Home » D-Link Manuals » Hubs & Switches » D-Link DGS-3200-16 » Manual Viewer

D-Link DGS-3200-16 User Manual

D-Link DGS-3200-16 - Switch - Stackable Manual

UPC - 790069312007

View all D-Link DGS-3200-16 manuals

Add to My Manuals
Save this manual to your list of manuals

D-Link DGS-3200-16 manual content summary:

D-Link DGS-3200-16 | User Manual - Page 1
Manual Product Model: xStack® DGS-3200 Series Layer 2 Managed Gigabit Ethernet Switch Release 1.35
D-Link DGS-3200-16 | User Manual - Page 2
. Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products. D-Link Computer Corporation disclaims any proprietary interest in trademarks and trade names other than its own. April 2009 P/N 651GS32XX025G
D-Link DGS-3200-16 | User Manual - Page 3
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Table of Contents Intended Readers...ix Typographical Conventions ...ix Notes, Notices, and Cautions ...x Safety Cautions ...x General Precautions for Rack-Mountable Products ...xi Lithium Battery Precaution...
D-Link DGS-3200-16 | User Manual - Page 4
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Telnet Settings...23 Password Encryption...23 CLI Paging Settings ...24 Firmware Information ...24 Power Saving Settings...25 Dual Configuration Settings...26 SMTP Settings ...27 Ping Test ...28 SNTP Settings ...29 Time Settings ...29
D-Link DGS-3200-16 | User Manual - Page 5
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Traffic Segmentation...70 IGMP Snooping ...70 IGMP Snooping Settings ...70 Data Driven Learning Settings...71 ISM VLAN Settings...72 Restrictions and Provisos...72 ISM Profile Settings...73 IP Multicast Profile Settings ...73 Limited
D-Link DGS-3200-16 | User Manual - Page 6
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Guest VLAN ...107 802.1X (Port-Based and Host-Based Access 120 SSH Configuration...120 SSH Authmode and Algorithm Settings ...121 SSH User Authentication Mode...123 Access Authentication Control...124 Authentication Policy and Parameter
D-Link DGS-3200-16 | User Manual - Page 7
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Access Profile List ...149 CPU Access Profile List... Table ...209 System Log ...210 MAC-based Access Control Authentication State ...211 Save Services and Tools...212 Save Configuration ID 1 ...212 Save Configuration ID 2 ...213 Save
D-Link DGS-3200-16 | User Manual - Page 8
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Download Firmware...215 Reboot System ...215 Appendix A - Mitigating ARP Spoofing Attacks Using Packet Content ACL 216 Appendix B - Switch Log Entries...223 Appendix C - Trap Logs ...234 Appendix D - Password Recovery Procedure 237
D-Link DGS-3200-16 | User Manual - Page 9
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Intended Readers The DGS-3200 Series Manual contains information for setup and management of the Switch. This manual that must be typed exactly as printed in Font the manual. Initial capital letter Indicates a window name. Names of
D-Link DGS-3200-16 | User Manual - Page 10
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Notes, Notices, and Cautions A NOTE indicates important information that helps make better use of the device. A NOTICE indicates either potential damage to hardware or loss of data and tells how to avoid the problem. A CAUTION indicates
D-Link DGS-3200-16 | User Manual - Page 11
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch • Do not push or uninterruptible power supply (UPS). • Position system cables and power cables carefully; route cables so that they cannot be stepped on or tripped over. Be sure well as to various peripherals or supporting hardware. xi
D-Link DGS-3200-16 | User Manual - Page 12
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch • Do not step on or stand on any component when servicing other components in a rack. NOTE: A qualified electrician must is omitted or disconnected. CAUTION: When mounting the Switch on a cement wall, a proper concrete sleeve anchor should
D-Link DGS-3200-16 | User Manual - Page 13
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Lithium Battery Precaution CAUTION: Incorrectly replacing the lithium battery of the Switch may cause the battery to explode. Replace this battery only with the same or equivalent type recommended by the manufacturer. Discard used
D-Link DGS-3200-16 | User Manual - Page 14
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Section 1 Web-based Switch Configuration Introduction Logging onto the Web Manager Web-Based User Interface Introduction All software functions of the Switch can be managed, configured, and monitored via the embedded web-based (HTML)
D-Link DGS-3200-16 | User Manual - Page 15
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Web-based User Interface The user interface provides access to various Switch configuration and management windows, allows the user to view performance statistics, and permits graphical monitoring of the system status. Areas of the User
D-Link DGS-3200-16 | User Manual - Page 16
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Web Pages When connecting to the management mode of the Switch with a web browser, a login screen is displayed. Enter a user name and password to access the Switch's management mode. Below is a list of the folders and windows available
D-Link DGS-3200-16 | User Manual - Page 17
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Section 2 Configuration Device Information System Information Serial Port Settings IP Address IPv6 Interface Settings IPv6 Route Table IPv6 Neighbor Settings Port Configuration Static ARP Settings User Accounts System Log Configuration
D-Link DGS-3200-16 | User Manual - Page 18
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 2- 1. Device Information window System Information The user can enter a System Name, System Location, and System Contact to aid in defining the Switch. To view the following window, click Configuration > System Information:
D-Link DGS-3200-16 | User Manual - Page 19
default setting is 10 mins. Click Apply to implement changes made. IP Address The IP address may initially be set using the console interface prior to connecting to it through the Ethernet. If the Switch IP address has not yet been changed, read the introduction of the DGS-3200 Series CLI Manual
D-Link DGS-3200-16 | User Manual - Page 20
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch NOTE: The Switch's factory default IP address is 10.90.90.90 with a subnet mask of 255.0.0.0 and a default gateway of 0.0.0.0. To use the DHCP or BOOTP protocols to assign the Switch an IP address, subnet mask, and default gateway
D-Link DGS-3200-16 | User Manual - Page 21
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Setting the Switch's IP Address using the Console Interface Each Switch must be assigned its own IP Address, which is used for communication with an SNMP network manager or other TCP/IP application (for example BOOTP, TFTP). The Switch
D-Link DGS-3200-16 | User Manual - Page 22
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch The default is zero. Automatic Link Toggle Default Gateway Enter the IPv6 address of the default gateway. Active This read-only field indicates the status of this entry. IPv6 Route Table The user can configure the Switch's IPv6 Route
D-Link DGS-3200-16 | User Manual - Page 23
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch IPv6 Neighbor Settings The user can configure the Switch's IPv6 neighbor settings. The Switch for all the current interfaces on the Switch, go to the second Interface Name Address Link Layer MAC Enter the link layer MAC address. Address State
D-Link DGS-3200-16 | User Manual - Page 24
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch -negotiation between 10 and 100 Switch allows the user to configure three types of gigabit connections; 1000M Full_Master, 1000M Full_Slave, and 1000M Full. Gigabit connections only support in a link down status default is Disabled. 11
D-Link DGS-3200-16 | User Manual - Page 25
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Address Learning Medium Type Enable or disable MAC address learning for the selected ports. When Enabled, destination and source MAC addresses are automatically listed in
D-Link DGS-3200-16 | User Manual - Page 26
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Port State Connection Status Reason Describes the current ARP Aging Time The ARP entry age-out time, in seconds. The default is 20 minutes. (0-65535) IP Address The IP address of the ARP entry. MAC Address The MAC address of the
D-Link DGS-3200-16 | User Manual - Page 27
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch User Accounts The Switch allows the control of user privileges. To view the following window, click Configuration > User Accounts: Figure 2- 13. User Accounts window To add a new user, type in a User Name and New Password and retype the
D-Link DGS-3200-16 | User Manual - Page 28
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Management Admin Configuration Yes Network Monitoring Yes Community Strings and Trap Stations Yes Update Firmware and Configuration Files Yes System Utilities Yes Factory Reset Yes User Account Management Add/Update/
D-Link DGS-3200-16 | User Manual - Page 29
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch System Log Host The Switch can send Syslog messages to up to four designated servers using the System Log Server. To view the following window, click Configuration > System Log Configuration > System Log Host: Figure 2- 16. System Log
D-Link DGS-3200-16 | User Manual - Page 30
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Description System Severity Severity Level Choose how the alerts are used from the drop-down menu. Select Log to send the alert of the Severity Type configured to the Switch's log for analysis. Choose Trap to send it to an
D-Link DGS-3200-16 | User Manual - Page 31
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch DHCP Relay Agent Information Option 82 State This field can be toggled between Enabled and Disabled using the pull-down menu. It is used to enable or disable the DHCP Relay Agent Information Option 82 on the Switch. The default of IP
D-Link DGS-3200-16 | User Manual - Page 32
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch The Implementation of DHCP Relay Agent Information Option 82 The config dhcp_relay option_82 command configures the DHCP relay agent information option 82 setting of the Switch. The formats for the circuit ID sub-option and the remote
D-Link DGS-3200-16 | User Manual - Page 33
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch DHCP/BOOTP Relay Interface Settings Users can set up a server, by IP address, for relaying DHCP/BOOTP information to the Switch. The user may enter a previously configured IP interface on the Switch that will be connected directly to
D-Link DGS-3200-16 | User Manual - Page 34
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Description DHCP Local Relay Global State Enable or disable the DHCP Local Relay Global State. The default is Disabled. VLAN Name This is the VLAN Name that identifies the VLAN the user wishes to apply the DHCP Local
D-Link DGS-3200-16 | User Manual - Page 35
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch MAC Address Aging Time Users can configure the MAC Address aging time on the Switch. To view the following window, click Configuration > MAC Address Aging Time: Figure 2 - 23. MAC Address Aging Time window Enter a value between 10 and
D-Link DGS-3200-16 | User Manual - Page 36
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Telnet Settings Users can configure Telnet Settings on the Switch. To view the default. If you do not want to allow configuration of the system through Telnet choose Disabled. The TCP port number used for Telnet management of the Switch
D-Link DGS-3200-16 | User Manual - Page 37
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch CLI Paging Settings Users can stop the scrolling of multiple pages beyond the limits of the console when using the Command Line Interface. To view the following window, click
D-Link DGS-3200-16 | User Manual - Page 38
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch From User States the IP address of the origin of the firmware. There are five ways firmware may be downloaded to the Switch. Boot-up files are denoted by an asterisk (*) next to the file. R - If the IP address has this letter attached
D-Link DGS-3200-16 | User Manual - Page 39
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Dual Configuration Settings Users can display dual configuration settings on the Switch. The Switch allows two firmware images to be stored in its memory and either can be configured to be the boot-up firmware for the Switch. The user
D-Link DGS-3200-16 | User Manual - Page 40
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch SMTP Settings SMTP or Simple Mail Transfer Protocol is a function of the Switch that will send switch events to mail recipients based on e-mail addresses entered in the window below. The Switch is to be configured as a client of SMTP
D-Link DGS-3200-16 | User Manual - Page 41
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Ping Test Users can Ping either an IPv4 address or an IPv6 address. Ping is a small program that sends ICMP Echo packets to the IP address you specify. The destination node then responds to or "echoes" the packets sent from the Switch.
D-Link DGS-3200-16 | User Manual - Page 42
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch SNTP Settings SNTP or Simple Network Time Protocol is used by the Switch to synchronize the clock of the computer. The SNTP Settings folder contains two windows: Time Settings and TimeZone Settings. Time Settings Users can configure the
D-Link DGS-3200-16 | User Manual - Page 43
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch TimeZone Settings Users can configure time zones and Daylight Savings Time settings for SNTP. To view the following window, click Configuration > SNTP Settings > TimeZone Settings: Figure 2 - 34. TimeZone
D-Link DGS-3200-16 | User Manual - Page 44
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch To: Month Enter the month that DST will end. modified: Parameter Description State Enable or disable MAC notification globally on the Switch Interval (1-2147483647 sec) The time in seconds between notifications. History Size
D-Link DGS-3200-16 | User Manual - Page 45
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch MAC Notification Port Settings Users can set MAC notification for individual ports on the Switch settings for a port or group of ports on the Switch, configure the following parameters. Parameter Description From Port Select
D-Link DGS-3200-16 | User Manual - Page 46
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch SNMP Settings Simple Network Management Protocol (SNMP) proper operation, monitor performance and detect potential problems in the Switch, switch group or network. Managed devices that support SNMP include software (referred to as an
D-Link DGS-3200-16 | User Manual - Page 47
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch SNMP Global State Settings SNMP global state State Settings window Click the Apply button to let your change take effect. SNMP View Table Users can assign views to community strings that define which MIB objects can be accessed by a
D-Link DGS-3200-16 | User Manual - Page 48
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch SNMP Group Table An SNMP Group created with this table maps SNMP users (identified in the SNMP User Table) to the views created in the previous window. To view the following window, click Configuration > SNMP Settings > SNMP Group Table
D-Link DGS-3200-16 | User Manual - Page 49
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch SNMP User Table This window displays all of the SNMP User's currently configured on the Switch. To view the following window, click Configuration > SNMP User Table: Figure 2 - 40. SNMP User Table window To delete an existing SNMP User
D-Link DGS-3200-16 | User Manual - Page 50
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch SNMP Community Table Users can create an SNMP community string to define the relationship between the SNMP manager and an agent. The community string acts like a password to permit access to the agent on the Switch. One or more of the
D-Link DGS-3200-16 | User Manual - Page 51
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch SNMP Host Table Users can set up SNMP trap recipients for IPv4. To view the following window, click Configuration > SNMP Settings > SNMP Host Table: Figure 2 - 42. SNMP Host Table window To add a new entry to the Switch's SNMP Host
D-Link DGS-3200-16 | User Manual - Page 52
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch SNMP v6Host Table Users can set up SNMP trap recipients for IPv6. To view the following window, click Configuration > SNMP Settings > SNMP v6Host Table: Figure 2 - 43. SNMP v6Host Table window To add a new entry to the Switch's SNMP
D-Link DGS-3200-16 | User Manual - Page 53
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch SNMP Engine ID The Engine ID is a unique identifier used for SNMP V3 implementations on the Switch. To view the following window, click Configuration > SNMP Settings > SNMP Engine ID: Figure 2 - 44. SNMP Engine ID window To change the
D-Link DGS-3200-16 | User Manual - Page 54
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Single IP Management Simply put, D-Link Single IP Management is a concept that will stack switches together over Ethernet instead of using stacking ports or modules. There are some advantages in implementing the "Single IP Management"
D-Link DGS-3200-16 | User Manual - Page 55
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch • A MS can become a CaS by: • Being configured as a CaS through the CS. • If report packets from the CS to the MS time out. • The user can manually configure a CaS to become a CS • The CaS can be configured through the CS to become a MS
D-Link DGS-3200-16 | User Manual - Page 56
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Single IP Settings The Switch is set as a Candidate (CaS) as the factory default configuration and Single IP Management is disabled. To enable SIM for the Switch using the Web interface, click Configuration > Single IP Management > SIM
D-Link DGS-3200-16 | User Manual - Page 57
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Topology Figure 2 - 49. Single IP Settings window for Commander (enabled) This window will be used to configure and manage the Switch within the SIM group and requires Java script to function properly on your computer. The Java
D-Link DGS-3200-16 | User Manual - Page 58
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch CS will have no entry in this field. refresh itself periodically (20 seconds by default). Figure 2 - 51. Topology View window This window will display how the devices within the Single IP Management Group connect to other groups and
D-Link DGS-3200-16 | User Manual - Page 59
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Member switch of other group Layer 2 candidate switch Layer 3 candidate switch Unknown device Non-SIM devices Tool Tips In the Topology view window, the mouse plays an important role in configuration and in viewing device information.
D-Link DGS-3200-16 | User Manual - Page 60
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 2 - 53. Port Speed Utilizing the Tool Tip Right-Click Right-clicking on a device will allow the user to perform various functions, depending on the role of the Switch in the SIM group and the icon associated with it. Group Icon
D-Link DGS-3200-16 | User Manual - Page 61
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Device Name Module Name MAC Address Remote Port No. Local Port No. Port Speed Figure 2 - 55. Property window Description This field will display the Device Name of the switches in the SIM group configured by the user. If no
D-Link DGS-3200-16 | User Manual - Page 62
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Member Switch Icon Figure 2 - 57. Right-Clicking a Member icon The following options may appear for the user to configure: • Collapse - To collapse the group that will be represented by a single icon. • Expand - To expand the SIM group,
D-Link DGS-3200-16 | User Manual - Page 63
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Menu Bar The Single IP Management window contains a menu this option will reveal the following dialog box for the user to enter a password for authentication from the Candidate Switch before being added to the SIM group. Click OK to
D-Link DGS-3200-16 | User Manual - Page 64
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Firmware Upgrade The Commander Switch may be used for firmware upgrades of member switches. Member Switches will be listed in the table and will be specified by Port (port on the CS where the MS resides), MAC Address, Model Name and
D-Link DGS-3200-16 | User Manual - Page 65
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Section 3 Layer 2 Features Jumbo Frame Egress Filter Settings 802.1Q VLAN 802.1V Protocol VLAN MAC Based VLAN Settings GVRP Settings PVID Auto Assign Settings
D-Link DGS-3200-16 | User Manual - Page 66
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Egress Filter Settings Users can configure an egress filter on specific ports for unknown unicast and unregistered multicast packets. The Switch drops all unknown unicast/multicast intended to alleviate problems associated with the
D-Link DGS-3200-16 | User Manual - Page 67
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch VLAN Description A Virtual Local Area Network (VLAN) is a network topology configured according to a logical scheme rather than the physical layout. VLANs can be used to combine any collection of LAN segments into an autonomous user
D-Link DGS-3200-16 | User Manual - Page 68
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch • Forwarding rules between ports - decides whether to for encapsulating Token Ring packets so they can be carried across Ethernet backbones), and 12 bits of VLAN ID (VID). The 3 bits of user priority are used by 802.1p. The VID is the
D-Link DGS-3200-16 | User Manual - Page 69
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 3 - 4. IEEE 802.1Q Tag The EtherType and VLAN ID are inserted after the MAC source address, but before the original EtherType/Length or Logical Link Control. Because the packet is now a bit longer than it was originally, the
D-Link DGS-3200-16 | User Manual - Page 70
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Tagged packets are forwarded according to the VID contained within the tag. Tagged packets are also assigned a PVID, but the PVID is not used to make packet-forwarding decisions, the VID is. Tag-aware switches must keep a table to
D-Link DGS-3200-16 | User Manual - Page 71
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch VLAN Name VID Switch Ports System (default) 1 5, 6, 7 Engineering 2 9, 10 Sales 5 1, 2, 3, 4 Port-based VLANs Table 3 - 1. VLAN Example - Assigned Ports Port-based VLANs limit traffic that flows into and out of switch
D-Link DGS-3200-16 | User Manual - Page 72
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch The VLAN List tab lists all previously configured outside sources, notifying that they may join the existing VLAN. Shows all ports of the Switch for the ٛ onfiguration option. Specifies the port as 802.1Q tagging. Clicking the radio
D-Link DGS-3200-16 | User Manual - Page 73
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 3 - 8. Find VLAN tab of the 802.1Q VLAN window that can be added, deleted or configured. Advertisement Enabling this function will allow the Switch to send out GVRP packets to outside sources, notifying that they may join the
D-Link DGS-3200-16 | User Manual - Page 74
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Untagged Specifies the port as 802.1Q untagged. Use the drop-down menu to designate the -down menu to designate the port as forbidden. Click Apply to implement changes made. NOTE: The Switch supports up to 4k static VLAN entries. 61
D-Link DGS-3200-16 | User Manual - Page 75
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch 802.1v Protocol VLAN The 802.1v Protocol VLAN folder contains two windows: 802.1v Protocol Group Settings and 802.1v Protocol VLAN Settings. 802.1v Protocol Group Settings The user can create Protocol VLAN groups and add protocols to
D-Link DGS-3200-16 | User Manual - Page 76
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 3 - 11. 802.1v Protocol VLAN Settings ID, identifies the VLAN the user wishes to create. This parameter is specified if you want to re-write the 802.1p default priority previously set in the Switch, which is used to determine
D-Link DGS-3200-16 | User Manual - Page 77
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch MAC Based VLAN Settings Users can create new MAC-based VLAN entries and search, edit, and delete existing entries. When an entry is created for a port, the port will automatically
D-Link DGS-3200-16 | User Manual - Page 78
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Description From Port This drop- to dynamically become a member of a VLAN. GVRP is Disabled by default. Ingress Checking This drop-down menu allows the user to enable the port to compare the VID tag of an incoming packet
D-Link DGS-3200-16 | User Manual - Page 79
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Trunking Understanding Port Trunk Groups Port trunk groups are used to combine a number of ports together to make a single high-bandwidth data pipeline. The Switch supports up to five port trunk groups with two to eight ports in each
D-Link DGS-3200-16 | User Manual - Page 80
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch The Switch allows the creation of up to five link aggregation groups, each group consisting of 2 to 8 links (ports). The (optional) Gigabit ports can only belong to a single link aggregation group. All of the ports in the group must be
D-Link DGS-3200-16 | User Manual - Page 81
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch VLAN Trunk Settings Enable VLAN on a port L2 Features > VLAN Trunk Settings: Figure 3 - 17. VLAN Trunk Settings window The user-changeable parameters are as follows: Parameter Description VLAN Trunk Global Enable or disable the VLAN
D-Link DGS-3200-16 | User Manual - Page 82
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch LACP Port Settings In conjunction with the Trunking window, users can create port trunking groups on the Switch. Using the following window, the user to negotiate the aggregated link so the group may must support LACP. Passive - LACP ports
D-Link DGS-3200-16 | User Manual - Page 83
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Traffic Segmentation Traffic segmentation is used to limit the device to the IGMP host or vice versa. The Switch monitors IGMP messages and discontinues forwarding multicast packets when there are no longer hosts requesting that they
D-Link DGS-3200-16 | User Manual - Page 84
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch The following parameters may be viewed or modified: Parameter Description VID (VLAN ID) This is the VLAN ID that, along with the VLAN Name, identifies the VLAN the user wishes to modify the IGMP Snooping Settings for. VLAN Name
D-Link DGS-3200-16 | User Manual - Page 85
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Parameter VLAN Name VID List State Age Out . 6. One IP multicast address cannot be added to multiple ISM VLANs, yet multiple Ranges can be added to one ISM VLAN. Users can create and configure multicast VLANs for the Switch. To view
D-Link DGS-3200-16 | User Manual - Page 86
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Parameter ISM VLAN Global State VLAN Name State Member Port (e.g.: 1-4, 6) Tagged Member Port VID (2-4094) Replace Source IP Source Port (e.g.: 1-4, 6) Description Enable or disable the IGMP Snooping Multicast (ISM) VLAN Global State.
D-Link DGS-3200-16 | User Manual - Page 87
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 3 - 24. IP Multicast Profile Settings window The following fields can be set: Parameter Description Profile ID Profile Name Enter a Profile ID between 1 and 24. Enter a name for the IP Multicast Profile. To change an entry
D-Link DGS-3200-16 | User Manual - Page 88
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch To add a new range, enter the appropriate information and then click Add. To delete an entry, enter the information and click Delete. Max Multicast Group Settings Users can configure the ports on the switch that will be a part of the
D-Link DGS-3200-16 | User Manual - Page 89
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch 4. Multicast Listener Report, Version 2 - Comparable to the Host Membership Report in IGMPv3, and labeled as 143 in the ICMP packet header, this message is sent by the listening port to the Switch stating that it is interested in
D-Link DGS-3200-16 | User Manual - Page 90
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Port Mirroring The Switch This is useful for network monitoring and troubleshooting purposes. To view the following window, a 10 Mbps port, this can cause throughput problems. The port you are copying frames from should always support an
D-Link DGS-3200-16 | User Manual - Page 91
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Loopback Detection Settings The Loopback Detection function is used to detect the loop created by a specific port. This feature is used to temporarily shutdown a port on the Switch time. The user may enable or default is Disabled. Mode Use
D-Link DGS-3200-16 | User Manual - Page 92
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Trap Status Interval (1-32767) Recover Time (0 or 601000000) From Port To Port State Set the desired trap status: None, Loop Detected, Loop Cleared, or Both. Set a Loopdetect Interval between 1 and 32767 seconds. The default is 10
D-Link DGS-3200-16 | User Manual - Page 93
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch The IEEE 802.1D-2004 Rapid Spanning Tree Protocol (RSTP) evolved from the 802.1D-1998 STP standard. RSTP was developed in order to overcome some limitations of STP that impede the function of some recent switching links manually
D-Link DGS-3200-16 | User Manual - Page 94
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch STP Bridge Global Settings Use the STP Status Tree > STP Bridge Global Settings: Figure 3 - 32. STP Bridge Global Settings window - RSTP (default) Figure 3 - 33. STP Bridge Global Settings window - MSTP Figure 3 - 34. STP Bridge Global
D-Link DGS-3200-16 | User Manual - Page 95
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Description STP Status STP Version Forwarding BPDU Bridge Max Age (6 - 40) Bridge Hello Time (1 - 2) Bridge Forward Delay (4 - 30) Tx Hold Count (1-10) Max Hops (6-40) Use the radio button to globally enable or disable STP
D-Link DGS-3200-16 | User Manual - Page 96
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 3 - 35. STP Port Settings window It is advisable to define an STP Group to correspond to a VLAN group of ports. The following STP Port
D-Link DGS-3200-16 | User Manual - Page 97
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Restricted Role Hello Time (sec) received, MSTP. The default value is 2. Click Apply to implement changes made. MST Configuration Identification This window allows the user to configure a MSTI instance on the Switch. These settings
D-Link DGS-3200-16 | User Manual - Page 98
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch STP Instance Settings This window displays MSTIs currently set on the Switch and allows users to MSTI ID in this field. An entry of 0 denotes the CIST (default MSTI). Priority Enter the priority in this field. The available range of
D-Link DGS-3200-16 | User Manual - Page 99
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch menu to select a Priority. The user may configure the following parameters: Parameter in this field denotes the CIST (default MSTI). This parameter is set to parameter will set the quickest route automatically and optimally for an
D-Link DGS-3200-16 | User Manual - Page 100
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Forwarding & Filtering The Forwarding & Filtering folder contains three windows: Unicast Forwarding, Multicast Forwarding, and Multicast Filtering Mode. Unicast Forwarding Users can set up unicast forwarding on the Switch. To view the
D-Link DGS-3200-16 | User Manual - Page 101
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Description VID Multicast MAC Address Port The VLAN ID of the VLAN the corresponding MAC address belongs to. The static destination MAC address of the multicast packets. This must be a multicast MAC address. Allows the
D-Link DGS-3200-16 | User Manual - Page 102
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch QoS Bandwidth Control Traffic Control 802.p Default Priority 802.1p User Priority QoS Scheduling Mechanism Section 4 QoS is an implementation of the IEEE 802.1p standard that allows network administrators a method of reserving
D-Link DGS-3200-16 | User Manual - Page 103
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch see if it has the proper identifying tag. Then the user may forward these tagged packets to designated classes of service on the Switch where they will be emptied, based on priority. For example, let's say a user wishes to have a video
D-Link DGS-3200-16 | User Manual - Page 104
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Bandwidth Control The bandwidth control settings are allows the input of the data rate that will be the limit for the selected port. The user may choose a rate between 64 and 1024000 Kbits per second. Effective RX If a RADIUS server
D-Link DGS-3200-16 | User Manual - Page 105
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Traffic Control On a computer network, packets such as Multicast packets and Broadcast threshold levels provided by the user. Once a packet storm has been detected, the Switch will drop packets coming into the Switch until the storm has
D-Link DGS-3200-16 | User Manual - Page 106
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch and is no longer operational until the user manually resets the port using the Port Settings window (Configuration > Port Configuration> Port Settings). Choosing this option obligates the user to configure the Time Interval setting as
D-Link DGS-3200-16 | User Manual - Page 107
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch 802.1p Default Priority The Switch allows the assignment of a default 802.1p priority to each port on the Switch. To view the following window, click QoS > 802.1p Default Priority: Figure 4 - 4. 802.1p Default Priority window This page
D-Link DGS-3200-16 | User Manual - Page 108
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch QoS Scheduling Mechanism The Scheduling Mechanism drop-down menu allows a selection between a Weight Fair and a Strict mechanism for emptying the priority classes. To view the
D-Link DGS-3200-16 | User Manual - Page 109
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Security Safeguard Engine Trusted Host IP-MAC-Port Binding Engine has two operating modes that can be configured by the user, Strict and Fuzzy. In Strict mode, when the Switch either (a) receives too many packets to process or (b)
D-Link DGS-3200-16 | User Manual - Page 110
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 5 - 1. Safeguard Engine example For every consecutive checking interval that reveals a packet flooding issue, the Switch will double the time it will discard ingress ARP and IP broadcast packets and packets from untrusted IP
D-Link DGS-3200-16 | User Manual - Page 111
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Safeguard Engine State Rising Threshold (20% - 100%) Falling Threshold (20% - 100%) Trap / Log Mode Description Use the radio button to globally enable or disable Safeguard Engine settings for the Switch. Used to configure
D-Link DGS-3200-16 | User Manual - Page 112
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch IP-MAC-Port Binding The IP network layer uses a four-byte address. The Ethernet link user tries to access an IP-MAC binding enabled port, the system will block the access by dropping its packet. For the xStack® DGS3200 Series of switches
D-Link DGS-3200-16 | User Manual - Page 113
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 5 - 5. IMP Port Settings window The following fields can be set or modified: Parameter Description From Port/To Port Select a range of ports to set for IP If the user selects loose mode, ARP packets and IP broadcast packets
D-Link DGS-3200-16 | User Manual - Page 114
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch IMP Entry Settings This table is used to create static IP-MAC-binding port entries and view all IMP entries on the Switch. Click Find to search for an entry. Click View All for the table to display all entries and click Delete All to
D-Link DGS-3200-16 | User Manual - Page 115
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Description Port Use the drop-down menu to All for the table to display all entries. To view the following window, click Security > IP-MAC-Port Binding > MAC Block List: Figure 5 - 8. MAC Block List window The following
D-Link DGS-3200-16 | User Manual - Page 116
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch be configured. This pull-down menu allows the user to enable or disable Port Security (locked MAC Switch, for the selected group of ports. The options are: Permanent - The locked addresses will only age out after the Switch has been reset
D-Link DGS-3200-16 | User Manual - Page 117
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Port Lock Entries Users can remove an entry from the port security entries learned by the Switch and entered into the forwarding database. To view the following window, click Security > Port Security > Port Lock Entries: Figure 5 - 10.
D-Link DGS-3200-16 | User Manual - Page 118
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch DHCP Server Screening The DHCP Server Screening folder contains two windows: DHCP Screening Port Settings and DHCP Offer Filtering. DHCP Screening Port Settings The Switch supports The default is Disabled function allows the user to not
D-Link DGS-3200-16 | User Manual - Page 119
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 5 - 12. DHCP Offer Filtering window The user may set the following parameters: Parameter Description Server IP Address The IP address of the DHCP server to be filtered. Client's MAC Address The MAC address of the DHCP
D-Link DGS-3200-16 | User Manual - Page 120
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Guest VLAN On 802.1X security-enabled networks, there is a need for non802.1X supported 14. Guest VLAN window Remember, to set an 802.1X guest VLAN, the user must first configure a normal VLAN, which can be enabled here for guest VLAN
D-Link DGS-3200-16 | User Manual - Page 121
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch .1X standard is a security measure for authorizing and authenticating users to gain access to various wired or wireless devices on and working Access Control security method. Figure 5 - 16. The three roles of 802.1X The following section
D-Link DGS-3200-16 | User Manual - Page 122
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Authentication Server The Authentication Server is a remote device that is connected to the same network as the Client and Authenticator, must be running a RADIUS Server
D-Link DGS-3200-16 | User Manual - Page 123
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Client The Client is simply the endstation that wishes to gain access to the LAN or switch services. All endstations must be running software that is compliant with the 802.1X protocol. For users running Windows XP and Windows Vista,
D-Link DGS-3200-16 | User Manual - Page 124
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Understanding 802.1X Port-based and Port detects events that indicate the attachment of an active device at the remote end of the link, or an active device becoming inactive. These events can be used to control the authorization state
D-Link DGS-3200-16 | User Manual - Page 125
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Host-Based Network Access Control Ethernet Switch RADIUS Server with the LAN via the Switch. The 802.1X folder contains seven windows (depending on the current 802.1X) settings: 802.1X Settings, 802.1X User, Initialize Port(s) (Port
D-Link DGS-3200-16 | User Manual - Page 126
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 5 - 23. 802.1X Settings window Use the From Port and To Port drop-down menus to configure the settings by port(s): This window allows
D-Link DGS-3200-16 | User Manual - Page 127
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch attempts by the client to authenticate. The Switch cannot provide authentication services to the client through the interface. If Auto is selected, it will enable 802.1X and cause the port to begin in the unauthorized state,
D-Link DGS-3200-16 | User Manual - Page 128
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Initialize Port(s) Existing 802.1X port and host settings are displayed and can be configured using the two windows below. To initialize ports for the port side of 802.1X, the user must first enable 802.1X by port in the 802.1X Settings
D-Link DGS-3200-16 | User Manual - Page 129
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Reauthenticate Port(s) Users can display and configure reauthenticate ports for 802.1X port and host using the two windows below. To reauthenticate ports for the port side of 802.1X, the user Figure 5 - 28. Reauthenticate Port(s)
D-Link DGS-3200-16 | User Manual - Page 130
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Authentic RADIUS Server The RADIUS feature of the Switch allows the user to facilitate centralized user administration as well as providing protection against a sniffing, active hacker. The Web manager offers three windows. To view the
D-Link DGS-3200-16 | User Manual - Page 131
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch SSL Settings Secure Sockets Layer, or SSL, is a security feature that will provide a secure communication path between a host and client through the use of authentication,
D-Link DGS-3200-16 | User Manual - Page 132
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 5 - 30. SSL Settings window To set up the SSL function on the Switch, configure the parameters in the SSL Settings section described below and click Apply. To set up the SSL ciphersuite function on the Switch, configure the
D-Link DGS-3200-16 | User Manual - Page 133
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Key File Name Enter the path and the filename of SSH Client on a remote PC can be configured to manage the Switch using a secure, in band connection. SSH Configuration Users can configure and view settings for the SSH server. To view
D-Link DGS-3200-16 | User Manual - Page 134
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 5 - 31. SSH Configuration window To configure the SSH server on the Switch, modify the following parameters and click Apply: Parameter Description SSH Server Status Use the radio buttons to enable or disable SSH on the
D-Link DGS-3200-16 | User Manual - Page 135
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch authentication. This parameter is intended for Linux users requiring SSH authentication techniques and the host Authentication Code) mechanism utilizing the Secure Hash algorithm. The default is enabled. Use the check box to enable or
D-Link DGS-3200-16 | User Manual - Page 136
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch SSH User Authentication Mode Users can configure parameters for users attempting to access the Switch through SSH. To view the following window, click Security > SSH > SSH User Authentication Mode: Figure 5 - 33. SSH User
D-Link DGS-3200-16 | User Manual - Page 137
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Access Authentication Control The TACACS / XTACACS / TACACS+ / RADIUS commands allow users to secure access to the Switch using the TACACS / XTACACS / TACACS+ / RADIUS protocols. When a user logs in to the Switch or tries to access the
D-Link DGS-3200-16 | User Manual - Page 138
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Authentication Policy and Parameter Settings Users can enable an administrator-defined authentication policy for users trying to access the Switch. When enabled, the device will check the Login Method List and choose a technique for
D-Link DGS-3200-16 | User Manual - Page 139
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Enable Method List section, for more information. Using the pull-down menu, configure an application for normal login on the user level, utilizing a previously configured method list. The user may use the default Method List or other
D-Link DGS-3200-16 | User Manual - Page 140
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 5 - 37. Edit Server Group tab of the Authentication Server Group window To add an Authentication Server Host to the list, enter its name in the Group Name field, IP address in the IP maximum supported number of server hosts is 16.
D-Link DGS-3200-16 | User Manual - Page 141
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 5 - 38. Authentication Server Host window Configure the following parameters to add an Authentication Server Host: Parameter Description IP Address Protocol The IP address of the remote server host to add. The protocol used
D-Link DGS-3200-16 | User Manual - Page 142
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Login Method Lists User-defined or default Login Method List of authentication techniques can be configured for users logging on to the Switch. The sequence of techniques implemented in this command will affect the authentication result
D-Link DGS-3200-16 | User Manual - Page 143
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Enable Method Lists Users can set up Method Lists to promote users with user level privileges to Administrator (Admin) level privileges using authentication methods on the Switch. Once a user acquires normal user level privileges on the
D-Link DGS-3200-16 | User Manual - Page 144
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Configure Local Enable Password Users can configure the locally enabled password for Enable Admin. When a user chooses the "local_enable" method to promote user level privileges to administrator privileges, he or she will be prompted to
D-Link DGS-3200-16 | User Manual - Page 145
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch MAC- RADIUS server authentication methods are supported. In MAC-based Access Control, MAC user information in a local be blocked. 4. Ports that have been enabled for Link Aggregation, Port Security, or GVRP authentication cannot be
D-Link DGS-3200-16 | User Manual - Page 146
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Description MBA Global State Toggle to globally enable or disable the MAC-based Access Control function on the Switch. Method Use this drop-down menu to choose the type of authentication to be used when authentication
D-Link DGS-3200-16 | User Manual - Page 147
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch MAC-based Access Control Local Settings Users can set a list of MAC addresses, along with their corresponding target VLAN, which will be authenticated for the Switch. Once a queried MAC address is matched in this window, it will be
D-Link DGS-3200-16 | User Manual - Page 148
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 5 - 45. Six Basic Steps in a Successful Web Authentication Process 135
D-Link DGS-3200-16 | User Manual - Page 149
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Conditions and Limitations 1. If the client is utilizing DHCP to attain an IP address, the authentication VLAN must provide a DHCP server or a DHCP relay function so that client may obtain an IP address. 2. Certain functions exist on
D-Link DGS-3200-16 | User Manual - Page 150
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Click Apply to implement changes made. NOTE: To enable the Web Authentication function, the redirection path field must have the URL of the website that users will be directed to once they enter the limited resource, pre-configured VLAN
D-Link DGS-3200-16 | User Manual - Page 151
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Confirmation Retype the password entered in the previous field. VLAN Name Click the button and enter a VLAN Name in this field. VLAN ID (1-4094) Click the button and enter a VID in this field. Config WAC User User Name Enter
D-Link DGS-3200-16 | User Manual - Page 152
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch port will never be checked. The default value is infinite. Block Time (0- Users can enable and configure Japanese Web-based Access Control on the Switch Switch. JWAC Configuration Virtual IP This parameter specifies the JWAC Virtual IP
D-Link DGS-3200-16 | User Manual - Page 153
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch correct response. NOTE: This IP does not respond to ARP requests or ICMP packets. HTTP(s) Port (165535) This parameter specifies the TCP port that the JWAC Switch Page. Redirect Delay Time (0-10) This parameter specifies the Delay
D-Link DGS-3200-16 | User Manual - Page 154
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Click Apply to implement changes made. JWAC Port Settings Users can configure JWAC port settings for the Switch Host (1-10) allowed on each port at the same time. The default value is 10. Enter a value between 1 and 10 attempts.
D-Link DGS-3200-16 | User Manual - Page 155
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch JWAC User Settings Users can configure JWAC user settings for the Switch. To view the following window, click Security > JWAC > JWAC User Settings: Figure 5 - 51. JWAC User Settings window To set the User Account settings for the JWAC
D-Link DGS-3200-16 | User Manual - Page 156
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch JWAC Customize Page Users can configure JWAC page settings for the Switch. To view supported by this Switch include 802.1X, MAC-based Access Control (MBAC), Web-based Access Control (WAC), Japan Web-based Access Control (JWAC), and IP
D-Link DGS-3200-16 | User Manual - Page 157
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Any (MAC, 802.1X or WAC) Mode Figure 5 - 54. Any (MAC, 802.1X or WAC) Mode In the diagram above the Switch port has been configured to allow clients to authenticate using 802.1X, MBAC, or WAC. When a client tries to connect to the
D-Link DGS-3200-16 | User Manual - Page 158
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch 802.1X & IMPB Mode Figure 5 - 56. 802.1X & IMPB Mode This mode adds an extra layer of security by checking the IP MAC-Binding Port Binding (IMPB) table before trying one of the supported authentication methods. The IMPB Table is used to
D-Link DGS-3200-16 | User Manual - Page 159
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch This mode adds an extra layer of security by checking the IP MAC-Binding Port Binding (IMPB) table before trying one of the supported authentication methods. The IMPB Table is used to create a 'white-list' that checks if the IP streams
D-Link DGS-3200-16 | User Manual - Page 160
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch can be enabled on a port at the same authentication method. When Host Based is selected, users are authenticated individually. Click Apply to implement the changes made. Guest VLAN Users can assign ports to or remove ports from
D-Link DGS-3200-16 | User Manual - Page 161
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch IGMP Access Control Settings (IGMP Authentication) Users can set IGMP authentication, otherwise known as IGMP access control, on individual ports on the Switch. When the Authentication State is Enabled, and the Switch receives an IGMP
D-Link DGS-3200-16 | User Manual - Page 162
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch ACL Access Profile List CPU Access Profile List Time Range Settings Section 6 Access Profile List Access profiles allow you to establish criteria to determine whether the Switch will forward packets based on the information contained
D-Link DGS-3200-16 | User Manual - Page 163
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 2. Add ACL Profile window for Ethernet ACL The following parameters can be set for the Ethernet destination MAC address. 802.1Q VLAN Selecting this option instructs the Switch to examine the 802.1Q VLAN identifier of each
D-Link DGS-3200-16 | User Manual - Page 164
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch To view the setting details for a created for the type of profile. Select Ethernet ACL to instruct the Switch to examine the layer 2 part of each packet header. Select IPv4 ACL to instruct the Switch to examine the IPv4 address in
D-Link DGS-3200-16 | User Manual - Page 165
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch 802.1Q VLAN Selecting this option instructs the Switch to examine the 802.1Q VLAN identifier of each packet header and use this as the full or partial criterion for forwarding. IPv4 DSCP Selecting this option instructs the Switch to
D-Link DGS-3200-16 | User Manual - Page 166
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 6. Add ACL Profile window for IPv6 The following parameters can be set for the IPv6 ACL type: Parameter Description Select Profile ID Select ACL
D-Link DGS-3200-16 | User Manual - Page 167
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch To view the setting details for a created for the type of profile. Select Ethernet ACL to instruct the Switch to examine the layer 2 part of each packet header. Select IPv4 ACL to instruct the Switch to examine the IPv4 address in
D-Link DGS-3200-16 | User Manual - Page 168
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Packet Content Allows users to examine up to four specified offset content mask profile can be created at a time. Use of the D-Link xStack switch family's advanced Packet Content Mask (also known as Packet Content Access Control
D-Link DGS-3200-16 | User Manual - Page 169
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 10. Access Rule List window for Ethernet you want to re-write the 802.1p default priority of a packet to the value entered 802.1p user priority re-written to its original value before being forwarded by the Switch. For more
D-Link DGS-3200-16 | User Manual - Page 170
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Replace DSCP (063) Select this option to instruct the Switch to user selects an Rx rate of 10 then the ingress rate is 640kbit/sec.) The user many select a value between 1 and 156249 or tick the No Limit check box. The default
D-Link DGS-3200-16 | User Manual - Page 171
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 14. Add Access Rule window for IPv4 To set the Access Rule for IP want to re-write the 802.1p default priority of a packet to the value the user to enter a DSCP value in the space provided, which will instruct the Switch to
D-Link DGS-3200-16 | User Manual - Page 172
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch check box. The default user will be presented with an error message and the access rule will not be configured. Ticking the All Ports check box will denote all ports on the Switch following window: Figure 6 - 16. Access Rule List window
D-Link DGS-3200-16 | User Manual - Page 173
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 17. service or real time service packets. Use this to limit Rx bandwidth for the profile being configured. This rate is implemented using the following equation: 1 value = 64kbit/sec. (ex. If the user selects an Rx rate of 10
D-Link DGS-3200-16 | User Manual - Page 174
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch rate is 640kbit/sec.) The user many select a value between 1 and 156249 or tick the No Limit check box. The default setting is No Limit. Time Range Name Tick the check box and enter the name of the Time Range settings that has been
D-Link DGS-3200-16 | User Manual - Page 175
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 20. Add Access Rule window for Packet Content To set the Access Rule for Packet Content, adjust the following parameters and click Apply. Parameter
D-Link DGS-3200-16 | User Manual - Page 176
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch 156249) rate is 640kbit/sec.) The user many select a value between 1 and 156249 or tick the No Limit check box. The default setting is No Limit. Time Range Name Tick the check box and enter the name of the Time Range settings that
D-Link DGS-3200-16 | User Manual - Page 177
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 22. CPU Access Profile List window This window displays the CPU Access Profile List entries created on the Switch The Switch supports four CPU Access Profile types: Ethernet (or MAC address-based) profile configuration, IP (
D-Link DGS-3200-16 | User Manual - Page 178
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Figure 6 - 23. Add CPU ACL Profile window for Ethernet Description Select Profile ID (1-5) Select ACL Type Source MAC Mask Destination MAC Mask 802.1Q VLAN 802.1p Ethernet Type Use the drop-down menu to select a unique
D-Link DGS-3200-16 | User Manual - Page 179
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch To view the settings of a previously correctly created profile, click the corresponding Show Details button on the CPU Access Profile List window to view the following window: Figure 6 - 24. CPU Access Profile Detail Information window
D-Link DGS-3200-16 | User Manual - Page 180
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch IPv4 DSCP Source IP Mask Destination IP Mask Protocol and use this as the, or part of the criterion for forwarding. Selecting this option instructs the Switch to examine the DiffServ Code part of each packet header and use this as the
D-Link DGS-3200-16 | User Manual - Page 181
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 27. Add CPU ACL Profile window for IPv6 The following parameters may be configured for the IPv6 filter. Parameter Select Profile ID Select ACL
D-Link DGS-3200-16 | User Manual - Page 182
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch To view the settings of a previously correctly created profile, click the corresponding Show Details button on the CPU Access Profile List window to view the following window: Figure 6 - 28. CPU Access Profile Detail Information window
D-Link DGS-3200-16 | User Manual - Page 183
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch specified: • 0-15 - Enter a value in hex form to mask the packet from the beginning of the packet to the 15th byte. • 16-31 - Enter a value in hex form to mask the packet from byte 16 to byte 31. • 32-47 - Enter a value in hex form to
D-Link DGS-3200-16 | User Manual - Page 184
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 32. Add Access Rule window for Ethernet To set the Access Rule for Ethernet, adjust the following parameters and click Apply. Parameter Description Access ID (1-100) Type in a unique identifier number for this access.
D-Link DGS-3200-16 | User Manual - Page 185
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch To establish the rule for a previously created CPU Access Profile: To configure the Access Rules for IP, open the CPU Access Profile List window and click Add/View Rules for an IP entry. This will open the following window. Figure 6 -
D-Link DGS-3200-16 | User Manual - Page 186
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Ports Ticking the All Ports check box will denote all ports on the Switch. rule for a previously created CPU Access Profile: To configure the Access Rules for IP, open the CPU Access Profile List window and click Add/View Rules for an
D-Link DGS-3200-16 | User Manual - Page 187
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch by the Switch and will be filtered. Flow Label Configuring this field, in hex form, will instruct the Switch to examine CPU Access Profile: To configure the Access Rules for IP, open the CPU Access Profile List window and click
D-Link DGS-3200-16 | User Manual - Page 188
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 41. Add Access instruct the Switch to mask the packet header beginning with the offset value specified: Offset 0-15 - Enter a value in hex form to mask the packet from the beginning of the packet to the 15th byte. Offset 16
D-Link DGS-3200-16 | User Manual - Page 189
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch the Access Profile table. The user may enter up to 64 time range entries on the Switch. To view the following window, the time range, in hours, minutes and seconds, based on the 24-hour time system. • End Time - Use this parameter to
D-Link DGS-3200-16 | User Manual - Page 190
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Monitoring Device Environment Cable Diagnostic CPU Device Environment The device environment feature displays the Switch internal temperature status. This window is for the DGS-3200-16 only. To view the following window, click
D-Link DGS-3200-16 | User Manual - Page 191
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Cable Diagnostic The cable diagnostics feature is designed primarily for administrators or customer service DGS-3200-10 ports 9 and 10 and DGS-3200-16 ports 13, 14, 15, and 16 distance from the switch. CPU Utilization Users can display
D-Link DGS-3200-16 | User Manual - Page 192
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 7 - 3. CPU Utilization window To view the CPU utilization by port, use the real-time graphic of the Switch and/or switch stack at the top of the web page by simply clicking on a port. Click Apply to implement the configured
D-Link DGS-3200-16 | User Manual - Page 193
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Port Utilization Users can display the percentage of the total stands for seconds. The default value is one second. Record Number Select number of times the Switch will be polled between 20 and 200. The default value is 200. Show/
D-Link DGS-3200-16 | User Manual - Page 194
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Packet Size Users can display packets received by the Switch, arranged in six groups and classed by size, as either a line graph or a table. Two windows are offered. To select a port to view these statistics
D-Link DGS-3200-16 | User Manual - Page 195
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch The default value is one second. Select number of times the Switch will be polled between 20 and 200. The default value button instructs the Switch to display a table rather than a line graph. Clicking this button instructs the Switch to
D-Link DGS-3200-16 | User Manual - Page 196
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Packets The Web manager allows various packet statistics to be for, select the port by using the Port pull-down menu. The user may also use the real-time graphic of the Switch at the top of the web page by simply clicking on a port.
D-Link DGS-3200-16 | User Manual - Page 197
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch The following fields may be set or viewed: Parameter Description Port Use the drop-down menu to choose the port that will display statistics. Time
D-Link DGS-3200-16 | User Manual - Page 198
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch UMB_cast (RX) To select a port to view these statistics for, select the port by using the Port pull-down menu. The user may also use the real-time graphic of the Switch at the top of the web page by simply clicking on a port. To view
D-Link DGS-3200-16 | User Manual - Page 199
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Port Time Interval Record Number Unicast Multicast Broadcast Show/Hide Clear View Table View Graphic Description Use the drop-down menu to choose the port that will display statistics. Select the desired
D-Link DGS-3200-16 | User Manual - Page 200
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 7 - 12. Transmitted (TX) Table window (for Bytes and Packets) The following fields may be set or viewed: Parameter Description Port Use the drop-down
D-Link DGS-3200-16 | User Manual - Page 201
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Errors The Web manager allows port error statistics compiled by the Switch's management agent port by using the Port pull-down menu. The user may also use the real-time graphic of the Switch at the top of the web page by simply clicking
D-Link DGS-3200-16 | User Manual - Page 202
® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch The following fields can be set: Parameter Description Port Use the drop-down menu to choose the port that will display statistics. Time Interval Select the desired setting between 1s and 60s, where "s" stands for seconds. The default
D-Link DGS-3200-16 | User Manual - Page 203
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Transmitted (TX) To select a port to view these statistics for, select the port by using the Port pull-down menu. The user may also use the real-time graphic of the Switch at the top of the web page by simply clicking on a port. To view
D-Link DGS-3200-16 | User Manual - Page 204
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch The default value is one second. Select number of times the Switch will be polled between 20 and 200. The default value button instructs the Switch to display a table rather than a line graph. Clicking this button instructs the Switch to
D-Link DGS-3200-16 | User Manual - Page 205
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Port Access Control The following windows are used to monitor 802.1X statistics of the Switch, State The following section describes the 802.1x Status on the Switch. Users can view the Authenticator State. To view the following windows,
D-Link DGS-3200-16 | User Manual - Page 206
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 7 - 18. Authenticator State window - MAC-Based 802.1X This window displays the Authenticator State for individual ports on a selected device. A polling interval between 1 and
D-Link DGS-3200-16 | User Manual - Page 207
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Authenticator Statistics Users can display tatistics objects for the Authenticator PAE associated with each port. An entry appears in this table for each port that supports the Authenticator function. To view the following window, click
D-Link DGS-3200-16 | User Manual - Page 208
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Tx Req Rx RespId Rx Resp Rx Invalid Rx Error Last Version Last Source The number of EAP Request frames (other than Rq/Id frames)
D-Link DGS-3200-16 | User Manual - Page 209
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Authenticator Session Statistics Users can display session statistics objects for the Authenticator PAE associated with each port. An entry appears in this table for each port that supports the Authenticator function. To view the
D-Link DGS-3200-16 | User Manual - Page 210
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Frames Tx The number of user data frames transmitted on this port during the session. Port re-initialization 7) Port Administratively Disabled 8) Not Terminated Yet The User-Name representing the identity of the Supplicant PAE. 197
D-Link DGS-3200-16 | User Manual - Page 211
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Authenticator Diagnostics Users can display diagnostic information regarding the operation of the Authenticator associated with each port. An entry appears in this table for each port that supports the Authenticator function. To view
D-Link DGS-3200-16 | User Manual - Page 212
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch successful authentication of the Supplicant (authSuccess = TRUE). Auth Timeout Counts the number of times that the state machine transitions from AUTHENTICATING to ABORTING, as a result
D-Link DGS-3200-16 | User Manual - Page 213
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch RADIUS Authentication Users can display information concerning Authentication window The user may also select the desired time interval to update the statistics, between 1s and 60s, where "s" stands for seconds. The default value is one
D-Link DGS-3200-16 | User Manual - Page 214
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch AccessResponses BadAuthenticators PendingRequests Timeouts Client window The user may also select the desired time interval to update the statistics, between 1s and 60s, where "s" stands for seconds. The default value is one second
D-Link DGS-3200-16 | User Manual - Page 215
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Identifier ServerAddr ServerPortNumber RoundTripTime Requests Retransmissions Responses MalformedResponses BadAuthenticators PendingRequests Timeouts UnknownTypes PacketsDropped addresses. The NAS-Identifier of the RADIUS accounting
D-Link DGS-3200-16 | User Manual - Page 216
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Browse ARP Table Users can display current ARP entries on the Switch. To search a specific ARP entry, enter an Interface Name or an IP - 24. Browse ARP Table window Browse VLAN Users can display the VLAN status for each of the Switch's
D-Link DGS-3200-16 | User Manual - Page 217
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Browse Router Port Users can display which of the Switch's ports are currently configured as router ports. A router port configured by a user (using the console or Web-based management interfaces) is displayed as a static router port,
D-Link DGS-3200-16 | User Manual - Page 218
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Browse Session Table Users can display the management sessions since the Switch was last rebooted. To view the following window, click Monitoring > Browse Session Table: Figure 7 - 28. Browse Session Table window IGMP Snooping Group
D-Link DGS-3200-16 | User Manual - Page 219
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch MLD Snooping Group Users can view MLD Snooping Groups present on the Switch. MLD Snooping or VLAN Name of the multicast group. Source The source MAC address of the multicast group. Group The multicast group. Port Member The port
D-Link DGS-3200-16 | User Manual - Page 220
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch WAC Authenticating State Users can display the current WAC authentication state and delete WAC authentication state settings. To view the following window, click Monitoring > WAC Authenticating State: Figure 7 - 31.
D-Link DGS-3200-16 | User Manual - Page 221
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch JWAC Host Table Users can display Japanese Web-based Access Control Host Table information. To view the following window, click Monitoring > JWAC Host Table: Figure 7 - 32. JWAC Host Table
D-Link DGS-3200-16 | User Manual - Page 222
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch MAC Address Table This allows the Switch's dynamic MAC address forwarding table to be viewed. When the Switch be browsed by. Find Allows the user to move to a sector of the database corresponding to a user defined port, VLAN, or MAC
D-Link DGS-3200-16 | User Manual - Page 223
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch System Log Users can view the history log as compiled by the Switch's management agent. To view the following window, click Monitoring > System Log: Figure 7 - 34. System Log window The Switch can record event information in its own
D-Link DGS-3200-16 | User Manual - Page 224
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch MAC-based Access Control Authentication State Users can display MAC-based Access Control Authentication State information. To view the following window, click Monitoring > MAC-based Access Control Authentication State: Figure 7 - 35.
D-Link DGS-3200-16 | User Manual - Page 225
File Backup & Restore Upload Log File Reset Download Firmware Reboot System Section 8 The four Save windows include: Save Configuration 1, Save Configuration 2, Save Log, and Save All. Each version of the window will aid the user in saving configurations to the Switch's memory. The options include
D-Link DGS-3200-16 | User Manual - Page 226
Save Configuration ID 2 Open the Save drop-down menu at the top of the Web manager and click Save Configuration ID 2 to open the following window: Figure 8 - 2. Save Configuration ID 2 window Save Log Open the Save drop-down menu at the top of the Web manager and click Save Log to open the
D-Link DGS-3200-16 | User Manual - Page 227
's configuration to the state it was when it left the factory Reset gives the option of retaining the Switch's User Accounts and History Log while resetting all other configuration parameters to their factory defaults. If the Switch is reset using this window, and Save Changes is not executed, the
D-Link DGS-3200-16 | User Manual - Page 228
firmware for the Switch. Figure 8 - 8. Download Firmware window Enter the Server IP address in the first field and and specify the path/file name of the firmware the Switch. Clicking the No radio button instructs the Switch not to save the current configuration before restarting the Switch. All
D-Link DGS-3200-16 | User Manual - Page 229
the countermeasures brought by D-Link's switches to thwart ARP spoofing attacks. In the process of ARP, PC A will first issue an ARP request to query PC B's MAC address. The network structure is shown in Figure 1. Figure 1 C Who is 10.10.10.2? A Sender 00-20-5C-01-33-33 10.10.10.3 D Port 3 Port
D-Link DGS-3200-16 | User Manual - Page 230
reply Sender H/W Address 00-20-5C-01-11-11 Sender Protocol Address 10.10.10.1 Target H/W Address 00-00-00-00-00-00 Target Protocol Address 10.10.10.2 When PC B replies to the query, the "Destination Address" in the Ethernet frame will be changed to PC A's MAC address. The "Source Address" will
D-Link DGS-3200-16 | User Manual - Page 231
The switch will also examine the "Source Address" of the Ethernet frame and find that the address is not in the Forwarding Table. The switch will learn PC B's MAC and update its Forwarding Table. Forwarding Table Port1 00-20-5C-01-11-11 Port2 00-20-5C-01-22-22
D-Link DGS-3200-16 | User Manual - Page 232
itself. The destination MAC address is the Ethernet broadcast address (FF-FF-FF-FF-FF- 10.10.10.254 00-20-5C-01-11-11 10.10.10.254 A common DoS attack today can be done by associating a nonexistent or any specified MAC address to the IP address of the network's default users will not discover.
D-Link DGS-3200-16 | User Manual - Page 233
Figure 5 Prevent ARP Spoofing via Packet Content ACL D-Link managed switches can effectively mitigate common DoS attacks caused by ARP spoofing via a attack, we will demonstrate here via using Packet Content ACL on the Switch to block the invalid ARP packets which contain faked gateway's MAC and
D-Link DGS-3200-16 | User Manual - Page 234
is utilized to match the individual field in an Ethernet frame. Each profile is allowed to contain up to a maximum of four offset chunks. Furthermore, only one single profile of Packet Content ACL can be supported per switch. In other words, up to 16 bytes of total offset chunks can be applied to
D-Link DGS-3200-16 | User Manual - Page 235
D-Link DGS-3200-16 | User Manual - Page 236
the System Log of this Switch. Category Event Description Log Down- Firmware upgraded load successfully Firmware upgrade user login by console, there will no IP and MAC information for logging. Critical For DGS-3200-16 Only Critical For DGS-3200-16 Only Informational "by console" and "IP
D-Link DGS-3200-16 | User Manual - Page 237
XOR shown in log string, which means if user login by console, will no IP and MAC information for logging Port link up, Informational link state, for ex: , 100Mbps FULL duplex Port link down Informational Unit , Successful login through
D-Link DGS-3200-16 | User Manual - Page 238
SSH Login failed through Web (SSL) Login failed through Web (SSL) (Username: , IP: , MAC: ) Warning Logout through Web (SSL) Logout through Web (SSL) (Username: , IP: , MAC: ) Informational Web (SSL) session timed out Web (SSL) session
D-Link DGS-3200-16 | User Manual - Page 239
AAA SSH server is enabled SSH server is enabled Informational SSH server is disabled SSH server is disabled Informational Authentication Policy Authentication Policy is is enabled enabled (Module: AAA) Informational Authentication Policy Authentication Policy is is disabled disabled (
D-Link DGS-3200-16 | User Manual - Page 240
by AAA server (Username: ) There are no IP and MAC if Informational login by console. Login failed through Console authenticated by AAA server (Username: ) Warning There are no IP and MAC if login by console. Login failed through Console due to AAA
D-Link DGS-3200-16 | User Manual - Page 241
) Successful login through Web (SSL) authenticated by AAA server Successful login through Web(SSL) from authenticated by AAA server (Username: , MAC: ) Informational Login failed through Web (SSL) authenticated by AAA server Login failed through
D-Link DGS-3200-16 | User Manual - Page 242
(Username: , MAC: ) Successful Enable Admin through Telnet authenticated by AAA local_enable method Successful Enable Admin through Telnet from authenticated by AAA local_enable method (Username: , MAC: ) Informational Successful Enable Admin
D-Link DGS-3200-16 | User Manual - Page 243
Enable Admin failed through Console authenticated by AAA server Enable Admin failed through Console authenticated by AAA server (Username: ) Enable Admin failed through Console due to AAA server timeout or improper configuration Enable Admin failed through Console due to AAA
D-Link DGS-3200-16 | User Manual - Page 244
AAA doesn't support this this functionality functionality Warning Informational Warning Warning Warning Warning is one of TACACS, XTACACS, TACACS+, RADIUS is one of TACACS, XTACACS, TACACS+, RADIUS Informational IP-MACPORT Binding Unauthenticated IP address and
D-Link DGS-3200-16 | User Manual - Page 245
storm cleared Port Multicast storm has cleared Informational Port shut down due to a packet storm Port is currently shut down due to a packet storm Warning Login OK JWAC login successful (Username:%s,IP:%s,MAC:%s Informational ,Port:%s) Login Fail JWAC
D-Link DGS-3200-16 | User Manual - Page 246
client authenticated by RADIUS server successfully. This 802.1p default priority will assign to the port. 802.1X Authentication failure : Detect untrusted DHCP Detected untrusted DHCP server IP address server(IP: , Port: ) Informational Login OK MAC
D-Link DGS-3200-16 | User Manual - Page 247
table lists the trap logs found on the DGS-3200 Series Switches. MACNotifyTrap This trap indicates the MAC address 1.3.6.1.4.1.171 1.3.6.1.4.1.171.12.25.5.0.2 storm is cleared by the packet storm mechanism. When the IP-MAC Binding trap is 1.3.6.1.4.1.171.12.23.5.0.1 enabled, if there's a new MAC
D-Link DGS-3200-16 | User Manual - Page 248
IP address detected is just sent once to the trap receivers within the log ceasing unauthorized duration. The commander switch member generates a link up notification. The commander switch will send The commander switch will send 1.3.6.1.4.1.171.12.8.6.0.16 swSingleIPMSnewRoot notification
D-Link DGS-3200-16 | User Manual - Page 249
entity recognizes a failure in one of the communication links represented in the agent's configuration. A linkUp trap configured for sending SNMP traps. This trap is an SNMP notification that 1.3.6.1.2.1.16.29.2.0.2 is generated when a high capacity alarm entry crosses its falling threshold
D-Link DGS-3200-16 | User Manual - Page 250
password {} show account The reset config command resets the whole configuration back to the default values. The reboot command exits the Reset Password Recovery Mode and restarts the switch. A confirmation message will be displayed to allow the user to save the current settings. The
D-Link DGS-3200-16 | User Manual - Page 251
Ethernet is 100Mbps. baud rate: The switching speed of a line. Also known as line speed between network segments. BOOTP: The BOOTP protocol allows automatic mapping of an IP address to a given MAC address each time a device is started. In addition, the protocol can assign the subnet mask and default
D-Link DGS-3200-16 | User Manual - Page 252
switching decision. TCP/IP: A layered set of communications protocols providing Telnet terminal emulation, FTP file transfer, and other services for communication among a wide range of computer equipment. Telnet: A TCP/IP application protocol that provides virtual terminal service, letting a user
D-Link DGS-3200-16 | User Manual - Page 253
covered in the operating manual for the product, and normal maintenance; Damage that occurs in shipment, due to act of God, failures due to power surge, and cosmetic damage; Any hardware, software, firmware or other products or services provided by anyone other than D-Link; and Products that have
D-Link DGS-3200-16 | User Manual - Page 254
LINK FOR WARRANTY SERVICE) RESULTING FROM THE USE OF THE PRODUCT, RELATING TO WARRANTY SERVICE, OR ARISING OUT OF ANY BREACH OF THIS WARRANTY, EVEN IF D-LINK LINK UNDER THIS WARRANTY IS LIMITED TO THE PURCHASE PRICE with the instructions, may cause off and on, the user is encouraged to try to
D-Link DGS-3200-16 | User Manual - Page 255
Product Registration Register your D-Link product online at http://support.dlink.com/register/ Product registration is entirely voluntary and failure to complete or return this form will not diminish your warranty rights.
D-Link DGS-3200-16 | User Manual - Page 256
, the price paid by the original purchaser for the defective Hardware will be refunded by D-Link upon return to D-Link of the Service: Registration Card. The Registration Card provided at the back of this manual must be completed and returned to an Authorized D-Link Service Office for each D-Link
D-Link DGS-3200-16 | User Manual - Page 257
covered in the operating manual for the product, and normal maintenance; Damage that occurs in shipment, due to act of God, failures due to power surge, and cosmetic damage; and Any hardware, software, firmware or other products or services provided by anyone other than D-Link. Disclaimer of Other
D-Link DGS-3200-16 | User Manual - Page 258
LINK FOR WARRANTY SERVICE) RESULTING FROM THE USE OF THE PRODUCT, RELATING TO WARRANTY SERVICE, OR ARISING OUT OF ANY BREACH OF THIS LIMITED WARRANTY, EVEN IF D-LINK Link is a registered trademark of D-Link Corporation/ D-Link from D-Link Corporation/ D-Link International Ptd with this manual, may
D-Link DGS-3200-16 | User Manual - Page 259
You can find software updates and user documentation on the DLink website. D-Link provides free technical support for customers within the United States and within Canada for the duration of the service period, and warranty confirmation service, during the warranty period on this product. U.S. and
D-Link DGS-3200-16 | User Manual - Page 260
Products 1890 886 899 (09.00am-06.00pm, Sat 10.00am-02.00pm) €0.05ppm peak, €0.045ppm off peak Times Internet http://www.dlink.co.uk ftp://ftp.dlink.co.uk Technische Unterstützung Deutschland: Web: http://www.dlink.de E-Mail: [email protected] Telefon: +49(0)1805 2787 0,14 € pro Minute Zeiten
D-Link DGS-3200-16 | User Manual - Page 261
de D-Link: +34 902 30 45 45 0,067 €/min De Lunes a Viernes de 9:00 a 14:00 y de 15:00 a 18:00 http://www.dlink.es Supporto tecnico Supporto Tecnico dal lunedì al venerdì dalle ore 9.00 alle ore 19.00 con orario continuato Telefono: 199400057 http://www.dlink.it/support Technical Support Tech Support
D-Link DGS-3200-16 | User Manual - Page 262
- Mobile 49.99,HUF/min email : [email protected] URL : http://www.dlink.hu Teknisk Support D-Link Teknisk telefon Support: 820 00 755 (Hverdager 08:00-20:00) D-Link Teknisk Support over Internett: http://www.dlink.no Teknisk Support D-Link teknisk support over telefonen: Tlf. 7026 9040 Åbningstider
D-Link DGS-3200-16 | User Manual - Page 263
via telefon: 0900-100 77 00 Vardagar 08.00-20.00 D-Link Teknisk Support via Internet: http://www.dlink.se Assistência Técnica Assistência Técnica da D-Link na Internet: http://www.dlink.pt e-mail: [email protected] D-Link Hellas Support Center 64, 11251 210 86 11 114 09:00-17:00) Φαξ: 210
D-Link DGS-3200-16 | User Manual - Page 264
, podporo ter navodila za uporabo prosimo obiščite D-Link - ovo spletno stran www.dlink.eu www.dlink.biz/sl Suport tehnica Vă mulţumim pentru alegerea produselor D-Link. Pentru mai multe informaţii, suport şi manuale ale produselor vă rugăm să vizitaţi site-ul D-Link www.dlink.eu www.dlink.ro
D-Link DGS-3200-16 | User Manual - Page 265
You can find software updates and user documentation on the D-Link website. Tech Support for customers in Australia: Tel: 1300-766-868 24/7(24Hrs, 7days a week) technical support http://www.dlink.com.au e-mail: [email protected] India: Tel: 1800-222-002 9.00 AM to 9.00 PM. All days
D-Link DGS-3200-16 | User Manual - Page 266
You can find software updates and user documentation on the D-Link website. Tech Support for customers in Egypt: Tel: +202-2919035 or +202-2919047 Sunday to Thursday 9:00am to 5:00pm http://support.dlink-me.com Email: [email protected] Iran: Te: +98-21-88880918,19 Saturday to Thursday 9:00am
D-Link DGS-3200-16 | User Manual - Page 267
D-Link. D-Link D-Link D-Link: +7(495) 744-00-99 http://www.dlink.ru e-mail: [email protected]
D-Link DGS-3200-16 | User Manual - Page 268
Usted puede encontrar actualizaciones de softwares o firmwares y documentación para usuarios a través de nuestro sitio www.dlinkla.com SOPORTE TÉCNICO PARA USUARIOS EN LATINO AMERICA Soporte técnico a través de los siguientes teléfonos de D-Link PAIS Argentina Chile Colombia Costa Rica Ecuador
D-Link DGS-3200-16 | User Manual - Page 269
. A D-Link fornece suporte técnico gratuito para clientes no Brasil durante o período de vigência da garantia deste produto. Suporte Técnico para clientes no Brasil: Telefone São Paulo +11-2185-9301 Segunda à sexta Das 8h30 às 18h30 Demais Regiões do Brasil 0800 70 24 104 E-mail: e-mail: suporte
D-Link DGS-3200-16 | User Manual - Page 270
D-Link d e JOL̨ᝄ f D-Link j඄ɓЇ඄ʞd e ၣ१jIUUQXXXEMJOLDPNUX ཥɿඉ΁jETTRB@TFSWJDF!EMJOLDPNUX dሗਞϽ%-JOL f e d j IUUQXXXEMJOLDPNUX j f
D-Link DGS-3200-16 | User Manual - Page 271
Teknis Update perangkat lunak dan dokumentasi pengguna dapat diperoleh pada situs web D-Link. Dukungan Teknis untuk pelanggan: Dukungan Teknis D-Link melalui telepon: Tel: +62-21-5731610 Dukungan Teknis D-Link melalui Internet: Email : [email protected] Website : http://support.dlink.co.id
D-Link DGS-3200-16 | User Manual - Page 272
Technical Support Web Web サイト URL:http://www.dlink-jp.com
D-Link DGS-3200-16 | User Manual - Page 273
技术支持 D-Link 36 B 座 26F 02-05 100013 8008296688/ (028)66052968 028)85176948 36 B 座 26F 02-05 100013 010) 58257789 010) 58257790 网址：http://www.dlink.com.cn 09:00到晚18:00

Section	Page
Intended Readers	9
Typographical Conventions	9
Notes, Notices, and Cautions	10
Safety Cautions	10
General Precautions for Rack-Mountable Products	11
Lithium Battery Precaution	13
Protecting Against Electrostatic Discharge	13
Web-based Switch Configuration	14
Introduction	14
Logging onto the Web Manager	14
Web-based User Interface	15
Areas of the User Interface	15
Web Pages	16
Configuration	17
Device Information	17
System Information	18
Serial Port Settings	19
IP Address	19
Setting the Switch’s IP Address using the Console Interface	21
IPv6 Interface Settings	21
IPv6 Route Table	22
IPv6 Neighbor Settings	23
Port Configuration	24
Port Settings	24
Port Description	25
Port Error Disabled	25
Static ARP Settings	26
User Accounts	27
Admin and User Privileges	27
System Log Configuration	28
System Log Settings	28
System Log Host	29
System Severity Settings	29
DHCP/BOOTP Relay	30
DHCP/BOOTP Relay Global Settings	30
The Implementation of DHCP Relay Agent Information Option 82	32
DHCP/BOOTP Relay Interface Settings	33
DHCP Local Relay Settings	33
DHCP Auto Configuration Settings	34
MAC Address Aging Time	35
Web Settings	35
Telnet Settings	36
Password Encryption	36
CLI Paging Settings	37
Firmware Information	37
Power Saving Settings	38
Dual Configuration Settings	39
SMTP Settings	40
Ping Test	41
SNTP Settings	42
Time Settings	42
TimeZone Settings	43
MAC Notification Settings	44
MAC Notification Global Settings	44
MAC Notification Port Settings	45
SNMP Settings	46
Traps	46
MIBs	46
SNMP Global State Settings	47
SNMP View Table	47
SNMP Group Table	48
SNMP User Table	49
SNMP Community Table	50
SNMP Host Table	51
SNMP v6Host Table	52
SNMP Engine ID	53
SNMP Trap Configuration	53
RMON	53
Single IP Management	54
Upgrade to v1.61	55
Single IP Settings	56
Topology	57
Tool Tips	59
Right-Click	60
Group Icon	60
Commander Switch Icon	61
Member Switch Icon	62
Candidate Switch Icon	62
Menu Bar	63
File	63
Group	63
Device	63
View	63
Help	63
Firmware Upgrade	64
Configuration File Backup/Restore	64
Upload Log File	64
Layer 2 Features	65
Jumbo Frame	65
Egress Filter Settings	66
802.1Q VLAN	66
Understanding IEEE 802.1p Priority	66
VLAN Description	67
802.1Q VLAN Tags	68
Port VLAN ID	69
Tagging and Untagging	70
Ingress Filtering	70
Default VLANs	70
Port-based VLANs	71
VLAN Segmentation	71
VLAN and Trunk Groups	71
802.1v Protocol VLAN	75
802.1v Protocol Group Settings	75
802.1v Protocol VLAN Settings	75
MAC Based VLAN Settings	77
GVRP Settings	77
PVID Auto Assign Settings	78
Trunking	79
VLAN Trunk Settings	81
LACP Port Settings	82
Traffic Segmentation	83
IGMP Snooping	83
IGMP Snooping Settings	83
Data Driven Learning Settings	84
ISM VLAN Settings	85
Restrictions and Provisos	85
ISM Profile Settings	86
IP Multicast Profile Settings	86
Limited Multicast Address Range Settings	87
Max Multicast Group Settings	88
MLD Snooping Settings	88
MLD Control Messages	88
Port Mirroring	90
Loopback Detection Settings	91
Spanning Tree	92
802.1Q-2005 MSTP	92
802.1D-2004 Rapid Spanning Tree	92
Port Transition States	93
Edge Port	93
P2P Port	93
802.1D-1998/802.1D-2004/802.1Q-2005 Compatibility	93
STP Bridge Global Settings	94
STP Port Settings	95
MST Configuration Identification	97
STP Instance Settings	98
MSTP Port Information	99
Forwarding & Filtering	100
Unicast Forwarding	100
Multicast Forwarding	100
Multicast Filtering Mode	101
QoS	102
Understanding QoS	103
Bandwidth Control	104
Traffic Control	105
802.1p Default Priority	107
802.1p User Priority	107
QoS Scheduling Mechanism	108
Security	109
Safeguard Engine	109
Trusted Host	111
IP-MAC-Port Binding	112
IMP Global Settings	112
IMP Port Settings	112
IMP Entry Settings	114
DHCP Snooping Entries	114
MAC Block List	115
Port Security	116
Port Security Settings	116
Port Lock Entries	117
DHCP Server Screening	118
DHCP Screening Port Settings	118
DHCP Offer Filtering	118
Guest VLAN	120
Limitations Using the Guest VLAN	120
802.1X (Port-Based and Host-Based Access Control)	121
Authentication Server	122
Authenticator	122
Client	123
Authentication Process	123
Understanding 802.1X Port-based and Host-based Network Access Control	124
Port-Based Network Access Control	124
Host-Based Network Access Control	125
802.1X Settings	125
802.1X User	127
Initialize Port(s)	128
Reauthenticate Port(s)	129
Authentic RADIUS Server	130
SSL Settings	131
SSH	133
SSH Configuration	133
SSH Authmode and Algorithm Settings	134
SSH User Authentication Mode	136
Access Authentication Control	137
Authentication Policy and Parameter Settings	138
Application Authentication Settings	138
Authentication Server Group	139
Authentication Server Host	140
Login Method Lists	142
Enable Method Lists	143
Configure Local Enable Password	144
Enable Admin	144
MAC-based Access Control	145
Notes about MAC-based Access Control	145
MAC-based Access Control Settings	145
MAC-based Access Control Local Settings	147
Web-based Access Control (WAC)	147
Conditions and Limitations	149
WAC Global Settings	149
WAC User Settings	150
WAC Port Settings	151
JWAC	152
JWAC Global Settings	152
JWAC Port Settings	154
JWAC User Settings	155
JWAC Customize Page Language	155
JWAC Customize Page	156
Multiple Authentication	156
Any (MAC, 802.1X or WAC) Mode	157
Any (MAC, 802.1X or JWAC) Mode	157
802.1X & IMPB Mode	158
IMPB & WAC/JWAC Mode	158
Authorization Network State Settings	159
Multiple Authentication Settings	159
Guest VLAN	160
IGMP Access Control Settings (IGMP Authentication)	161
ACL	162
Access Profile List	162
CPU Access Profile List	176
Time Range Settings	189
Monitoring	190
Device Environment	190
Cable Diagnostic	191
CPU Utilization	191
Port Utilization	193
Packet Size	194
Packets	196
Received (RX)	196
UMB_cast (RX)	198
Transmitted (TX)	199
Errors	201
Received (RX)	201
Transmitted (TX)	203
Port Access Control	205
Authenticator State	205
Authenticator Statistics	207
Authenticator Session Statistics	209
Authenticator Diagnostics	211
RADIUS Authentication	213
RADIUS Account Client	214
Browse ARP Table	216
Browse VLAN	216
Browse Router Port	217
Browse MLD Router Port	217
Browse Session Table	218
IGMP Snooping Group	218
MLD Snooping Group	219
WAC Authenticating State	220
JWAC Host Table	221
MAC Address Table	222
System Log	223
MAC-based Access Control Authentication State	224
Save Services and Tools	225
Save Configuration ID 1	225
Save Configuration ID 2	226
Save Log	226
Save All	226
Configuration File Backup & Restore	227
Upload Log File	227
Reset	227
Download Firmware	228
Reboot System	228
Appendix A – Mitigating ARP Spoofing Attacks Using Packet Content ACL	229
How ARP Spoofing Attacks a Network	232
Prevent ARP Spoofing via Packet Content ACL	233
Appendix B – Switch Log Entries	236
Appendix C – Trap Logs	247
Appendix D – Password Recovery Procedure	250
Appendix E – Glossary	251

Match case Limit results 1 per page

Manual

Product Model:

xStack

DGS-3200 Series

Layer 2 Managed Gigabit Ethernet Switch

Release 1.35