D-Link DGS-3308FG Product Manual - Page 28

Packet Forwarding, MAC Address Aging Time, Filtering

Get D-Link DGS-3308FG - Switch PDF manuals and user guides
UPC - 790069239373
View all D-Link DGS-3308FG manuals
Add to My Manuals
Save this manual to your list of manuals

Page 28 highlights

8-port Gigabit Ethernet Switch User's Guide Authentication The authentication protocol ensures that both the router SNMP agent and the remote user SNMP application program discard packets from unauthorized users. Authentication is accomplished using 'community strings', which function like passwords. The remote user SNMP application and the router SNMP must use the same community string. SNMP community strings of up to 20 characters may be entered under the Remote Management Setup menu of the console program. Packet Forwarding The Switch enters the relationship between destination MAC or IP addresses and the Ethernet port or gateway router the destination resides on into its forwarding table. This information is then used to forward packets. This reduces the traffic congestion on the network, because packets, instead of being transmitted to all ports, are transmitted to the destination port only. Example: if Port 1 receives a packet destined for a station on Port 2, the Switch transmits that packet through Port 2 only, and transmits nothing through the other ports. This process is referred to as 'learning' the network topology. MAC Address Aging Time The Aging Time affects the learning process of the Switch. Dynamic forwarding table entries, which are made up of the source and destination MAC addresses and their associated port numbers, are deleted from the table if they are not accessed within the aging time. The aging time can be from 10 to 1,000,000 seconds with a default value of 300 seconds. A very long aging time can result in dynamic forwarding table entries that are out-of-date or no longer exist. This may cause incorrect packet forwarding decisions by the Switch. If the Aging Time is too short however, many entries may be aged out too soon. This will result in a high percentage of received packets whose source addresses cannot be found in the forwarding table, in which case the switch will broadcast the packet to all ports, negating many of the benefits of having a switch. Static forwarding entries are not affected by the aging time. Filtering The Switch uses a filtering database to segment the network and control communication between segments. It can also filter packets off the network for intrusion control. Static filtering entries can be made by MAC Address or IP Address filtering. Each port on the Switch is a unique collision domain and the switch filters (discards) packets whose destination lies on the same port as where it originated. his keeps local packets from disrupting communications on other parts of the network. For intrusion control, whenever a switch encounters a packet originating from or destined to a MAC address or an IP Address entered into the filter table, the switch will discard the packet. Some filtering is done automatically by the switch: • Dynamic filtering - automatic learning and aging of MAC addresses and their location on the network. Filtering occurs to keep local traffic confined to its segment. • Filtering done by the Spanning Tree Protocol, which can filter packets based on topology, making sure that signal loops don't occur. • Filtering done for VLAN integrity. Packets from a member of a VLAN (VLAN 2, for example) destined for a device on another VLAN (VLAN 3) will be filtered. 18

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
8-port Gigabit Ethernet Switch User’s Guide
18
Authentication
The authentication protocol ensures that both the router SNMP agent and the remote user SNMP application program
discard packets from unauthorized users. Authentication is accomplished using ‘community strings’, which function like
passwords. The remote user SNMP application and the router SNMP must use the same community string. SNMP
community strings of up to 20 characters may be entered under the
Remote Management Setup
menu of the console
program.
Packet Forwarding
The Switch enters the relationship between destination MAC or IP addresses and the Ethernet port or gateway router the
destination resides on into its forwarding table. This information is then used to forward packets. This reduces the traffic
congestion on the network, because packets, instead of being transmitted to all ports, are transmitted to the destination
port only. Example: if Port 1 receives a packet destined for a station on Port 2, the Switch transmits that packet through
Port 2 only, and transmits nothing through the other ports. This process is referred to as ‘learning’ the network topology.
MAC Address Aging Time
The Aging Time affects the learning process of the Switch. Dynamic forwarding table entries, which are made up of the
source and destination MAC addresses and their associated port numbers, are deleted from the table if they are not
accessed within the aging time.
The aging time can be from 10 to 1,000,000 seconds with a default value of 300 seconds. A very long aging time can result
in dynamic forwarding table entries that are out-of-date or no longer exist. This may cause incorrect packet forwarding
decisions by the Switch.
If the Aging Time is too short however, many entries may be aged out too soon. This will result in a high percentage of
received packets whose source addresses cannot be found in the forwarding table, in which case the switch will broadcast
the packet to all ports, negating many of the benefits of having a switch.
Static forwarding entries are not affected by the aging time.
Filtering
The Switch uses a filtering database to segment the network and control communication between segments. It can also
filter packets off the network for intrusion control. Static filtering entries can be made by MAC Address or IP Address
filtering.
Each port on the Switch is a unique collision domain and the switch filters (discards) packets whose destination lies on the
same port as where it originated. his keeps local packets from disrupting communications on other parts of the network.
For intrusion control, whenever a switch encounters a packet originating from or destined to a MAC address or an IP
Address entered into the filter table, the switch will discard the packet.
Some filtering is done automatically by the switch:
Dynamic filtering – automatic learning and aging of MAC addresses and their location on the network.
Filtering occurs to keep local traffic confined to its segment.
Filtering done by the Spanning Tree Protocol, which can filter packets based on topology, making sure that
signal loops don’t occur.
Filtering done for VLAN integrity. Packets from a member of a VLAN (VLAN 2, for example) destined for a
device on another VLAN (VLAN 3) will be filtered.