Home » D-Link Manuals » Hubs & Switches » D-Link DGS-3200-10 » Manual Viewer

D-Link DGS-3200-10 Product Manual - Page 52

SNMP Settings, Traps, MIBs - des e

UPC - 790069306310

Add to My Manuals
Save this manual to your list of manuals

Page 52 highlights

xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch SNMP Settings Simple Network Management Protocol (SNMP) is an OSI Layer 7 (Application Layer) designed specifically for managing and monitoring network devices. SNMP enables network management stations to read and modify the settings of gateways, routers, switches, a nd other net work devices. Use SNMP t o co nfigure sy stem f eatures for proper operation, monitor pe rformance an d detect potential problems in the Switch, switch group or network. Managed devices that support SNMP include software (referred to as an agent), which runs locally on the device. A defined set of variables (m anaged objects) i s m aintained b y t he S NMP a gent an d used to m anage t he de vice. These o bjects are defined i n a Management I nformation B ase (M IB), which provides a standard presentation o f t he information c ontrolled by t he o n-board SNMP agent. SNMP defines both the format of t he MIB specifications and the protocol used to access this information over the network. The Switch supports the SNMP versions 1, 2c, and 3. The three versions of SNMP vary in the level of security provided between the management station and the network device. In SNMP v.1 and v.2, user authentication is accomplished using 'community strings', which function like passwords. The remote user SNMP application and the Switch SNMP must use the same community string. SNMP packets from any station that has not been authenticated are ignored (dropped). The default community strings for the Switch used for SNMP v.1 and v.2 management access are:  public - Allows authorized management stations to retrieve MIB objects.  private - Allows authorized management stations to retrieve and modify MIB objects. SNMPv3 uses a more sophisticated authentication process that is sep arated into two parts. The first p art is to maintain a list of users and their attributes that are allowed to act as SNMP managers. The second part describes what each user on that list can do as an SNMP manager. The Switch allows groups of users to be listed and configured with a shared set of privileges. The SNMP version may also be set for a l isted group of S NMP m anagers. T hus, y ou m ay creat e a group of S NMP m anagers t hat a re allowed t o vi ew read-only information or receive traps using SNMPv1 while assigning a higher level of secu rity to another group, granting read/write privileges using SNMPv3. Using S NMPv3 i ndividual users or g roups of S NMP m anagers ca n be al lowed t o p erform or be restricted f rom pe rforming specific SNM P m anagement fun ctions. Th e fun ctions allowed or re stricted are defined usin g th e Obj ect Id entifier (OID) associated wit h a s pecific MIB. An a dditional layer of secu rity is av ailable for SNMPv3 in th at SNMP m essages m ay b e encrypted. To read more about how to configure SNMPv3 settings for the Switch read the next section. Traps Traps are m essages that alert network personnel of eve nts that occur on the Switch. The eve nts ca n be as se rious as a reboot (someone acci dentally turned OFF the Switch), or less serious like a port status ch ange. The Switch generates tra ps and se nds them to the trap recipient (or network manager). Typical traps include trap messages for Authentication Failure, Topology Change and Broadcast\Multicast Storm. MIBs The S witch i n t he M anagement In formation B ase (MIB) st ores m anagement and counter i nformation. The Switch u ses t he standard MIB-II Management Information Base module. Consequently, values for MIB objects can be retrieved from any SNMPbased network management software. In addition to the standard MIB-II, the Switch also supports its own proprietary enterprise MIB as an extended Management Information Base. Specifying the MIB Object Identifier may also retrieve the proprietary MIB. MIB values can be either read-only or read-write. The Switch incorporates a flexible SNMP management for the switching environment. SNMP management can be customized to suit the needs of the networks and the preferences of the network administrator. Use the SNMP V3 menus to select th e SNMP version used for specific tasks. The Switch supports the Simple Network Management Protocol (SNMP) versions 1, 2c, and 3. The administrator can specify the SNMP version use d t o m onitor a nd c ontrol t he S witch. The t hree ve rsions o f S NMP va ry i n t he level o f sec urity pro vided between the management station and the network device. SNMP settings are configured using the menus located on the SNMP V3 folder of the Web manager. Workstations on the network that are allowed SNMP privileged access to the Switch can be restricted with the Management Station IP Address menu. 39

Section	Page
Table of Contents	3
Intended Readers	9
Typographical Conventions	9
Notes, Notices, and Cautions	10
Safety Cautions	10
General Precautions for Rack-Mountable Products	11
Lithium Battery Precaution	13
Protecting Against Electrostatic Discharge	13
Introduction	14
Logging onto the Web Manager	14
Web-Based User Interface	14
Introduction	14
Logging onto the Web Manager	14
Web-based User Interface	15
Areas of the User Interface	15
Web Pages	16
Device Information	18
System Information	18
Serial Port Settings	18
IP Address	18
IPv6 Interface Settings	18
IPv6 Route Table	18
IPv6 Neighbor Settings	18
Port Configuration	18
Static ARP Settings	18
User Accounts	18
System Log Configuration	18
System Severity Settings	18
DHCP/BOOTP Relay	18
DHCP Local Relay Settings	18
DHCP Auto Configuration Settings	18
MAC Address Aging Time	18
Web Settings	18
Telnet Settings	18
Password Encryption	18
CLI Paging Settings	18
Firmware Information	18
Power Saving Settings	18
Dual Configuration Settings	18
SMTP Settings	18
Ping Test	18
SNTP Settings	18
MAC Notification Settings	18
SNMP Settings	18
CPU Filter L3 Control Packet Settings	18
Single IP Management	18
SD Card FS Settings (DGS-3200-24 only)	18
Device Information	19
System Information	20
Serial Port Settings	21
IP Address	21
Setting the Switch’s IP Address using the Console Interface	23
IPv6 Interface Settings	23
IPv6 Route Table	25
IPv6 Neighbor Settings	26
Port Configuration	27
Port Settings	27
Port Description	28
Port Error Disabled	29
Static ARP Settings	29
User Accounts	31
Admin and User Privileges	31
System Log Configuration	32
System Log Settings	32
System Log Host	33
System Severity Settings	33
DHCP/BOOTP Relay	34
DHCP/BOOTP Relay Global Settings	34
Implementation of DHCP Relay Agent Information Option 82	36
DHCP/BOOTP Relay Interface Settings	37
DHCP Local Relay Settings	37
DHCP Auto Configuration Settings	38
MAC Address Aging Time	39
Web Settings	39
Telnet Settings	40
Password Encryption	40
CLI Paging Settings	41
Firmware Information	41
Power Saving Settings	43
Dual Configuration Settings	44
SMTP Settings	46
Ping Test	47
SNTP Settings	48
Time Settings	48
Time Zone Settings	49
MAC Notification Settings	50
MAC Notification Global Settings	50
MAC Notification Port Settings	51
SNMP Settings	52
Traps	52
MIBs	52
SNMP Global State Settings	53
SNMP Linkchange Trap Settings	53
SNMP View Table	54
SNMP Group Table	55
SNMP User Table	56
SNMP Community Table	57
SNMP Host Table	58
SNMP v6Host Table	59
SNMP Engine ID	60
SNMP Trap Configuration	60
RMON	61
CPU Filter L3 Control Packet Settings	61
Single IP Management	61
Upgrade to v1.61	63
Single IP Settings	63
Topology	65
Tool Tips	67
Right-Click	67
Group Icon	68
Commander Switch Icon	69
Member Switch Icon	69
Candidate Switch Icon	69
Menu Bar	70
File	70
Group	70
Device	70
View	70
Help	70
Firmware Upgrade	71
Configuration File Backup/Restore	71
Upload Log File	71
SD Card FS Settings	72
Jumbo Frame	74
Egress Filter Settings	74
802.1Q VLAN	74
Private VLAN Settings	74
802.1v Protocol VLAN	74
MAC-based VLAN Settings	74
GVRP Settings	74
PVID Auto Assign Settings	74
Port Trunking	74
VLAN Trunk Settings	74
LACP Port Settings	74
Traffic Segmentation	74
IGMP Snooping	74
MLD Snooping Settings	74
Port Mirroring	74
Loopback Detection Settings	74
Spanning Tree	74
Forwarding & Filtering	74
Jumbo Frame	74
Egress Filter Settings	75
802.1Q VLAN	75
Understanding IEEE 802.1p Priority	75
VLAN Description	76
Notes about VLANs on the Switch	76
IEEE 802.1Q VLANs	76
802.1Q VLAN Tags	77
Port VLAN ID	78
Tagging and Untagging	79
Ingress Filtering	79
Default VLANs	79
Port-based VLANs	80
VLAN Segmentation	80
VLAN and Trunk Groups	80
Private VLAN Settings	84
802.1v Protocol VLAN	89
802.1v Protocol Group Settings	89
802.1v Protocol VLAN Settings	90
MAC-based VLAN Settings	91
GVRP Settings	91
PVID Auto Assign Settings	92
Port Trunking	93
Understanding Port Trunk Groups	93
VLAN Trunk Settings	96
LACP Port Settings	97
Traffic Segmentation	98
IGMP Snooping	98
IGMP Snooping Settings	98
Data Driven Learning Settings	102
ISM VLAN Settings	103
Restrictions and Provisos	103
ISM Profile Settings	106
IP Multicast Profile Settings	107
Limited Multicast Address Range Settings	108
Max Multicast Group Settings	109
MLD Snooping Settings	109
MLD Control Messages	110
Port Mirroring	113
Loopback Detection Settings	114
Spanning Tree	115
802.1Q-2005 MSTP	115
802.1D-2004 Rapid Spanning Tree	116
Port Transition States	116
Edge Port	116
P2P Port	116
802.1D-1998/802.1D-2004/802.1Q-2005 Compatibility	116
STP Bridge Global Settings	118
STP Port Settings	120
MST Configuration Identification	121
STP Instance Settings	122
MSTP Port Information	123
Forwarding & Filtering	124
Unicast Forwarding	124
Multicast Forwarding	124
Multicast Filtering Mode	125
Bandwidth Control	126
Traffic Control	126
802.1p Default Priority	126
802.1p User Priority	126
QoS Scheduling Mechanism	126
Understanding QoS	127
Bandwidth Control	128
Traffic Control	129
802.1p Default Priority	131
802.1p User Priority	131
QoS Scheduling Mechanism	132
Safeguard Engine	133
Trusted Host	133
IP-MAC-Port Binding (IMPB)	133
Port Security	133
DHCP Server Screening	133
Guest VLAN	133
802.1X	133
SSL Settings	133
SSH	133
Access Authentication Control	133
MAC-based Access Control (MAC)	133
Web-based Access Control (WAC)	133
Japanese Web-based Access Control (JWAC)	133
Multiple Authentication	133
IGMP Access Control Settings	133
ARP Spoofing Prevention Settings	133
Safeguard Engine	133
Trusted Host	135
IP-MAC-Port Binding (IMPB)	136
General Overview	136
Common IP Management Security Issues	136
Solutions to Improve IP Management Security	136
ARP Mode	136
ACL Mode	137
Strict and Loose State	137
DHCP Snooping Option	137
IMPB Global Settings	138
IMPB Port Settings	139
IMPB Entry Settings	141
DHCP Snooping Entries	142
MAC Block List	143
Port Security	144
Port Security Settings	144
Port Lock Entries	145
DHCP Server Screening	146
DHCP Screening Port Settings	146
DHCP Offer Filtering	147
Guest VLAN	148
Limitations Using the Guest VLAN	148
802.1X (Port-based and Host-based Access Control)	149
Authentication Server	150
Authenticator	150
Client	151
Authentication Process	151
Understanding 802.1X Port-based and Host-based Network Access Control	152
Port-based Network Access Control	152
Host-based Network Access Control	153
802.1X Settings	154
802.1X User	155
Initialize Port(s)	156
Reauthenticate Port(s)	157
Authentic RADIUS Server	158
SSL Settings	159
SSH	161
SSH Configuration	162
SSH Authmode and Algorithm Settings	163
SSH User Authentication Mode	165
Access Authentication Control	166
Authentication Policy and Parameter Settings	167
Application Authentication Settings	167
Authentication Server Group	168
Authentication Server Host	170
Login Method Lists	171
Enable Method Lists	172
Configure Local Enable Password	173
Enable Admin	173
MAC-based Access Control (MAC)	174
Notes about MAC-based Access Control	174
MAC Settings	174
MAC Local Settings	177
Web-based Access Control (WAC)	177
Conditions and Limitations	179
WAC Global Settings	179
WAC User Settings	180
WAC Port Settings	182
Japanese Web-based Access Control (JWAC)	183
JWAC Global Settings	183
JWAC Port Settings	185
JWAC User Settings	186
JWAC Customize Page Language	186
JWAC Customize Page	187
Multiple Authentication	187
Any (MAC, 802.1X or WAC) Mode	188
Any (MAC, 802.1X or JWAC) Mode	188
802.1X & IMPB Mode	189
IMPB & WAC/JWAC Mode	189
Authorization Network State Settings	190
Multiple Authentication Settings	190
Guest VLAN	191
IGMP Access Control Settings (IGMP Authentication)	192
ARP Spoofing Prevention Settings	193
ACL Configuration Wizard	194
Access Profile List	194
CPU Access Profile List	194
Time Range Settings	194
ACL Configuration Wizard	194
Access Profile List	195
CPU Access Profile List	211
Time Range Settings	223
Device Environment (DGS-3200-16 and DGS-3200-24 only)	225
Cable Diagnostics	225
CPU Utilization	225
Port Utilization	225
Packet Size	225
Packets	225
Errors	225
Port Access Control	225
Browse ARP Table	225
Browse VLAN	225
Browse Router Port	225
Browse MLD Router Port	225
Browse Session Table	225
IGMP Snooping Group	225
MLD Snooping Group	225
WAC Authenticating State	225
JWAC Host Table	225
MAC Address Table	225
System Log	225
MAC Authentication State	225
Device Environment	225
Cable Diagnostics	226
Cable Diagnostics Notes	226
CPU Utilization	227
Port Utilization	228
Packet Size	229
Packets	231
Received (RX)	231
UMB_Cast (RX)	233
Transmitted (TX)	234
Errors	236
Received (RX)	236
Transmitted (TX)	238
Port Access Control	240
RADIUS Authentication	240
RADIUS Account Client	241
Authenticator State	243
Authenticator Statistics	245
Authenticator Session Statistics	248
Authenticator Diagnostics	251
Browse ARP Table	254
Browse VLAN	254
Browse Router Port	255
Browse MLD Router Port	255
Browse Session Table	256
IGMP Snooping Group	256
MLD Snooping Group	257
WAC Authenticating State	258
JWAC Host Table	259
MAC Address Table	260
System Log	261
MAC Authentication State	262
Save Configuration	263
Save Log	263
Save All	263
Download Configuration File/Download Configuration File to NV-RAM (DGS-3200-24 only)	263
Download Configuration File to SD Card (DGS-3200-24 only)	263
Download Firmware/Download Firmware to NV-RAM (DGS-3200-24 only)	263
Download Firmware to SD Card (DGS-3200-24 only)	263
Upload Configuration File/Upload Configuration File to TFTP	263
Upload Log File/Upload Log File to TFTP	263
Reset	263
Reboot System	263
Save Configuration	264
Save Log	264
Save All	265
Download Configuration File/Download Configuration File to NV-RAM	265
Download Configuration File to SD Card	266
Download Firmware/Download Firmware to NV-RAM	266
Download Firmware to SD Card	267
Upload Configuration File/Upload Configuration File to TFTP	267
Upload Log File/Upload Log File to TFTP	268
Reset	268
Reboot System	269
How ARP Spoofing Attacks a Network	273
Prevent ARP Spoofing via Packet Content ACL	274
Log Information	277

Match case Limit results 1 per page

xStack

DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch

SNMP Settings

Simple Network Management Protocol (SNMP) is an OSI Layer 7 (Application Layer) designed specifically for managing and

monitoring network devices. SNMP enables network management stations to read and modify the settings of gateways, routers,

switches, a nd other net work devices. Use SNMP t o co nfigure sy stem f eatures for proper operation, monitor pe rformance an d

detect potential problems in the Switch, switch group or network.

Managed devices that support SNMP include software (referred to as an agent), which runs locally on the device. A defined set of

variables (managed objects) is maintained by the SNMP agent and used to manage the device. These objects are defined in a

Management I nformation B ase (M IB), which provides a standard presentation o f t he information c ontrolled by t he o n-board

SNMP agent. SNMP defines both the format of the MIB specifications and the protocol used to access this information over the

network.

The Switch supports the SNMP versions 1, 2c, and 3. The three versions of SNMP vary in the level of security provided between

the management station and the network device.

In SNMP v.1 and v.2, user authentication is accomplished using ‘community strings’, which function like passwords. The remote

user SNMP application and the Switch SNMP must use the same community string. SNMP packets from any station that has not

been authenticated are ignored (dropped).

The default community strings for the Switch used for SNMP v.1 and v.2 management access are:



public

– Allows authorized management stations to retrieve MIB objects.



private

– Allows authorized management stations to retrieve and modify MIB objects.

SNMPv3 uses a more sophisticated authentication process that is separated into two parts. The first part is to maintain a list of

users and their attributes that are allowed to act as SNMP managers. The second part describes what each user on that list can do

as an SNMP manager.

The Switch allows groups of users to be listed and configured with a shared set of privileges. The SNMP version may also be set

for a l isted group of S NMP m anagers. T hus, y ou m ay creat e a group of S NMP m anagers t hat a re allowed t o vi ew read-only

information or receive traps using SNMPv1 while assigning a higher level of security to another group, granting read/write privi-

leges using SNMPv3.

Using S NMPv3 i ndividual users or g roups of S NMP m anagers ca n be al lowed t o p erform or be restricted f rom pe rforming

specific SNM P m anagement fun ctions. Th e fun ctions allowed or re stricted are

defined usin g th e Obj ect Id entifier (OID)

associated wit h a s pecific MIB. An a dditional layer of secu

rity is av

ailable for SNMPv3 in th

at SNMP m

essages m ay b e

encrypted. To read more about how to configure SNMPv3 settings for the Switch read the next section.

Traps

Traps are m essages that alert network

personnel of eve nts that occur on

the Switch. The events can be as serious as a reboot

(someone accidentally turned OFF the

Switch), or less serious like a

port status ch ange. The Switch generates tra ps and se nds

them to the trap recipient (or network manager). Typical traps include trap messages for Authentication Failure, Topology Change

and Broadcast\Multicast Storm.

MIBs

The S witch i n t he M anagement In formation B ase (MIB) st ores m anagement and counter i nformation. The Switch u ses t he

standard MIB-II Management Information Base module. Consequently, values for MIB objects can be retrieved from any SNMP-

based network management software. In addition to the standard MIB-II, the Switch also supports its own proprietary enterprise

MIB as an extended Management Information Base. Specifying the MIB Object Identifier may also retrieve the proprietary MIB.

MIB values can be either read-only or read-write.

The Switch incorporates a flexible SNMP management for the switching environment. SNMP management can be customized to

suit the needs of the networks and the preferences of the network ad ministrator. Use the SNMP V3 menus to select th e SNMP

version used for specific tasks.

The Switch supports the Simple Network Management Protocol (SNMP) versions 1, 2c, and 3. The administrator can specify the

SNMP version use d t o m onitor a nd c ontrol t he S witch.

The t hree ve rsions o f S NMP va ry i n t he level o f sec urity pro vided

between the management station and the network device.

SNMP settings are configured using the menus located on the SNMP V3 folder of the Web manager. Workstations on the network

that are allowed SNMP privileged access to the Switch can be restricted with the Management Station IP Address menu.