D-Link DGS-3224TGR User Manual

D-Link ™ DGS-3224TGR

Managed 24-Port Gigabit Ethernet Switch

User’s Guide

Information in this document is subject to change without notice.

Reproduction in any manner whatsoever without the written permission of D-Link Computer Corporation is strictly forbidden.

Trademarks used in this text: D-Link and the D-Link logo are trademarks of D-Link Computer Corporation; Microsoft and Windows are registered trademarks of Microsoft Corporation.

Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products. D-Link Computer Corporation disclaims any proprietary interest in trademarks and trade names other than its own.

FCC Warning

This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with this user’s guide, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference in which case the user will be required to correct the interference at his own expense.

CE Mark Warning

This is a Class A product. In a domestic environment, this product may cause radio interference in which case the user may be required to take adequate measures.

Warnung!

Dies ist ein Produkt der Klasse A. Im Wohnbereich kann dieses Produkt Funkstoerungen verursachen. In diesem Fall kann vom Benutzer verlangt werden, angemessene Massnahmen zu ergreifen.

Precaución!

Este es un producto de Clase A. En un entorno doméstico, puede causar interferencias de radio, en cuyo case, puede requerirse al usuario para que adopte las medidas adecuadas.

Attention!

Ceci est un produit de classe A. Dans un environnement domestique, ce produit pourrait causer des interférences radio, auquel cas l`utilisateur devrait prendre les mesures adéquates.

Attenzione!

Il presente prodotto appartiene alla classe A. Se utilizzato in ambiente domestico il prodotto può causare interferenze radio, nel cui caso è possibile che l`utente debba assumere provvedimenti adeguati.

VCCI Warning

September 2004 P/N 6GS3224TGR03

Table of Contents

Preface ................................................................................................................................................................................ vii

Intended Readers............................................................................................................................................................. vii

Notes, Notices, and Cautions .......................................................................................................................................... vii

Safety Instructions.................................................................................................................................................................ix

Introduction............................................................................................................................................................................. 1

Features ................................................................................................................................................................................ 1

Ports .................................................................................................................................................................................. 1

Performance Features........................................................................................................................................................ 1

Management...................................................................................................................................................................... 2

Unpacking and Setup.............................................................................................................................................................. 3

Unpacking............................................................................................................................................................................. 3

Installation ............................................................................................................................................................................ 3

Desktop or Shelf Installation............................................................................................................................................. 4

Rack Installation ............................................................................................................................................................... 4

Power on ............................................................................................................................................................................... 5

Power Failure .................................................................................................................................................................... 6

External Redundant Power System ....................................................................................................................................... 6

Identifying External Components ......................................................................................................................................... 7

Front Panel ........................................................................................................................................................................... 7

Rear Panel ............................................................................................................................................................................ 7

Side Panels............................................................................................................................................................................ 8

LED Indicators...................................................................................................................................................................... 8

Connecting The Switch........................................................................................................................................................... 9

Switch to End Node............................................................................................................................................................... 9

Switch to Hub or Switch...................................................................................................................................................... 10

Switch Management and Operating Concepts................................................................................................................... 11

Local Console Management ............................................................................................................................................... 11

Diagnostic (console) port (RS-232 DCE) ....................................................................................................................... 11

IP Addresses and SNMP Community Names...................................................................................................................... 12

Setting an IP Address.......................................................................................................................................................... 12

Traps ................................................................................................................................................................................... 12

MIBs.................................................................................................................................................................................... 13

SNMP .................................................................................................................................................................................. 13

Authentication................................................................................................................................................................. 14

Packet Forwarding .......................................................................................................................................................... 14

MAC Address Aging Time ............................................................................................................................................. 14

Filtering .............................................................................................................................................................................. 14

Spanning Tree ..................................................................................................................................................................... 15

802.1w Rapid Spanning Tree.......................................................................................................................................... 15

VLANs ................................................................................................................................................................................. 16

IEEE 802.1Q VLANs ..................................................................................................................................................... 16

802.1Q VLAN Packet Forwarding ................................................................................................................................. 17

802.1Q VLAN Tags........................................................................................................................................................ 18

Port VLAN ID................................................................................................................................................................. 19

Tagging and Untagging................................................................................................................................................... 19

Ingress Filtering .............................................................................................................................................................. 19

802.1x Port-Based and MAC-Based Access Control.......................................................................................................... 20

Authentication Server ..................................................................................................................................................... 21

Authenticator................................................................................................................................................................... 21

Client............................................................................................................................................................................... 22

Authentication Process.................................................................................................................................................... 23

Port-Based Network Access Control .............................................................................................................................. 23

MAC-Based Network Access Control ............................................................................................................................ 25

DHCP.................................................................................................................................................................................. 25

Web-Based Network Management...................................................................................................................................... 27

Introduction ........................................................................................................................................................................ 27

Getting Started .................................................................................................................................................................... 27

Basic Setup.......................................................................................................................................................................... 31

Switch Information ......................................................................................................................................................... 31

Basic Switch Setup.......................................................................................................................................................... 33

Serial Port Settings.......................................................................................................................................................... 34

Port Configurations ............................................................................................................................................................ 35

Port Description Settings ................................................................................................................................................ 37

Traffic Segmentation Table............................................................................................................................................. 38

User Accounts ..................................................................................................................................................................... 39

SNMP Network Management.............................................................................................................................................. 41

SNMP V3........................................................................................................................................................................ 41

SNMP View Table.......................................................................................................................................................... 41

SNMP Community Table................................................................................................................................................ 42

SNMP Host Table ........................................................................................................................................................... 43

SNMP Group Table ........................................................................................................................................................ 44

Engine ID ........................................................................................................................................................................ 46

SNMP User Table ........................................................................................................................................................... 46

Management Station IP Addresses ..................................................................................................................................... 48

Switch Utilities .................................................................................................................................................................... 48

TFTP Services................................................................................................................................................................. 48

Network Monitoring............................................................................................................................................................ 52

Statistics .......................................................................................................................................................................... 52

Address Tables................................................................................................................................................................ 55

Status............................................................................................................................................................................... 57

Factory Reset ...................................................................................................................................................................... 60

Save Changes...................................................................................................................................................................... 60

Restart System................................................................................................................................................................. 61

Logout............................................................................................................................................................................. 61

Advanced Setup..................................................................................................................................................................... 61

Switch Advanced Settings.................................................................................................................................................... 62

Spanning Tree ..................................................................................................................................................................... 62

STP Switch Settings........................................................................................................................................................ 63

STP Port Settings ............................................................................................................................................................ 64

Forwarding ......................................................................................................................................................................... 65

MAC Address Aging Time ............................................................................................................................................. 65

Unicast MAC Address Settings ...................................................................................................................................... 66

Multicast MAC Address Settings.................................................................................................................................... 67

Broadcast/Multicast Storm Control................................................................................................................................. 68

Configure QOS.................................................................................................................................................................... 69

QOS Output Scheduling ................................................................................................................................................. 70

802.1p Default Priority ................................................................................................................................................... 71

802.1p User Priority........................................................................................................................................................ 72

Bandwidth Control Table................................................................................................................................................ 72

Access Profile Mask Setting................................................................................................................................................ 73

Port Security ....................................................................................................................................................................... 83

Port Mirroring Configurations ........................................................................................................................................... 86

VLAN Configurations.......................................................................................................................................................... 87

Asymmetric VLAN State................................................................................................................................................ 87

Switch GVRP.................................................................................................................................................................. 87

802.1Q VLANs............................................................................................................................................................... 88

802.1Q Port Settings ....................................................................................................................................................... 90

Link Aggregation ................................................................................................................................................................ 91

Link Aggregation Algorithm .......................................................................................................................................... 91

Link Aggregation Group................................................................................................................................................. 91

LACP Port Settings......................................................................................................................................................... 93

802.1X ................................................................................................................................................................................. 95

802.1X State.................................................................................................................................................................... 95

802.1X Auth Mode Settings............................................................................................................................................ 96

802.1X Port Settings ....................................................................................................................................................... 96

802.1X Port Auth State ................................................................................................................................................. 100

802.1X Initialize / Reauthenticate Ports........................................................................................................................ 101

RADIUS Server Settings ................................................................................................................................................... 102

802.1X Local User Settings............................................................................................................................................... 103

802.1X Auth Diagnostics .................................................................................................................................................. 104

802.1X Auth Statistics ....................................................................................................................................................... 105

802.1X Auth Session Statistics .......................................................................................................................................... 106

802.1X Auth Client............................................................................................................................................................ 107

802.1X Accounting Client ............................................................................................................................................ 107

TACACS ............................................................................................................................................................................ 107

TACACS State Configuration ...................................................................................................................................... 107

TACACS Server Settings.............................................................................................................................................. 108

TACACS Group............................................................................................................................................................ 109

TACACS Group Settings.............................................................................................................................................. 109

TACACS Method List .................................................................................................................................................. 110

Authentication............................................................................................................................................................... 111

Enable Admin ............................................................................................................................................................... 111

System Log ........................................................................................................................................................................ 112

System Log State .......................................................................................................................................................... 112

System Log Host........................................................................................................................................................... 112

Multicast Configuration.................................................................................................................................................... 114

IGMP Snooping Global ................................................................................................................................................ 114

IGMP Snooping Configurations ................................................................................................................................... 115

Static Router Port Settings ............................................................................................................................................ 116

SSH Management.............................................................................................................................................................. 116

SSH Configurations ...................................................................................................................................................... 117

SSH Account Configuration ......................................................................................................................................... 118

SSL Management .............................................................................................................................................................. 119

Download Certificate .................................................................................................................................................... 119

Cipher Suite Configuration ........................................................................................................................................... 120

SSL V3 Configuration .................................................................................................................................................. 121

TLS V1 Configuration .................................................................................................................................................. 122

Single IP Management........................................................................................................................................................ 123

SIM Settings ...................................................................................................................................................................... 123

SIM Using the Web Interface............................................................................................................................................ 124

Topology ........................................................................................................................................................................... 126

Tool Tips....................................................................................................................................................................... 128

Right-Click.................................................................................................................................................................... 129

Commander Switch Icon............................................................................................................................................... 130

Menu Bar ...................................................................................................................................................................... 133

Device ........................................................................................................................................................................... 134

View.............................................................................................................................................................................. 134

Firmware Upgrade ........................................................................................................................................................... 135

Configuration Backup/Restore.......................................................................................................................................... 135

Technical Specifications ..................................................................................................................................................... 136

Cable Lengths...................................................................................................................................................................... 138

Glossary ............................................................................................................................................................................... 139

Warranty and Registration Information .......................................................................................................................... 142

DGS-3224TGR Gigabit Ethernet Switch User’s Guide

Preface

The DGS-3224TGR User’s Guide is divided into chapters that describe the system installation and operating instructions with examples.

Chapter 1, “Introduction” – Describes the Switch and its features.

Chapter 2, “Unpacking and Setup” – Helps you get started with the basic installation of the Switch.

Chapter 3, “Identifying External Components” – Describes the front panel, rear panel, and LED indicators of the Switch.

Chapter 4, “Connecting the Switch” – Tells how you can connect the DGS-3224TGR to your Gigabit Ethernet network.

Chapter 5, “Switch Management and Operating Concepts” – Talks about management via the RS-232 DCE console port and other aspects about how to manage the Switch.

Chapter 6, “Web-Based Network Management” – Tells how to manage the Switch through an Internet browser.

Chapter 7, “D-Link’s Single IP Management” – An introduction to the new D-Link switch management feature used to manage multiple switches through a single Switch.

Appendix A, “Technical Specifications” – Lists the technical specifications of the DGS-3224TGR.

Appendix B, “Cable Lengths” – Contains chart for fiber-optic and copper cable maximum distances.

Glossary – Lists definitions for terms and acronyms used in this document.

Intended Readers

The DGS-3224TGR User’s Guide contains information for setup and management and of the DGS-3224TGR switch. This guide is intended for network managers familiar with network management concepts and terminology.

Notes, Notices, and Cautions

NOTE: A NOTE indicates important information that helps you make

better use of your device.

NOTICE: A NOTICE indicates either potential damage to hardware or loss of data and tells you how to avoid the problem.

vii

DGS-3224TGR Gigabit Ethernet Switch User’s Guide

CAUTION: A CAUTION indicates a potential for property damage, personal injury, or death.

viii

DGS-3224TGR Gigabit Ethernet Switch User’s Guide

Safety Instructions

Use the following safety guidelines to ensure your own personal safety and to help protect your system from potential damage. Throughout this safety section, the caution icon ( ) is used to indicate cautions and precautions that you need to review and follow.

Safety Cautions

To reduce the risk of bodily injury, electrical shock, fire, and damage to the equipment, observe the following precautions.

Observe and follow service markings. Do not service any product except as explained in your system documentation. Opening or removing covers that are marked with the triangular symbol with a lightning bolt

may expose you to electrical shock. Only a trained service technician should service components inside these compartments.

If any of the following conditions occur, unplug the product from the electrical outlet and replace the part or contact your trained service provider:

– The power cable, extension cable, or plug is damaged.

– An object has fallen into the product.

– The product has been exposed to water.

– The product has been dropped or damaged.

– The product does not operate correctly when you follow the operating instructions.

• Keep your system away from radiators and heat sources. Also, do not block cooling vents.

• Do not spill food or liquids on your system components, and never operate the product in a wet environment. If the

system gets wet, see the appropriate section in your troubleshooting guide or contact your trained service provider.

• Do not push any objects into the openings of your system. Doing so can cause fire or electric shock by shorting out interior components.

• Use the product only with approved equipment.

• Allow the product to cool before removing covers or touching internal components.

• Operate the product only from the type of external power source indicated on the electrical ratings label. If you are

not sure of the type of power source required, consult your service provider or local power company.

• To help avoid damaging your system, be sure the voltage selection switch (if provided) on the power supply is set to match the power available at your location:

– 115 volts (V)/60 hertz (Hz) in most of North and South America and some Far Eastern countries such as South Korea and Taiwan

– 100 V/50 Hz in eastern Japan and 100 V/60 Hz in western Japan

– 230 V/50 Hz in most of Europe, the Middle East, and the Far East

• Also be sure that attached devices are electrically rated to operate with the power available in your location.

• Use only approved power cable(s). If you have not been provided with a power cable for your system or for any

AC-powered option intended for your system, purchase a power cable that is approved for use in your country. The power cable must be rated for the product and for the voltage and current marked on the product's electrical ratings label. The voltage and current rating of the cable should be greater than the ratings marked on the product.

DGS-3224TGR Gigabit Ethernet Switch User’s Guide

Safety Instructions (continued)

• To help prevent electric shock, plug the system and peripheral power cables into properly grounded electrical outlets. These cables are equipped with three-prong plugs to help ensure proper grounding. Do not use adapter plugs or remove the grounding prong from a cable. If you must use an extension cable, use a 3-wire cable with properly grounded plugs.

• Observe extension cable and power strip ratings. Make sure that the total ampere rating of all products plugged into the extension cable or power strip does not exceed 80 percent of the ampere ratings limit for the extension cable or power strip.

• To help protect your system from sudden, transient increases and decreases in electrical power, use a surge suppressor, line conditioner, or uninterruptible power supply (UPS).

• Position system cables and power cables carefully; route cables so that they cannot be stepped on or tripped over. Be sure that nothing rests on any cables.

• Do not modify power cables or plugs. Consult a licensed electrician or your power company for site modifications. Always follow your local/national wiring rules.

• When connecting or disconnecting power to hot-pluggable power supplies, if offered with your system, observe the following guidelines:

– Install the power supply before connecting the power cable to the power supply.

– Unplug the power cable before removing the power supply.

– If the system has multiple sources of power, disconnect power from the system by

unplugging all power cables from the power supplies.

• Move products with care; ensure that all casters and/or stabilizers are firmly connected to the system. Avoid sudden stops and uneven surfaces.

General Precautions for Rack-Mountable Products

Observe the following precautions for rack stability and safety. Also refer to the rack installation documentation accompanying the system and the rack for specific caution statements and procedures.

Systems are considered to be components in a rack. Thus, "component" refers to any system as well as to various peripherals or supporting hardware.

CAUTION: Installing systems in a rack without the front and side stabilizers installed could cause the rack to tip over, potentially resulting in bodily injury under certain circumstances. Therefore, always install the stabilizers before installing components in the rack.

After installing system/components in a rack, never pull more than one component out of the rack on its slide assemblies at one time. The weight of more than one extended component could cause the rack to tip over and may result in serious injury.

• Before working on the rack, make sure that the stabilizers are secured to the rack, extended to the floor, and that the full weight of the rack rests on the floor. Install front and side stabilizers on a single rack or front stabilizers for joined multiple racks before working on the rack.

DGS-3224TGR Gigabit Ethernet Switch User’s Guide

Safety Instructions (continued)

Always load the rack from the bottom up, and load the heaviest item in the rack first.

Make sure that the rack is level and stable before extending a component from the rack.

Use caution when pressing the component rail release latches and sliding a component into or out of a rack; the slide rails can pinch your fingers.

After a component is inserted into the rack, carefully extend the rail into a locking position, and then slide the component into the rack.

Do not overload the AC supply branch circuit that provides power to the rack. The total rack load should not exceed 80 percent of the branch circuit rating.

Ensure that proper airflow is provided to components in the rack.

Do not step on or stand on any component when servicing other components in a rack.

NOTE: A qualified electrician must perform all connections to DC power and to safety grounds. All electrical wiring must comply with applicable local or national codes and practices.

CAUTION: Never defeat the ground conductor or operate the equipment in the absence of a suitably installed ground conductor. Contact the appropriate electrical inspection authority or an electrician if you are uncertain that suitable grounding is available.

CAUTION: The system chassis must be positively grounded to the rack cabinet frame. Do not attempt to connect power to the system until grounding cables are connected. Completed power and safety ground wiring must be inspected by a qualified electrical inspector. An energy hazard will exist if the safety ground cable is omitted or disconnected.

DGS-3224TGR Gigabit Ethernet Switch User’s Guide

Protecting Against Electrostatic Discharge

Static electricity can harm delicate components inside your system. To prevent static damage, discharge static electricity from your body before you touch any of the electronic components, such as the microprocessor. You can do so by periodically touching an unpainted metal surface on the chassis.

You can also take the following steps to prevent damage from electrostatic discharge (ESD):

1. When unpacking a static-sensitive component from its shipping carton, do not remove the component from the antistatic packing material until you are ready to install the component in your system. Just before unwrapping the antistatic packaging, be sure to discharge static electricity from your body.

2. When transporting a sensitive component, first place it in an antistatic container or packaging.

3. Handle all sensitive components in a static-safe area. If possible, use antistatic floor pads and workbench pads and an antistatic grounding strap.

Battery Handling Reminder

CAUTION: Danger of explosion if battery is incorrectly replaced. Replace only with the same or equivalent type recommended by the manufacturer. Discard used batteries according to the manufacturer's instructions.

xii

DGS-3224TGR Gigabit Ethernet Switch User’s Guide

Introduction

This section describes the features of the DGS-3224TGR.

Features

The DGS-3224TGR was designed for departmental and enterprise connections. As an all-gigabit-port switch, it is ideal for backbone and server connection. Powerful and versatile, the switch eliminates network bottlenecks while giving users the capability to fine-tune performance

Switch features include:

Ports

• Twenty-four high performance 1000BASE-T ports for making 10/100/1000 connections to a backbone, end stations, and servers.

• Four mini-GBIC (SFP) combo ports to connect fiber optic media to another switch, server or network backbone.

• RS-232 DCE Diagnostic port (console port) for setting up and managing the Switch via a connection to a console

terminal or PC using a terminal emulation program.

Performance Features

• Store-and-forward switching scheme.

• Switching fabric: 48Gbps

• Max. Forwarding Rate: 35.7 million packets per second

• High-speed data forwarding rate of 1,488,095 pps per port at 100% of wire-speed for 1000 Mbps speed.

• Supports 16K MAC address.

• Supports eight priority queues per port.

• Supports 2Mbytes buffer memory per switch.

• Jumbo Frame support (up to 9216 bytes).

• Multi-layer (Layer 2 to Layer 4) ACL and CoS support.

• Administrator-definable port security.

• 802.1D Spanning Tree support. Can be disabled on the entire switch or on a per-port basis.

• 802.1w Rapid Reconfiguration of Spanning Tree.

• 802.1Q Tagged VLAN support, including GVRP (GARP VLAN Registration Protocol).

• Support for up to 255 VLANs.

• IGMP snooping support per switch and fast-leave.

• Link aggregation support for up to 32 trunk groups and 8 trunk members per group. Support LACP and Static mode.

• Both port-based and MAC-based 802.1x port access control.

• Per-port bandwidth control.

DGS-3224TGR Gigabit Ethernet Switch User’s Guide

Management

• RS-232 console port for out-of-band network management via a console terminal.

• Spanning Tree Algorithm Protocol for creation of alternative backup paths and prevention of network loops.

• SNMP V.1, V2c1, and V3 network management, 4 groups of RMON.

• Flash memory for software upgrades. This can be done in-band via TFTP or out-of-band via the console.

• Built-in SNMP management:

 Bridge MIB (RFC 1493)

 MIB-II (RFC 1213)

 802.1P/Q MIB (RFC 2674)

 Interface MIB (RFC 2233)

 Ethernet-like MIB (RFC 1643)

 Mini-RMON MIB (RFC 1757) – 4 groups. The RMON specification defines the counters for the receive

functions only. However, the DGS-3224TGR provides counters for both receive and transmit functions.

• Supports Web-based management.

• TFTP support.

• BOOTP support.

• DHCP Client support.

• Password enabled.

• Telnet remote control console.

• Broadcast storm control.

• Multicast storm control.

• Command Line Interface support.

• Port security support.

• TACACS and TACACS+ protocol support.

• SYSLOG support.

• Destination Lookup Fail control.

• SSL support.

• Single IP Management v1.0 support.

DGS-3224TGR Gigabit Ethernet Switch User’s Guide

Unpacking and Setup

This chapter provides unpacking and setup information for the switch.

Unpacking

Open the shipping carton of the switch and carefully unpack its contents. The carton should contain the following items:

• A DGS-3224TGR 24-Port Gigabit Layer 2 Ethernet switch

• A mounting kit: 2 mounting brackets and screws

• Four rubber feet with adhesive backing

• One or two AC power cords

• A printed QIG

• A printed User’s Guide

• D-View 5.1 demo CD-ROM

• This User’s Guide with Registration Card on CD-ROM

If any item is found missing or damaged, please contact your local D-Link reseller for replacement.

Installation

Use the following guidelines when choosing a place to install the switch:

• The surface must support at least 4 kg.

• The power outlet should be within 1.82 meters (6 feet) of the device.

• Visually inspect the power cord and see that it is secured to the AC power connector.

• Make sure that there is proper heat dissipation from and adequate ventilation around the switch. Do not place heavy

objects on the switch.

DGS-3224TGR Gigabit Ethernet Switch User’s Guide

Desktop or Shelf Installation

When installing the switch on a desktop or shelf, the rubber feet included with the device should first be attached. Attach these cushioning feet on the bottom at each corner of the device. Allow adequate space for ventilation between the device and the objects around it.

Figure 2-1. Installing rubber feet for desktop installation

Rack Installation

The DGS-3224TGR can be mounted in an EIA standard-sized, 19-inch rack, which can be placed in a wiring closet with other equipment. To install, attach the mounting brackets on the switch’s side panels (one on each side) and secure them with the screws provided.

Figure 2- 2A. Attaching the mounting brackets

Then, use the screws provided with the equipment rack to mount the witch on the rack.

DGS-3224TGR Gigabit Ethernet Switch User’s Guide

Figure 2- 2B. Installing in an equipment rack

Power on

The switch can be used with AC power supply 100-240 VAC, 50 - 60 Hz. The switch’s power supply will adjust to the local power source automatically and may be powered on without having any or all LAN segment cables connected.

After the switch is plugged in, the LED indicators should respond as follows:

• All LED indicators except console will momentarily blink. This blinking of the LEDs indicates a reset of the system.

• The console LED indicator will blink while the switch loads onboard software and performs a self-test. When the

POST is passed, the LED will become dark. If the POST fails, the indicator will light solid amber. This indicator lights solid green when the switch is being logged-in via out-of-band/local console management through the RS-232 console port using a straight-through serial cable.

DGS-3224TGR Gigabit Ethernet Switch User’s Guide

Power Failure

As a precaution in the event of a power failure, unplug the switch. When power is resumed, plug the switch back in.

External Redundant Power System

The switch supports an external redundant power system.

Figure 2-3. DPS-300 in DPS-900 with DGS-3224TGR

NOTE: See the DPS-300 documentation for more information.

CAUTION: Do not use the switch with any redundant power system other than

the DPS-300.

DGS-3224TGR Gigabit Ethernet Switch User’s Guide

Identifying External Components

This chapter describes the front panel, rear panel, side panels, and LED indicators of the DGS-3224TGR.

Front Panel

The front panel of the switch consists of LED indicators, an RS-232 communication port, 24 1000BASE-T ports, and 4 mini-GBIC combo ports.

Figure 3-1. Front panel view

• An RS-232 DCE console port for setting up and managing the switch via a connection to a console terminal or PC using a terminal emulation program.

• Comprehensive LED indicators display the status of the switch and the network (see the LED Indicators section below).

• Twenty-four 1000BASE-T Ethernet ports for 10/100/1000 connections to a backbone, end stations, and servers.

• Four mini-GBIC combo ports to connect fiber optic media to another switch, server, or network backbone.

Rear Panel

The rear panel of the switch contains an external Redundant Power Supply connector and an AC power connector.

Figure 3-2. Rear panel view

• The external Redundant Power Supply connector is used to connect the DGS-3224TGR to a DPS-300. An auto-switch circuit automatically switches to an external RPS once the internal power supply fails. Transition from internal to external supply shall not disturb normal operation.

• The AC power connector is a standard three-pronged connector that supports the power cord. Plug-in the female connector of the provided power cord into this socket, and the male side of the cord into a power outlet. Supported input voltages range from 100 ~ 240 VAC at 50 ~ 60 Hz.

DGS-3224TGR Gigabit Ethernet Switch User’s Guide

Side Panels

The right side panel of the switch contains two system fans (see the top part of the diagram below). The left side panel contains heat vents.

Figure 3-3. Side panel views of the Switch

• The system fans are used to dissipate heat. The sides of the system also provide heat vents to serve the same purpose. Do not block these openings, and leave at least 6 inches of space at the rear and sides of the switch for proper ventilation. Be reminded that without proper heat dissipation and air circulation, system components might overheat, which could lead to system failure.

LED Indicators

The LED indicators of the switch include Power, Console, RPS, Speed, and Link/Activity. The following shows the LED indicators for the switch along with an explanation of each indicator.

Figure 3-4. LED indicators

• Power – This indicator on the front panel lights solid green when the system is powered up and remains dark when the system is not powered on.

• Console – This indicator blinks green when the system is booting up. It remains solid green when the system is operating properly. The LED is solid amber when the POST fails.

• RPS – This indicator is lit solid amber when the external Redundant Power Supply is in operation and remains dark when it is not in use or the main power is working normally.

• Speed – This row of indicators will light solid green when the connection speed is operating at 1000 Mbps. An unlit LED indicates a connection speed of either 10 or 100 Mbps.

• Link/Act – This row of indicators for the 24 copper ports light solid green when there is a secure connection (or link) to a device on any of the ports. The LEDs blink green whenever there is reception or transmission (i.e. Activity--Act) of data occurring on a port.

DGS-3224TGR Gigabit Ethernet Switch User’s Guide

Connecting The Switch

This chapter describes how to connect the DGS-3224TGR to your Gigabit Ethernet network.

Switch to End Node

End nodes include PCs outfitted with a 10, 100, or 1000 Mbps RJ-45 Ethernet/Fast Ethernet/Gigabit Ethernet Network Interface Card (NIC) and most routers.

An end node can be connected to the switch via a Category 3, 4, 5, or 5e UTP/STP cable—for optimal performance, Category 5e is recommended. The end node should be connected to any of the ports of the switch.

Figure 4-1. Switch connected to an End Node

The Link/Act LEDs light green when the link is valid. A blinking green LED indicates packet activity on that port. The Speed LEDs indicate port speed and will light solid green for 1000 Mbps connections. They will remain off for 10 or 100 Mbps connections.

DGS-3224TGR Gigabit Ethernet Switch User’s Guide

Switch to Hub or Switch

These connections can be accomplished in a number of ways using a normal cable.

• A 10BASE-T hub or switch can be connected to the switch via a two-pair Category 3, 4, 5, or 5e UTP/STP cable.

• A 100BASE-TX hub or switch can be connected to the switch via a two-pair Category 5 or 5e UTP/STP cable.

• A 1000BASE-T switch can be connected to the switch via four-pair straight Category 5 or 5e UTP/STP cable.

Figure 4-2. Switch connected to a normal (non-Uplink) port on a hub or switch using a straight or

crossover cable

DGS-3224TGR Gigabit Ethernet Switch User’s Guide

Switch Management and Operating Concepts

This chapter discusses many of the concepts and features used to manage the switch, as well as the concepts necessary for the user to understand the functioning of the switch. Further, this chapter explains many important points regarding these features.

Configuring the switch to implement these concepts and make use of its many features is discussed in detail in the next chapters.

Local Console Management

A local console is a terminal or a workstation running a terminal emulation program that is connected directly to the switch via the RS-232 console port on the front of the switch. A console connection is referred to as an ‘Out-of-Band’ connection, meaning that console is connected to the switch using a different circuit than that used for normal network communications. So, the console can be used to set up and manage the switch even if the network is down.

Local console management uses the terminal connection to operate the console program built-in to the switch (see the DGS- 3224TGR Command Line Interface Reference manual). A network administrator can manage, control and monitor the switch from the console program.

The DGS-3224TGR contains a CPU, memory for data storage, flash memory for configuration data, operational programs, and SNMP agent firmware.

Diagnostic (console) port (RS-232 DCE)

Out-of-band management requires connecting a terminal, such as a VT-100 or a PC running a terminal emulation program (such as HyperTerminal, which is automatically installed with Microsoft Windows) a to the RS-232 DCE console port of the switch. Switch management using the RS-232 DCE console port is called Local Console Management to differentiate it from management performed via management platforms, such as D-View, HP OpenView, etc.

The console port is set at the factory for the following configuration:

• Baud rate: 9,600

• Data width: 8 bits

• Parity: none

• Stop bits: 1

• Flow Control None

Make sure the terminal or PC you are using to make this connection is configured to match these settings.

If you are having problems making this connection on a PC, make sure the emulation is set to VT-100. If you still don’t see anything, try hitting <Ctrl> + r to refresh the screen.

DGS-3224TGR Gigabit Ethernet Switch User’s Guide

IP Addresses and SNMP Community Names

Each switch must be assigned its own IP Address, which is used for communication with an SNMP network manager or other TCP/IP application (for example BOOTP, TFTP). The switch’s default IP address is 10.90.90.90. You can change the default switch IP Address to meet the specification of your networking address scheme.

The switch is also assigned a unique MAC address by the factory. This MAC address cannot be changed, and can be found when using the command “show switch.”

In addition, you can also set an IP address for a gateway router. This becomes necessary when the network management station is located on a different IP network from the switch, making it necessary for management packets to go through a router to reach the network manager, and vice-versa.

For security, you can set in the switch a list of IP Addresses of the network managers that allow you to manage the switch. You can also change the default SNMP Community Strings in the switch and set the access rights of these Community Strings. In addition, a VLAN may be designated as a Management VLAN.

Setting an IP Address

The IP address for the switch must be set before it can be managed with the Web-based manager. The switch IP address may be automatically set using BOOTP or DHCP protocols, in which case the actual address assigned to the switch must be known.

The IP address may alternatively be set using the Command Line Interface (CLI) over the console serial port as follows:

1. Starting at the command line prompt local>, enter the commands config ipif System ipaddress xxx.xxx.xxx.xxx/yyy.yyy.yyy.yyy. Where the x’s represent the IP address to be assigned to the IP interface

named System and the y’s represent the corresponding subnet mask.

2. Alternatively, you can enter the commands config ipif System ipaddress xxx.xxx.xxx.xxx/z. Where the x’s represent the IP address to be assigned to the IP interface named System and the z represents the corresponding number of subnets in CIDR notation.

Using this method, the switch can be assigned an IP address and subnet mask that can then be used to connect a management station to the switch’s Web-based management agent.

Traps

Traps are messages that alert you of events that occur on the switch. The events can be as serious as a reboot (someone accidentally turned OFF the switch), or less serious like a port status change. The switch generates traps and sends them to the network manager (trap recipient).

Trap recipients are special users of the network who are given certain rights and access in overseeing the maintenance of the network. Trap recipients will receive traps sent from the switch; they must immediately take certain actions to avoid future failure or breakdown of the network.

You can also specify which network managers may receive traps from the switch by entering a list of the IP addresses of authorized network managers. Up to four trap recipient IP addresses, and four corresponding SNMP community strings can be entered.

SNMP community strings function like passwords in that the community string entered for a given IP address must be used in the management station software, or a trap will be sent.

The following are trap types the switch can send to a trap recipient:

• Cold Start –This trap signifies that the switch has been powered up and initialized such that software settings are reconfigured and hardware systems are rebooted. A cold start is different from a factory reset in that configuration settings saved to non-volatile RAM used to reconfigure the switch.

• Authentication Failure – This trap signifies that someone has tried to logon to the switch using an invalid SNMP community string. The switch automatically stores the source IP address of the unauthorized user.

DGS-3224TGR Gigabit Ethernet Switch User’s Guide

• New Root – This trap indicates that the switch has become the new root of the Spanning Tree, the trap is sent by the switch soon after its election as the new root. This implies that upon expiration of the Topology Change Timer the new root trap is sent out immediately after the switch’s election as the new root.

• Topology Change (STP) – A Topology Change trap is sent by the switch when any of its configured ports transitions from the Learning state to the Forwarding state, or from the Forwarding state to the Blocking state. The trap is not sent if a new root trap is sent for the same transition.

• Connected and Working – This trap is sent when the Redundant Power Supply is connected and working.

• Disconnect or Malfunction – This trap is sent whenever the Redundant Power Supply malfunctions.

• MAC Notification – This trap indicates that the switch had learned a new MAC address.

MIBs

Management and counter information are stored in the switch in the Management Information Base (MIB. The switch uses the standard MIB-II Management Information Base module. Consequently, values for MIB objects can be retrieved from any SNMP-based network management software. In addition to the standard MIB-II, the switch also supports its own proprietary enterprise MIB as an extended Management Information Base. These MIBs may also be retrieved by specifying the MIB’s Object-Identity (OID) at the network manager. MIB values can be either read-only or read-write.

Read-only MIBs variables can be either constants that are programmed into the switch, or variables that change while the switch is in operation. Examples of read-only constants are the number of port and type of ports. Examples of read-only variables are the statistics counters such as the number of errors that have occurred, or how many kilobytes of data have been received and forwarded through a port.

Read-write MIBs are variables usually related to user-customized configurations. Examples of these are the switch’s IP Address, Spanning Tree Algorithm parameters, and port status.

If you use a third-party vendors’ SNMP software to manage the switch, a diskette listing the switch’s propriety enterprise MIBs can be obtained by request. If your software provides functions to browse or modify MIBs, you can also get the MIB values and change them (if the MIBs’ attributes permit the write operation). This process however can be quite involved, since you must know the MIB OIDs and retrieve them one by one.

SNMP

The Simple Network Management Protocol (SNMP) is an OSI layer 7 (the application layer) protocol for remotely monitoring and configuring network devices. SNMP enables network management stations to read and modify the settings of gateways, routers, switches, and other network devices. SNMP can be used to perform many of the same functions as a directly connected console, or can be used within an integrated network management software package such as HP OpenView or DView.

SNMP performs the following functions:

• Sending and receiving SNMP packets through the IP protocol.

• Collecting information about the status and current configuration of network devices.

• Modifying the configuration of network devices.

The DGS-3224TGR has a software program called an ‘agent’ that processes SNMP requests, but the user program that makes the requests and collects the responses runs on a management station (a designated computer on the network). The SNMP agent and the user program both use the UDP/IP protocol to exchange packets.

DGS-3224TGR Gigabit Ethernet Switch User’s Guide

Authentication

The authentication protocol ensures that both the router SNMP agent and the remote user SNMP application program discard packets from unauthorized users. Authentication is accomplished using ‘community strings’, which function like passwords. The remote user SNMP application and the router SNMP must use the same community string.

Packet Forwarding

The switch enters the relationship between destination MAC or IP addresses and the Ethernet port or gateway router the destination resides on into its forwarding table. This information is then used to forward packets. This reduces the traffic congestion on the network, because packets, instead of being transmitted to all ports, are transmitted to the destination port only. Example: if Port 1 receives a packet destined for a station on Port 2, the switch transmits that packet through Port 2 only, and transmits nothing through the other ports. This process is referred to as ‘learning’ the network topology.

MAC Address Aging Time

The Aging Time affects the learning process of the Switch. Dynamic forwarding table entries, which are made up of the source and destination MAC addresses and their associated port numbers, are deleted from the table if they are not accessed within the aging time.

The aging time can be from 10 to 1,000,000 seconds with a default value of 300 seconds. A very long aging time can result in dynamic forwarding table entries that are out-of-date or no longer exist. This may cause incorrect packet forwarding decisions by the Switch.

If the Aging Time is too short however, many entries may be aged out too soon. This will result in a high percentage of received packets whose source addresses cannot be found in the forwarding table, in which case the switch will broadcast the packet to all ports, negating many of the benefits of having a switch.

Static forwarding entries are not affected by the aging time.

Filtering

The switch uses a filtering database to segment the network and control communication between segments. It can also filter packets off the network for intrusion control. Static filtering entries can be made by MAC Address filtering.

Each port on the switch is a unique collision domain and the switch filters (discards) packets whose destination lies on the same port as where it originated. This keeps local packets from disrupting communications on other parts of the network.

For intrusion control, whenever a switch encounters a packet originating from or destined to a MAC address entered into the filter table, the switch will discard the packet.

Some filtering is done automatically by the switch:

• Dynamic filtering – automatic learning and aging of MAC addresses and their location on the network. Filtering occurs to keep local traffic confined to its segment.

• Filtering done by the Spanning Tree Protocol that can filter packets based on topology, making sure that signal loops don’t occur.

• Filtering done for VLAN integrity. Packets from a member of a VLAN (VLAN 2, for example) destined for a device on another VLAN (VLAN 3) will be filtered.

DGS-3224TGR Gigabit Ethernet Switch User’s Guide

Spanning Tree

802.1w Rapid Spanning Tree

The DGS-3224TGR implements two versions of the Spanning Tree Protocol, the Rapid Spanning Tree Protocol (RSTP) as defined by the IEE 802.1w specification and a version compatible with the IEEE 802.1d STP. RSTP can operate with legacy equipment implementing IEEE 802.1d, however the advantages of using RSTP will be lost.

The IEEE 802.1w Rapid Spanning Tree Protocol (RSTP) evolved from the 802.1d STP standard. RSTP was developed in order to overcome some limitations of STP that impede the function of some recent switching innovations, in particular, certain Layer 3 function that are increasingly handled by Ethernet switches. The basic function and much of the terminology is the same as STP. Most of the settings configured for STP are also used for RSTP. This section introduces some new Spanning Tree concepts and illustrates the main differences between the two protocols.

Port Transition States

An essential difference between the two protocols is in the way ports transition to a forwarding state and the in the way this transition relates to the role of the port (forwarding or not forwarding) in the topology. RSTP combines the transition states disabled, blocking and listening used in 802.1d and creates a single state Discarding. In either case, ports do not forward packets; in the STP port transition states disabled, blocking or listening or in the RSTP port state discarding there is no functional difference, the port is not active in the network topology. The table below compares how the two protocols differ regarding the port state transition.

Both protocols calculate a stable topology in the same way. Every segment will have a single path to the root bridge. All bridges listen for BPDU packets. However, BPDU packets are sent more frequently – with every Hello packet. BPDU packets are sent even if a BPDU packet was not received. Therefore, each link between bridges is sensitive to the status of the link. Ultimately this difference results faster detection of failed links, and thus faster topology adjustment. A drawback of 802.1d is this absence of immediate feedback from adjacent bridges.

STP/RSTP Comparison

802.1d STP 802.1w RSTP Forwarding? Learning?

Disabled Discarding No No

Blocking Discarding No No

Listening Discarding No No

Learning Learning No Yes

Forwarding Forwarding Yes Yes

Comparing Port States

RSTP is capable of more rapid transition to a forwarding state – it no longer relies on timer configurations – RSTP compliant bridges are sensitive to feedback from other RSTP compliant bridge links. Ports do not need to wait for the topology to stabilize before transitioning to a forwarding state. In order to allow this rapid transition, the protocol introduces two new variables: the edge port and the point-to-point (P2P) port.

Edge Port

The edge port is a configurable designation used for a port that is directly connected to a segment where a loop cannot be created. An example would be a port connected directly to a single workstation. Ports that are designated as edge ports transition to a forwarding state immediately without going through the listening and learning states. An edge port loses its status if it receives a BPDU packet, immediately becoming a normal spanning tree port.

P2P Port

A P2P port is also capable of rapid transition. P2P ports may be used to connect to other bridges. Under RSTP, all ports operating in full-duplex mode are considered to be P2P ports, unless manually overridden through configuration.

DGS-3224TGR Gigabit Ethernet Switch User’s Guide

802.1d/802.1w Compatibility

RSTP can interoperate with legacy equipment and is capable of automatically adjusting BPDU packets to 802.1d format when necessary. However, any segment using 802.1 STP will not benefit from the rapid transition and rapid topology change detection of RSTP. The protocol also provides for a variable used for migration in the event that legacy equipment on a segment is updated to use RSTP.

The Spanning Tree Protocol (STP) operates on two levels: on the switch level, the settings are globally implemented. On the port level, the settings are implemented on a user-defined Group of ports basis.

VLANs

A Virtual Local Area Network (VLAN) is a network topology configured according to a logical scheme rather than the physical layout. VLANs can be used to combine any collection of LAN segments into an autonomous user group that appears as a single LAN. VLANs also logically segment the network into different broadcast domains so that packets are forwarded only between ports within the VLAN. Typically, a VLAN corresponds to a particular subnet, although not necessarily.

VLANs can enhance performance by conserving bandwidth, and improve security by limiting traffic to specific domains.

A VLAN is a collection of end nodes grouped by logic instead of physical location. End nodes that frequently communicate with each other are assigned to the same VLAN, regardless of where they are physically on the network. Logically, a VLAN can be equated to a broadcast domain, because broadcast packets are forwarded to only members of the VLAN on which the broadcast was initiated.

Note: VLANs on the DGS-3224TGR

No matter what basis is used to uniquely identify end nodes and assign these nodes VLAN membership, packets cannot cross VLANs without a network device performing a routing function between the VLANs.

The DGS-3224TGR supports only IEEE 802.1Q VLANs. The port untagging function can be used to remove the 802.1Q tag from packet headers to maintain compatibility with devices that are tag-unaware.

The switch’s default is to assign all ports to a single 802.1Q VLAN named “default.”

The default VLAN has a VID = 1

IEEE 802.1Q VLANs

Some relevant terms:

• Tagging – The act of putting 802.1Q VLAN information into the header of a packet.

• Untagging – The act of stripping 802.1Q VLAN information out of the packet header.

• Ingress port – A port on a switch where packets are flowing into the switch and VLAN decisions must be

made.

• Egress port – A port on a switch where packets are flowing out of the switch, either to another switch or to an

end station, and tagging decisions must be made.

IEEE 802.1Q (tagged) VLANs are implemented on the DGS-3224TGR 802.1Q VLANs require tagging, which enables them to span the entire network (assuming all switches on the network are IEEE 802.1Q-compliant).

VLANs allow a network to be segmented in order to reduce the size of broadcast domains. All packets entering a VLAN will only be forwarded to the stations (over IEEE 802.1Q enabled switches) that are members of that VLAN, and this includes broadcast, multicast and unicast packets from unknown sources.

VLANs can also provide a level of security to your network. IEEE 802.1Q VLANs will only deliver packets between stations that are members of the VLAN.

DGS-3224TGR Gigabit Ethernet Switch User’s Guide

Any port can be configured as either tagging or untagging. The untagging feature of IEEE 802.1Q VLANs allows VLANs to work with legacy switches that don’t recognize VLAN tags in packet headers. The tagging feature allows VLANs to span multiple 802.1Q-compliant switches through a single physical connection and allows Spanning Tree to be enabled on all ports and work normally.

The IEEE 802.1Q standard restricts the forwarding of untagged packets to the VLAN the receiving port is a member of.

The main characteristics of IEEE 802.1Q are as follows:

• Assigns packets to VLANs by filtering.

• Assumes the presence of a single global spanning tree.

• Uses an explicit tagging scheme with one-level tagging

802.1Q VLAN Packet Forwarding

Packet forwarding decisions are made based upon the following three types of rules:

• Ingress rules – rules relevant to the classification of received frames belonging to a VLAN.

• Forwarding rules between ports – decides filter or forward the packet

• Egress rules – determines if the packet must be sent tagged or untagged.

Figure 5- 1. IEEE 802.1Q Packet Forwarding

DGS-3224TGR Gigabit Ethernet Switch User’s Guide

802.1Q VLAN Tags

The figure below shows the 802.1Q VLAN tag. There are four additional octets inserted after the source MAC address. Their presence is indicated by a value of 0x8100 in the EtherType field. When a packet’s EtherType field is equal to 0x8100, the packet carries the IEEE 802.1Q/802.1p tag. The tag is contained in the following two octets and consists of three bits of user priority, one bit of Canonical Format Identifier (CFI – used for encapsulating Token Ring packets so they can be carried across Ethernet backbones) and twelve bits of VLAN ID (VID). The three bits of user priority are used by

802.1p. The VID is the VLAN identifier and is used by the 802.1Q standard. Because the VID is twelve bits long, 4094 unique VLANs can be identified.

The tag is inserted into the packet header making the entire packet longer by four octets. All of the information contained in the packet originally is retained.

Figure 5- 2. IEEE 802.1Q Tag

The EtherType and VLAN ID are inserted after the MAC source address, but before the original EtherType/Length or Logical Link Control. Because the packet is now a bit longer than it was originally, the Cyclic Redundancy Check (CRC) must be recalculated.

Figure 5- 3. Adding an IEEE 802.1Q Tag

+ 130 hidden pages