Home » D-Link Manuals » Bridges & Routers » D-Link DGS-3426 » Manual Viewer

D-Link DGS-3426 User Manual - Page 203

CPU Interface Filtering, CPU Interface Filtering State Settings window

Add to My Manuals
Save this manual to your list of manuals

Page 203 highlights

xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch CPU Interface Filtering Due to a chipset limitation and needed extra switch security, the xStack DGS-3400 Series switch incorporates CPU Interface filtering. This added feature increases the running security of the Switch by enabling the user to create a list of access rules for packets destined for the Switch's CPU interface. Employed similarly to the Access Profile feature previously mentioned, CPU interface filtering examines Ethernet, IP and Packet Content Mask packet headers destined for the CPU and will either forward them or filter them, based on the user's implementation. As an added feature for the CPU Filtering, the xStack DGS-3400 Series switch allows the CPU filtering mechanism to be enabled or disabled globally, permitting the user to create various lists of rules without immediately enabling them. Creating an access profile for the CPU is divided into two basic parts. The first is to specify which part or parts of a frame the Switch will examine, such as the MAC source address or the IP destination address. The second part is entering the criteria the Switch will use to determine what to do with the frame. The entire process is described below. CPU Interface Filtering State Settings In the following window, the user may globally enable or disable the CPU Interface Filtering mechanism by using the pull-down menu to change the running state. To access this window, click ACL > CPU Interface Filtering > CPU Interface Filtering State. Choose Enabled to enable CPU packets to be scrutinized by the Switch and Disabled to disallow this scrutiny. Figure 9- 18. CPU Interface Filtering State Settings window CPU Interface Filtering Table The CPU Interface Filtering Table displays the CPU Access Profile Table entries created on the Switch. To view the configurations for an entry, click the hyperlinked Profile ID number. To view this window click ACL > CPU Interface Filtering > CPU Interface Filtering Table. Figure 9- 19. CPU Interface Filtering Table To add an entry to the CPU Interface Filtering Table, click the Add Profile button. This will open the CPU Interface Filtering Configuration page, as shown below. To remove all CPU Interface Filtering Table entries, click the Clear All button. There are three Access Profile Configuration pages; one for Ethernet (or MAC address-based) profile configuration, one for IP addressbased profile configuration and one for the Packet Content Mask. You can switch between the three Access Profile Configuration pages by using the Type drop-down menu. The page shown below is the Ethernet CPU Interface Filtering Configuration page. 189

Section	Page
Table of Contents	3
Intended Readers	10
Typographical Conventions	10
Notes, Notices, and Cautions	11
Safety Instructions	12
Safety Cautions	12
General Precautions for Rack-Mountable Products	13
Lithium Battery Precaution	14
Protecting Against Electrostatic Discharge	14
Ethernet Technology	15
Switch Description	15
Features	15
Ports	15
Front-Panel Components	15
Side Panel Description	15
Rear Panel Description	15
Gigabit Combo Ports	15
Ethernet Technology	15
Fast Ethernet Technology	15
Switch Description	15
Features	16
Ports	17
Front-Panel Components	18
DGS-3426	18
DGS-3426P	18
DGS-3427	18
DGS-3450	18
LED Indicators	19
Rear Panel Description	21
DGS-3426	21
DGS-3426P	21
DGS-3427	21
DGS-3450	21
Side Panel Description	22
Package Contents	23
Installation Guidelines	23
Installing the Switch without the Rack	23
Rack Installation	23
Power On	23
The Optional Module	23
Redundant Power System	23
Package Contents	23
Installation Guidelines	23
Installing the Switch without the Rack	24
Installing the Switch in a Rack	24
Mounting the Switch in a Standard 19\	25
Power On	25
Power Failure	25
Installing the SFP ports	26
The Optional Module	27
Installing the Module	28
External Redundant Power System	29
Switch to End Node	31
Switch to Switch	31
Connecting To Network Backbone or Server	31
Switch to End Node	31
Switch to Switch	31
Connecting To Network Backbone or Server	32
Management Options	33
Connecting the Console Port (RS-232 DCE)	33
First Time Connecting to the Switch	33
Password Protection	33
SNMP Settings	33
IP Address Assignment	33
Connecting Devices to the Switch	33
Management Options	33
1. Web-based Management Interface	33
2. SNMP-Based Management	33
3. Command Line Console Interface through the Serial Port	33
Connecting the Console Port (RS-232 DCE)	34
Managing the Switch for the First Time	35
Password Protection	36
SNMP Settings	37
Traps	37
MIBs	37
IP Address Assignment	38
Introduction	40
Logging on to the Web Manager	40
Web-Based User Interface	40
Basic Setup	40
Reboot	40
Basic Switch Setup	40
Network Management	40
Switch Utilities	40
Network Monitoring	40
IGMP Snooping Status	40
Introduction	40
Logging in to the Web Manager	40
Web-based User Interface	41
Areas of the User Interface	41
Web Pages	42
DGS-3400 Web Management Tool	44
IP Address	44
Interface Settings	44
Stacking	44
Port Configuration	44
User Accounts	44
Port Mirroring	44
System Log	44
System Severity Settings	44
SNTP Settings	44
MAC Notification Settings	44
TFTP Services	44
Multiple Image Services	44
Ping Test	44
Safeguard Engine	44
Static ARP Settings	44
IPv6 Neighbor	44
Routing Table	44
DHCP/BOOTP Relay	44
DHCP Auto Configuration	44
SNMP Manager	44
IP-MAC-Port Binding	44
PoE	44
Single IP Management Settings	44
Device Information	45
IPv6	47
Overview	47
Packet Format	48
IPv6 Header	48
Extension Headers	49
Packet Fragmentation	49
Address Format	49
Types	50
ICMPv6	51
Neighbor Discovery	51
Neighbor Unreachability Detection	51
Duplicate Address Detection (DAD)	52
Assigning IP Addresses	52
IP Interface Setup	52
IP Address	53
Setting the Switch's IP Address using the Console Interface	54
Interface Settings	55
IPv4 Interface Settings	55
IPv6 Interface Settings	56
Stacking	60
Stack Switch Swapping	61
Stacking Mode Settings	62
Box Information	62
Port Configuration	63
Port Error Disabled	64
Port Description	65
Cable Diagnostics	65
User Accounts	67
Port Mirroring	68
Mirroing within the Switch Stack	69
System Log	70
System Log Save Mode Settings	71
System Severity Settings	73
SNTP Settings	74
Time Settings	74
Time Zone and DST	75
MAC Notification Settings	77
TFTP Services	78
Multiple Image Services	80
Firmware Information	80
Config Firmware Image	81
Ping Test	82
IPv4 Ping Test	82
IPv6 Ping Test	83
Safeguard Engine	84
Safeguard Engine Settings	85
Static ARP Settings	86
IPv6 Neighbor	87
IPv6 Neighbor Settings	87
Routing Table	89
IPv4 Static/Default Route Settings	89
IPv6 Static/Default Route Settings	90
DHCP/BOOTP Relay	92
DHCP / BOOTP Relay Global Settings	92
The Implementation of DHCP Information Option 82	94
DHCP/BOOTP Relay Interface Settings	95
DHCP Auto Configuration Settings	96
SNMP Manager	97
Traps	97
MIBs	97
SNMP Trap Settings	98
SNMP User Table	98
SNMP View Table	100
SNMP Group Table	101
SNMP Community Table	103
SNMP Host Table	104
SNMP Engine ID	105
IP-MAC-Port Binding	106
ACL Mode	106
IP-MAC Binding Port	108
IP-MAC Binding Table	109
IP-MAC Binding Blocked	110
PoE Configuration	111
PoE System Settings	111
PoE Port Settings	113
Single IP Management (SIM) Overview	115
The Upgrade to v1.61	116
Single IP vs. Switch Stacking	117
SIM Using the Web Interface	117
Topology	118
Tool Tips	121
Right Click	123
Group Icon	123
Commander Switch Icon	124
Member Switch Icon	124
Candidate Switch Icon	124
Menu Bar	125
File	125
Group	125
Device	125
View	126
Help	126
Firmware Upgrade	126
Configuration Backup/Restore	126
Upload Log	127
VLAN	128
Trunking	128
IGMP Snooping	128
MLD Snooping	128
Loopback Detection Global Settings	128
Spanning Tree	128
Forwarding and Filtering	128
VLANs	128
Understanding IEEE 802.1p Priority	128
VLAN Description	128
Notes about VLANs on the DGS-3400 Series	129
IEEE 802.1Q VLANs	129
802.1Q VLAN Tags	130
Port VLAN ID	131
Tagging and Untagging	131
Ingress Filtering	132
Default VLANs	132
Port-based VLANs	132
VLAN Segmentation	133
VLAN and Trunk Groups	133
Protocol VLANs	133
Static VLAN Entry	133
GVRP Settings	137
Double VLANs	138
Regulations for Double VLANs	139
Double VLAN	140
PVID Auto Assign	142
MAC-based VLAN Settings	143
Trunking	144
Understanding Port Trunk Groups	144
Link Aggregation	145
LACP Port Settings	148
IGMP Snooping	151
IGMP Snooping Settings	151
Router Port Settings	152
ISM VLAN	154
Restrictions and Provisos	154
Limited Multicast Address Range	156
MLD Snooping	158
MLD Control Messages	158
MLD Snooping Settings	158
MLD Router Port Settings	160
Loopback Detection Global Settings	162
Spanning Tree	164
802.1s MSTP	164
802.1w Rapid Spanning Tree	164
Port Transition States	164
Edge Port	165
P2P Port	165
802.1D/802.1w/802.1s Compatibility	165
STP Bridge Global Settings	166
MST Configuration Identification	169
MSTP Port Information	171
STP Instance Settings	173
STP Port Settings	174
Forwarding & Filtering	176
Unicast Forwarding	176
Multicast Forwarding	176
Multicast Filtering Mode	177
Bandwidth Control	179
QoS Scheduling Mechanism	179
QoS Output Scheduling	179
802.1P Default Priority	179
802.1P User Priority	179
QoS	179
The Advantages of QoS	179
Understanding QoS	180
Bandwidth Control	182
QoS Scheduling Mechanism	183
QoS Output Scheduling	184
Configuring the Combination Queue	185
802.1P Default Priority	186
802.1P User Priority	187
Time Range	188
Access Profile Table	188
CPU Interface Filtering	188
Time Range	188
Access Profile Table	190
CPU Interface Filtering	203
CPU Interface Filtering State Settings	203
CPU Interface Filtering Table	203
Authorization Network State Settings	216
Traffic Control	216
Port Security	216
802.1X	216
Trust Host	216
Access Authentication Control	216
MAC Based Access Control	216
Traffic Segmentation	216
SSL	216
SSH	216
JWAC	216
Authorization Network State Settings	216
Traffic Control	217
Port Security	219
Port Security Entries	220
802.1X	221
802.1x Port-Based and MAC-Based Access Control	221
Authentication Server	221
Authenticator	222
Client	222
Authentication Process	223
Understanding 802.1x Port-based and MAC-based Network Access Control	223
Port-Based Network Access Control	224
MAC-Based Network Access Control	225
Guest VLANs	226
Limitations Using the Guest VLAN	226
Configure 802.1X Authenticator	227
Configure 802.1x Guest VLAN	229
Authentic RADIUS Server	230
Trust Host	231
Access Authentication Control	232
Authentication Policy & Parameters	233
Application's Authentication Settings	233
Authentication Server Group	234
Authentication Server Host	235
Login Method Lists	237
Enable Method Lists	238
Configure Local Enable Password	241
Enable Admin	241
MAC Based Access Control	242
MAC Based Access Control Global Settings	242
MAC Based Access Control Local MAC Settings	243
Traffic Segmentation	245
Secure Socket Layer (SSL)	246
Download Certificate	246
SSL Configuration	247
Secure Shell (SSH)	249
SSH Server Configuration	249
SSH Authentication Mode	250
SSH User Authentication Mode	252
JWAC (Japanese Web-based Access Control)	254
JWAC Global Configuration	254
JWAC Port Settings	256
JWAC User Account	259
JWAC Host Information	260
Device Status	261
Stacking Information	261
Module Information	261
CPU Utilization	261
Port Utilization	261
Packets	261
Errors	261
Packet Size	261
Browse Router Port	261
Browse MLD Router Port	261
VLAN Status	261
VLAN Status Port	261
Port Access Control	261
MAC Address Table	261
IGMP Snooping Group	261
MLD Snooping Group	261
Switch Logs	261
Browse ARP Table	261
Session Table	261
IP Forwarding Table	261
Browse Routing Table	261
MAC Based Control Authentication Status	261
Device Status	262
Stacking Information	262
Module Information	263
CPU Utilization	264
Port Utilization	265
Packets	266
Received (Rx)	266
UMB Cast (RX)	268
Transmitted (TX)	270
Errors	272
Received (RX)	272
Transmitted (TX)	274
Packet Size	276
Browse Router Port	279
Browse MLD Router Port	280
VLAN Status	281
VLAN Status Port	282
Port Access Control	283
RADIUS Authentication	283
RADIUS Account Client	284
MAC Address Table	286
IGMP Snooping Group	287
MLD Snooping Group	288
Switch Logs	289
Browse ARP Table	290
Session Table	291
IP Forwarding Table	292
Browse Routing Table	293
MAC Based Access Control Authentication Status	294
Reset	295
Reboot System	295
Save Services	295
Logout	295
Reset	295
Reboot System	296
Save Services	297
Save Changes	297
Configuration Information	298
Current Configuration Settings	299
Logout	299
Technical Specifications	300
Cables and Connectors	302
Cable Lengths	303
Switch Log Entries	304
Log Information	304
Copyright Statement: No part of this publication or documentation accompanying this product may be reproduced in any form or by any means or used to make any derivative such as translation, transformation, or adaptation without permission from D-Link Corporation/D-Link Systems, Inc., as stipulated by the United States Copyright Act of 1976 and any amendments thereto. Contents are subject to change without prior notice. Copyright 2004 by D-Link Corporation/D-Link Systems, Inc. All rights reserved.	323
FCC Statement: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a commercial installation. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communication. However, there is no guarantee that interference will not occur in a particular installation. Operation of this equipment in a residential environment is likely to cause harmful interference to radio or television reception. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures:	323
Warranty beneficiary	325
Duration of Limited Lifetime Warranty	325
Replacement, Repair or Refund Procedure for Hardware	325

Match case Limit results 1 per page

xStack DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch

CPU Interface Filtering

Due to a chipset limitation and needed extra switch security, the xStack DGS-3400 Series switch incorporates CPU Interface

filtering. This added feature increases the running security of the Switch by enabling the user to create a list of access rules for

packets destined for the Switch’s CPU interface. Employed similarly to the Access Profile feature previously mentioned, CPU

interface filtering examines Ethernet, IP and Packet Content Mask packet headers destined for the CPU and will either forward

them or filter them, based on the user’s implementation. As an added feature for the CPU Filtering, the xStack DGS-3400 Series

switch allows the CPU filtering mechanism to be enabled or disabled globally, permitting the user to create various lists of rules

without immediately enabling them.

Creating an access profile for the CPU is divided into two basic parts. The first is to specify which part or parts of a frame the

Switch will examine, such as the MAC source address or the IP destination address. The second part is entering the criteria the

Switch will use to determine what to do with the frame. The entire process is described below.

CPU Interface Filtering State Settings

In the following window, the user may globally enable or disable the CPU Interface Filtering mechanism by using the pull-down

menu to change the running state. To access this window, click

ACL > CPU Interface Filtering > CPU Interface Filtering

State

. Choose

Enabled

to enable CPU packets to be scrutinized by the Switch and

Disabled

to disallow this scrutiny.

Figure 9- 18. CPU Interface Filtering State Settings window

CPU Interface Filtering Table

The

CPU Interface Filtering Table

displays the CPU Access Profile Table entries created on the Switch. To view the

configurations for an entry, click the hyperlinked

Profile ID

number. To view this window click

ACL

CPU Interface Filtering

CPU Interface Filtering Table

Figure 9- 19. CPU Interface Filtering Table

To add an entry to the

CPU Interface Filtering Table

, click the

Add Profile

button. This will open the

CPU Interface Filtering

Configuration

page, as shown below. To remove all CPU Interface Filtering Table entries, click the

Clear All

button. There are

three

Access Profile Configuration

pages; one for

Ethernet

(or MAC address-based) profile configuration, one for

address-

based profile configuration and one for the

Packet Content Mask

. You can switch between the three

Access Profile

Configuration

pages by using the

Type

drop-down menu. The page shown below is the

Ethernet CPU Interface Filtering

Configuration

page.

189