Figure 66. CoS I nterface Co nfiguratio n Page[...]

  • Страница 115

    W eb Examples 1 15 17 Class of Service Queui ng Figure 67. CoS Interface Queue Configuration Page Figure 68. CoS Interface Queue S tatus Page[...]

  • Страница 116

    1 16 © 2001- 2008 D-Link Corporati on. All Rights Rese rved. Wired Config uration Guide[...]

  • Страница 117

    11 7 18 Differentiated Services Dif ferenti ated Ser vices ( Diff Serv) is one tec hnique fo r impl ementing Qu ality of S ervic e (QoS) polici es. Using Dif fServ in your network al lows you to d irectly con figure t he relevant parame ters on the s witche s and routers rather than using a resourc e reserv ation prot ocol. This sectio n explains h[...]

  • Страница 118

    1 18 © 2001- 2008 D-Link Corporati on. All Rights Rese rved. Wired Config uration Guide The Unifi ed Switch suppor ts the T raffic Co nditioning Pol icy type which is associated with an i nbo und traf fic cl ass and specifi es the ac tions to be perfo rmed on pa ckets meet in g the cl ass rules: - Marking t he packet with a given DSCP , IP precede[...]

  • Страница 119

    CLI Example 1 19 18 Differe ntiated Services 2. Create a Diff Serv class o f type “all” for each of the depart ments, and n ame them. Define the ma tch crit eria -- Sour ce IP addr ess -- fo r the new cl asses. class-map match-all finance_dept match srcip 172.16.10.0 255.255.255.0 exit class-map match-all marketing_dept match srcip 172.16.20.0 [...]

  • Страница 120

    120 © 2001- 2008 D -Link Corp oration. Al l Rights Reserved. Wired Config uration Guide queue at tribute . It is pr esumed that the switc h will fo rward this traf fic to in terface 0/5 based on a normal des tinatio n address l ookup for internet tr aff ic. interface 0/5 cos-queue min-bandwidth 0 25 25 25 25 0 0 0 exit exit Adding Col or-Aware Pol[...]

  • Страница 121

    Using the W eb Interface to C onfigure Diffse rv 121 18 Differe ntiated Services 3. V iew inf ormation about the Dif fServ policy and class con figuration . In the fo llowing exampl e, the inter face spec ified is interf ace 0/1. The policy is at tached t o interf aces 0/1 through 0 /4. (DWS-3024) #show diffserv service 0/1 in DiffServ Admin Mode..[...]

  • Страница 122

    122 © 2001- 2008 D -Link Corp oration. Al l Rights Reserved. Wired Config uration Guide Figure 70. DiffServ Co nfiguratio n Figure 71. Diff Serv Clas s Co nfi gurat ion[...]

  • Страница 123

    Using the W eb Interface to C onfigure Diffse rv 123 18 Differe ntiated Services Figure 72. DiffServ Cla ss Configuratio n - Add Match Criteria Figure 73. Source IP Address[...]

  • Страница 124

    124 © 2001- 2008 D -Link Corp oration. Al l Rights Reserved. Wired Config uration Guide Figure 74. Diff Serv Clas s Co nfi gurat ion Figure 75. DiffServ Cl ass Sum mary[...]

  • Страница 125

    Using the W eb Interface to C onfigure Diffse rv 125 18 Differe ntiated Services Figure 76. DiffServ Policy Configuration Figure 77. DiffServ Policy Configuration[...]

  • Страница 126

    126 © 2001- 2008 D -Link Corp oration. Al l Rights Reserved. Wired Config uration Guide Figure 78. DiffServ Policy Class Definition Figure 79. A ssi gn Que u e[...]

  • Страница 127

    Using the W eb Interface to C onfigure Diffse rv 127 18 Differe ntiated Services Figure 80. DiffServ Policy Summary Figure 81. DiffServ Policy Attribute Summary[...]

  • Страница 128

    128 © 2001- 2008 D -Link Corp oration. Al l Rights Reserved. Wired Config uration Guide Figure 82. DiffServ Service Configuration Figure 83. DiffServ Service Summary[...]

  • Страница 129

    Using the W eb Interface to C onfigure Diffse rv 129 18 Differe ntiated Services Configuring the Color-Awar e Attribute by Using the Web The foll owing scre ens show the addition al steps to t ake to co nfigure t he finance_de pt class with a co lor -aware at tribute . 1. Add a new cl ass to ser ve as the auxiliary t raf fic class. A. From the Cl a[...]

  • Страница 130

    130 © 2001- 2008 D -Link Corp oration. Al l Rights Reserved. Wired Config uration Guide C. A ft er th e scre en r efres hes , ente r valu e s fo r the C ommi t ted Rate and C omm it ted Burst Size fi elds. D. Click Conf igure Selected Att ribute . The Dif f Serv Policy Attr ibute Summary pa ge appears so you can view i nformation a bout all of the[...]

  • Страница 131

    DiffS erv f or VoIP Conf igur at ion Ex ampl e 1 31 18 Differe ntiated Services DiffServ for V oIP Config uration Ex ample One of the most valua ble uses of Di ffServ is to suppo rt V oice over IP (V oIP). V oIP traf fic is inheren tly time- sensiti ve: for a network to provide a cceptable service , a guar anteed trans mis s ion rate is vita l. Th [...]

  • Страница 132

    132 © 2001- 2008 D -Link Corp oration. Al l Rights Reserved. Wired Config uration Guide Configuring DiffServ V oIP Support Example Enter Glo bal Config mode. Set queu e 5 on all p orts to use s trict pri ority mode. This queue shall be u sed fo r all V o IP p a cke ts. A ctiv a te D i ffSe rv f or the swi t c h. config cos-queue strict 5 diffserv [...]

  • Страница 133

    RADI US Co nfi gura tio n Exam ple 133 19 RADIUS Making use of a singl e databas e of accessi ble infor mation – as in an Authe nticati on Server – can great l y si mplify th e a uth ent ic ation and mana gemen t of users i n a l ar ge net work . One such type of Au thentica tion Server supports t he Remote Aut hentication Dial In User Se rvice[...]

  • Страница 134

    134 © 2001- 2008 D -Link Corp oration. Al l Rights Reserved. Wired Config uration Guide RADIUS server cannot be contacted. Thi s authent ication li st is then a ssociat ed with the default login. Figure 85. RADIUS Servers in a DWS-3 000 Network When a user attempts to log in, the switch prompts for a username and password. The switch then at tempt[...]

  • Страница 135

    RADI US Co nfi gura tio n Exam ple 135 19 RADIUS Configuring RADIUS b y Using the Web Interface The foll owing W eb screen s show how to p erform the configur ation descri bed in th e example. Figure 86. Add a R ADIUS Server[...]

  • Страница 136

    136 © 2001- 2008 D -Link Corp oration. Al l Rights Reserved. Wired Config uration Guide Figure 87. Configuring the RAD IUS Server[...]

  • Страница 137

    RADI US Co nfi gura tio n Exam ple 137 19 RADIUS Figure 88. Cr eat e an Aut h entication List Figure 89. Configure the Authentication L ist[...]

  • Страница 138

    138 © 2001- 2008 D -Link Corp oration. Al l Rights Reserved. Wired Config uration Guide Figure 90. Set the User Login[...]

  • Страница 139

    T AC ACS + Conf ig urat ion Ex ampl e 1 39 20 T ACACS+ T ACACS+ (T ermina l Access Cont roller Acce ss Control System) pr ovides acc ess control for networke d devices v ia one or more c entralized servers. Similar t o RADIUS, this p rotocol simplif ies authent ication b y making use of a single da tabase that can be sha red by many client s on a l[...]

  • Страница 140

    140 © 2001- 2008 D -Link Corp oration. Al l Rights Reserved. Wired Config uration Guide Figure 91. DWS-3000 wi th T ACACS+ When a us er attemp ts to log int o the swit ch, the NAS or switch pro mpts for a user name and passwo rd. The switch a ttempts to co mmunicate with the h ighest pr iority configured T ACACS+ server at 10 .10.10.10. Upon succ [...]

  • Страница 141

    T AC ACS + Conf ig urat ion Ex ampl e 1 41 20 T ACACS+ Configuring T ACACS+ by Using the W eb Interface The foll owing W eb screen s show how to p erform the configur ation descri bed in th e example. Figure 92. Add a T ACACS+ Server Figure 93. Con figurin g the T ACACS+ Server[...]

  • Страница 142

    142 © 2001- 2008 D -Link Corp oration. Al l Rights Reserved. Wired Config uration Guide Figure 94. Create an Authentication List (T ACACS+) Figure 95. Configure the Authentication L ist (T ACACS+)[...]

  • Страница 143

    T AC ACS + Conf ig urat ion Ex ampl e 1 43 20 T ACACS+ Figure 96. Set the User Login (T ACACS +)[...]

  • Страница 144

    144 © 2001- 2008 D -Link Corp oration. Al l Rights Reserved. Wired Config uration Guide[...]

  • Страница 145

    Overv iew 145 21 DHCP Filtering This sec tion desc ribes the Dyna mic Host Confi guratio n Protocol (DHCP) Filteri ng feature. Ove rview DHCP filte ring provide s security b y filterin g untrust ed DHCP messages. An untrust ed messag e is a message that is rece ive d fr om outs ide the ne twor k or firewal l, and that can ca use traf fic a ttacks w[...]

  • Страница 146

    146 © 2001- 2008 D -Link Corp oration. Al l Rights Reserved. Wired Config uration Guide C LI Exampl es The comman ds shown below sho w examples of configur ing DHCP Filteri ng for the swi tch and for i ndividua l interf aces. Example #1 : Enable DHCP Fil tering for the Switch This example config ip dhcp filtering exit exit Exam ple #2: En able DHC[...]

  • Страница 147

    Web Ex amples 147 21 DHCP Filteri ng Use the DHCP Fi ltering Configurati on page to conf igure the DHCP Filtering a dmin mode on the swit ch. Figure 97. DHCP Filterin g Configuration Use the DHCP Filt erin g Int erfac e Confi gurat ion p age to c onfigu re DHCP Fi lter ing o n spec ific inter faces . Figure 98. DHCP Filtering Interface Configuratio[...]

  • Страница 148

    148 © 2001- 2008 D -Link Corp oration. Al l Rights Reserved. Wired Config uration Guide Figure 99. DHCP Filter Binding Information[...]

  • Страница 149

    CLI E xam ple 149 22 T r aceroute This sect ion d escr ibe s th e Tracer out e fea tur e. Use T raceroute to discover the route s that pac kets take when traveli ng on a hop- by-hop basi s to thei r destin ation thr ough the ne twork. • Maps networ k routes b y sending packe ts with smal l T ime-to-Li ve (TTL) va lues and watches t he ICMP time-o[...]

  • Страница 150

    150 © 2001- 2008 D -Link Corp oration. Al l Rights Reserved. Wired Config uration Guide (DWS-3024) #traceroute ? <ipaddr> Enter IP address. (DWS-3024) #traceroute 216.109.118.74 ? <cr> Press Enter to execute the command. <port> Enter port no. (DWS-3024) #traceroute 216.109.118.74 Tracing route over a maximum of 20 hops 1 10.254.2[...]

  • Страница 151

    Overv iew 151 23 Configuration Scripting Configur ation Scr ipting allo ws you to gene rate a t ext-forma tted script file that shows the current configur ation of the system . Y ou can gene rate multipl e scripts a nd upload an d apply them to mo re tha n one swi tc h. Ove rview Configur ati on Scr ipt in g: • Provides scripts that can be upload[...]

  • Страница 152

    152 © 2001- 2008 D -Link Corp oration. Al l Rights Reserved. Wired Config uration Guide list Lists all configuration script files present on the switch. show Displays the contents of configuration script. validate Validate the commands of configuration script. Example #2 : script l ist and scr ipt delete (DWS-3024) #script list Configuration Scrip[...]

  • Страница 153

    CLI Example s 153 23 Configu ration Scripting Example #5 : copy nvram : script Use this command to upl oad a confi guration script. (DWS-3024) #copy nvram: script running-config.scr tftp://192.168.77.52/running-config.scr Mode......................... TFTP Set TFTP Server IP........... 192.168.77.52 TFTP Path.................... ./ TFTP Filename...[...]

  • Страница 154

    154 © 2001- 2008 D -Link Corp oration. Al l Rights Reserved. Wired Config uration Guide Example #7: V alidate another Configuration Script (DWS-3024) #script validate default.scr network parms 172.30.4.2 255.255.255.0 0.0.0.0 vlan database exit configure lineconfig exit spanning-tree configuration name 00-18-00-00-00-10 interface 0/1 exit interfac[...]

  • Страница 155

    Overv iew 155 24 Outbound T elnet This sec tion desc ribes the Out bound T elne t featur e. Ove rview Outbound T elnet: • Feature establi shes an outboun d telnet connectio n between a device and a remote hos t. • When a tel net connec tion is ini tiated, each side of t he connection is assumed to origin ate and te rmin ate at a “N e twork V [...]

  • Страница 156

    156 © 2001- 2008 D -Link Corp oration. Al l Rights Reserved. Wired Config uration Guide Example #1: show network (DWS-3024) >telnet 192.168.77.151 Trying 192.168.77.151... (DWS-3024) User:admin Password: (DWS-3024)>enable Password: (DWS-3024)#show network IP Address...............................192.168.77.151 Subnet Mask....................[...]

  • Страница 157

    Web Exam ple 157 24 Ou tbound T elnet <0-5> Configure the maximum number of outbound telnet sessions allowed. (DWS-3024) (Line)#session-limit 5 (DWS-3024) (Line)#session-timeout ? <1-160> Enter time in minutes. (DWS-3024) (Line)#session-timeout 15 W eb Example Y ou ca n set up th e Outbound T elnet sessi on through t he W eb interfac e.[...]

  • Страница 158

    158 © 2001- 2008 D -Link Corp oration. Al l Rights Reserved. Wired Config uration Guide[...]

  • Страница 159

    Overv iew 159 25 Pre-Login Banner This sec tion desc ribes the Pre-Login Banner featur e. Ove rview Pre-Logi n Banner: • Allows you to creat e message scre ens when logg ing into t he CLI Inte rface • By defaul t, no Banner fi le exist s • Banner ca n be uploade d or downloaded • File size can not be lar ger tha n 2K The P re- L ogi n B an [...]

  • Страница 160

    160 © 2001- 2008 D -Link Corp oration. Al l Rights Reserved. Wired Config uration Guide (DWS-3024) #copy tftp://192.168.77.52/banner.txt nvram:clibanner Mode...........................................TFTP Set TFTP Server IP.............................192.168.77.52 TFTP Path......................................./ TFTP Filename....................[...]

  • Страница 161

    Overv iew 161 26 Simple Network T ime Protocol (SNTP) This sec tion descri bes the Si mple Network T ime Protoco l (SNTP) featur e. Ove rview SNTP: • Used for synchroniz ing netw ork resou rces • Adaptati on of NTP • Provides synchroni zed network ti mestamp • Can be used in broadc ast or uni cast mode • SNTP client implemente d over UDP [...]

  • Страница 162

    162 © 2001- 2008 D -Link Corp oration. Al l Rights Reserved. Wired Config uration Guide Example #3 : show sntp serve r (DWS-3024) #show sntp server Server IP Address: 81.169.155.234 Server Type: ipv4 Server Stratum: 3 Server Reference Id: NTP Srv: 212.186.110.32 Server Mode: Server Server Maximum Entries: 3 Server Current Entries: 1 SNTP Servers -[...]

  • Страница 163

    Web I nterfac e Examples 163 26 Simple Network Tim e Protocol (SNTP) Example #6 : configuring sntp ser ver (DWS-3024)(Config) #sntp server 192.168.10.234 ? <cr> Press Enter to execute the command. <1-3> Enter SNTP server priority from 1 to 3. Example #7: configure sntp clie nt port (DWS-3024)(Config) #sntp client port 1 ? <cr> Pre[...]

  • Страница 164

    164 © 2001- 2008 D -Link Corp oration. Al l Rights Reserved. Wired Config uration Guide Figure 102. SNTP Global S tatus Pa ge[...]

  • Страница 165

    Web I nterfac e Examples 165 26 Simple Network Tim e Protocol (SNTP) Figure 103. SNTP Server Configuration Page Figure 104. SNTP Server S tatus Page[...]

  • Страница 166

    166 © 2001- 2008 D -Link Corp oration. Al l Rights Reserved. Wired Config uration Guide[...]

  • Страница 167

    Overv iew 167 27 Syslog This sec tion provi des info rmation abo ut the Sysl og feature. Ove rview Syslog : • Allows you to store sys tem messages and/or error s • Can store to local files o n the swit ch or a remote s erver ru nning a sys log daemon • Method of c ollecting mes sage logs from many systems Interpreting Log Files <130> J [...]

  • Страница 168

    168 © 2001- 2008 D -Link Corp oration. Al l Rights Reserved. Wired Config uration Guide CLI Ex amples The foll owing are e xamples of t he commands us ed in the Sysl og featur e. Example #1: show logging (DWS-3024) #show logging Logging Client Local Port : 514 CLI Command Logging : disabled Console Logging : disabled Console Logging Severity Filte[...]

  • Страница 169

    CLI Example s 169 27 Sysl og Example #3: show logging traplogs (DWS-3024) #show logging traplogs Number of Traps Since Last Reset............... 16 Trap Log Capacity.............................. 256 Number of Traps Since Log Last Viewed.......... 0 Log System Up Time Trap --- ------------------------ --------------------------------------- 0 6 day[...]

  • Страница 170

    170 © 2001- 2008 D -Link Corp oration. Al l Rights Reserved. Wired Config uration Guide Example #5: logging port configuration (DWS-3024) #config (DWS-3024) (Config)#logging ? buffered Buffered (In-Memory) Logging Configuration. cli-command CLI Command Logging Configuration. console Console Logging Configuration. host Enter IP Address for Logging [...]

  • Страница 171

    Web Ex amples 171 27 Sysl og W eb Examples The foll owing web page s are used with the Sy slog featur e. Figure 105. Log - Syslog Co nfigur ation Pa ge Figure 106. Buffer ed Log Configuratio n Page[...]

  • Страница 172

    172 © 2001- 2008 D -Link Corp oration. Al l Rights Reserved. Wired Config uration Guide Figure 107. Log - Host s Co nfigur at ion Page - Add Host Figure 108. Log - Hosts Co nf igu ration Page[...]

  • Страница 173

    CLI E xam ple 173 28 Port Description The P ort D esc ri ptio n feat ure lets y ou s pe cif y an al pha num eric in ter face id en ti fier that can b e used for SNMP network manag ement. CLI Example Use the c ommands shown below for th e Port Descr iption fe ature. Example #1: Enter a Description for a Port This exam ple spec ifies the n ame “T e[...]

  • Страница 174

    174 © 2001- 2008 D -Link Corp oration. Al l Rights Reserved. Wired Config uration Guide Configuring Port Description wi th the W eb Interface Use t he fol low ing W eb s cre en to e nte r Port Des cr ipt ion in for matio n. Figure 109. Port Configur at io n Screen - Set Port Description[...]