4 Cnfiguration - D-Link
Contents
1. Figure 4 115 PoE gt PoE Port Setting From Port To Port Specifies the PoE function of a port or ports State Select Enabled or Disabled to configure PoE function for designated port s Default is Enabled Time Range Select the PoE time profile configured from Time Based PoE gt Time Range Settings to enable the time based PoE function on designated port s Default setting is N A Priority Configure the power supply priority as Low Normal or High on designated port s Default is Normal Power Limit This function allows you to manually set the port power current limitation to be given to the PD To protect the DGS 1210 28P and the connected devices the power limit function will disable the PoE function of the port when the power is overloaded Select from Class 1 Class 2 Class 3 Class 4 and Auto for the power limit Auto will negotiate and follow the classification from the PD power current based on the 802 3at standard 178 4 Cnfiguration D Link Web Smart Switch User Manual User Define Check the box and input the power budget from 1 to 30W to manually assign an upper limit of port power budget on designated port s Click Apply to make the configurations take effects or click Refresh to redisplay the table Note For the PoE Port Settings table if the classification was shown as Legacy PD it will be classified to non AF PD or Legacy PD SNMP gt2. HTTP Backup firmware to file Upgrade firmware from file TFTP TFTP Server IP Address IPv4 O IPv6 TFTP File Name Backup firmware to file Upgrade firmware from file Figure 4 14 Tool Menu gt Firmware Backup and Upload HTTP Backup or upgrade the firmware to or from your local PC drive Click Backup to save the firmware to your disk Click Browse to browse your inventories for a saved firmware file Click Upgrade after selecting the firmware file you want to restore TFTP Backup or upgrade the firmware to or from a remote TFTP server Specify TFTP Server IP Address with IPv4 or IPv6 address and TFTP File Name for the configuration file you want to save to restore from Click Backup to save the firmware to the TFTP server Click Upgrade after selecting the firmware file you want to restore A CAUTION Do not disconnect the PC or remove the power cord from device until the upgrade completes The Switch may crash if the Firmware upgrade is incomplete Tool Bar gt Smart Wizard By clicking the Smart Wizard button you can return to the Smart Wizard if you wish to make any changes there Tool Bar gt Online Help The Online Help provides two ways of online support D Link Support Site will lead you to the D Link website where you can find online resources such as updated firmware images User Guide can offer an immediate D Link Support Site User Guide Figure 4 15 On
3. DHCPv6 Relay State Disabled DHCPv6 Relay Hops Count Limit 1 32 4 DHCPy6 Relay Option3 State Enabled DHCPY6 Relay Option3 Check Enabled E DHCPv6 Relay Option37 Remote ID Type Default v 00 01 02 03 04 05 i Interface is y stem Server IP DHCPv6 Relay Interface Table Server Address Figure 4 29 System gt DHCPVv6 Relay Settings 28 4 Cnfiguration D Link Web Smart Switch User Manual DHCPv 6 Relay Status Specifies whether DHCPv6 Relay is enabled on the device Enabled Enables DHCPV6 Relay on the device Disabled Disables DHCPv6 Relay on the device This is the default value DHCPv6 Relay Hops Count Limit 1 32 The field allows and entry between 1 and 32 to define the maximum number of router hops DHCPv6 messages can be forwarded The default hop count is 4 DHCPv 6 Relay Option37 State Specifies the DHCPv6 Relay Option37 State to be enabled or disabled DHCPv6 Relay Option37 Check Specifies the DHCPv6 Relay Option37 Check to be enabled or disabled DHCPv6 Relay Option37 Remote ID Type Specifies the DHCPv6 Relay Option37 Remote ID type is CID with User Defined User Defined or Default Interface Enter a name of the interface Server IP Enter the server IP address Click Apply to implement changes made System gt SysLog Host System Logs record and manage events as well as report errors and informational messages Message severity determines a set of event messages that will be sent C
4. Description Figure 4 24 System gt Port Description From Port To Port Specify the range of ports to describe Description Specify the description of ports Click Apply to set the description in the table System gt DHCP Auto Configuration This page allows you to enable the DHCP Auto Configuration feature on the Switch When enabled the Switch becomes a DHCP client and gets the configuration file from a TFTP server automatically on next boot up To accomplish this the DHCP server must deliver the TFTP server IP address and configuration file name information in the DHCP reply packet The TFTP server must be up and running and store the necessary configuration file in its base directory when the request is received from the Switch JTC e ein DHCP Auto Configuration O Enabled Disabled If DHCP Auto Configuration is enabled the switch will load a previously saved configuration file from TFTP server after every boot up fthe switch is unable to complete the Auto Configuration process the last configuration file saved in switch flash memory will be loaded Figure 4 25 System gt DHCP Auto Configuration System gt DHCP BOOTP Relay gt DHCP BOOTP Relay Global Settings User can enable and configure DHCP BOOTP Relay Global Settings on the Switch DHCP BOOTP Re BOOTP Relay State Disabled b BOOTP Relay Hops Count Limit 1 16 4 BOOTP Relay Time Threshold
5. Auto Surveillance VLAN O Enabled Disabled VLAN ID Priority l Tagged Uplink Downlink Port 5 eect 2 48 Eh User defined MAC Settings To add more device fs for Auto Surveillance YLAN by user defined configuration as below Component Type Description ee e E KKK Vi Mac wl Maximum number of user defined MAC is 4 entries ID Component Type Description MAC Address Delete 01 D Link Surveillance Device D Link IP Surveillance Device 28 10 7BXX XXX 02 D Link Surveillance Device D Link IP Surveillance Device F0 7D 68 0XXKXK Auto Surveillance VLAN Summary Component Type Description A Figure 4 42 VLAN gt Auto Surveillance VLAN Auto Surveillance VLAN Global Settings Auto Surveillance VLAN State Select to enable or disable Auto Surveillance VLAN The default is Disabled VLAN ID By default the VLAN ID 4094 was created as Auto Surveillance VLAN You also can create another Auto Surveillance VLAN by selecting a VLAN ID that you have created a VLAN from the 802 1Q 35 4 Cnfiguration D Link Web Smart Switch User Manual VLAN page The member port you configured in 802 1Q VLAN setting page will be the static member port of Auto Surveillance VLAN Priority The 802 1p priority levels of the traffic in the Auto Surveillance VLAN The possible values are 0 to 7 Tagged Uplink Downlink Port Specifies the ports to be tagged uplink port or downlink port for
6. IGMP 0 255 as Action Permit v C Priority 0 7 Replace Priority Figure 4 100 Add Access Rule IPv4 ICMP Assign sequence number Sequence No 1 65535 Specify the sequence number The value is from 1 to 65535 Auto Assign Auto assign the sequence number for a new rule Assign Rule Criteria Specify the IPv4 ACL settings ToS Check the box to specify the ToS priority and DSCP value ToS 0 7 Specify the ToS value DSCP 0 63 Specify the DSCP value The values are between 0 and 63 IPv4 Address Specify the IPv4 Source and destination address Source Select the source IP to be specified or Any relevant to the ACL rules Enter a source IP address and source IP mask For example to set 176 212 XX XX use mask 255 255 0 0 Destination Select the destination IP to be specified or Any relevant to the ACL rules Enter a destination IP address and destination IP mask For example to set 176 212 XX XX use mask 255 255 0 0 Protocol Check Protocol to configure the related settings Protocol Type Select the protocol type for IPv4 The possible fields are ICMP IGMP TCP UDP and Protocol ID ICMP Type 0 255 Sets the ICMP Type field as an essential field to match Code 0 255 Sets the ICMP code field as an essential field to match Select the ports which added into the Access List and click Next button then the ACL profile is added To define the IPv4 ACL IGMP Rule Select IPv4 ACL with IGMP and click Nex
7. 0 65535 0 DHCP Relay Agent Information Option 82 State DHCP Relay Agent Information Option 82 Check Disabled v DHCP Relay Agent Information Option 82 Policy Replace i x DHCF Relay Agent Information Option 82 Remote ID Default i 00 01 02 03 04 05 Apply Figure 4 26 System gt DHCP BOOTP Relay gt DHCP BOOTP Relay Global Settings BOOTP Relay State This field can be toggled between Enabled and Disabled using the pull down menu It is used to enable or disable the DHCP BOOTP Relay service on the Switch The default is Disabled BOOTP Relay Hops Count Limit 1 16 This field allows an entry between 7 and 76 to define the maximum number of router hoos DHCP BOOTP messages can be forwarded across The default hop count is 4 BOOTP Relay Time Threshold 0 65535 Allows an entry between 0 and 65535 seconds and defines the maximum time limit for routing a DHCP BOOTP packet If a value of O is entered the Switch will not process the value in the seconds field of the BOOTP or DHCP packet If a non zero value is entered the Switch will use that value along with the hop count to determine whether to forward a given BOOTP or DHCP packet 26 4 Cnfiguration D Link Web Smart Switch User Manual DHCP Relay Agent Information Option 82 State This field can be toggled between Enabled and Disabled using the pull down menu It is used to enable or disable the DHCP Agent Information Option 82 on the Switch The default is Disabled E
8. HMAC MD5 HMAC SHA1 Public Key Algorithm HMAC RSA Apply Figure 4 87 Security gt SSH gt SSH Settings SSH Authentication Mode Settings Password Allows user to use a locally configured password for authentication on the Switch Public Key This parameter may be enabled if the administrator wishes to use a public key configuration set on a SSH server for authentication on the Switch Host Based This parameter may be enabled if the administrator wishes to use a host computer for authentication This parameter is intended for Linux users requiring SSH authentication techniques and the host computer is running the Linux operating system with a SSH program previously installed Encryption Algorithm 3DES CBC Use the check box to enable or disable the Triple Data Encryption Standard encryption algorithm with Cipher Block Chaining The default is enabled Data Integrity Algorithm HMAC MD5 Use the check box to enable the supports of hash for message Authentication Code HMAC MD5 Message Digest MD5 mechanism HMAC SHAT Use the check box to enable the supports of hash for message Authentication Code HMAC Secure Hash Algorithm SHA mechanism Public Key Algorithm HMAC RSA Use the check box to enable the supports of Hash for Message Authentication Code HMAC mechanism utilizing the RSA encryption algorithm Click Apply to implement changes made Security gt SSH gt SSH User Authentication Lists The SSH User Aut
9. Security gt Smart Binding gt White List When IP ARP Inspection Mode is selected the White List page displays finished IP MAC Port Binding entries from page Smart Binding Only IP packets or ARP packets carrying matched IP MAC Port information can access to the switch You can cancel a device s authorization by deleting it from the table Select All Total Entries 0 IP Address Mac Address Port Delete Figure 4 91 Security gt Smart Binding gt White List Select the check box of entry then click Delete to remove it Click Select All to select all entries of the table or click Clean to select none entries Please keep at least one management host in the White List Security gt Smart Binding gt Black List The Black List page shows unauthorized accesses When ARP Inspection is selected and a device sends out an ARP packet containing unmatched IP MAC Port information the device will be forbidden and listed here 4 Cnfiguration D Link Web Smart Switch User Manual Black List SEUA VID IP Address MAC Address Port E M U eeTC Total Entries 0 VID IP Address Mac Address Port Delete Figure 4 92 Security gt Smart Binding gt Black List By giving conditions desired devices information can be screened out below and then click Find to search for a list of the entry VID Enter the VLAN ID number of the device IP Address Enter the IP Address of the device MAC Address Enter the MAC Address of the device P
10. The Robustness Variable can not be set zero and SHOULD NOT be one Default is 2 seconds Last Member Query Interval 1 25 sec The Last Member Query Interval is the Max Response Time inserted into Group Specific Queries sent in response to Leave Group messages and is also the amount of time between Group Specific Query messages This value may be adjusted to modify the leave latency of network A reduced value results in reduced time to detect the loss of the last member of a group The default value is 1 second Query Interval 60 600 sec The Query Interval is the interval between General Queries sent By adjusting the Query Interval the number of MLD messages can increase or decrease larger values cause MLD Queries to be sent less often Default is 125 seconds Max Response Time 10 25 sec Specifies the time interval in seconds after which a port is removed from the Multicast membership group Ports are removed from the Multicast membership when the port sends a Done Message indicating the port requests to leave the Multicast group The field range is 10 25 seconds The default timeout is 10 seconds Click Apply to implement changes made MLD Snooping VLAN Settings List Click the number of VLAN ID to modify the settings 44 4 Cnfiguration D Link Web Smart Switch User Manual VLAN ID 1 VLAN Name default State Enabled Querier State Disabled Fast Leave Disabled Static Router Ports 01 02 04
11. 07 0g 10 11 14 i 4 ai 4 4 a d a 15 16 17 18 21 24 25 26 27 28 a A A d a al d ad A Dynamic Router Ports 01 04 07 08 09 11 12 14 E a a a ut a B w E 16 17 18 19 21 22 a R L E E m a 24 25 u 57 90 E age B Figure 4 56 L2 Functions gt Multicast gt Multicast Forwarding State Specify the state of MLD Snooping VLAN to be enabled or disabled Querier State Specify the querier state to be enabled or disabled Fast Leave Specify the fast leave feature to be enabled or disabled Click Apply to implement changes made Static Router Ports Selects the ports to be static router ports and assigned for MLD snooping for the VLAN Dynamic Router Ports Select the ports to be dynamic router ports and assigned for MLD snooping for the VLAN Click Apply for changes to take effect L2 Functions gt Multicast gt Multicast Forwarding The Multicast Forwarding page displays all of the entries made into the Switch s static multicast forwarding table To implement the Multicast Forwarding Settings inout VID Multicast MAC Address and port settings then click Add VID Coo Multicast MAC Address Te Total Static Entries 0 MAC Address Member Ports Figure 4 57 L2 Functions gt Multicast gt Multicast Forwarding VID The VLAN ID of the VLAN to which the corresponding MAC address belongs Multicast MAC Address The MAC address of the static source of multicast packets This must be a multic
12. 90 90 and subnet mask is 255 0 0 0 DHCP Option 12 State Speicfy the DHCP option 12 state is enabled or disabled DHCP Option 12 Host Name Specify the host name for DHCP System Information By entering a System Name and System Location the device can more easily be recognized through the SmartConsole Utility and from other Web Smart devices on the LAN 22 4 Cnfiguration D Link Web Smart Switch User Manual Login Timeout The Login Timeout controls the idle time out period for security purposes and when there is no action for a specific time span in the Web based Management If the current session times out expires the user is required a re login before using the Web based Management again Selective range is from 3 to 30 minutes and the default setting is 5 minutes System gt IPv6 System Settings The IPv6 System Settings page allow user to configure the IPv6 system information _IPv6 System Settings SAUA IPv6 System Settings Interface Name System IPv6 State Enabled v DHCPV6 Client Disabled x IPv6 Network Address e 9 3710 1 64 L NS Retransmit Time Settings NS Retransmit Time 1 3600 1 s Automatic Link Local State Settings Automatic Link Local Address Disabled vi View All IPv6 Address Address Type IPv6 Address Figure 4 19 System gt IPv6 System Settings IPv6 System Settings Interface Name Displays the interface name of IPv6 IPv6 State Specifies the IPv6 to be enabled or d
13. Enty Table a a SOfeguard GroupID f VLAN ID VLAN Name Multicast Group Multicast MAC address Member Port default 239 255 255 250 01 00 5E 7F FF FA Figure 4 54 L2 Functions gt Multicast gt IGMP Multicast Entry Table Click Delete to remove a specified entry or click Delete All to remove all entries L2 Functions gt Multicast gt MLD Snooping Multicast Listener Discovery MLD Snooping is an IPv6 function used similarly to IGMP snooping in IP v4 It is used to discover ports on a VLAN that are requesting multicast data Instead of flooding all ports on a selected VLAN with multicast traffic MLD snooping will only forward multicast data to ports that wish to receive this data through the use of queries and reports produced by the requesting ports and the source of the multicast traffic MLD snooping is accomplished through the examination of the layer 3 part of an MLD control packet transferred between end nodes and a MLD router When the Switch discovers that this route is requesting multicast traffic it adds the port directly attached to it into the correct IPv6 multicast table and begins the process of forwarding multicast traffic to that port This entry in the multicast routing table records the port the VLAN ID and the associated multicast IPv6 multicast group address and then considers this port to be an active listening port The active listening ports are the only ones to receive multicast group data 43 4 Cnfigurati
14. OUI with a description The maximum number of user defined OUls is 10 Select the OUI and press Add to the lower table to complete the Auto Voice VLAN setting X Note Voice VLAN has higher priority than any other features including QoS Therefore the voice traffic will be operated according to the Voice VLAN setting and not impacted by the QoS feature X Note It is recommended setting the highest priority for Voice VLAN to guarantee the quality of VoIP traffic VLAN gt Voice VLAN gt Voice VLAN Port Settings The Voice VLAN Port Settings page allows users to automatically place the voice traffic from IP phone to an assigned VLAN to enhance the VoIP service With a higher priority and individual VLAN the quality and the security of VoIP traffic are guaranteed Voice VLAN Fort gt oettings SSsrequarc From Port To Port Auto Detection Tagged Untagged Part Auto Detection Tagged Untagged Current State Status Figure 4 40 VLAN gt Voice VLAN gt Voice VLAN Port Settings From Port To Port A consecutive group of ports may be configured starting with the selected port Auto Detection Switch will add ports to the voice VLAN automatically if it detects the device OUI matches the Telephony OUI configured in Voice VLAN OUI Setting page Use the drop down menu to enable or disable the OUI auto detection function The default is Disabled Tagged Untagged tagged or untagged th
15. Setting From Port To Port Extended PSE TLY 1 zj 4 v Disabled Apply Part Extended PSE TLY 1 Enabled 2 Enabled E E E Enabled 4 Enabled Figure 4 62 L2 Functions gt LLDP gt LLDP MED Settings L2 Functions gt LLDP gt LLDP Port Settings The Basic LLDP Port Settings page displays LLDP port information and contains parameters for configuring LLDP port el From Port To Port Notification State Admin Status Port Description System Name System Description System Capabilities 1 2 E Disabled TX_Only Disabled Disabled Disabled Disabled v Port Notification State Admin Status Port Description System Name i System Description System Capabilities 1 Disabled TA_and_RxX Disabled Disabled Disabled Disabled 2 Disabled TX and RX Disabled _Disabled Disabled Disabled 3 Disabled Tx_and_RX Disabled i Disabled Disabled Disabled 4 Disabled TX_and_RxX Disabled Disabled Disabled Disabled 5 Disabled Tx_and_RX Disabled Disabled Disabled Disabled 6 Disabled TX_and_RX Disabled f Disabled i Disabled i Disabled a Disabled Tand RX Disabled Disabled Disabled Disabled 8 Disabled TX_and_RX i Disabled i Disabled Disabled Disabled 9 Disabled TX_and_Rx Disabled N Disabled Disabled Disabled 10 Disabled TA_and_Rx i Disabled Disabled Disabled Disabled 11 Disabled TX_and_RA amp Disabled i Di
16. a basis of the MAC address or IP address The ACL Configuration Wizard will aid with the creation of access profiles and ACL Rules The ACL Wizard will create the access rule and profile automatically The maximum usable profiles are 50 and with 200 Rules in total for the switch To create a new access rule select Create and enter the Access List Name then click Next button ACL Configuration Wizard i Access List Assignment gt Select Packet Type gt Add Rule Apply Rule Do you want to create a new ACL access list or update an existing access list Create Access List Name Update Figure 4 97 ACL gt ACL Wizard Create Access List The steps of adding an access profile are described below 1 Select the Packet Type MAC IPv4 or IPv6 ACL Configuration Wizard Seu Access List Assignment gt Select Packet Type Add Rule Apply Rule Which type of packet do you want to monitor mac IPy4 IPv6 Figure 4 98 ACL gt ACL Wizard Select Packet Type 68 4 Cnfiguration D Link Web Smart Switch User Manual Select packet type based on MAC address IPv4 address IPv6 address or packet content This will change the window according to the requirements for the type of profile MAC Defines the ACL profile Layer 2 protocols Select MAC to monitor MAC address of each packet IPv4 Defines the IPv4 ACL profile protocols Select IPv4 to monitor IPv4 address of each packet IPv6 Defines the IPv6 ACL
17. changes to ww IF address will stop curent commection to the device Continue Figure 4 4 Confirm the changes of IP address in Smart Wizard 16 4 Cnfiguration D Link Web Smart Switch User Manual Web based Management After clicking the Exit button in Smart Wizard you will see the screen below D Link a ji se 10 90 90 91 Save 7 ae Wizard Hen es WB Logot 8 1210 28PiC Syste VLAN L2 Functions Device Information 6 G08 Device Type DGS 1210 28P C1 System Name Boot Version 1 00 007 System Location Firmware Version 400 018 System Time 01 01 2013 00 10 36 Hardware Version C1 System Up Time 0 days 0 hours 11 mins 22 seconds Serial Number QBDGS12102800 Login Timeout minutes 30 F Monitoring MAC Address 00 1 2 10 03 03 03 IG H H tg Function Tree IP Address Information IPv4 Address 10 90 90 90 Subnet Mask 255 0 0 0 Default Gateway 0 0 0 0 IPv6 Global Unicast Address IPv6 Link Local Address Device Status and Quick Configurations RSTP Disabled Settings SNMP Status Disabled Settings Port Mirroring Disabled Settings 802 1X Status Disabled Settings Storm Control Disabled Settings Safeguard Engine Enabled Settings DHCP Client Disabled Settings IGMP Snooping Disabled Settings Jumbo Frame Disabled Settings Power Saving Enabled Settings Main Configuration Screen Figure 4 5 Web based Management The above image is the Web based Management screen The three main areas are the Tool
18. from 01 to 28 as Untag Tag or Not Member A port can be untagged in only one VID To save the VID group click Apply You may change the name accordingly to the desired groups such as R amp D Marketing email etc Asymmetric VLAN Example QO Enabled Disabled Apply Total static VLAN entries 1 Add Maximum 256 entries Untagged Tagged at default 01 10 Figure 4 35 Configuration gt 802 1Q VLAN VID 1 VLAN Name default Apply Port selectal for jor fos foa fos fos foros os o iz tsa Untagged All _J O em OS a aaaea e a aaae Not Member O O O O O O O O O O O O O O fron SelectAll A EF ds e ar e Untagged O O O O O O O O O O O O O Not Member Figure 4 36 Configuration gt 802 1Q VLAN gt Add VLAN VLAN gt 802 1Q VLAN PVID The 802 1Q VLAN PVID setting allows user to configure the PVID for each ports Click Apply to implement changes made HU 1 2 i 05 7 1 12 PVID E 19 g A o 2 23 25 i 28 HE HE EE EE EE EE EE EE EF fF FE EE Figure 4 37 Configuration gt 802 1Q VLAN PVID VLAN gt 802 1Q Management VLAN The 802 1Q Management VLAN setting allows user to transfer the authority of the switch from the default VLAN to others created by users This allows managing the whole network more flexible 32 4 Cnfiguration D Link Web Smart Switch User Manual By default the Manag
19. is received within the age out time the LLDP information is removed and the Age Out counter is incremented Click Refresh to renew the page and click Clear to clean out all statistics QoS gt Bandwidth Control The Bandwidth Control page allows network managers to define the bandwidth settings for a specified port s transmitting and receiving data rates 55 4 Cnfiguration D Link Web Smart Switch User Manual Bandwidth Control Se HOPS From Port To Port Type No Limit Rate 64 1024000 o w 23 Oy Rx v Disabled Kbitsisec Port Tx Rate Kbits sec Rx Rate Kbits sec 01 No Limit No Limit 02 No Limit No Limit 03 No Limit No Limit 04 No Limit No Limit 05 No Limit No Limit 06 No Limit No Limit 07 i No Limit No Limit 08 No Limit No Limit 09 No Limit No Limit 10 No Limit No Limit 11 No Limit No Limit 12 E No Limit No Limit 13 No Limit No Limit 4A Kin irit in l innit I Figure 4 75 QoS gt Bandwidth Control From Port To Port A consecutive group of ports may be configured starting with the selected port Type This drop down menu allows you to select between RX receive TX transmit and Both This setting will determine whether the bandwidth ceiling is applied to receiving transmitting or both receiving and transmitting packets No Limit This drop down menu allows you to specify that the selected port will have no bandwidth limit Enabl
20. packet matching DoS Attack Prevention type listed on below table The packet matching will be done by hardware 60 4 Cnfiguration D Link Web Smart Switch User Manual Prevention Settings State Enabled Apply DoS Attack Prevention List Dos Type and Attack Misablec Disabled Blat Attack Uisapied Tcp Xmascan Disabled Jisaplei Tep Syn Sreportless 1024 Disabled Figure 4 85 Security gt DoS Prevention Settings State Specify the state to be enabled or disabled Click Apply to implement changes made Security gt SSH gt SSH Settings SSH is an abbreviation of Secure Shell which is a program allowing secure remote login and secure network services over an insecure network It allows a secure login to remote host computers a safe method of executing commands on a remote end node and will provide secure encrypted and authenticated communication between two non trusted hosts SSH with its array of unmatched security features is an essential tool in today s networking environment It is a powerful guardian against numerous existing security hazards that now threaten network communications ELL ee SSH Global Settings SSH State O Enabled Disabled Max Session 1 4 Connection Timeout 1 20 600 120 sec Authtail Attempts 2 20 2 times Rekey Timeout 60min v Apply Figure 4 86 Security gt SSH gt SSH Settings To configure the SSH server on the Switch modify the followi
21. page the status of all ports can be monitored and adjusted for optimum configuration By selecting a range of ports From Port and To Port the Speed can be set for all selected ports by clicking Apply Press the Refresh button to view the latest information 24 4 Cnfiguration D Link Web Smart Switch User Manual From Port To Port Speed MDIUMDIX Flow Control oy 6 8 Auto Auto Disabled Port Link Status Speed MDUMDIX Flow Control 01 1000M Full Auto Auto Disabled 02 Link down Auto Auto Disabled 03 Link down Auto Auto Disabled 04 Link down Auto 7 Auto Disabled 05 Link down Auto Auto Disabled 06 j Link down Auto Auto Disabled 07 Link down Auto Auto Disabled 08 Link down Auto iL Auto Disabled 09 Link down Auto Auto Disabled 10 Link down Auto Auto Disabled i Link down l Auto Js Auto p Disabled 12 Link down Auto Auto Disabled 13 Link down l Auto Auto Disabled 14 Link down Auto Ew Auto Disabled 15 Link down Auto E Auto Disabled 1A link dnwn Auttn Auttn Nisahled Figure 4 23 System gt Port Settings Speed Gigabit Fiber connections can operate in 1000M Auto or Disabled Copper connections can operate in Forced Mode settings 1000M Full 100M Full 100M Half 10M Full 10M Half Auto or Disabled The default setting for all ports is Auto N NOTE Be sure to adjust port speed settings appropriately after changin
22. port binding State Use the drop down menu to enable or disable these ports for Smart Binding Enabled Enable Smart Binding with related configurations to the ports Disabled Disable Smart Binding Packet Inspection Specifies ARP Inspection or P ARP Inspection for the IP packets If ARP inspection is selected the Switch will inspect incoming ARP packets and compare them with the Switch s Smart Binding white list entries If the IP MAC pair of an ARP packet is not found in the white list the Switch will block the MAC address A major benefit of Loose state is that it uses less CPU resources However it cannot block malicious users who send only unicast IP packets An example of this is that a malicious user can perform DoS attacks by statically configuring the ARP table on their PC In this case the Switch cannot block such attacks because the PC will not send out ARP packets If ARP IP Inspection mode is selected the Switch will inspect all incoming ARP and IP packets and compare them to the IMPB white list If the IP MAC pair find a match in the white list the packets from that MAC address are unblocked If not the MAC address will stay blocked While the mode examines every ingress ARP and IP packet it enforces better security DHCP Snooping By enable DHCP Snooping the switch will snoop the packets sent from DHCP Server and clients and update information to the White List Click Apply to make configurations make effects 63
23. profile protocols Select IPv6 to monitor IPv6 address of each packet To define the MAC ACL Rule Select MAC click Next button The updates to show the follows ong On VvVizaro Access List Assignment Select Packet Type gt Add Rule gt Apply Rule Please assign a sequence number to create a new rule Sequence No 1 65535 Auto Assign Assign rule criteria MAC address 802 10 VLAN Ether Type LLC Payload MAC address Source Specify v Address Mask Destination Specify v Address Mask C 802 10 VLAN dott P 0 7 LAN IB CI Enthernet Type Ethernet type Action Permit v C Priority 0 7 Replace Priority Figure 4 99 Add Access Rule MAC Assign sequence number Sequence No 1 65535 Specify the sequence number The value is from 1 to 65535 Auto Assign Auto assign the sequence number for a new rule Assign Rule Criteria Specify the MAC address settings Source Select the source MAC to be specified or Any Enter a source MAC address and source MAC mask e g FF FF FF FF FF FF Destination Select the destination MAC to be specified or Any Enter a destination MAC address and destination MAC mask e g FF FF FF FF FF FF If user selects the 802 1Q VLAN box then need to specify the dot1p and VLAN ID Dot1p 0 7 Specify the dot1p priority VLAN ID Selecting this option instructs the Switch to examine the 802 1p priori
24. reject the authentication method and request another depending on the configuration of the client software and the RADIUS server Depending on the authenticated results the port is either made available to the user or the user is denied access to the network Authentication State O Enabled Disabled Forward EAPOL PDU Enabled Disabled Authentication Protocol Figure 4 94 AAA gt 802 1x Global Settings Authentication State Specify to enable or disable the 802 1X function Forward EAPOL PDU This is a global setting to control the forwarding of EAPOL PDU When 802 1X functionality is disabled globally or for a port and if 802 1X forward PDU is enabled both globally and for the port a received EAPOL packet on the port will be flooded in the same VLAN to those ports for which 802 1X forward PDU is enabled and 802 1X is disabled globally or just for the port The default state is disabled Authentication Protocol Indicates the 802 1X Protocol on the device The possible field values are Local and RADIUS Click Apply to implement configuration changes AAA gt 802 1X gt 802 1X Port Settings To use EAP for security set the 802 1X Port Settings for the Radius Server and applicable authentication information gt gt ouUu2Z 1A Por pettings Sofeacnuanrc 802 1X Port Access Control From Part To Port QuietPeriod 0 65535 60 sec SuppTimeout 1 65535 ServerTimeout 1 6
25. that are capable of being upgraded to 802 1w RSTP on all or some portion of the segment Edge Selecting the True parameter designates the port as an edge port Edge ports cannot create loops however an edge port can lose edge port status if a topology change creates a potential for a loop An edge port normally should not receive BPDU packets If a BPDU packet is received it automatically loses edge port status Selecting the Fa se parameter indicates that the port does not have edge port status Selecting the Auto parameter indicates that the port have edge port status or not have edge port status automatically Priority Specify the priority of each port Selectable range is from O to 240 and the default setting is 128 The lower the number the greater the probability the port will be chosen as a root port P2P Choosing the True parameter indicates a point to point P2P shared link P2P ports are similar to edge ports however they are restricted in that a P2P port must operate in full duplex Like edge ports P2P ports transition to a forwarding state rapidly thus benefiting from RSTP A p2p value of false indicates that the port cannot have p2p status Auto allows the port to have p2p status whenever possible and operate as if the p2p status were true If the port cannot maintain this status for example if the port is forced to half duplex operation the p2p status changes to operate as if the p2p value were False The default setting for th
26. 4 Cnfiguration D Link Web Smart Switch User Manual Cnfiguration The features and functions of the D Link Web Smart Switch can be configured for optimum use through the Web based Management Utility Smart Wizard Configuration After a successful login the Smart Wizard will guide you through essential settings of the D Link Web Smart Switch If you do not plan to change anything click Exit to leave the Wizard and enter the Web Interface You can also skip it by clicking Ignore the Wizard next time for the next time you logon to the Web based Management IP Information IP Information will guide you to do basic configurations in 3 steps for the IP Information access password and SNMP Select Static DHCP or BOOTP and enter the desired new IP Address select the Netmask and enter the Gateway address then click the Next button to enter the next Password setting page No need to enter IP Address Netmask and Gateway if DHCP and BOOTP are selected The Smart Wizard is for the quick setting in IPv4 environment For IPv6 network please go to System gt IPv6 System Settings If you are not changing the settings click Exit button to go back to the main page Or you can click on Ignore the wizard next time to skip wizard setting when the switch boots up Welcome to Smart Wizard The wizard will guide you to do basic configurations on 3 steps for the IP Information access a a password and SNMP If you are not changing the settings click o
27. 4 Cnfiguration D Link Web Smart Switch User Manual Security gt Smart Binding gt Smart Binding The Smart Binding Settings page allows users to set IP MAC Port Binding entries by manually entering required information or by scanning all connected devices and clicking to bind Smart Bindi Manual Binding IP Address MAC Address Port Add Auto Scan Enter a range of IP address to scan all devices in the network IP Address From To MAN TP Address MAC Address Pot Binding Figure 4 90 Security gt Smart Binding gt Smart Binding The Manual Binding Settings contains the following fields IP Address Specifies the IP address to bind to the MAC address set below MAC Address Specifies the MAC address to bind to the IP address set above Port Specify the switch ports for which to configure this IP MAC binding entry IP Address MAC Address Click Add to add a new entry Auto Scan The Auto Scan Setting can list connected devices and easily select to bind It contains the following fields IP Address From To Specifies the range of IP Address to find desired devices or leaves the fields blank to see all connected devices Click Scan and the search results will be listed in below table Binding check the box to select desired binding devices Apply click Apply to set IP MAC Port Binding entries Select All to check the boxes of Binding for all found devices Clear All to cancel the box of Binding
28. 5 fs Code 0 255 IPv6 Address Source Specify v Address a Destination Specify w Address F elie Action Permit v CI Priority 0 7 Replace Priority Figure 4 106 Add Access Rule IPv6 UDP Source Port Specify the source port Source Port Mask Defines the range of source IP addresses relevant to the ACL rules For example to set 0 15 set mask of FFFO Destination Port Specify the destination port Destination Port Mask Defines the range of destination IP addresses relevant to the ACL rules For example to set 0 15 set mask of FFFO Click Next button then the ACL profile is added 2 Selecting the field of interest will display the next page which shows the follows 74 4 Cnfiguration D Link Web Smart Switch User Manual Access List Assignment gt Select Packet Type Add Rule gt Apply Rule Port Based Which Bors do you want to meee Access List ee OE E z O T m a D a ja a eon a e CE E 28 ju a E E E Figure 4 107 Add Access Rule Ports Click Next button then the ACL profile is added 3 To modify an existing rule please select Update and the Access List Name hyperlink and click Next button Access List Assignment gt Select Packet Type Add Rule gt Apply Rule Do you want to create a new ACL access list or update an existing access list Create Access List Name i y Update s List Name Total Rules O acit I
29. 55 0 0 0 Default Gateway 0 0 0 0 IPv6 Global Unicast Address IPv6 Link Local Address Device Status and Quick Configurations RSTP Disabled Settings SNMP Status Disabled Settings Port Mirroring Disabled Settings 802 1 Status Disabled Settings Storm Control Disabled Settings Safeguard Engine Enabled Settings DHCP Client Disabled Settings IGMP Snooping Disabled Settings Jumbo Frame Disabled Settings Power Saving Enabled Settings Figure 4 17 Device Information System gt System Settings The System Setting allows the user to configure the IP address and the basic system information of the Switch IP Information static ODHCP O BOOTP IP Address 10 90 90 90 Netmask 8 255 0 0 0 Gateway 0 0 0 0 DHCP Option 12 State Disabled v DHCP Option 12 Host Name DGS 1210 28 Apply system Information System Name System Location Login Timeout 3 30 minutes Figure 4 18 System gt System Settings IP Information There are three ways for the switch to obtain an IP address Static DHCP Dynamic Host Configuration Protocol and BOOTP When using static mode the IP Address NetMask and Gateway can be manually configured When using DHCP mode the Switch will first look for a DHCP server to provide it with an IP address including network mask and default gateway before using the default or previously entered settings By default the IP setting is static mode with IP address is 10 90
30. 5535 30 sec MaxReq 1 10 TxPeriod 1 65535 bo se ReAuthPeriod 1 65535 ReAuthentication Jisabled 5 x Port Control B Capability Direction Oper Quiet Supp eae ReAuth ty Bae Port AdmbDir CriDir Port Control TxPeriod Period Timeout Timeout MaxReq Period ReAuth Capability Port Status Time a tn E Tede Ys I ed hs tak 0 ete i tne SEE DA af baat Ae a CC A a C ala A I AM Ah She be ba teed eaa BO a a a dd dd i Figure 4 95 AAA gt 802 1X gt 802 1X Port Settings From Port To Port Enter the port or ports to be set 66 4 Cnfiguration D Link Web Smart Switch User Manual QuietPeriod 0 65535 sec Sets the number of seconds that the switch remains in the quiet state following a failed authentication exchange with the client Default is 60 seconds ServerTimeout 1 65535 sec Sets the amount of time the switch waits for a response from the client before resending the response to the authentication server Default is 30 seconds TxPeriod 1 65535 sec This sets the TxPeriod of time for the authenticator PAE state machine This value determines the period of an EAP Request Identity packet transmitted to the client Default is 30 seconds ReAuthentication Determines whether regular reauthentication will take place on this port The default setting is Disabled Capability Indicates
31. Bar on top the Function Tree and the Main Configuration Screen The Tool Bar provides a quick and convenient way for essential utility functions like firmware and configuration management By choosing different functions in the Function Tree you can change all the settings in the Main Configuration Screen The main configuration screen will show the current status of your Switch by clicking the model name on top of the function tree At the upper right corner of the screen the username and current IP address will be displayed Under the username is the Logout button Click this to end this session N NOTE If you close the web browser without clicking the Logout button first then it will be seen as an abnormal exit and the login session will still be occupied Finally by clicking on the D Link logo at the upper left corner of the screen you will be redirected to the local D Link website 17 4 Cnfiguration D Link Web Smart Switch User Manual Tool Bar gt Save Menu The Save Menu provides Save Configuration and Save Log functions Bm Sae Tools save Configuration save Log Figure 4 6 Save Menu Save Configuration Select to save the entire configuration changes you have made to the device to switch s non volatile RAM Please press the Save button to save system settings to flash Figure 4 7 Save Configuration Save Log Save the log entries to your local drive and a pop up message will promp
32. By disabling MAC Address Auto Learning capability and specifying the static MAC addresses the network is protected from potential threats like hackers because traffic from illegal MAC addresses will not be forwarded by the Switch L2 Functions gt MAC Address Table gt Dynamic Forwarding Table For each port this table displays the MAC address learned by the Switch To add a MAC address to the Static Mac Address List click the Add checkbox and then click Apply associated with the identified address a P por __ All F Static MAC entries used maximum 0 256 HD Port MAC Address Type Add to Static MAC 1 1 00 17 9A 9E 1C 57 1 Dynamic O 2 1 C8 60 00 89 8C 74 4 Dynamic i Figure 4 47 L2 Functions gt MAC Address Table gt Dynamic Forwarding Table L2 Functions gt Spanning Tree gt STP Global Settings The Switch implements two versions of the Spanning Tree Protocol the Rapid Spanning Tree Protocol RSTP as defined by the IEEE 802 1w specification and a version compatible with the IEEE 802 1D STP RSTP can operate with legacy equipment implementing IEEE 802 1D However the advantages of using RSTP will be lost The IEEE 802 1w Rapid Spanning Tree Protocol RSTP evolved from the 802 1D STP standard RSTP was developed in order to overcome some limitations of STP that impede the function of some recent switching innovations The basic function and much of the terminology is the same as STP Most of the settings configured fo
33. HA to be the authentication protocol Enter a password for SNMPv3 encryption in the right column Priv Protocol Password Specify either no authorization or DES 56 bit encryption and then enter a password for SNMPv3 encryption in the right column Click Add to create a new SNMP user account and click Delete to remove any existing data SNMP gt SNMP gt SNMP Group Table This page is used to maintain the SNMP Group Table associating to the users in SNMP User Table SNMPv3 can control MIB access policy security policy for a user group directly Group Name Specify the SNMP user group of up to 32 characters Read View Name Specify a SNMP group name for users that are allowed SNMP read privileges to the Switch s SNMP agent Write View Name Specify a SNMP group name for users that are allowed SNMP write privileges to the Switch s SNMP agent Security Model Select the SNMP security model SNMPv1 SNMPv1 does not support the security features SNMPv2 SNMPv2 supports both centralized and distributed network management strategies It includes improvements in the Structure of Management Information SMI and adds some security features SNMPv3 SNMPv3 provides secure access to devices through a combination of authentication and encrypting packets over the network Security Level This function is only available when you select SNMPv3 security level NoAuthNoPriv No authorization and no encryption for packets sent between the Switc
34. IP Address MAC Address 1 ARP is the standard for finding a host s MAC address However this protocol is vulnerable that cracker can spoofthe IP and MAC information in the ARP packets to attack a LAN 2 The main purpose of this feature is to protect network from Man in the Middle or ARP spoofing attack including router gateway or specific client Figure 4 82 Security gt ARP Spoofing Prevention 59 4 Cnfiguration D Link Web Smart Switch User Manual Enter the IP Address MAC Address Ports and then click Add to create a checking filtering rule Click Delete to remove an existing rule and Delete All to clear all the entries Security gt DHCP Server Screening DHCP Server Screening function allows user to restrict the illegal DHCP server by discarding the DHCP service from distrusted ports This page allows you to configure the DHCP Server Screening state for each port and designed trusted DHCP server IP address Select Ports and then click Apply to enable or disable the function DHCP Server Screening Seti a SE a a a a ae E E T E DHCP Server Trusted Port Settings ea a a CN E E e E A E Trusted DHCP Server IP Settings ia Add IPv6 Ex 1234 1234 Trusted DHCP Server IP Lists Maximum 5 entries IP Address Figure 4 83 Security gt DHCP Server Screening Trusted DHCP Server IP Settings Select IPv4 or IPv6 and specify the IP address then click Apply to create Trusted DHCP Server Click Add to
35. NMP gt RMON gt RMON Alarm Settings The RMON Alarm Settings page allows the user to configure the network alarms Network alarms occur when a network problem or event is detected RMON Alarm Settings SERA Index 1 65535 Interval 1 2 31 1 300 sec Variable I Sample type Absolute value Rising Threshold 0 2 31 1 tk Falling Threshold 0 2 31 1 aaa Rising Event Index 1 65535 I Falling Event Index 1 65535 i Owner ae indicates mandatory data Add R SA Rising Event Falling Figure 4 126 SNMP gt RMON gt RMON Alarm Settings The configuration contains the following fields Index 1 65535 Indicates a specific alarm Variable Specify the selected MIB variable value Rising Threshold 0 2431 1 Displays the rising counter value that triggers the rising threshold alarm Rising Event Index 1 65535 Displays the event that triggers the specific alarm The possible field values are user defined RMON events Owner Displays the device or user that defined the alarm Interval 1 2431 1 Defines the alarm interval time in seconds Sample type Defines the sampling method for the selected variable and comparing the value against the 83 4 Cnfiguration D Link Web Smart Switch User Manual thresholds The possible field values are Delta value Subtracts the last sampled value from the current value The difference in the values is compared to the thres
36. Port Source Port Mask Destination Port e Destination Port Mask fs ICMPv6 Type 0 288 Code 0 258 SS IPv6 Address 2 Prefix Length Source Specify v Address Destinati Speci r Add Prefix Length v E Spec meee aaa Action Permit saj C Priority 0 7 L Replace Priority Figure 4 105 Add Access Rule IPv6 TCP 13 4 Cnfiguration D Link Web Smart Switch User Manual Source Port Specify the source port Source Port Mask Defines the range of source IP addresses relevant to the ACL rules For example to set 0 15 set mask of FFFO Destination Port Specify the destination port Destination Port Mask Defines the range of destination IP addresses relevant to the ACL rules For example to set 0 15 set mask of FFFO Click Next button then the ACL profile is added To define the IPv6 ACL UDP profile Select IPv6 ACL with UDP of Protocol Type and click Next button The updates to show the follows Access List Assignment Select Packet Type Add Rule gt Apply Rule Please assign a sequence number to create a new rule Sequence No 1 65535 Auto Assign Assign rule criteria L2 Header Traffic Class Next Header IPv6 Address CI Traffic Class IPv6 Class 0 255 Next Header Protocol Type UDP bt Protocol ID 0 255 SSS Source Port OZ Source Port Mask f Destination Port Destination Port Mask ICMPv6 Type 0 25
37. Pv4 1 Figure 4 108 ACL gt ACL Wizard Update ACL List ACL gt ACL Access List The ACL Access List page provides information for configuring ACL Access manually Click Edit Rules button to modify the access profile or click Delete button to remove the ACL profile Delete All Currentiax Profile 3 50 CurrentiMax Rule 0 768 Lis ie an Rules Edit Rules snc on e Edit Rules Figure 4 109 ACL gt ACL Access List 19 4 Cnfiguration D Link Web Smart Switch User Manual To add a new profile click Add button The updates to show the follows add ACL Profi a ai Access List Name Packet Type mac O IPy4 IPy4 Extended IPv6 Apply Figure 4 110 ACL gt ACL Access List Add ACL Profile Access List Specify the access list name for the ACL profile to be added Packet Type Specify the packet type to be MAC IPv4 IPv4 Exdended or IPv6 then click Apply button To modify an existing rule please click on the Sequence No hyperlink Sel Vuit z Access List Name acl1 Type IPv4 Ext Summary ICMP ICMP Type ICMP Code Destination IP Source IP 10 Destination Port Source Port DSCP IGMP elie Figure 4 111 ACL gt ACL Access List Update ACL Profile ACL gt ACL Access Group The ACL Access Group page allows user to configure the ACL access group settings pot o CI MAC Access List CI IPv4 Access List 1 IPv6 Access List Apply A a 1 aS Se e
38. S 2 3 a f r 5 i l eel Figure 4 112 ACL gt ACL Access Group Port Specify the ports to be added in the access list group MAC Access List Add the specified ports in the MAC access list group 76 4 Cnfiguration D Link Web Smart Switch User Manual IPv4 Access List Add the specified ports in the IPv4 access list group IPv6 Access List Add the specified ports in the IPv6 access list group Click Apply to make the configurations take effects ACL gt ACL Hardware Resource Status The ACL Hardware Resource Status page displays the information of ACL Hardware Resource status Hardware Profile ID Access List Name Consumed Total Entries 2 IMPB 1 Figure 4 113 ACL gt ACL Hardware Resource Status PoE gt PoE Global Settings DGS 1210 28P only This page will display the PoE status including System Budget Power Support Total Power Remainder Power and The ratio of system power supply PoE Power Threshold 7 1 193 0 193 0 Watts Power Shut Off Sequence Deny low priority pot Apply System Power Status Total PoE Power Budget 193 Power Used 0 PowerLet 193 The percentage of system power supplied 0 7 1 7 watts guard band is reserved for systern to prevent a PD from being powered off when encountering a sudden increment of PD power supply When Used Power reaches guard band a new PD will trigger the action defined in Power Shut Off Sequence 2 Ifa sudden increment of a PD powe
39. SNMP gt SNMP Global Settings Simple Network Management Protocol SNMP is an OSI Layer 7 Application Layer protocol designed specifically for managing and monitoring network devices SNMP enables network management stations to read and modify the settings of gateways routers switches and other network devices Use SNMP to configure system features for proper operation monitor performance and detect potential problems in the Switch or LAN Managed devices that support SNMP include software referred to as an agent which runs locally on the device A defined set of variables managed objects is maintained by the SNMP agent and used to manage the device These objects are defined in a Management Information Base MIB which provides a standard presentation of the information controlled by the on board SNMP agent SNMP defines both the format of the MIB specifications and the protocol used to access this information over the network The default SNMP global state is disabled Select Enable and click Apply to enable the SNMP function _SNMP Global Settings a O Safeguard SNMP Global State O Enabled Disabled Trap Settings SNMP Authentication Traps Device Bootup Port Link Up Link Down RSTP Port State Change Firmware Upgrade State Loopback Detection occuring recovery Apply Figure 4 116 SNMP gt SNMP gt SNMP Global Settings Trap Settings Specifies whether the device can send SNMP notifications SNMP Authentication Tra
40. Variable cannot be set to zero and it SHOULD NOT be Default is 2 seconds Query Interval 60 600 sec The Query Interval is the interval between General Queries sent By adjusting the Query Interval the number of IGMP messages can be increased or decreased larger values will cause IGMP Queries to be sent less often Default value is 125 seconds Router Timeout 60 600 sec This is the interval after which a learned router port entry will be purged For each router port learned a Router Port Purge Timer runs for Router Port Purge Interval This timer will be restarted whenever a Query control message is received over that port If there are no Query control messages received for Router Port Purge Interval time the learned router port entry will be purged Default is 260 seconds Last Member Query Interval 1 25 sec The Last Member Query Interval is the Max Response Time inserted into Group Specific Queries sent in response to Leave Group messages and is also the amount of time between Group Specific Query messages This value may be adjusted to modify the leave latency of the network A reduced value results in reduced time to detect the loss of the last member of a group Default is 1 second Max Response Time 10 25 sec The Max Response Time specifies the maximum allowed time before sending a responding report message Adjusting this setting effects the leave latency or the time between the moment the last host leaves a g
41. a EM Test Result Cable Fault Distance meters Cable Length meters The cable diagnostics feature is designed primarily for administrators or customer service representatives to verify and test copper cables it can rapidly determine the quality of the cables and the types of error 2 1 f cable length is displayed as N A it means the cable length is Not Available This is due to the port being unable to obtain cable length either because its link speed is 10M or 100M or the cables used are broken and or bad in quality 2 The deviation of Cable Fault Distance is 10 meters therefore No cable may be displayed under Test Result when the cable used is less than 10 min length 3 It also measures cable fault and identifies the fault in length according to the distance from this switch Figure 4 130 Monitoring gt Cable Diagnostic Test Result The description of the cable diagnostic results e OK means the cable is good for the connection e Short in Cable means the wires of the RJ45 cable may be in contact somewhere e Open in Cable means the wires of RJ45 cable may be broken or the other end of the cable is simply disconnected Test Failed means some other errors occurred during cable diagnostics Please select the same port and test again Cable Fault Distance meters Indicates the distance of the cable fault from the Switch port if the cable is less than 2 meters it will show No Cable Cable Length mete
42. able The LLDP Management Address Table page displays the detailed management address information for the entry Management Address Total Entries 1 1 IPv4 10 90 90 90 iflndex ADOAPZALZ2ZAA NONE Figure 4 66 L2 Functions gt LLDP gt LLDP Management Address Table Management Address Select IPv4 or IPv6 address and enter the IP address Click Search and the table will update and display the values required Subtype Displays the managed address subtype For example MAC address or IPv4 address Management Address Displays the IP address IF Type Displays the IF Type OID Displays the SNMP OID Advertising Ports Displays the advertising ports L2 Functions gt LLDP gt LLDP Local Port Table The LLDP Local Port Table page displays LLDP local port information 51 4 Cnfiguration D Link Web Smart Switch User Manual Subtype Port ID interface Allas i 7 Figure 4 67 L2 Functions gt LLDP gt LLDP Local Port Table Port Displays the port number Port ID Subtype Displays the port ID subtype Port ID Displays the port ID Unit number Port number Port Description Displays the port description Click View of Normal column to display more information Port Id Subtype Port Description Management Address Count PPVID Entries Count VLAN Name Entries Count Protocol Identity Entries Count MAC PHY Configuration Status Power Via MDI Link Aggregation Maximum Frame Si
43. abled default is disabled the threshold is from of 64 1 024 000 Kbit per second with steps N of 64Kbps N can be from 1 to 16000 Click Apply for the settings to take effect Security gt ARP Spoofing Prevention ARP spoofing also known as ARP poisoning is a method to attack an Ethernet network by allowing an attacker to sniff data frames on a LAN modifying the traffic or stopping the traffic known as a Denial of Service DoS attack The main idea of ARP spoofing is to send fake or spoofed ARP messages to an Ethernet network It associates the attacker s or random MAC address with the IP address of another node such as the default gateway Any traffic meant for that IP address would be mistakenly re directed to the node specified by the attacker A common DoS attack today can be done by associating a nonexistent or specified MAC address to the IP address of the network s default gateway The malicious attacker only needs to broadcast one gratuitous ARP to the network claiming to be the gateway so that the whole network operation is turned down as all packets to the Internet will be directed to the wrong node The ARP Spoofing Prevention function can discard the ARP Spoofing Attack in the network by checking the gratuitous ARP packets and filtering those with illegal IP or MAC addresses DDOOTING eveniion DSeitings IP Address MAC Address Ports Ex 1 2 4 6 Add Total Entries 0 Delete All Maximum 127 entries
44. add a DHCP trusted DHCP server Security gt SSL Settings Secure Sockets Layer SSL is a security feature that provides a secure communication path between a Web Management host and the Switch Web UI by using authentication digital signatures and encryption These security functions are implemented by Ciphersuite a security string that determines the cryptographic parameters encryption algorithms and key sizes This page allows you to configure the SSL global state and the Ciphersuite settings Select Enable or Disable and then click Apply to change the SSL state or the Ciphersuite settings of the Switch By default SSL is Disabled and all Ciphersuites are Enabled a2 a SSL State OEnabled Disabled 7 HTTP will be disabled if SSL is enabled SSL Ciphersuite Settings RSA NULL MD5 RSA NULL SHA1 RSA DES SHA1 RSA 3DES SHA1 DH RSA DES SHA1 DH RSA 3DES SHA1 RSA EXP 1024 DES SHA1 Enabled Enabled Enabled Enabled Enabled Enabled Enabled Disabled O Disabled Disabled Disabled Disabled O Disabled O Disabled Figure 4 84 Security gt SSL Settings NOTE When SSL is enabled it will take longer time to open a web page due to encryption After saving configuration please wait around 10 seconds for the system summery page N Security gt DoS Prevention Settings The user can enable or disable the prevention of each DoS attacks As long as user enable DoS Prevention switch can dtop the
45. al TTL value used in an LLDPDU The default value is 4 Message TX Interval 5 32768 This parameter indicates the interval at which LLDP frames are transmitted on behalf of this LLDP agent The default value is 30 seconds LLDP Relnit Delay 1 10 This parameter indicates the amount of delay from the time adminStatus becomes disabled until re initialization is attempted The default value is 2 seconds LLDP TX Delay 1 8192 This parameter indicates the delay between successive LLDP frame transmissions initiated by value or status changes in the LLDP local systems MIB The value for txDelay is set by the following range formula 1 lt txDelay lt 0 25 msgTxIinterval The default value is 2 seconds L2 Functions gt LLDP gt LLDP MED Settings DGS 1210 28P Only LLDP MED Link Layer Discovery Protocol Media Endpoint Discovery is an enhancement of LLDP It improves the LLDP operation between endpoint devices such as IP phones and APs LLDP MED supports features such as Auto discovery of LAN policies and device location discovery Currently DES 1210 28P supports onlly the extended and automated power management of PoE end points for 802 3at ports ports 1 4 This page allows user to configure the Power PSE TLV Type length value state of 802 3at ports Select From Port To Port and Enable Disable and then click Apply to turn on off the Power PSE TLV transmission LLDP MED Settings E Safeguard LLDP MED Extended PSE TLV
46. ast MAC address Port Settings Allows the selection of ports that will be members of the static multicast group and ports either that are forbidden from joining dynamically or that can join the multicast group dynamically using GMRP Member The port is a static member of the multicast group None No restrictions on the port dynamically joining the multicast group When None is chosen the port will not be a member of the Static Multicast Group 45 4 Cnfiguration D Link Web Smart Switch User Manual L2 Functions gt Multicast gt Multicast Filtering Mode The Multicast Filtering Mode function allows users to select the filtering mode for IGMP group per VLAN basis VLAN ID Filtering Mode Forward Unregistered Groups vi Multicast Filtering Mode Table Multicast Filtering Mode VLAN ID Forward Unregistered Groups 1 Filter Unregistered Groups Fer Unregistered i roup Figure 4 58 L2 Functions gt Multicast gt Multicast Filtering Mode VLAN ID Specifies the VLAN ID Filtering Mode Forward Unregistered Groups The multicast stream will be forwarded based on the register table in registered group but it will be flooded to all ports of the VLAN in unregistered group Filter Unregistered Groups The registered group will be forwarded based on the register table and the unregister group will be filtered Click Apply to make the change effective L2 Functions gt SNTP gt Time Settings SNTP or Sim
47. ation gt Port Trunking NOTE Each combined trunk port must be connected to devices within the same VLAN 40 4 Cnfiguration D Link Web Smart Switch User Manual X group L2 Functions gt Link Aggregation gt LACP Port Settings The LACP Port Settings is used to create port trunking groups on the Switch The user may set which ports will be active and passive in processing and sending LACP control frames From Part To Port Activity Timeout o 2 bj Passive i Short 3 sec Apply 01 Port Activity Active Timeout Long 90 sec 02 Active Long 90 sec 03 Active Long 90 sec 04 05 06 Active Active Active Long 90 sec _ Long 90 sec Long 90 sec 07 Active Long 90 sec 08 Active Long 90 sec 09 Active Long 90 sec 10 11 Active Active Long 90 sec Long 90 sec 12 Active Long 90 sec 13 Active Long 90 sec Figure 4 51 L2 Functions gt Link Aggregation gt LACP Port Settings From Port The beginning of a consecutive group of ports may be configured starting with the selected port To Port The ending of a consecutive group of ports may be configured starting with the selected port Activity There are two different roles of LACP ports Active Active LACP ports are capable of processing and sending LACP control frames This allows LACP compliant devices to negotiate
48. ault Priority settings will be applied to packets of each port to provide port based traffic prioritization Foringress tagged packets D Link Smart Switches will refer to their 802 1p information for prioritization Note Queue priority from low to high is 0 to 7 4 Cnfiguration D Link Web Smart Switch User Manual Select QoS Mode Specifies the QoS mode to be 802 1p DSCP or ToS Queuing Mechanism Strict Priority Denoting a Strict scheduling will set the highest queue to be emptied first while the other queues will follow the weighted round robin scheduling scheme WRR Use the weighted round robin WRR algorithm to handle packets in an even distribution in priority classes of service Click Apply for the settings to take effect From Port To Port Defines the port range which the port packet priorities are defined Priority Defines the priority assigned to the port The priority range is between 0 and 7 with O being assigned to the lowest priority and 7 assigned to the highest Click Apply for the settings to take effect Security gt Trusted Host Use Trusted Host function to manage the switch from a remote station You can enter up to ten designated management stations networks by defining the IPv4 Address Netmask or IPv6 Address Prefix as seen in the figure below The first thing after the function is enabled is to add your local host IP address as a trusted host Otherwise you may lose the connection w lrUsted Host Set
49. cs Multicast Forwarding S Multicast Filtering Modi S kal SNTP 802 1 Extension TL 602 3 Extension TY LLDP Management Ad LLOP ManagementAd LLOP Local Port Table LLDOP Remote Port Tab D Link Web Smart Switch User Manual Fla cos A Bandwidth Control E 8021pDSCPMToS Be Security TLA H Trusted Host E Fort Security 5 Traffic Segmentation E Safeguard Engine B Storm Control 5 ARF Spoofing Prevention B DHCP Server Screening ool E DoS Prevention Settings ic r SHH 55H Settings gt 55H Authmode and Algi 65H User Authentication H Smart Binding Smart Binding Settings Smart Binding ga evite List Black List 5 RADIUS Server qe 802 1 oo 802 1 Global Settings Eee TX Port Settings Fosse 802 18 User Figure 4 16 Function Tree cH ACL 2 ee SACL Wizard ACL Access List gt 5 ACL Access Group i ACL Hardware Resource Stati I id SNMP h E Trap to SmartConsole F a SNMP SNMP Global Settings SNMP User 5 SNMP Group SMMP View SNMP Community 5 SNMP Host SNMP Engine IO oe ER RMON RMON Global Settings RMON Statistics RMON History RMON Alarm RMON Event E 1 6 Monitoring Port Statistics gt Cable Diagnostics i System Log Va a a ae E The Device Information provides an overview of the switch including essential information such as firmware amp hardware information and IP address It also offers an overall s
50. e Enabled Y Apply State Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled 1 Sai 3 5 E T SSA g Sa 11 SSS 1a SSS 15 SSS I as ee 19 E 21 rr 2 a Enahlod Figure 4 34 System gt D Link Discover Protocol Settings 31 4 Cnfiguration D Link Web Smart Switch User Manual D Link Discover Protocol State Enable or disable the Discover Protocol state D Link Discover Protocol Report Timer Seconds Configure the report timer of D Link Discover Protocol in seconds The values are 30 60 90 120 or Never Click Apply to implement changes made VLAN gt 802 1Q VLAN A VLAN is a group of ports that can be anywhere in the network but communicate as though they were in the same area VLANs can be easily organized to reflect department groups Such as R amp D Marketing usage groups such as e mail or multicast groups multimedia applications such as video conferencing and therefore help to simplify network management by allowing users to move devices to a new VLAN without having to change any physical connections The IEEE 802 1Q VLAN Configuration page provides powerful VID management functions The original settings have the VID as 1 no default name and all ports as Untagged Rename Click to rename the VLAN group Delete VID Click to delete the VLAN group Add New VID Click to create a new VID group assigning ports
51. e ports Click Apply to implement changes made and Refresh to refresh the voice vlan table 34 4 Cnfiguration D Link Web Smart Switch User Manual aS Note Voice VLAN has higher priority than any other features even QoS Therefore the voice traffic will be operated according to Voice VLAN setting and not impacted by QoS feature aS Note It is recommended setting the highest priority for Voice VLAN to guarantee the quality of VolP traffic VLAN gt Voice VLAN gt Voice Device List The Voice Device List page displays the information of Voice VLAN Voice Device List Safeguard Pon Al ID Port MAC Address Priority type eet Figure 4 41 VLAN gt Voice VLAN gt Voice Device List Select a port or all ports and click Search to display the Voice Device information in the table VLAN gt Auto Surveillance VLAN Settings Similar as Voice VLAN Auto Surveillance VLAN is a feature that allows you to automatically place the video traffic from D Link IP cameras to an assigned VLAN to enhance the IP surveillance service With a higher priority and individual VLAN the quality and the security of surveillance traffic are guaranteed The Auto Surveillance VLAN function will check the source MAC address VLAN ID on the incoming packets If it matches specified MAC address VLAN ID the packets will pass through switch with desired priority TO DurVveliance VLA selino _ gt al Auto Surveillance VLAN Global Settings
52. ed disables the limit Rate 64 1024000 This field allows you to enter the data rate in Kbits per second will be the limit for the selected port The value is between 64 and 1024000 Click Apply to set the bandwidth control for the selected ports QoS gt 802 1p DSCP ToS QoS is an implementation of the IEEE 802 1p standard that allows network administrators to reserve bandwidth for important functions that require a larger bandwidth or that might have a higher priority such as VoIP voice over Internet Protocol web browsing applications file server applications or video conferencing Thus with larger bandwidth less critical traffic is limited and therefore excessive bandwidth can be saved The following figure displays the status of Quality of Service priority levels of each port higher priority means the traffic from this port will be first handled by the switch For packets that are untagged the switch will assign the priority depending on your configuration Select QoS Mode 802 1p v Queuing mechanism Strict Priority v 4 VWWRR Class ID Class 0 Class 1 Class 2 Class 3 Weight 1 2 3 4 From Port To Port Priority Con w 2 M 7 v Priority Figure 4 76 QoS gt 802 1p DSCP ToS 56 Class 4 5 Class 5 6 202 1p Priority Seti A Apply Class 6 Class 7 8 Apply For ingress untagged packets the per port Def
53. edicated Voice VLAN The member port you configured in 802 1Q VLAN setting page will be the static member port of voice VLAN To dynamically add ports into the voice VLAN please enable the Auto Detection function Priority The 802 1p priority levels of the traffic in the Voice VLAN Aging Time 1 120 Enter a period of time in hours to remove a port from the voice VLAN if the port is an automatic VLAN member When the last voice device stops sending traffic and the MAC address of this voice device is aged out the voice VLAN aging timer will start The port will be removed from the voice VLAN after the expiration of the voice VLAN aging timer Selectable range is from 1 to 120 hours and default is 1 Click Apply to implement changes made Voice VLAN OUI Settings This allows the user to configure the user defined voice traffic s OUI An Organizationally Unique Identifier OUI is the first three bytes of the MAC address This identifier uniquely identifies a vendor manufacturer or other organization There are some pre defined OUIs and when the user configures personal OUI these pre defined OUls must be avoided Below are the pre defined voice traffic s OUI 33 4 Cnfiguration D Link Web Smart Switch User Manual jou Vendor mnemonic Name Default OUI Pre defined OUI values including brand names of 3COM Cisco Veritel Pingtel Siemens NEC Philips Huawei8COM and Avaya User defined OUI You can manually create a Telephony
54. ement VLAN is disabled You can select any existing VLAN as the management VLAN when this function is enabled There can only be one management VLAN at a time 231 7 a Vianagemen LAR TIC atior afec Management VLAN O Enabled Disabled VID VLAN Name default Figure 4 38 Configuration gt 802 1Q Management VLAN VLAN gt Voice VLAN gt Voice VLAN Global Settings Voice VLAN is a feature that allows you to automatically place the voice traffic from IP phone to an assigned VLAN to enhance the VolP service With a higher priority and individual VLAN the quality and the security of VoIP traffic are guaranteed If a VolP packet comes with a VLAN tag the Voice VLAN function won t replace the original VLAN tag voice VLAN Enabled Disabled VLAN ID 1 Aging Time 1 120 1 hour Priority 5 v Apply voice VLAN OU Settings Description Telephony OUI Default OUI 00 E0 BB 00 00 00 O User defined OUI OOKO Maximum number of user defined OUI is 10 entries OUl Mask Description Delete Telephony OUI Figure 4 39 VLAN gt Voice VLAN gt Voice VLAN Global Settings Voice VLAN Select to enable or disable Voice VLAN The default is Disabled After you enabled Voice VLAN you can configure the Voice VLAN Global Settings VLAN ID The ID of VLAN that you want to assign voice traffic to You must first create a VLAN from the 802 1Q VLAN page before you can assign a d
55. erval in seconds at which the SNTP server is polled for Unicast information The Poll Interval default is 30 seconds Click Apply to implement changes made When selecting Local for the clock source users can select from one of two options Manually set current time Users input the system time manually Set time from PC The system time will be synchronized from the local computer L2 Functions gt SNTP gt TimeZone Settings The TimeZone Setting Page is used to configure time zones and Daylight Savings time settings for SNTP TimeZone Setti esc Daylight Saving Time O Enabled Disabled Daylight Saving Time Offset 60 min Time Zone Offset GMT HH MM moo vio Daylight Saving Time Settings From Month Day From HH MM To Month Day To HH MM Figure 4 60 L2 Functions gt SNTP gt TimeZone Settings Daylight Saving Time State Enable or disable the DST Settings Daylight Saving Time Offset Use this drop down menu to specify the amount of time that will constitute your local DST offset 30 60 90 or 120 minutes Time Zone Offset GMT HH MM Use these drop down menus to specify your local time zone s offset from Greenwich Mean Time GMT Daylight Saving Time Settings From Month Day Enter the month DST and date DST will start on each year From HH MM Enter the time of day that DST will start on each year To Month Day Enter the month DST and date DST will end on each year To HH MM E
56. ew Normal Detailed View Detailed Figure 4 70 L2 Functions gt LLDP gt LLDP Remote Port Table To view the settings for a remote port click View Normal and the following page displays 53 4 Cnfiguration D Link Web Smart Switch User Manual PortID 1 Remote Entities Count 0 NONE Show LLDP Remote Port Brief Table Show LLDP Remote Port Detailed Table Figure 4 71 L2 Functions gt LLDP gt LLDP Remote Port Normal Table To view the detail settings for a remote port click View Detailed and the following page displays PortID 1 Remote Entities Count 0 NONE Show LLDP Remote Port Brief Table Show LLDP Remote Port Normal Table Figure 4 72 L2 Functions gt LLDP gt LLDP Remote Port Detailed Table L2 Functions gt LLDP gt LLDP Statistics The LLDP Statistics page displays an overview of all LLDP traffic 54 4 Cnfiguration D Link Web Smart Switch User Manual LLDP Statistics System Last Change Time 0 Number of Table Insert 0 Number of Table Delete 0 Number of Table Drop 0 Number of Table Age Out 0 LLDP Port Statistics _Refresh_ __Clear__ F y Ys Port TxPort Frames RxPortrrames RxPort FramesErrors RxPort Frames RxPorti Lvs RxPortl Lvs RxPort Ageouts Dis eee Dis ae ORENA i 0 0 in ne O a a mm a me een SY SS ee Eee ee ee 7 0 0 0 0 0 0 0 ES SSS SS SS SSeS See ESS SSeS SS Figure 4 74 L2 Functions gt LLDP gt LLDP Statistics The following informati
57. g the connected cable media types X NOTE All ports do not support MDI MDI X function when the speed links to 1000M force mode MDI MDIX A medium dependent interface MDI port is an Ethernet port connection typically used on the Network Interface Card NIC or Integrated NIC port on a PC Switches and hubs usually use Medium dependent interface crossover MDIX interface When connecting the Switch to end stations user have to use straight through Ethernet cables to make sure the Tx Rx pairs match up properly When connecting the Switch to other networking devices a crossover cable must be used This switch provides a configurable MDI MDIX function for users The switches can be set as an MDI port in order to connect to other hubs or switches without an Ethernet crossover cable Auto MDI MDIX is designed on the switch to detect if the connection is backwards and automatically chooses MDI or MDIX to properly match the connection The default setting is Auto MDI MDIX Flow Control You can enable this function to mitigate the traffic congestion Ports configured for full duplex use 802 3x flow control half duplex ports use backpressure flow control The default setting is Disabled Link Status Reporting Down indicates the port is disconnected System gt Port Description Port description can be given on this page 25 4 Cnfiguration D Link Web Smart Switch User Manual From Port To Port Description oy 01 iw
58. h and SNMP manager AuthNoPriv Authorization is required but no encryption for packets sent between the Switch and SNMP manager AuthPriv Both authorization and encryption are required for packets sent between the Switch and SNMP manger Notify View Name Specify a SNMP group name for users that can receive SNMP trap messages generated by the Switch s SNMP agent 80 4 Cnfiguration D Link Web Smart Switch User Manual Group Name oe Security Model v1 Read View Name Security Level oAuthNe Write View Name Notify View Name J indicates mandatory data Add Delete ReadOnly ReadWrite ReadWrite v1 NoAuthNoPriv Reaawte O e ReadWrite ReadWrite ReadWrite ReadWrite v1 NoAuthNoPriv ReadWrite ReadWrte ReadWrite ReadWrite vac NoAuthNoPriv beles J Figure 4 118 SNMP gt SNMP gt SNMP Group Table SNMP gt SNMP gt SNMP View This page allows you to maintain SNMP views to community strings that define the MIB objects which can be accessed by a remote SNMP manager View Name CS Subtree OID i OID Mask View Type Included v 2 indicates mandatory data Add Subtree OID OID Mask View Type Delete ReadWrite 1 1 Included Figure 4 119 SNMP gt SNMP gt SNMP View View Name Name of the view up to 32 characters Subtree OID The Object Identifier OID Subtree for the view The OID identifies an object tree MIB tree that will be included or excluded from access b
59. he management host Community String SNMPv3 User Name Specify the community string or SNMPv3 user name for the management host Click Apply to create a new SNMP host Delete to remove an existing host SNMP gt SNMP gt SNMP Engine ID The Engine ID is a unique identifier used to identify the SNMPv3 engine on the Switch Input the Engine ID then click Apply to apply the changes and click Default resets to default value ee Engine ID 4447532d313231302d31305000010203040 Default Engine ID length is 10 64 the accepted character is from 0 to F Figure 4 122 SNMP gt SNMP gt SNMP Engine ID SNMP gt RMON gt RMON Global Settings Users can enable and disable remote monitoring RMON status for the SNMP function on the Switch In addition RMON Rising and Falling Alarm Traps can be enabled and disabled Click Apply to make effects RMON QO Enabled Disabled Figure 4 123 SNMP gt RMON gt RMON Global Settings SNMP gt RMON gt RMON Statistics The RMON Statistics Configuration page displays the information of RMON Ethernet Statistics and allows the user to configure the settings VIC Owner 9 indicates mandatory data Index Port Drop Events Broadcast Packets MultiastPackets Owner Delete Figure 4 124 SNMP gt RMON gt RMON Ethernet Statistics Configuration The RMON Ethernet Statistics Configuration contains the following fields Index 1 65535 Indicates the RMON Ethernet Statistic
60. he possible field values are Enabled Enables the Maximum Frame Size configured on the port Disabled Disables the Maximum Frame Size configured on the port Define these parameter fields Click Apply to implement changes made and click Refresh to refresh the table information L2 Functions gt LLDP gt LLDP Management Address Settings The LLDP Management Address Settings allows the user to set management address which is included in LLDP information transmitted 50 4 Cnfiguration D Link Web Smart Switch User Manual From Port To Port Address Type Address Port State on i 6 a iP Sw CT oo o a Disabled E Enabled Management Address Table Enabled Management Address None Disabled None Disabled None Disabled None Disabled None Disabled None Disabled None Disabled Disabled None Disabled None Figure 4 65 L2 Functions gt LLDP gt LLDP Management Address Settings From Port To Port A consecutive group of ports may be configured starting with the selected port Address Type Specify the LLDP address type on the port The value is always IPv4 Address Specify the address Port State Specify whether the Port State is enabled n the port The possible field values are Enabled Enables the port state configured on the port Disabled Disables the port state configured on the port Click Apply to implement changes made L2 Functions gt LLDP gt LLDP Management Address T
61. heck the validity of the packet s option 82 Enabled When the field is toggled to Enabled the relay agent will check the validity of the packet s option 82 fields If the switch receives a packet that contains the option 82 field from a DHCP client the switch drops the packet because it is invalid In packets received from DHCP servers the relay agent will drop invalid messages Disabled When the field is toggled to Disabled the relay agent will not check the validity of the packet s option 82 fields DHCP Relay Agent Information Option 82 Policy This field can be toggled between Replace Drop and Keep by using the pull down menu It is used to set the Switches policy for handling packets when the DHCP Agent Information Option 82 Check is set to Disabled The default is Replace Replace The option 82 field will be replaced if the option 82 field already exists in the packet received from the DHCP client Drop The packet will be dropped if the option 82 field already exists in the packet received from the DHCP client Keep The option 82 field will be retained if the option 82 field already exists in the packet received from the DHCP client DHCP Relay Agent Information Option 82 Remote ID This field can be toggled between Default and User Define X NOTE If the Switch receives a packet that contains the option 82 field from a DHCP client and the information checking feature is enabled the switch drops the packet because
62. hentication Lists page is used to configure parameters for users attempting to access the Switch through SSH Annaa s Total Entries Entries 1 UserName Ath Mode Host Name Sa HOST admin Password 7 HostName should be less than 33 characters Figure 4 88 Security gt SSH gt SSH User Authentication Lists The user may view the following parameters User Name A name of no more than 15 characters to identify the SSH user This User Name must be a previously configured user account on the Switch Auth Mode The administrator may choose one of the following to set the authorization for users attempting to access the Switch Host Based This parameter should be chosen if the administrator wishes to use a remote SSH server for authentication purposes 62 4 Cnfiguration D Link Web Smart Switch User Manual Password This parameter should be chosen if the administrator wishes to use an administrator defined password for authentication Upon entry of this parameter the Switch will prompt the administrator for a password and then to re type the password for confirmation Public Key This parameter should be chosen if the administrator wishes to use the public key on an SSH server for authentication Host Name Enter an alphanumeric string of no more than 32 characters to identify the remote SSH user This parameter is only used in conjunction with the Host Based choice in the Auth Mode field Host IP Enter the corresp
63. hold Absolute value Compares the values directly with the thresholds at the end of the sampling interval Falling Threshold 0 2431 1 Displays the falling counter value that triggers the falling threshold alarm Falling Event Index 1 65535 Displays the event that triggers the specific alarm The possible field values are user defined RMON evenis Click Add to make the configurations take effects SNMP gt RMON gt RMON Event The RMON Event page contains fields for defining modifying and viewing RMON events statistics RMON Event Sett a Index 1 65535 Description E l Type None v Community indicates mandatory data index Description Type Community Owner Last Time Sent Delete Figure 4 127 SNMP gt RMON gt RMON Event Settings The RMON Events Page contains the following fields Index 1 65535 Displays the event Description Specifies the user defined event description Type Specifies the event type The possible values are None Indicates that no event occurred Log Indicates that the event is a log entry SNMP Trap Indicates that the event is a trap Log and Trap Indicates that the event is both a log entry and a trap Community Specifies the community to which the event belongs Owner Specifies the time that the event occurred Click Add to add a new RMON event Monitoring gt Port Statistics The Port Statistics screen displays the status of each port pac
64. i l o5 _ 06 ie l _ oF J a o8 telai 10 __12 13 Figure 4 49 L2 Functions gt Spanning Tree gt STP Port Settings From Port To Port A consecutive group of ports may be configured starting with the selected port State Use the drop down menu to enable or disable STP by per port based It will be selectable after the global STP is enabled 39 4 Cnfiguration D Link Web Smart Switch User Manual External Cost This defines a metric that indicates the relative cost of forwarding packetsto the specified port list Port cost can be set automatically or as a metric value The default value is 0 auto 0 auto Setting 0 for the external cost will automatically set the speed for forwarding packets to the specified port s in the list for optimal efficiency Default port cost 100Mbps port 200000 Gigabit port 20000 Value 1 200000000 Define a value between 1 and 200000000 to determine the external cost The lower the number the greater the probability the port will be chosen to forward packets Migrate Setting this parameter as Yes will set the ports to send out BPDU packets to other bridges requesting information on their STP setting If the Switch is configured for RSTP the port will be capable to migrate from 802 1d STP to 802 1w RSTP Migration should be set as yes on ports connected to network stations or segments
65. il _ None na None 10 Disabled None None 11 Disabled None None 419 Mieahin a ihlana ihlana Figure 4 64 L2 Functions gt LLDP gt 802 1 Extension TLV Port Settings From Port To Port A consecutive group of ports may be configured starting with the selected port Port VLAN ID Specifies the Port VLAN ID to be enabled or disabled VLAN Name Specifies the VLAN name to be enabled or disabled in the LLDP port If select Enabled users can specifies the content of VLAN ID or VLAN Name or all Protocol Identity Specifies the Protocol Identity to be enabled or disabled in the LLDP port If select Enabled users can specifies the EAPOL LACP GVRP STP or ALL Click Apply to implement changes made and click Refresh to refresh the table information 49 4 Cnfiguration D Link Web Smart Switch User Manual L2 Functions gt LLDP gt 802 3 Extension TLV The 802 3 Extension LLDP Port Settings page displays 802 3 Extension LLDP port information and contains parameters for configuring 802 3 Extension LLDP port settings From Port To Port MACIPHY Power Via MDI Link Aggregation Maximum Frame Size Configuration Status 1 w 2B oy Disabled Disabled Disabled Apply oO Port MACIPHY Configuration Status Power Via MDI Link Aggregation Maximum Frame Size 1 Disabled Disabled Disabled Disabled 2 Disabled Disabled Disabled Disabled 3 Di
66. is parameter is Auto Restricted Role Toggle between True and False to set the restricted role state of the packet If set to True the port will never be selected to be the Root port The default value is False Restricted TCN Toggle between True and False to set the restricted TCN of the packet Topology Change Notification TCN is a BPDU that a bridge sends out to its root port to signal a topology change If set to True it stops the port from propagating received TCN and to other ports The default value is False Click Apply for the settings to take effect Click Refresh to renew the page L2 Functions gt Link Aggregation gt Port Trunking The Trunking function enables the combining of two or more ports together to increase bandwidth Up to eight Trunk groups may be created and each group consists up to eight ports Select the ports to be grouped together and then click Apply to activate the selected Trunking groups Two types of link aggregation can be selected Static Static link aggregation LACP LACP Link Aggregation Control Protocol is enabled on the device LACP allows for the automatic detection of links in a Port Trunking Group Disable Remove all members in this trunk group i I Safeguard Link Aggregation O Enabled Disabled Apply Link Aggregation Settings Group 01 Type LACP v Maximum 8 ports in static group and 8 ports in LACP group Trunking list Figure 4 50 L2 Functions gt Link Aggreg
67. isabled DHCPVv6 Client Specifies the DHCPv 6 client to be enabled or disabled IPv6 Network Address Specifies the IPv6 Network Address NS Retransmit Time Settings NS Retransmit Time 1 3600 Specifies the NS retransmit time for IPv6 The field range is 1 3600 and default is 1 second Automatic Link Local State Settings Automatic Link Local Address Specifies the automatic link is enabled or disabled Click Apply for the settings to take effect System gt IPv6 Route Settings The IPv6 Route Settings page allows user to configure the IPv6 route settings _IPv6 Route Settings Safeguard IPv6 Default Gateway Default Gateway e g 3FFE 1 Metric 1 Total Entries 0 Co Next Hop IP Infterface Figure 4 20 System gt IPv6 Route Settings IP Interface Specify the IP interface which to be created Default Gateway The corresponding IPv6 address for the next hop Gateway address in IPv6 format Metric Represents the metric value of the IP interface entered into the table This field may read a number between 1 and 65535 23 4 Cnfiguration D Link Web Smart Switch User Manual Click Create to accept the changes made and click the Delete button to remove the entry System gt IPv6 Neighbor Settings The user can configure the Switch s IPv6 neighbor settings The Switch s current IPv6 neighbor settings will be displayed in the table at the bottom of this window PV Neighbor Sett a I
68. it is invalid However in some instances you might configure a client with the option 82 field In this situation you should disable the information check feature so that the switch does not remove the option 82 field from the packet You can configure the action that the switch takes when it receives a packet with existing option 82 information by configuring the DHCP Agent Information Option 82 Policy System gt DHCP BOOTP Relay gt DHCP BOOTP Relay Interface Settings This page allows the user to set up a server by IP address for relaying DHCP BOOTP information the switch The user may enter a previously configured IP interface on the Switch that will be connected directly to the DHCP BOOTP server using the following window Properly configured settings will be displayed in the BOOTP Relay Table at the bottom of the following window once the user clicks the Add button under the Apply heading The user may add up to four server IPs per IP interface on the Switch Entries may be deleted by clicking Delete button 2 4 Cnfiguration D Link Web Smart Switch User Manual Interface system Server IP a Apply DHCP BOOTP Relay Interface Table Figure 4 27 System gt DHCP BOOTP Relay gt DHCP BOOTP Relay Interface Settings Interface The IP interface on the Switch that will be connected directly to the Server Server IP Enter the IP address of the DHCP BOOTP server Up to four server IPs can be configured per IP I
69. ith all D Link 802 3af or 802 3at capable devices The Switch also works in POE mode with all non 802 3af capable D Link AP IP Cam and IP phone equipment via the PoE splitter DWL P50 IEEE 802 3at defined that the PSE provides power according to the following classification Class Usage Output power limit by PSE Default 15 4W Optional 15 4W The PoE port table will display the PoE status including Port Enable Power Limit Power W Voltage V Current mA Classification Port Status You can select From Port To Port to control the PoE functions of a port DGS 1210 28P will auto disable the ports if port current is over 375mA in 802 3af mode or 625mA in pre 802 3at mode w Note The PoE Status information of Power current Power Voltage and Current is the power usage information of the connected PD please Refresh to renew the information PoE Port SS Sofeguard From Port To Port State Time Range Priority Power Limit 1 i 8 v Enabled N A v Normal he Auto v Ea Watts The por 1 to port 8 can be set a power limit between 1W and 30W Max power used by PSE Class 1 4W Class 2 7W Class 3 15 4W Class 4 30W Port State Time Range Priority Power Limit 1 N A A Enabled Normal uto Enabled N A Normal Auto Enabled N A Normal Auto Enabled N A Normal Auto 5 Enabled N A Normal Auto Enabled N A Normal Auto Enabled N A Normal Auto Enabled N A Normal Auto
70. ket count Port Stati tS Safeguard Pon 0 fon Ben Bee Boe Bee Bee Bee Be Be O Figure 4 128 Monitoring gt Port Statistics Refresh Renews the details collected and displayed Clear To reset the details displayed TxOK Number of packets transmitted successfully 84 4 Cnfiguration D Link Web Smart Switch User Manual RxOK Number of packets received successfully TxError Number of transmitted packets resulting in error RxError Number of received packets resulting in error To view the statistics of individual ports click one of the linked port numbers for details OS te SO SOfoguar Port 1 OutOctets 16926524 InOctets 37798576 OutUcastPkts 22804 InUcastPkts 16621 OutNUcastPkts 8105 InNUcastPkts 118331 OutErrors 0 InDiscards 0 LateCollisions 0 InErrors 0 ExcessiveCollisions 0 FCSErrors 0 InternalMacTransmitErrors 0 FrameTooLongs 0 InternalMacReceiveErrors 0 Figure 4 129 Monitoring gt Port Statistics Back Go back to the Statistics main page Refresh To renew the details collected and displayed Clear To reset the details displayed Monitoring gt Cable Diagnostics The Cable Diagnostics is designed primarily for administrators and customer service representatives to examine the copper cable quality It rapidly determines the type of cable errors occurred in the cable Select a port and then click the Test Now button to start the diagnosis Cable Diagnost
71. ks during periods of low utilization by transitioning interfaces into a low power state without interrupting the network connection The transmitted and received sides should be IEEE802 3az EEE compliance By default the switch enabled the 802 3az EEE function Users can disable this feature by individual port via the IEEE802 3az EEE setting page From Port To Port State 23 Oy Disabled Y Apply IEEE802 3az EEE settings Disabled Disabled Disabled Disabled Disabled Disabled T Figure 4 33 System gt IEEE802 3az EEE Settings From Port To Port A consecutive group of ports may be configured starting with the selected port State Enabled or Disabled the IEEE802 3az EEE for the specified ports By default all ports are enabled Click Apply to implement changes made If the connection speed drops down from 1000M to 100M or the first link up takes longer time please follow below steps and check again 1 Upgrade drivers of your Ethernet adapter or LAN controller for the host PC 2 Disable EEE function on the switch port System gt D Link Discover Protocol Settings For the D Link Discovery Protocol DDP supported device this page is an option for you to disable DDP or configure the DDP packet report timer DDP Global Settings D Link Discover Protocol State Enabled Disabled D Link Discover Protocol Report Timer Seconds 30 i Apply DDP Port Settings From Port To Port Stat
72. led in the network especially when the down links are hubs or unmanaged switches The Switch will automatically shutdown the port and sends a log to the administrator The Loopback Detection port will be unlocked when the Loopback Detection Recover Time times out The Loopback Detection function can be implemented on a range of ports at the same time You may enable or disable this function using the pull down menu K Detile Loopback Detection O Enabled Disabled Mode Port based Y VLAN List SS Interval 1 32767 sec Recover Time sec Apply 0 or 60 1000000 From Port To Port State Port State Loop Status Figure 4 45 L2 Functions gt Loopback Detection Loopback Detection Use the drop down menu to enable or disable loopback detection The default is Disabled Mode Specifies Port based or VLAN based mode If port based mode is selected the loop happening port will be shut down and affect all member VLANs If VLAN based mode is selected only the member port in the loop happening VLAN will be shut down VID List Specifies the VID Interval 1 32767 Set a Loop detection Interval between 7 and 32767 seconds The default is 2 seconds Recover Time 0 or 60 1000000 Time allowed in seconds for recovery when a Loopback is detected The Loop Detection Recover Time can be set at 0 seconds or 60 to 1000000 seconds Entering 0 will disable the Loop Detection Recover Ti
73. lick Enable so you can start to configure the related settings of the remote system log server then press Apply for the changes to take effect SySLOg Host StS Safeguar System Log O Enabled Disabled Server IP Address 0 0 0 0 IPv4 Severity O IPv6 Facility UDP Port 1 65535 Time Stamp Figure 4 30 System gt SysLog Host Settings Server IP Address Select IPv4 or IPv6 then specify the IP address of the system log server UDP Port Specifies the UDP port to which the server logs are sent The possible range is 1 65535 and the default value is 514 Time Stamp Select Enable to time stamp log messages Severity Specifies the minimum severity from which warning messages are sent to the server There are three levels When a severity level is selected all severity level choices above the selection are selected automatically The possible levels are Warning The lowest level of a device warning The device is functioning but an operational problem has occurred Informational Provides device information All Displays all levels of system logs Facility Specifies an application from which system logs are sent to the remote server Only one facility can be assigned to a single server If a second facility level is assigned the first facility is overwritten There are up to eight facilities can be assigned Local 0 Local 7 System gt Time Profile The Time Profile page allo
74. line Help Function Tree All configuration options on the switch are accessed through the Setup menu on the left side of the screen Click on the setup item that you want to configure The following sections provide more detailed description of each feature and function 20 4 Cnfiguration 0G8 1210 28 Eh bet System HE A System Settings H IPv6 System Settings gt Pv6 Route Settings IPv6 Neighbor Settings 5 Password Port Settings 5 Port Description 8 DHCP Auto Configuration DHCPIBOOTP Relay 5 DHCP Local Relay Settings DHCP v6 Relay Settings B SysLog Host Time Profile Power Saving IEEES02 3az EEE settings gt D Link Discover Protocol H i WLAN B 802 10 VLAN B 802 10 VLAN PVID 80210 Management WYLAN 2E Voice WLAN H Voice WYLAN Global Setting 3 Voice LAN Part Settings oR Voice Device List i Auto Surveillance WYLAN Device Information El Fag L2 Functions H5 Jumbo Frame Por Mirroring Loopback Detection F 6 MAC Address Table 3 Static MAC Pi LB Dynamic Forwarding T Spanning Tree STP Global Settings a 5 STP Port Settings El a Link Aggregation H DHOPIBOOTP Relay Globe DHCP BOOTP Relay inter A 6 Multicast a Port Trunking i LACP Port Settings HA IGMP Snooping S MLO Snooping Time Settings LB Timezone Settings a LLDP LLDP Global Settings io gt LLDP Port Settings S BS eel eel BiS i i LLDOP Statisti
75. me The default is 60 seconds From Port The beginning of a consecutive group of ports may be configured starting with the selected port To Port The ending of a consecutive group of ports may be configured starting with the selected port State Use the drop down menu to toggle between Enabled and Disabled Default is Disabled Click Apply to implement changes made or click Refresh to refresh the Loopback Detection table L2 Functions gt MAC Address Table gt Static MAC This feature provides two distinct functions The MAC Address Learning table allows turning off the function of learning MAC address automatically if a port isn t specified as an uplink port for example connects to a DHCP Server or Gateway By default this feature is disabled Static MAC Se NS a SOfoguard MAC Address Learning Enabled Disabled CE CC o o a 2 s a Learning Learning Add Static MAC Address Pot 01 MAC Address VID 1 v Add Static MAC Address Lists Delete All 7 Maximum 256 entries MAC Address Figure 4 46 L2 Functions gt MAC Address Table gt Static Mac Address 3 4 Cnfiguration D Link Web Smart Switch User Manual The Static MAC Address Lists table displays the static MAC addresses connected as well as the VID Add Static MAC Address you need to select the assigned Port number Enter both the Mac Address and VID and then Click Add Click Delete to remove one entry or click Delete all to clear the list
76. n Exit to go back to the main page b Step 1 of 3 The wizard will help to complete settings for IP address Netmask and Gateway Static DHCP O BOOTP IP Address 10 90 90 90 Netmask 8 255 0 0 0 b Gateway 0 0 0 0 C Ignore the wizard next time Figure 4 1 IP Information in Smart Wizard NOTE The Smart Wizard supports quick settings for IPv4 network Password Type the desired new password in the Password box and again in the Confirm Password then click the Next button to the SNMP setting page 14 4 Cnfiguration D Link Web Smart Switch User Manual Welcome to Smart Wizard Step 2 of 3 Set up the password for authorized access Figure 4 2 Password in Smart Wizard SNMP The SNMP Setting allows you to quickly enable disable the SNMP function The default SNMP Setting is Disabled Click Enabled and then click Apply to make it effective Welcome to Smart Wizard Step 3 of 3 Enable SNMP for management Figure 4 3 SNMP in Smart Wizard NOTE Changing the system IP address will disconnect you from the current connection Please enter the correct IP address in the Web browser again and make sure your PC is in the same subnet with the switch See Login Web based Management for a _ detailed description If you want to change the settings click OK and start a new web browser 15 Cnfiguration D Link Web Smart Switch User Manual p You have completed setup Any
77. nabled When this field is toggled to Enabled the relay agent will insert and remove DHCP relay information option 82 field in messages between DHCP servers and clients When the relay agent receives the DHCP request it adds the option 82 information and the IP address of the relay agent if the relay agent is configured to the packet Once the option 82 information has been added to the packet it is sent on to the DHCP server When the DHCP server receives the packet if the server is capable of option 82 it can implement policies like restricting the number of IP addresses that can be assigned to a single remote ID or circuit ID Then the DHCP server echoes the option 82 field in the DHCP reply The DHCP server unicasts reply to the back to the relay agent if the request was relayed to the server by the relay agent The switch verifies that it originally inserted the option 82 data Finally the relay agent removes the option 82 field and forwards the packet to the switch port that connects to the DHCP client that sent the DHCP request Disabled If the field is toggled to Disabled the relay agent will not insert and remove DHCP relay information option 82 field in messages between DHCP servers and clients and the check and policy settings will have no effect DHCP Relay Agent Information Option 82 Check This field can be toggled between Enabled and Disabled using the pull down menu It is used to enable or disable the Switches ability to c
78. network managers to better monitor network performances Port Mcroring Set s Port Mirroring O Enabled Disabled Target Port Source Port Selection Apply snifferMode Selecta or oz fos fos fos fos for os fos o o 2 pao mo TX lo lo fo fo fo Jo fo lo lo lo lo lo lo jo THIRK co lo lo lo fo lo lo lo lo o o Jo o o o fenifermoue selecta is Tie Tir ig fig 20 nae 3a as ae ar e TX THIRK A CCC OE CO CO CO OE OE Oe CO CO Oe oe Figure 4 44 L2 Functions gt Port Mirroring Selection options for the Source Ports are as follows TX transmit mode Duplicates the data transmitted from the source port and forwards it to the Target Port Click all to include all ports into port mirroring RX receive mode Duplicates the data that is received from the source port and forwards it to the Target Port Click all to include all ports into port mirroring TX RX transmit and receive mode Duplicate both the data transmitted from and data sent to the source port and forwards all the data to the assigned Target Port Click all to include all ports into port mirroring None Turns off the mirroring of the port Click all to remove all ports from mirroring 36 4 Cnfiguration D Link Web Smart Switch User Manual L2 Functions gt Loopback Detection The Loopback Detection function is used to detect the loop created by a specific port while Spanning Tree Protocol STP is not enab
79. ng parameters and click Apply SSH State Enabled or Disabled SSH on the Switch The default is Disabled Max Session 1 4 Enter a value between 7 and 4 to set the number of users that may simultaneously access the Switch The default setting is 7 Connection Timeout 120 600 Allows the user to set the connection timeout The use may set a time between 120 and 600 seconds The default setting is 120 seconds Authfail Attempts 2 20 Allows the Administrator to set the maximum number of attempts that a user may try to log on to the SSH Server utilizing the SSH authentication After the maximum number of attempts has been exceeded the Switch will be disconnected and the user must reconnect to the Switch to attempt another login The number of maximum attempts may be set between 2 and 20 The default setting is 2 Rekey Timeout Using the pull down menu uses this field to set the time period that the Switch will change the security shell encryptions The available options are Never 10 min 30 min and 60 min The default setting is 60 min Security gt SSH gt SSH Authmode and Algorithm Settings The SSH Authentication and Algorithm Settings page allows user to configure the desired types of SSH algorithms used for authentication encryption 61 4 Cnfiguration D Link Web Smart Switch User Manual SSH Authentication Mode Settings CI Password C Public Key C Host Based Encryption Algorithm 3DES8 CBC Data Integrity Algorithm
80. nter the time of day that DST will end on each year Click Apply to implement changes made L2 Functions gt LLDP gt LLDP Global Settings LLDP Link Layer Discovery Protocol provides IEEE 802 1AB standards based method for switches to advertise themselves to neighbor devices as well as to learn about neighbor LLDP devices SNMP utilities can learn the network topology by obtaining the MIB information in each LLDP device The LLDP function is disabled by default _ LLDP Global Settings Seg LLDP Enabled Disabled Message TX Hold Multipier 2 10 4 Message TX Interval 5 32768 30 sec LLDP Reinit Delay 1 103 2 sec LLDP TX Delay 1 8192 2 sec Apply LLDP system Information ae Chassis ID Subtype macAddress Chassis ID 00 1 2 10 03 03 03 System Name System Description DGS 1210 28P 4 00 018 Figure 4 61 L2 Functions gt LLDP gt LLDP Global Settings 47 4 Cnfiguration D Link Web Smart Switch User Manual LLDP When this function is Enabled the switch can start to transmit receive and process the LLDP packets For the advertisement of LLDP packets the switch announces the information to its neighbor through ports For the receiving of LLDP packets the switch will learn the information from the LLDP packets advertised from the neighbor in the neighbor table Click Apply to make the change effective Message TX Hold Multiplier 2 10 This parameter is a multiplier that determines the actu
81. nterface Click Apply to implement changes made System gt DHCP Local Relay Settings The DHCP Local Relay Settings page allows the user to configure DHCP Local Relay DHCP broadcasts are trapped by the switch CPU and replacement broadcasts are forwarded with Option 82 Replies from the DHCP servers are trapped by the switch CPU the Option 82 is removed and the reply is sent to the DHCP Client DHCP Local Relay Settings 8 SSE T DHCP BOOTP Local Relay Status O Enabled Disabled Config DHCP Local Relay for VLAN Config VLAN by VID E State Disabled v Apply DHCP BOOTP Local Relay YID List Figure 4 28 System gt DHCP Local Relay Settings DHCP BOOTP Local Relay Status Specifies whether DHCP Local Relay is enabled on the device Enabled Enables DHCP Local Relay on the device Disabled Disables DHCP Local Relay on the device This is the default value Config VLAN by Configure the VLAN by VID or VLAN Name of drop down menu State Specifies whether DHCP Local Relay is enabled on the VLAN Enabled Enables DHCP Local Relay on the VLAN Disabled Disables DHCP Local Relay on the VLAN DHCP Local Relay VID List Displays the list of VLANs on which DHCP Local Relay has been defined Click Apply to implement changes made System gt DHCPv6 Relay Settings The DHCPv6 Relay Settings page allows user to configure the DHCPv6 settings _DHCPv6 Relay Settings o O Sefeguard
82. nterface Name System Neighbor IPv6 Address Link Layer MAC Address o sat a Total Entries 0 Neighbor Link Layer Address interface Name State Figure 4 21 System gt IPv6 Neighbor Settings Interface Name Enter the interface name of the IPv6 neighbor Neighbor IPv6 Address Specifies the neighbor IPv6 address Link Layer MAC Address Specifies the link layer MAC address Click Apply for the settings to take effect Interface Name Specifies the interface name of the IPv6 neighbor To search for all the current interfaces on the Switch go to the second Interface Name field in the middle part of the window State Select and enter the neighbor IPv6 state here Options to choose from are All Address Static and Dynamic When the user selects address from the drop down menu the user will be able to enter an IP address in the space provided next to the state option Click Find to locate a specific entry based on the information entered Click Clear to clear all the information entered in the fields System gt Password Setting a password is a critical tool for managers to secure the Web Smart Switch After entering the old password and the new password twice click Apply for the changes to take effect _Password Access Control Se guilt Old Password New Password Confirm Password E S F Maximum 20 characters Figure 4 22 System gt Password Access Control System gt Port Settings In the Port Setting
83. ntication attempts Users failing to be authenticated after the set amount of attempts will be denied access to the Switch and will be locked out of further authentication attempts Command line interface users will have to wait 60 seconds before another authentication attempt Telnet and web users will be disconnected from the Switch The user may set the number of attempts from 7 to 255 The default setting is 2 Key Set the key the same as that of the RADIUS server Confirm Key Confirm the shared key is the same as that of the RADIUS server 65 4 Cnfiguration D Link Web Smart Switch User Manual Click Apply to implement configuration changes AAA gt 802 1X gt 802 1X Global Settings Network switches provide easy and open access to resources by simply attaching a client PC Unfortunately this automatic configuration also allows unauthorized personnel to easily intrude and possibly gain access to sensitive data IEEE 802 1X provides a security standard for network access control especially in Wi Fi wireless networks 802 1X holds a network port disconnected until authentication is completed The switch uses Extensible Authentication Protocol over LANs EAPOL to exchange authentication protocol client identity such as a user name with the client and forward it to another remote RADIUS authentication server to verify access rights The EAP packet from the RADIUS server also contains the authentication method to be used The client can
84. ode 0 258 SSS ey IGMP 0 255 a7 Aeon Permit E C Priority 0 7 Replace Priority Figure 4 103 Add Access Rule IPv4 UDP IPv4 Address Defines the range of source Ports relevant to the ACL rules Source Defines the range of source Ports relevant to the ACL rules For example to set 0 15 set mask of FFFO Destination Defines the range of destination IP addresses relevant to the ACL rules For example to set 0 15 set mask of FFFO Click Next button then the ACL profile is added NOTE A combination of one or several filtering masks can be selected simultaneously The page updates with the relevant field s To define the IPv6 ACL ICMP rule Select IPv6 ACL with ICMP of Protocol Type and click Next button The updates to show the follows 72 4 Cnfiguration D Link Web Smart Switch User Manual Access List Assignment gt Select Packet Type Add Rule gt Apply Rule Please assign a sequence number to create a new rule Sequence No 1 65535 ey Auto Assign Assign rule criteria L2 Header Traffic Class _ Next Header IPv6 Address CI Traffic Class IPv6 Class 0 255 OOo Next Header Protocol Type ICMP w Protocol ID 0 255 E Source Port es Source Port Mask a Destination Port Destination Port Mask ay ICMPy6 Type 0 255 fs Code 0 255 IPv6 Address Source Specify v Address LO o o p Destination Specify W Addre
85. on D Link Web Smart Switch User Manual MLD Snooping Global Settings MLD Snooping O Enabled Disabled Host Timeout 1 30 153025 Router Timeout 60 600 Robustness Variable 2 255 2 Last Member Query Interval 1 25 h see Query Interval 60 600 Max Response Time 10 25 fos see 7 When Querier state is enabled the Host Timeoutis calculated as the formula Host Timeout Robustness Variable Query Interval Max Response Time Apply MLD Snooping VLAN Settings VLAN ID VLAN Name Querier State Router Ports Multicast Entries 1 default Enabled Disabled Disabled Figure 4 55 L2 Functions gt Multicast gt MLD Snooping MLD Global Settings MLD Snooping Enable or disable the MLD Snooping Host Timeout 130 153025 sec Specifies the time interval in seconds after which a port is removed from a Multicast Group Ports are removed if a Multicast group MLD report was not received from a Multicast port within the defined Host Timeout period The possible field range is 130 153025 seconds The default timeout is 260 seconds Router Timeout 60 600 Specifies the time interval in seconds the Multicast router waits to receive a message before it times out The possible field range is 60 600 seconds The default timeout is 125 seconds Robustness Variable 2 255 The Robustness Variable allows adjustment for the expected packet loss on a subnet If a subnet is expected to be lossy the Robustness Variable may be increased
86. on can be viewed LLDP Statistics System Displays the counters that refer to the whole switch Last Change Time Displays the time for when the last change entry was last deleted or added It is also displays the time elapsed since last change was detected Number of Table Insert Displays the number of new entries inserted since switch reboot Number of Table Delete Displays the number of new entries deleted since switch reboot Number of Table Drop Displays the number of LLDP frames dropped due to that the table was full Number of Table Age Out Displays the number of entries deleted due to Time To Live expiring LLDP Port Statistics Displays the counters that refer to the ports TxPort FramesTotal Displays the total number of LLDP frames transmitted on the port RxPort FramesDiscarded Displays the total discarded frame number of LLDP frames received on the port RxPort FramesErrors Displays the Error frame number of LLDP frames received on the port RxPort Frames Displays the total number of LLDP frames received on the port RxPortTLVsDiscarded Each LLDP frame can contain multiple pieces of information Known as TLVs Ifa TLV is malformed it is counted and discarded RxPortTLVsUnrecognized Displays the number of well formed TLVs but with an known type value RxPort Ageouts Each LLDP frame contains information about how long time the LLDP information is valid If no new LLDP frame
87. onding IP address of the SSH user This parameter is only used in conjunction with the Host Based choice in the Auth Mode field Security gt Smart Binding gt Smart Binding Settings The primary purpose of Smart Binding is to restrict client access to a switch by enabling administrators to configure pairs of client MAC and IP addresses that are allowed to access networks through a switch The Smart Binding function is port based meaning that a user can enable or disable the function on any individual port Once Smart Binding is enabled on a switch port the switch will restrict or allow client access by checking the pair of IP MAC addresses with the pre configured database also known as the IMPB white list Users can enable or disable the Inspection packets and DHCP Snooping on the Switch smartBinding Set From Port To Port State a g 2 E Disabled Packet Inspection ARP Inspection x DHCP Snooping Disabled Apply IMPB Settin cr N Admin State Also inspect IP packets DHCP Snooping 01 Disabled Disabled Disabled Disabled Disabled Disabled 05 Disabled Disabled Disabled 07 Disabled Disabled Disabled Disabled Disabled 11 Disabled Disabled Disabled Figure 4 89 Security gt Smart Binding gt Smart Binding Settings The Smart Binding Settings page contains the following fields From Port To Port Select a range of ports to set for IP MAC
88. ort Enter the port number which the device connects to Check a box of Delete column to release an entry from the forbidden list and then click Apply to delete an entry from the list Click Select All to select all entries or click Clean to select none of the entries AAA gt RADIUS Server The RUAIUS Server of the Switch allows you to facilitate centralized user administration as well as providing protection against a sniffing active hacker Index 1 i IP Address IPy4 OO jOm Authentication Port 1 65535 Accounting Port 1 65535 Timeout 1 255 5 see Retransmit 1 255 2o ime Key Coo Oe Confirm Key DO 7 For key the maximum number of character is 32 RADIUS Server List 1 SSS EST T a G ee 3 nS SSS SSS SSS SS SSS SSS si 5 Figure 4 93 AAA gt RADIUS Server Index Choose the desired RADIUS server to configure 1 2 or 3 IP Address Select IPv4 or IPv6 and enter the IP address Authentication Port 1 65535 Set the RADIUS authentic server s UDP port The default port is 1812 Accounting Port 1 65535 Set the RADIUS account server s UDP port The default port is 1813 Timeout 1 255 sec This field will set the time the Switch will wait for a response of authentication from the user The user may set a time between 7 and 255 seconds The default setting is 5 seconds Retransmit 1 255 times This command will configure the maximum number of times the Switch will accept authe
89. ple Network Time Protocol is used by the Switch to synchronize the clock of the computer The SNTP settings folders contain two windows Time Settings and TimeZone Settings Users can configure the time settings for the switch and the following parameters can be set or are displayed in the Time Settings page Clock Source Local OSNTP Current Time 01 01 2013 00 29 57 SNTP Server Settings SNTP First Server e 860s IP v6 SNTP Second Server e 8 86 60t idY a SNTP Poll Interval 30 99999 sec Manually Time Settings Date DD MMIYYYY Time HH MM SS sync To PC Date DDIMMAYYY Time HH MM SS Figure 4 59 L2 Functions gt SNTP gt Time Settings Clock Source Specify the clock source by which the system time is set The possible options are Local Indicates that the system time is set locally by the device SNTP Indicates that the system time is retrieved from a SNTP server Current Time Displays the current date and time for the switch If choosing SNTP for the clock source then the following parameters will be available SNTP First Server Select IPv4 or IPv6 and specify the IP address of the primary SNTP server from which the system time is retrieved 46 4 Cnfiguration D Link Web Smart Switch User Manual SNTP Second Server Select IPv4 or IPv6 and specify the IP address of the secondary SNTP server from which the system time is retrieved SNTP Poll Interval in Seconds 30 99999 Defines the int
90. ps Specifies the device to send authentication failure notifications Device Bootup System boot up information Illegal Login Events of incorrect password logins recording the IP of the originating PC Port Link Up Link Down Copper port connection information RSTP Port State Change Events of a RSTP port state changes Firmware Upgrade State Information of firmware upgrade success or failure SNMP gt SNMP gt SNMP User This page is used to maintain the SNMP user table for the use of SNMPv3 SNMPv3 allows or restricts users using the MIB OID and also encrypts the SNMP messages sent out between users and Switch 19 4 Cnfiguration D Link Web Smart Switch User Manual SNMP User Table Seu User Name g Group Name i SNMP Version v1 v Encrypt Auth Protocol Password Privacy Protocol Password indicates mandatory data Add SNMP Version Auth Protocol Privacy Protocol ReadOnly ReadOnly v1 None None ReadOnly ReadOnly v2c None None ReadWrite ReadWrite v1 None None ReadWrite ReadWrite v2c None None Figure 4 117 SNMP gt SNMP gt SNMP User Table User Name Enter a SNMP user name of up to 32 characters Group Name Specify the SNMP group of the SNMP user SNMP Version Specify the SNMP version of the user Only SNMPv3 encrypts the messages Encrypt Specifies the Encrypt is enabled or disabled when the SNMP Version is V3 Auth Protocol Password Specify either HMAC MD5 96 or HMAC S
91. r If the test result shows OK then cable length will be indicated for the total length of the cable The cable lengths are categorized into four types lt 50 meters 50 80 meters 80 100 meters and gt 100 meters X NOTE Cable length detection is effective on 85 4 Cnfiguration D Link Web Smart Switch User Manual Gigabit ports only aS NOTE Please be sure that Power Saving feature is disabled before enabling Cable Diagnostics function Monitoring gt System Log The System Log page provides information about system logs including information when the device was booted how the ports are operating when users logged in when sessions timed out as well as other system information Maximum 500 entries Log Description Figure 4 131 Monitoring gt System Log ID Displays an incremented counter of the System Log entry The Maximum entries are 500 Time Displays the time in days hours and minutes the log was entered Log Description Displays a description event recorded Severity Displays a severity level of the event recorded Click Refresh to renew the page and click Clear to clean out all log entries 86
92. r STP are also used for RSTP This section introduces some new Spanning Tree concepts and illustrates the main differences between the two protocols By default Rapid Spanning Tree is disabled If enabled the Switch will listen for BPDU packets and its accompanying Hello packet BPDU packets are sent even if a BPDU packet was not received Therefore each link between bridges is sensitive to the status of the link Ultimately this difference results in faster detection of failed links and thus faster topology adjustment After enabling STP setting the STP Global Setting includes the following options STP Global Settings i S8feguar Spanning Tree Protocol O Enabled Disabled STP Version RSTP v Maximum Age 6 40 20 sec Bridge Priority 32768 o iv Hello Time 1 10 2 o sec Tx Hold Count 1 10 6 Forward Delay 4 30 15 sec Root Bridge Information Root Bridge 00 00 00 00 00 00 00 00 Root Cost 0 Root Maximum Age 20 Root Forward Delay 15 Root Port 0 Figure 4 48 L2 Functions gt Spanning Tree gt STP Global Settings STP Version You can choose RSTP or STP Compatible The default setting is RSTP Bridge Priority This value between 0 and 61410 specifies the priority for forwarding packets the lower the value the higher the priority The default is 32768 38 4 Cnfiguration D Link Web Smart Switch User Manual TX Hold Count 1 10 Used to set the maximum number of Hello packets transmi
93. r causes PSE power overload switch will firstly stop power supply to the port with a low priority PD As a result high priority PD can work without being affected Figure 4 114 PoE gt PoE Global Setting System Power Threshold Manually configure the system power budget 7 1 193 0 watts for DGS 1210 28P Power Shut Off Sequence Defines the method used to deny power to a port once the threshold is reached The possible fields are Deny next port When the power budget is exceeded the next port attempting to power up is denied regardless of the port priority Deny low priority port The port with the lower priority will be shut down to allow the higher priority port to power up Click Apply to make the configurations take effects System Power Status Displays the system power status of device Total PoE Power Budget Displays the total PoE power budget of this switch Power Used Displays the current used power of the switch Power Left Displays the spare power of the switch The percentage of system power supplied Displays the percentage of system power supplied of the switch 117 4 Cnfiguration D Link Web Smart Switch User Manual PoE gt PoE Port Settings DGS 1210 28P only DGS 1210 28P supports Power over Ethernet PoE as defined by the IEEE specification It supplies power to PD device up to 15 4W for all ports or 30W for port 1 4 meeting IEEE802 3af standards and pre 802 3at standards DGS 1210 28P works w
94. rotocol Protocol Type TCP v 8ouree Pont Mask Destination Port Mask Protocol ID 0 255 as Source Port Destination Port ICMP Type 0 255 sf Code 0 288 E IGMP 0 255 E Action Permit i CI Priority 0 7 Replace Priority Figure 4 102 Add Access Rule IPv4 TCP IPv4 Address Defines the range of source Ports relevant to the ACL rules Source Defines the range of source Ports relevant to the ACL rules For example to set 0 15 set mask of FFFO Destination Defines the range of destination IP addresses relevant to the ACL rules For example to set 0 15 set mask of FFFO 71 4 Cnfiguration D Link Web Smart Switch User Manual Click Next button then the ACL profile is added To define the IPv4 ACL UDP Rule Select IPv4 ACL with UDP and click Next button The updates to show the follows Access List Assignment Select Packet Type gt Add Rule Apply Rule Please assign a sequence number to create a new rule Sequence No 1 65536 Auto Assign Assign rule criteria L2 Header TOS IPv4 Address j Protocol Cl Tos ToS 0 7 DSCP 0 63 IPv 4 Address Source Specify v Address Mask Destination Specify v Address Mask Protocol Protocol Type UDP v Protocol ID 0 255 Source Port Source Port Mask Destination Port Destination Port Mask ICMP Type 0 255 C
95. roup and when the multicast server is notified that there are no more members It also allows adjustments for controlling the frequency of IGMP traffic on a subnet Default is 10 seconds To enable IGMP snooping for a given VLAN select enable and click on the Apply button Then press the Edit button under Router Port Setting and select the ports to be assigned as router ports for IGMP snooping for the VLAN and press Apply for changes to take effect A router port configured manually is a Static Router Port and a Dynamic Router Port is dynamically configured by the Switch when query control message is received 42 4 Cnfiguration D Link Web Smart Switch User Manual VLAN ID 1 VLAN Name default State Enabled v Querier State Disabled Fast Leave Disabled Static Router Ports 01 03 04 05 06 07 08 og 11 12 13 14 a w l ail a 4 A 4 a a a a al 15 16 17 19 20 22 4 4 al al Dynamic Router Ports 24 25 26 27 28 al a d E a a a E m E a a E a a E a a a a EJ a amp a a Apply Figure 4 53 L2 Functions gt Multicast gt IGMP Snooping VLAN Settings State Specify the State to be enabled or disabled Querier State D Link Smart Switch is able to send out the IGMP Queries to check the status of multicast clients Default is disabled Fast Leave Specify the Fast Leave feature to be enabled or disabled To view the Multicast Entry Table for a given VLAN press the View button Multicast
96. s Host Timeout 130 153025 so sec Router Timeout 60 600 so sec Robustness Variable 2 255 poe Last Member Query Interval 1 25 Bo sec Query Interval 60 600 125 see Max Response Time 10 25 io see When Querier state is enabled the Host Timeout is calculated as the formula Host Timeout Robustness Variable Query Interval Max Response Time IGMP Snooping VLAN Settings VLANID VLANName State Querier State FastLeave Router Ports Multicast Entries 1 default Enabled Disabled Disabled Figure 4 52 L2 Functions gt Multicast gt IGMP Snooping By default IGMP is disabled If enabled the IGMP Global Settings will need to be entered It is recommended to keep Report to all ports enable to ensure the functionality of SmartConsole Utility Host Timeout 130 153025 sec This is the interval after which a learned host port entry will be purged For each host port learned a Port Purge Timer runs for Host Port Purge Interval This timer will be restarted whenever a report message from host is received over that port If no report messages are received for Host Port Purge Interval time the learned host entry will be purged from the multicast group The default value is 260 seconds Robustness Variable 2 255 sec The Robustness Variable allows adjustment for the expected packet loss on a subnet If a subnet is expected to be lossy the Robustness Variable may need to be increased The Robustness
97. s begins when the link state of the port transitions from down to up or when an EAPOL start frame is received The Switch then requests the identity of the client and begins relaying authentication messages between the client and the authentication server The default setting is Auto Direction Sets the administrative controlled direction on the port The possible field values are Both Specify the control is exerted over both incoming and outgoing traffic through the controlled port selected in the first field In Disables the support in the present firmware release Click Apply to implement configuration changes AAA gt 802 1X gt 802 1X User The 802 1X User page allows user to set different local users on the Switch Enter a 802 1X User name Password and Confirm Password Properly configured local users will be displayed in the table BOL AST O Safeer 802 1 User Password Confirm Password Add Note Password User Name should be less than 15 characters and more than 3 characters Total Entries 0 User Name Password Figure 4 96 AAA gt 802 1X gt 802 1X User Click Add to add a new 802 1X user 67 4 Cnfiguration D Link Web Smart Switch User Manual ACL gt ACL Wizard Access Control List ACL allows you to establish criteria to determine whether or not the Switch will forward packets based on the information contained in each packet s header This criteria can be specified on
98. s entry number 82 4 Cnfiguration D Link Web Smart Switch User Manual Port Specifies the port from which the RMON information was taken Owner Displays the RMON station or user that requested the RMON information Click Add to make the configurations take effects and click Refresh to redisplay the table information SNMP gt RMON gt RMON History The RMON History Control Configuration page contains information about samples of data taken from ports For example the samples may include interface definitions or polling periods RMON History Control Settings Safeguard Index 1 65535 a Port Ci Buckets Requested 1 50 P Interval 1 3600 sss sec Owner indicates mandatory data Add index Port Buckets Requested Buckets Granted interval Owner Delete Figure 4 125 SNMP gt RMON gt RMON History Control Settings The History Control Configuration contains the following fields Index 1 65535 Indicates the history control entry number Port Specifies the port from which the RMON information was taken Buckets Requested 1 50 Specifies the number of buckets that the device saves Interval 1 3600 Indicates in seconds the time period that samplings are taken from the ports The field range is 1 3600 The default is 7800 seconds equal to 30 minutes Owner Displays the RMON station or user that requested the RMON information Click Apply to make the configurations take effects S
99. sabled Disabled Disabled T Disabled TXand RX Disabled ___ Disabled Disabled Disabled 13 Disabled TX_and_Rx s Disabled Disabled Disabled Disabled 14 Disabled TX_and_Rx Disabled Disabled Disabled Disabled 15 Disabled TX_and_Rx Disabled Disabled Disabled Disabled 16 Disabled TX_and_Rx amp Disabled if Disabled Disabled Disabled 17 Disabled TA_and_Rx Disabled Disabled Disabled Disabled Figure 4 63 L2 Functions gt LLDP gt LLDP Port Settings From Port To Port A consecutive group of ports may be configured starting with the selected port Notification State Specifies whether notification is sent when an LLDP topology change occurs on the port The possible field values are 48 4 Cnfiguration D Link Web Smart Switch User Manual Enabled Enables LLDP notification on the port Disabled Disables LLDP notification on the port This is the default value Admin Status Specifies the LLDP transmission mode on the port The possible field values are TX_Only Enables transmitting LLDP packets only RX_Only Enables receiving LLDP packets only TX_and_RX Enables transmitting and receiving LLDP packets This is the default Disabled Disables LLDP on the port Port Description Specifies whether the Port Description TLV is enabled on the port The possible field values are Enabled Enables the Port Description TLV on the port Disabled Disables the Port Description TLV on
100. sabled Disabled Disabled Disabled 4 Disabled Disabled Disabled Disabled 5 Disabled Disabled i Disabled Disabled 6 __ Disabled Disabled Disabled Disabled _ 7 Disabled Disabled Disabled Disabled 8 Disabled Disabled Disabled Disabled 9 Disabled Disabled Disabled Disabled 10 Disabled Disabled Disabled Disabled 11 Disabled _ Disabled i Disabled Disabled 12 Disabled Disabled Disabled Disabled 13 Disabled Disabled Disabled Disabled Figure 4 64 L2 Functions gt LLDP gt 802 3 Extension TLV From Port To Port A consecutive group of ports may be configured starting with the selected port MAC PHY Configuration Status Specifies whether the MAC PHY Configuration Status is enabled on the port The possible field values are Enabled Enables the MAC PHY Configuration Status on the port Disabled Disables the MAC PHY Configuration Status on the port Power via MDI Advertises the Power via MDI implementations supported by the port The possible field values are Enabled Enables the Power via MDI configured on the port Disabled Disables the Power via MDI configured on the port Link Aggregation Specifies whether the link aggregation is enabled on the port The possible field values are Enabled Enables the link aggregation configured on the port Disabled Disables the link aggregation configured on the port Maximum Frame Size Specifies whether the Maximum Frame Size is enabled on the port T
101. ss sd at Action Permit C Priority 0 7 Replace Priority Figure 4 104 Add Access Rule IPv6 UDP IPv6 Class 0 255 Specify the class of access rule The field range is from 0 to 255 ICMPv6 Type Sets the ICMP Type field as an essential field to match Code 0 255 Sets the ICMP code field as an essential field to match Source IPv6 Address Defines the range of source IP addresses relevant to the ACL rules For example to set 2002 0 0 0 0 0 b0d4 0 use mask 128 Destination IPv6 Address Defines the range of destination IP addresses relevant to the ACL rules For example to set 2002 0 0 0 0 0 bfd4 0 use mask 128 Action Specify the ACL forwarding action matching the rule criteria Permit forwards packets if all other ACL criteria are met Deny drops packets if all other ACL criteria is met Click Next button then the ACL profile is added To define the IPv6 ACL TCP profile Select IPv6 ACL with TCP of Protocol Type and click Next button The updates to show the follows ontiauration Wizard Access List Assignment Select Packet Type gt Add Rule gt Apply Rule Please assign a sequence number to create a new rule Sequence No 1 65535 Auto Assign Assign rule criteria L2 Header Trafic Class Next Header _ __ Pv6 Address _ l CI Traffic Class IPv6 Class 0 255 Next Header Protocol Type TCP x Protocol ID 0 255 SSS Source
102. t button The updates to show the follows 70 4 Cnfiguration D Link Web Smart Switch User Manual Access List Assignment gt Select Packet Type Add Rule Apply Rule Please assign a sequence number to create a new rule Sequence No 1 65535 O Auto Assign Assign rule criteria L2 Header TOS IPv4 Address Protocol ClTos ToS 0 7 DSCP 0 63 P IPv4 Address Source Specify v Address b o Mask Destination Specify oOo M Address as Mask po e Protocol Protocol Type Protocol ID 0 255 Source Port Destination Port IGMP x fs Destination Port Mask SSS aa ICMP Type 0 255 J cote 0 286 SS IGMP 0 255 e Action Permit v CI Priority 0 7 Replace Priority Figure 4 101 Add Access Rule IPv4 IGMP IGMP Type 0 255 Sets the IGMP Type field as an essential field to match Click Next button then the ACL profile is added To define the IPv4 ACL TCP Rule Select IPv4 ACL with TCP and click Next button The updates to show the follows Access List Assignment gt Select Packet Type gt gt Add Rule gt Apply Rule Please assign a sequence number to create a new rule Sequence No 1 65535 Auto Assign Assign rule criteria L2 Header TOS IPv4 Address Protocol O Tos Tos 0 7 J DSCP 0 63 e IPv4 Address Source Specify viAddress Mask i Destination Specify Address E a Mask ee eee P
103. t you for the file path You can view or edit the log file by using text editor e g Notepad Backup to file Figure 4 8 Save Log Tool Bar gt Tool Menu The Tool Menu offers global function controls such as Reset Reset System Reboot Device Configuration Backup and Restore Firmware Backup and Upgrade ave Tools Reset Reset System Reboot Device Configuration Backup amp Restor Firmware Backup amp Upgrade Figure 4 9 Tool Menu Reset Provide a safe reset option for the Switch All configuration settings in non volatile RAM will be reset to factory default except for the IP address Warning The Switch will be reset to its factory defaults except IP address and then will reboot Figure 4 10 Tool Menu gt Reset Reset System Provide another safe reset option for the Switch All configuration settings in non volatile RAM will reset to factory default and the Switch will reboot Warning The Switch will be reset to its factory defaults and then will reboot Figure 4 11 Tool Menu gt Reset System Reboot Device Provide a safe way to reboot the system Click Reboot to restart the switch 18 4 Cnfiguration D Link Web Smart Switch User Manual Press the button to resetthe system Figure 4 12 Tool Menu gt Reboot Device Configuration Backup and Restore Allow the current configuration settings to be saved to a file not including the password and if necessary yo
104. tatus of common software features RSTP Click Settings to link to L2 Functions gt Spanning Tree gt STP Global Settings Default is disabled Port Mirroring Click Settings to link to L2 Functions gt Port Mirroring Default is disabled Storm Control Click Settings to link to Security gt Storm Control Default is disabled DHCP Client Click Settings to link to System gt System Settings Default is disabled Jumbo Frame Click Settings to link to L2 Functions gt Jumbo Frame Default is disabled SNMP Status Click Settings to link to SNMP gt SNMP gt SNMP Global Settings Default is disabled 802 1X Status Click Settings to link to AAA gt 802 1X gt 802 1X Settings Default is disabled Safeguard Engine Click Settings to link to Security gt Safeguard Engine Default is enabled IGMP Snooping Click Settings to link to L2 Functions gt Multicast gt IGMP Snooping Default is disabled Power Saving Click Settings to link to System gt Power Saving Default is disabled 21 4 Cnfiguration D Link Web Smart Switch User Manual Device Information Device Type DG8 amp 1210 28P C1 System Name Boot Version 1 00 007 System Location Firmware Yersion 400 018 System Time 01 01 2013 00 18 32 Hardware Version C1 System Up Time 0 days 0 hours 19 mins 17 seconds Serial Number QBDG812102800 Login Timeout minutes 30 MAC Address 00 1 2 10 03 03 03 IP Address Information IPv4 Address 10 90 90 90 Subnet Mask 2
105. tem Hibernation Disabled All Port Figure 4 32 System gt Power Saving Advanced Power Saving Settings Type Specifies the Power Saving type to be LED Shut off Port Shut off or System Hibernation LED Shut off The LED Shut off gets high priority If the user select LED Shut off the profile function will not take effect It means the LED can not be turned on after Time Profile time s up when the state is disabled On the contrary if the LED is enabled the Time Profile function will work Port Shut off The Port Shut off state has high priority the priority rule is the same as LED Therefore if the Port Shut off sate is already disabled the Time Profile function will not take effect System Hibernation In this mode switches get most power saving figures since main chipsets both MAC and PHY are disabled for all ports and energy required to power the CPU is minimal State Specifies the power saving state to be Enabled or Disabled Time Profile 1 Specifies the time profile or None Time Profile 2 Specifies the time profile or None Port Specifies the ports to be configure of the Power Saving 30 4 Cnfiguration D Link Web Smart Switch User Manual Click Select All configure all ports or click Clear to uncheck all port Then click Apply to implement changes made System gt IEEE802 3az EEE Settings The IEEE 802 3 EEE standard defines mechanisms and protocols intended to reduce the energy consumption of network lin
106. the Auto Surveillance VLAN Click Apply to implement changes of Auto Surveillance VLAN global settings User defined MAC Settings Component Type Auto Surveillance VLAN will automatically detect D Link Surveillance Devices by default There are another five surveillance components that could be configured to be auto detected by the Auto Surveillance VLAN These five components are Video Management Server VMS VMS Client Remote viewer Video Encoder Network Storage and Other P Surveillance Devices Description Here to input the description for the component type MAC OUI You can manually create an MAC or OUI address for the surveillance component The maximum number of user defined MAC address is 5 Click Add to create a new surveillance component and Refresh to refresh the Auto Surveillance VLAN summary table L2 Functions gt Jumbo Frame D Link Gigabit Web Smart Switches support jumbo frames frames larger than the Ethernet frame size of 1536 bytes of up to 9216 bytes tagged Default is disabled Select Enabled then click Apply to turn on the jumbo frame support Jumbo Frame O Enabled Disabled 7 Maximum Length is 9216 bytes Apply Figure 4 43 L2 Functions gt Jumbo Frame L2 Functions gt Port Mirroring Port Mirroring is a method of monitoring network traffic that forwards a copy of each incoming and or outgoing packet from one port of the Switch to another port where the packet can be studied This enables
107. the aggregated link so the group may be changed dynamically as needs require In order to utilize the ability to change an aggregated port group that is to add or subtract ports from the group at least one of the participating devices must designate LACP ports as active Both devices must support LACP Passive LACP ports that are designated as passive cannot initially send LACP control frames In order to allow the linked port group to negotiate adjustments and make changes dynamically one end of the connection must have active LACP ports Timeout Specify the administrative LACP timeout The possible field values are Short 3 Sec Defines the LACP timeout as 3 seconds Long 90 Sec Defines the LACP timeout as 90 seconds This is the default value Click Apply to implement the changes made L2 Functions gt Multicast gt IGMP Snooping With Internet Group Management Protocol IGMP snooping the Web Smart Switch can make intelligent multicast forwarding decisions by examining the contents of each frame s Layer 2 MAC header IGMP snooping can help reduce cluttered traffic on the LAN With IGMP snooping enabled globally the Web Smart Switch will forward multicast traffic only to connections that have group members attached The settings of IGMP snooping is set by each VLAN individually 41 4 Cnfiguration D Link Web Smart Switch User Manual IGMP Snooping Global Settings IGMP Snooping O Enabled Disabled Report to all port
108. the capability of the 802 1X The possible field values are Authenticator Specify the Authenticator settings to be applied on a per port basis None Disable 802 1X functions on the port SuppTimeout 1 65535 sec This value determines timeout conditions in the exchanges between the Authenticator and the client Default is 30 seconds MaxReq 1 10 This parameter specifies the maximum number of times that the switch retransmits an EAP request md 5challnege to the client before it times out the authentication session Default is 2 times ReAuthPeriod 1 65535 sec A constant that defines a nonzero number of seconds between periodic reauthentication of the client The default setting is 3600 seconds Port Control This allows user to control the port authorization state Select ForceAuthorized to disable 802 1X and cause the port to transition to the authorized state without any authentication exchange required This means the port transmits and receives normal traffic without 802 1X based authentication of the client lf ForceUnauthorized is selected the port will remain in the unauthorized state ignoring all attempts by the client to authenticate The Switch cannot provide authentication services to the client through the interface lf Auto is selected it will enable 802 1X and cause the port to begin in the unauthorized state allowing only EAPOL frames to be sent and received through the port The authentication proces
109. the port System Name Specifies whether the System Name TLV is enabled on the port The possible field values are Enabled Enables the System Name TLV on the port Disabled Disables the System Name TLV on the port System Description Specifies whether the System Description TLV is enabled on the port The possible field values are Enabled Enables the System Description TLV on the port Disabled Disables the System Description TLV on the port System Capabilities Specifies whether the System Capabilities TLV is enabled on the port The possible field values are Enabled Enables the System Capabilities TLV on the port Disabled Disables the System Capabilities TLV on the port Define these parameter fields Click Apply to implement changes made and click Refresh to refresh the table information L2 Functions gt LLDP gt 802 1 Extension TLV This 802 1 Sesion TLV is shh to configure the LLDP Port settings From Port 1 v To Port 20 v Port YLAN ID Disabled VLAN Name Disabled VLANID Protocol Identity Disabled vv EAPOL v Refresh J __Apply Port Port LAN ID YLAN ID Protocol Identity _ Disabled None _ None 1 J Disabled None ii None 3 I Disabled None None 4 Disabled L None i Nong Disabled None None _Disabled None None Disabled None None Disabled None None ce i Disabled _ f
110. the port lock is enabled Using the drop down menu change Admin State to Enabled input Max Learning Address and then click Apply 57 4 Cnfiguration D Link Web Smart Switch User Manual From Port To Port Admin State Max Learning Address 0 64 Disabled _ Y oS Port Security Port Admin State Max Learning Address O01 Disabled Disabled Disabled Disabled Disabled Disabled oO EEE eel 3 gt gt gt gt gt gt gt E gt gt _ _ _ gt gt gt SSaa__A o O D DE o E o CE OEM Figure 4 78 Security gt Port Security Security gt Traffic Seqmentation This feature provides administrators to limit traffic flow from a single port to a group of ports on a single Switch Forwarding Port Settings O Enabled Disabled Apply From Port All Select All Clear Apply PToPort or oz 034 GF os gti PToPot i5 16 it Forwarding Port Table Port Forwarding Port 5 1 28 3 1 28 r a 5 1 28 6 1 28 7 1 28 8 1 28 1 28 10 1 28 q 1 1 28 7 12 1 28 13 1 28 14 1 28 15 1 28 Figure 4 79 Security gt Traffic Segmentation Click Apply to enable or disable this feature To configure traffic segmentation specify a port or All ports from the switch using the From Port pull down menu and select To Port then click Apply to enter the settings into the Switch s Traffic Segmentation table Click Select All button to check all ports or click Clear button
111. the root port Click Apply for the settings to take effect Click Refresh to renew the page L2 Functions gt Spanning Tree gt STP Port Settings STP can be set up on a port per port basis In addition to setting Spanning Tree parameters for use on the switch level the Switch allows for the configuration of the groups of ports each port group of which will have its own spanning tree and will require some of its own configuration settings An STP Group spanning tree works in the same way as the switch level spanning tree but the root bridge concept is replaced with a root port concept A root port is a port of the group that is elected based on port priority and port cost to be the connection to the network for the group Redundant links will be blocked just as redundant links are blocked on the switch level The STP on the switch level blocks redundant links between switches and similar network devices The port level STP will block redundant links within an STP Group It is advisable to define an STP Group to correspond to a VLAN group of ports From Port 01 v To Port 26 v State Enabled v External Cost 0 200000000 2000000 Migrate Disabled v Edge Auto v O Auto Priority 128 v P2P Auto v Restricted Role False v Restricted TCN False Apply Part State Priority External Cost Edge P2P Restricted Role Restricted TCN Port Status o1 02 m 03 ne pan 03 __ os
112. tings A SOA Trusted Host O Enabled Disabled IPv4 Address Netmask IPv6 Address Prefix 1 128 Please add your local host IP address first to make it trusted Otherwise the connection will be stopped Trusted Host Table F Maximum 10 entries IP Address Netmask Prefix Figure 4 77 Security gt Trusted Host Trusted Host Specify the Trusted Host to be enabled or disabled The default is disabled To define a management station IP setting click the Add button and type in the IP address and Subnet mask Click the Apply button to save your settings You may permit only single or a range of IP addresses by different IP mask setting the format can be either 192 168 1 1 255 255 255 0 or 192 168 0 1 24 Please see the example below for permitting the IP range IP Address Subnet Mask Permitted IP 192 168 0 1 255 255 255 0 192 168 0 1 192 168 0 255 172 17 5 215 255 0 0 0 172 0 0 1 172 255 255 255 To delete the IP address simply click the Delete button check the unwanted address and then click Apply Security gt Port Security Port Security is a security feature that prevents unauthorized computers with source MAC addresses unknown to the Switch prior to stopping auto learning processing from gaining access to the network A given ports or a range of ports dynamic MAC address learning can be stopped such that the current source MAC addresses entered into the MAC address forwarding table can not be changed once
113. to uncheck all ports Security gt Safeguard Engine D Link s Safeguard Engine is a robust and innovative technology that automatically throttles the impact of packet flooding into the switch s CPU This function helps protect the Web Smart Switch from being interrupted by malicious viruses or worm attacks This option is enabled by default Safeguard Engine State Enabled Disabled Apply D Link Safeguard Engine is a robust and innovative technology developed by D Link which will automatically throttle the impact of packet flooding into the switch s CPU It will keep D Link Switches better protected from being too frequently interrupted by malicious viruses or worm attacks Figure 4 80 Security gt Safeguard Engine 58 4 Cnfiguration D Link Web Smart Switch User Manual Security gt Storm Control The Storm Control feature provides the ability to control the receive rate of broadcast multicast and unknown unicast packets Once a packet storm has been detected the Switch will drop packets coming into the Switch until the storm has subsided Storm Control O Enabled Disabled Storm Control Type N 1 16000 Threshold 64Kbps N 64Kbps 0 Kbps Figure 4 81 Security gt Storm Control Storm Control Type User can select the different Storm type from Broadcast Only Multicast amp Broadcast and Multicast amp Broadcast amp Unknown Unicast Threshold 64Kbps N If storm control is en
114. tted per interval The count can be specified from 7 to 10 The default is 6 Maximum Age 6 40 sec This value may be set to ensure that old information does not endlessly circulate through redundant paths in the network preventing the effective propagation of the new information Set by the Root Bridge this value will aid in determining that the Switch has spanning tree configuration values consistent with other devices on the bridged LAN If the value ages out and a BPDU has still not been received from the Root Bridge the Switch will start sending its own BPDU to all other switches for permission to become the Root Bridge If it turns out that the Switch has the lowest Bridge Identifier it will become the Root Bridge A time interval may be chosen between 6 and 40 seconds The default value is 20 Max Age has to have a value bigger than Hello Time Hello Time 1 10 sec The user may set the time interval between transmissions of configuration messages by the root device thus stating that the Switch is still functioning The default is 2 seconds Forward Delay 4 30 sec This sets the maximum amount of time that the root device will wait before changing states The default is 15 seconds Root Bridge Displays the MAC address of the Root Bridge Root Cost Display the cost of the Root Bridge Root Maximum Age Displays the Maximum Age of the Root Bridge Root Forward Delay Displays the Forward Delay of the Root Bridge Root port Displays
115. ty value of each packet header and use this as the or part of the criterion for forwarding If user selects the Ethernet Type box then need to specity the Ethernet Type and select the Action Ethernet Type Selecting this option instructs the Switch to examine the Ethernet type value in each frame s header Action Specify the ACL forwarding action matching the rule criteria Permit forwards packets if all other ACL criteria are met Deny drops packets if all other ACL criteria is met Priority 0 7 Specify the MAC ACL priority whish values are 0 7 Replace Priority Check the box to enable the Replace Priority feature Click Next button then the ACL profile is added To define the IPv4 ACL Rule Select IPv4 with ICMP click Next button The updates to show the follows 69 4 Cnfiguration D Link Web Smart Switch User Manual Access List Assignment Select Packet Type Add Rule gt Apply Rule Please assign a sequence number to create a new rule Sequence No 1 65535 Auto Assign Assign rule criteria L2 Header TOS IPv 4 Address Protocol lTos ToS 0 7 DSCP 0 63 IPv4 Address Source Specify w Address Mask E Destination Specify v Address Mask Protocol Protocol Type ICMP v Protocol ID 0 255 Source Port R Source Port Mask Destination Port _ Destination Port Mask j ICMP Type 0 255 Code 0 255
116. u can restore configuration s ettings from this file Two methods can be selected HTTP or TFTP HTTP Backup current configuration to file Restore configuration from file O TFTP TFTP Server IP Address B P4 sd OP TFTP File Name Backup current configuration to file Restore configuration from file Figure 4 13 Tool Menu gt Configure Backup and Restore HTTP Backup or restore the configuration file to or from your local drive Click Backup to save the current settings to your disk Click Browse to browse your inventories for a saved backup settings file Click Restore after selecting the backup settings file you want to restore TFTP TFTP Trivial File Transfer Protocol is a file transfer protocol that allows you to transfer files to a remote TFTP server Specify TFTP Server IP Address with IPv4 or IPv6 address and TFTP File Name for the configuration file you want to save to restore from Click Backup to save the current settings to the TFTP server Click Restore after selecting the backup settings file you want to restore Note Switch will reboot after restore and all current configurations will be lost Firmware Backup and Upgrade Allow for the firmware to be saved or for an existing firmware file to be uploaded to the Switch Two methods can be selected HTTP or TFTP 19 4 Cnfiguration D Link Web Smart Switch User Manual Firmware Backup and Upgrade Safeguard
117. ws users to configure the time profile settings of the device 29 4 Cnfiguration D Link Web Smart Switch User Manual Time Profile Profile Name ce ene Time HH MM Start Time 00 00 EndTime 00 00 v Weekdays CO sun Omon CJTue Owed Thu Fri C Sat Date O From Day To Day Add Total Entries 0 Figure 4 31 System gt Time Profile Profile Name Specifies the profile name Time HH MM Specifies the Start Time and End Time Weekdays Specifies the work day Date Select Date and specifies the From Day and To Day of the time profile Click Add to create a new time profile or click Delete to delete a time profile from the table System gt Power Saving The Power Saving mode feature reduces power consumption automatically when the RJ 45 port is link down or the connected devices are turned off By reducing power consumption less heat is produced resulting in extended product life and lower operating costs By default the Link Status Detection are disabled Click Apply to make the change effective AVI sefi LES a ts Global Settings Link Status Detection O Enabled Disabled Apply Advanced Power Saving Settings Type LED Shut off State Disabled v Time Profile 1 None O Time Profile 2 No g Pot Jon foa os foa os doe or oe o oo o moo ao o ooo Summary Type State Time Profile 1 LED Shut off Disabled None PUR OMUErOT CIRAN 2 WOE Sys
118. y an SNMP manager OID Mask The mask of the Subtree OID 1 means this object number is concerned 0 means do not concerned For example 1 3 6 1 2 1 1 with mask 1 1 1 1 1 1 0 means 1 3 6 1 2 1 X View Type Specify the configured OID is Included or Excluded that a SNMP manager can access Click Add to create a new view Delete to remove an existing view SNMP gt SNMP gt SNMP Community This page is used to maintain the SNMP community string of the SNMP managers using the same community string are permitted to gain access to the Switch s SNMP agent Community Name Name of the community string User Name View Policy Specify the read write or read only level permission for the MIB objects accessible to the SNMP community Community Name Se User Name View Policy ReadOnly v indicates mandatory data Add Delete public ReadOnly pact a DO Figure 4 120 SNMP gt SNMP gt SNMP Community Click Add to create a new SNMP community Delete to remove an existing community 81 4 Cnfiguration D Link Web Smart Switch User Manual SNMP gt SNMP gt SNMP Host This SNMP Host page is to configure the SNMP trap recipients Host IP Address Oral O O O Orme SNMP Version v1 v Community String COO f SNMPyv3 User Name Figure 4 121 SNMP gt SNMP gt SNMP Host Host IP Address Select IPv4 or IPv6 and specify the IP address of SNMP management host SNMP Version Specify the SNMP version to be used to t
119. ze Show ocal Port Brief Table Show LLDP Local Por Detailed Table Figure 4 68 L2 Functions gt LLDP gt LLDP Local Port Normal Table Click View of Detailed column to display detail information 4 Cnfiguration D Link Web Smart Switch User Manual PortID 1 Portld Subtype Interface Alias Port Id Slot0 4 Port Description Ethernet Interface Pot PVID 1 Management Address Count 1 SubType IPv4 Address 10 90 90 90 IF Type iflndex QD 136124122544 PPVID Entries Count 0 NONE VLAN Name Entries Count 1 Entry 1 VLAN ID 1 VLAN Name default Protocol Identity Entries Count 0 NONE MAC PHY Configuration Status Auto negoriation Support Supported Auto negoriation Enabled Enabled Auto negoriation Advertised Capability 0000 hex Auto negoriation Operational MAU Type 001e hex Power Via MDI Link Aggregation Aggregation Capability Not Aggregated Agaregation Status Not Currently In Aggregation Aggregation PortID 1 Maximum Frame Size 1522 Show LLDP Local Port Brief Table Show LLDP Local Port Normal Table Figure 4 69 L2 Functions gt LLDP gt LLDP Local Port Detailed Table L2 Functions gt LLDP gt LLDP Remote Port Table This LLDP Remote Port Table page is used to display the LLDP Remote Port Brief Table Select port number and click Search to display additional information SD RPamnata Par Rric slo pot 01 PortID 1 Remote Entities Count 0 NONE Normal Vi
Download Pdf Manuals
Related Search