smart iii switch functions and features webui config guide 1 1 ©copyright 2007. by d-link hq tsd...
TRANSCRIPT
Smart III Switch
Functions and Features
WebUI Config Guide
1 1
©Copyright 2007. By D-Link HQ TSD James Chu
Smart Wizard
Before entering the Web-based Management Utility, you can see the Smart Wizard first, it will guide you to quick configure some functions as below. If you don’t plan to change anything, click Exit to exit the Wizard and enter the Web Interface:
- Password Setting
- SNMP Setting
- System Setting
Function Tree OverviewSystem• System Settings• Trap Settings• Port Settings• SNMP Settings• Password Access Control• System Log Settings
Configuration• Jumbo Frame• 802.1Q VLAN• 802.1Q Management VLAN• Voice VLAN• Link Aggregation• IGMP Snooping• Port Mirroring• Power Saving• Loopback Detection• SNTP Settings• Spanning Tree
QoS• Storm Control• Bandwidth Control• 802.1P/DSCP Priority Settings
Security• Trusted Host• Safeguard Engine• Port Security• 802.1x• MAC Address Table
• ACL● ACL Configuration Wizard● Access Profile List● ACL Finder
• Monitoring● Statistics● Cable Diagnostics● System Log
System Contents
System• System Settings
• Trap Settings
• Port Settings
• SNMP Settings
• Password Access Control
• System Log Settings
System>> Contents
System SettingsIP Information• Static: When using static mode, the IP Address, Subnet Mask and Gateway can be manually
configured
• DHCP: When using DHCP mode, the Switch will first look for a DHCP server to provide it with an IP address, network mask, and default gateway before using the default or previously entered settings
System Information• System Name: For easier recognized when manage.
• System Location: For easier recognized when manage.
• Login Timeout (3-30 minutes): For controls the idle time-out for security purposes.
• Group Internal (120-1225 seconds): For routinely send report packets to the SmartConsole Utility in order to maintain the correct data shown. Setting zero (0) means disable Group Interval.
System>> System Settings
Trap SettingsTrap is a message which is initiated by switch, when some abnormal conditions happen (Ex: link change, device bootup), switch will send out the announcement to notify the managed stations.
Trap Settings for Smart Console Utility:• It allows Smart Console Utility to monitor specified events on Smart Switch, the default is disabled.
• The Destination IP for the managed station that will receive trap information.
• After enabled, when the specified events happen (ex: Link change), Smart switch will send out the UDP packets which contain the events information to Smart Console Utility for the log.
System>> Trap Settings
Port SettingsPort Settings:
• By selecting a range of ports, setting the Speed to be “Auto mode, forced mode, or Disabled”, the Flow Control to be enabled or disabled, and lastly MDI/MDIX to
“Auto, MDI or MDIX”.
System>> Port Settings
SNMP SettingsSNMP Setting:• SNMP, Simple Network Management Protocol, developing to manage the devices, by using the OID and
SNMP commands to read or modify it.
Community Setting:• Community Strings are like passwords between switch and managed PC.
Trap Setting:• Traps are messages that alert some events occur on the Switch, and send SNMP Trap Packets to the
managed PC for the notify.
System>> SNMP Settings
SNMP Settings TestTopology:
After configure the SNMP Setting as last slide, we can use the following 2 method for getting the information from smart switch (DGS-1210 in this example):• SNMP: (use “commTrapIpAddress” for the example: the IP Address of this SNMP Trap Community Entry)
#snmpwalk -v2c -c private 192.168.0.1 1.3.6.1.4.1.171.10.76.5.1.3.1.3
• Trap:
>> SNMP Settings Test
DGS-1210Managed PC192.168.0.5
System
Test Client forlink up/down
Password Access Control
Password Access Control
>> Password Access Control
System
System Logs Settings• System Log Configuration
– System Logs record and manage events, as well as report errors and informational messages. Message severity determines a set of event messages that will be sent. Click Enable so you can start to configure the related settings of the remote system log server, then press Apply for the changes to take effect.
>> System Logs Settings
System
Configuration ContentsConfiguration• Jumbo Frame
• 802.1Q VLAN
• 802.1Q Management VLAN
• Voice VLAN
• Voice VLAN Settings• Voice VLAN OUI Settings
• Link Aggregation
• Port Trunkings• LACP Port Settings
• IGMP Snooping
• Port Mirroring
• Power Saving
• Loopback Detection
• SNTP Settings
• Time Settings• TimeZone Settings
• Spanning Tree
• STP Global Settings
• STP Port Settings
Configuration>> Contents
Jumbo Frame (only for DGS series)
Jumbo Frame Configuration• Jumbo frames mean larger than the Ethernet frame size of 1500 bytes, and D-Link Gigabit Smart
Switches support jumbo frame up to 10000 bytes (around 10KB). Default is disabled.
Configuration>> Jumbo Frame
802.1Q VLANExample for edit a VLAN:
Configuration>> 802.1Q VLAN
802.1Q VLAN
Example for create an new VLAN:
Configuration>> 802.1Q VLAN
802.1Q VLANExample for the Asymmetric VLAN:• Asymmetric VLAN allows devices in different VLANs to communicate with the servers, firewalls
or other shared resources in the shared VLAN.
• As the diagram below, VLAN 2 and VLAN 3 cannot communicate each other, but both of them can access to VLAN 1 by Asymmetric VLAN.
VLAN 1 (Shared VLAN)
VLAN 2 (Access VLAN)
VLAN 3 (Access VLAN)
Configuration>> 802.1Q VLAN
802.1Q VLANAsymmetric VLAN Test Topology:
Settings:
Configuration>> 802.1Q VLAN
PC1 (VID 2)
PC2 (VID 3)
PC3 (VID 4)
Servers (VID 1)
Firewall (VID 1)
5 6 7 15-18 20
802.1Q Management VLAN
By default, all VLANs are the Management VLAN in smart switch. So 802.1Q Management VLAN setting allows you to transfer the authority to one specific VLAN. Default is disabled.
For example, we can set the VLAN 2 to be the only one Management VLAN in smart switch, so the client who connected to VLAN 2 can access to DGS-1224T:• First, there are 3 VLANs in DGS-1224T:
• Change the “VID 2” to be Management VLAN only:
>> 802.1Q Management VLAN
Configuration
Voice VLAN • Voice VLAN Settings
– Voice VLAN is a feature that allows you to automatically place the voice traffic from IP phone to an assigned VLAN to enhance the VoIP service. With a higher priority and individual VLAN, the quality and the security of VoIP traffic are guaranteed. Switch will add ports to the voice VLAN automatically if it detects the device OUI matches the Telephony OUI configured in the Voice VLAN OUI Setting page.
>>Voice VLAN
Configuration
Voice VLAN• Voice VLAN OUI Settings
– This window allows the user to configure the user-defined voice traffic’s OUI. An Organizationally Unique Identifier (OUI) is the first three bytes of the MAC address. This identifier uniquely identifies a vendor, manufacturer, or other organization.
>>Voice VLAN
Configuration
Link Aggregation Port Trunking• The Trunking function enables the cascading of two or more ports for a combined larger bandwidth. Up
to eight Trunk groups may be created, each supporting up to 8 ports.
Configuration>> Trunk
Link Aggregation• LACP port settings
– The LACP Port Settings is used to create port trunking groups on the Switch. The user may set which ports will be active and passive in processing and sending LACP control frames and Port priority. In order to utilize the ability to change an aggregated port group, that is, to add or subtract ports from the group, at least one of the participating devices must designate LACP ports as active. Lastly the administrative LACP timeout.
>>Link Aggregation
Configuration
IGMP Snooping
IGMP Snooping Configuration: With IGMP Snooping, the Smart Switch can make intelligent multicast forwarding decisions by examining the contents of each frame’s Layer 2 MAC header.
• IGMP Global Settings.
• VLAN Setting of IGMP Snooping: After enable IGMP Snooping, you can edit each VLAN Settings of IGMP Snooping.
Configuration>> IGMP Snooping
Port MirroringPort Mirroring• Port Mirroring is a method of monitoring network traffic that forwards a copy of each incoming and/or
outgoing packet from one port of the Switch to another port where the packet can be studied.
• Target Port: Select a target port which will monitor.
• Source Port: Select a source port which will be monitored, and the sniffer mode as TX, RX, or Both.
Configuration>> Port Mirroring
Power Saving (only for DGS series)Power Saving:• The Power Saving mode feature reduces power consumption automatically when the port link
down or the connected devices are turned off. By default, the Power Saving mode is enabled.
• For example, the following is the Power Consumption Table in 110V AC (Unit: W) on DGS-1210:Test Items Enable PS Disable PS Old revision
All port Link Down Test 8.4 W 10.8 W 13.4 W
1/2 port Link Up w/o traffic 18.0 W 18.7 W 26.8 W
1/2 port Link Up w 100% traffic
18.5 W 19.0 W 27.7 W
All port Link Up w/o traffic 29.8 W 29.8 W 44.1 W
All port Link Up w 100% traffic 30.4 W 30.4 W 45.2 W
PowerSavingTestResult_DGS-12XX.zip
Configuration>> Power Saving
Loopback DetectionLoopback Detection Settings• The Loopback Detection function is used to detect the loop created by a specific port while
Spanning Tree Protocol (STP) is not enabled in the network. The Switch will automatically shutdown the port and sends a log to the administrator.
• Loopback Detection Global Settings: Set the Loop detection interval and the Loopback Detection port will be unlocked when the Loopback Detection Recover Time times out and .
>>Loopback Detection
Configuration
SNTP SettingsTime Settings• Simple Network Time Protocol is used by the Switch to synchronize the clock of the computer.
• SNTP Server Configuration: Specify the IP address of the primary and Secondary SNTP server from which the system time is retrieved or Set time from a PC.
>>SNTP Settings
Configuration
SNTP SettingsTimeZone Settings• The TimeZone Setting Page is used to configure time zones and Daylight Savings time settings for
SNTP
• DST Annual Settings: Using annual mode will enable DST seasonal time adjustment
>>SNTP Settings
Configuration
Spanning TreeSTP Global Settings• Enabled, the Switch will listen for BPDU packets and its accompanying Hello packet. BPDU
packets are sent even if a BPDU packet was not received. Therefore, each link between bridges is sensitive to the status of the link results in faster detection of failed links, and thus faster topology adjustment.
>>Spanning Tree
Configuration
Spanning TreeSTP Port Settings• STP can be set up on a port per port basis. In addition to setting Spanning Tree parameters for
use on the switch level, the Switch allows for the configuration of the groups of ports, each port-group of which will have its own spanning tree, and will require some of its own configuration settings.
• Setting for External Cost define a metric that indicates the relative cost of forwarding packets , Migrate parameter as “Yes” will set the ports to send out BPDU packets to other bridges, requesting information on their STP setting and Edge selected the port as an edge port that cannot create loops.
>>Spanning Tree
Configuration
PoE Contents
PoE:• PoE Port Settings
• PoE System Settings
PoE (Power Over Ethernet)PoE, means Power Over Ethernet, is a technology that allows to supply electricity over standard Ethernet cables, as well as providing the data, which is defined by the IEEE 802.3af specification.
PoE consists of 2 components :• PSE: means Power Sourcing Equipment, the devices which provide the power to PD.
• PD: means Powered Device, the devices which receive the power from PSE, it could be IP telephones, wireless AP, network cameras, and other appliances.
IEEE 802.3af defined that the PSE provides power according to the following classification:
Class Usage Max power used by PD
0 Default 15.4W
1 Optional 4.0W
2 Optional 7.0W
3 Optional 15.4W
4 Reserved 15.4W
PoE>> PoE
PoE (Power Over Ethernet)
DGS-1210-10P supports PoE:• Supply power to PD device up to 15.4W per port. • The Power Budget of all switch is 180W.
• When port current is over 350mA, switch will auto disable the ports.
PoE System settings:• Power Threshold: When the ratio of the system power supply is larger than or smaller than the
System Power Threshold Setting, the Switch will send trap events to the Management Station.
>> PoE
PoE
PoE (Power Over Ethernet)PoE Port Settings:• Power Limit: This function allows you to manually set the port power current limitation to be given to
the PD. Select from "Class 1 (4.0W )", "Class 2 (7.0W ) ", "Class 3 (15.4.W ) " and "Auto" for the power limit.
• PoE Port Status: we also provide the auto discovery feature, automatically recognize the connection of PD device. 5 diagnostics status in this section: “Normal”, “Power management cause fail”, “Over current”, “Short circuit”, and “Power ON”.
>> PoE
PoE
PoE (Power Over Ethernet) TestTopology:
Setting:• Enable PoE function on port 1-5, and select power limit to “Auto”.
• Connected DWL-8200AP to DGS-1210-10P, then AP start working by the power provided from PoE switch.
• Check the Table, after Auto check, the PD is class 3 with 4.41W / 49.53V / 89.06mA, and status is “Power ON”, means work well.
>> PoE Test
PoE
DGS-1210-
10P
PSE:DGS-1210-10P
3
PD:DWL-8200AP
LAN1 (PoE)
. ...
QoS Contents
QoS• Storm Control
• Bandwidth Control
• 802.1P/DSCP Priority Settings
QoS>> Contents
Storm ControlQoS>> Storm Control
• Storm Control– The Storm Control feature provides the ability to control the receive rate of broadcast,
multicast, and unknown unicast packets.
Bandwidth ControlQoS>>Bandwidth Control
• Bandwidth Control– The Bandwidth Control page allows network managers to define the bandwidth settings for a specified
port’s transmitting and receiving data rates.
– By setting Disabled in No Limit, the selected port will have no bandwidth limit. If enable, the Rate field allows you to enter the data rate, in Kbits per second, will be the limit for the selected port.
802.1p/DSCP Priority SettingsQoS:• QoS can provide different priority to different users or data flows, or guarantee a certain level of
performance to a data flow in accordance with requests from the application program or the internet service provider policy.
Qos mode:• 802.1p
• DSCP
Queue Mechanism: • Strict Priority
• WRR (Weighted Round-Robin)
QoS>> 802.1p/DSCP Priority Settings
802.1p/DSCP Priority- Qos mode802.1p:
• 802.1p priority in the VLAN tag, for layer 2 packets.
• For ingress tagged packets, D-Link Smart Switches will refer to their 802.1p information and prioritize them with 4 different priority queues (Highest, High, Medium, Low).
• For ingress untagged packets, the per port "Default Priority" settings will be applied to packets of each port to provide port-based traffic prioritization.
• For our smart switch, 802.1p support 4 queues of the priority:Switch Priority Queues 802.1p Priority Class of Traffic
Highest 6, 7 3
High 4, 5 2
Medium 0, 3 1
Low 1, 2 0
Tagged frame
Untagged frame
Tagged frame
Tagged frame
VIDPri. VIDPri.
PVIDPri.
Ingress Rule
QoS>> 802.1p/DSCP Priority-QoS Mode
802.1p/DSCP Priority- Qos modeDSCP:
• Differentiated Services Code Point (DSCP), is a field in the IP header of layer 3 that enables different levels of service to be assigned to network traffic. This is achieved by marking each packet on the network with a DSCP code and appropriating to it the corresponding level of service.
• For our smart switch, we’ll check the DSCP value from the incoming packets, and decide the priority of handling by mapping the value to our DSCP Priority Table in switch.
• Also we have 4 queues for mapping DSCP Value into different level of priority: Highest, High, Medium, and Low.
QoS>> 802.1p/DSCP Priority-QoS Mode
76543210
DSCP
Offset FCSProtoTTLIDLENToSVersion SA_IP DA_IP DataL3 IPV4
Unused Bits
802.1p/DSCP Priority- Queue MechanismStrict Priority: to process the packets with the highest priority.
Highest Priority Queue
45 1
4
2
5
6
3
High Priority Queue
Medium Priority Queue
Low Priority Queue
1
3
26
QoS>> 802.1p/DSCP Priority-Queue Mechanism
802.1p/DSCP Priority- Queue MechanismWRR (Weighted Round-Robin): to process packets according to the weight of each priority within our
smart switch.
x
x
x
x
xx
x
x
x
x
x
x
1718
25
17
18
25
9101112
1920
2628 27
QoS>> 802.1p/DSCP Priority-Queue Mechanism
9
10
11
12
1234
5678
13141516
21222324
293032 31
1
2
3
4
5
6
7
8
Medium Priority Queue (20%)
High Priority Queue (40%)
Highest Priority Queue (80%)
Low Priority Queue (10%)
Security Contents
Security• Trusted Host
• Safeguard Engine
• Port Security
• 802.1x
• 802.1x Setting• MAC Address Table
• Static MAC• Dynamic Forwarding Table
Security>> Contents
Trusted Host
Trusted Host• Use Trusted Host function to manage the switch from a remote station, you can create 3 designated
management stations by defining the IP address/Mask.
Security>> Trusted Host
1
2
3
Safeguard Engine
If there are malicious hosts attacking the Switch, the CPU receiving high packet rate and CPU utilization may be very high. During this period, normal management services will be impacted. (i.e. ARP packet storm)
So the solution is Safeguard Engine. This function is designed to reduce the CPU utilization, and protects D-Link Switches from malicious viruses or worm attacks.
Safeguard Engine is enabled by default in Smart Switches and disabled by default in Managed Switches.
Security>> Safeguard Engine
* This feature are supported in both D-Link Smart and Managed Switches.
Port Security
Port Security• Port Security is a security feature that prevents unauthorized computers (with source MAC addresses) unknown to the
Switch prior to stopping auto-learning processing from gaining access to the network by stopping such that the current source MAC addresses entered into the MAC address forwarding table can not be changed once the port lock is enabled.
Security>> Port Security
802.1x802.1x define a client/server-based access control and authentication protocol that restricts unauthorized devices from connecting to a LAN through publicly accessible ports. The Authentication Server authenticates each client connecting to a switch port before making any services offered by the switch or LAN available.
802.1X Authentication Mechanism consists of three components• Authentication Server (RADIUS Server) : The Authentication Server validates the identity of
the client and notifies the Authenticator.
• Authenticator (Switch) : The Authenticator requests information from the client, verifies that information with the Authentication Server and relays a response to the client.
• Client : The client requests access to the LAN and switch services and responds to the requests from the switch. The Workstation must run 802.1X-Compliant Client Software (eg. Windows XP has embedded 802.1X suppliant).
Security>> 802.1x
RADIUS Server(Authentication Server)
Switch(Authenticator)
Client
Authentication Server
802.1x Client802.1x Client
802.1x Client
Unauthorized Device
802.1x
802.1x setting interface on smart switch:• Radius Server IP: assign the IP Address of Radius Server.
• Authentication Port: sets primary port for security monitoring. Default is 1812.
• Key: Masked password matching the Radius Server Key.
• ReAuthEnabled: This enables or disables the periodic ReAuthentication control. When the 802.1X function is enabled, the ReAuthEnabled function is by default also enabled.
• ReAuthPeriod: This command affects the behavior of the switch only if periodic re-authentication is enabled. Default is 3600.
1
23
Security>> 802.1x
802.1x TestTopology:
Test Result:
Authentication Username/password test/test
DGS-1210 802.1x enabled port 1-8
Radius Server Secret key dlink
DGS-1210
Radius Server192.168.0.10
802.1x Client192.168.0.5
315
DGS-1210192.168.0.1
MAC Address TableStatic MAC• Disable Auto Learning Excluding Uplink Port:
• When turn on it (means disable auto learning), switch will not learn any MAC address to MAC Address Table except for the uplink port you check in the port list, and switch should follow the static MAC table for the security.
• For example, after turn on this feature and select the port 1 to be uplink port, then only the devices under port 1 can be learned by switch.
• Static MAC Address Lists: displays the static Mac address list, as well as the VID.
Security>> MAC Address Table
1
2
3
MAC Address Table
Dynamic Forwarding Table: • For each port, this table displays the Mac address of each packet passing through the Switch, and you
can add the Mac address into static Mac Address list by the following steps:
Security>> MAC Address Table
1
2
3
ACL ContentsACL• ACL Configuration Wizard
• Access Profile List
• ACL Finder
ACL>> Contents
ACL Configuration Wizard
ACL Configuration Wizard• Access Control List (ACL) allows you to establish criteria to determine whether or not the Switch will
forward packets based on the information contained in each packet's header. This criteria can be specified on a basis of the MAC address, or IP address and on which ports to allow or deny the packets.
ACL>>ACL Configuration Wizard
Access Profile List
Access Profile List• The ACL Profile List provides information for configuring ACL Profiles manually. ACL profiles are attached
to interfaces, and define how packets are forwarded if they match the ACL criteria.
ACL>>Access Profile List
Access Profile List• Access Profile List
– To manually add a profile, click Add ACL Profile:
ACL>>Access Profile List
ACL Finder• ACL Finder
– This page is used to help find a previously configured ACL entry. To search for an entry, enter the profile ID from the drop-down menu, select a port that you wish to view, define the state and click Find. The table on the lower half of the screen will display the entries. To delete an entry click the corresponding Delete button or edit the profile by selecting the Access ID.
ACL>>ACL Finder
Monitoring Contents
Monitoring• Statistics
• Cable Diagnostics
• System Log
Monitoring>> Contents
Statistics
Statistics: • Displays the status of each port packet count.
Monitoring>> Statistics
Cable DiagnosticsCable Diagnostics: • The Cable Diagnostics for examine the cable healthy status, and can rapidly determines the type
of cable errors occurred in the cable, and detect the cable length.
• For D-Link Smart Switch, this function:
• only applied for Gigabit copper port when the link speed is 1000M. • For detect the cable length and the Cable errors of Open or Short.
CableDiagnosticTest.zip
Monitoring>> Cable Diagnostics
System LogSwitch History Log• The System Log page provides information about system logs, including information when the
device was booted, how the ports are operating, when users logged in, when sessions timed out, as well as other system information.
Monitoring>> System Log
Q&A