D-Link DGS-3426G User Manual
xStack® DGS-3426G Layer 2 Gigabit Ethernet Managed Switch
®
User Manual
Product Model :
xStack
®
DGS-3426G
Layer 2+ Gigabit Ethernet Managed Switch
Release 2.61
i
xStack® DGS-3426G Layer 2 Gigabit Ethernet Managed Switch
ii
____________________________________ _________
Information in this document is subject to change without notice.
© 2009 D-Link Corporation. All rights reserved.
Reproduction in any manner whatsoever without the written permission of D-Link Corporation is strictly forbidden.
Trademarks used in this text: D-Link and the D-LINK logo are trademarks of D-Link Corporation; Microsoft and Windows are registered trademarks of Microsoft
Corporation.
Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products. D-Link Corporation
disclaims any proprietary interest in trademarks and trade names other than its own.
June 2009 P/N 651GS3400085G
Table of Contents
Intended Readers ........................................................................................................................................................................... xi
Typographical Conventions ........................................................................................................................................................................... xi
Notes, Notices, and Cautions ........................................................................................................................................................ xi
Web-based Switch Configuration ................................................................................................................... 1
Introduction .................................................................................................................................................................................... 1
Logging in to the Web Manager .................................................................................................................................................... 1
Web-based User Interface .............................................................................................................................................................. 2
Areas of the User Interface ........................................................................................................................................................................ 2
Web Pages ...................................................................................................................................................................................... 4
Administration ................................................................................................................................................. 5
Device Information ........................................................................................................................................................................ 6
IPv6 ................................................................................................................................................................................................................. 8
Overview ......................................................................................................................................................................................................... 8
Packet Format ............................................................................................................................................................................................... 10
IPv6 Header ............................................................................................................................................................................................. 10
Extension Headers ................................................................................................................................................................................... 11
Packet Fragmentation .............................................................................................................................................................................. 11
Address Format ............................................................................................................................................................................................. 11
Types ....................................................................................................................................................................................................... 12
ICMPv6 ......................................................................................................................................................................................................... 13
Neighbor Discovery ...................................................................................................................................................................................... 13
Neighbor Unreachability Detection ......................................................................................................................................................... 13
Duplicate Address Detection (DAD) ....................................................................................................................................................... 14
Assigning IP Addresses ........................................................................................................................................................................... 14
IP Interface Setup .................................................................................................................................................................................... 14
IP Address .................................................................................................................................................................................... 15
Setting the Switch's IP Address using the Console Interface ................................................................................................................... 16
Interface Settings .......................................................................................................................................................................... 17
IPv4 Interface Settings .................................................................................................................................................................................. 17
IPv6 Interface Settings .................................................................................................................................................................................. 18
Stacking ........................................................................................................................................................................................ 21
Stack Switch Swapping ........................................................................................................................................................................... 22
Stacking Mode Settings ................................................................................................................................................................................ 23
Box Information ............................................................................................................................................................................................ 23
Port Configuration ........................................................................................................................................................................ 24
Port Error Disabled ....................................................................................................................................................................................... 25
Port Description ............................................................................................................................................................................................ 26
Port Auto Negotiation Information ............................................................................................................................................................... 26
Port Details ................................................................................................................................................................................................... 27
Port Media Type ........................................................................................................................................................................................... 28
Cable Diagnostics ......................................................................................................................................................................................... 29
User Accounts .............................................................................................................................................................................. 30
Password Encryption .................................................................................................................................................................... 31
Port Mirroring .............................................................................................................................................................................. 32
Mirroring within the Switch Stack ........................................................................................................................................................... 33
System Log .................................................................................................................................................................................. 33
System Log Host ........................................................................................................................................................................................... 33
System Log Save Mode Settings ................................................................................................................................................................... 35
System Severity Settings .............................................................................................................................................................. 35
SNTP Settings .............................................................................................................................................................................. 36
Time Settings ................................................................................................................................................................................................ 36
Time Zone and DST ...................................................................................................................................................................................... 37
MAC Notification Settings .......................................................................................................................................................... 39
TFTP Services .............................................................................................................................................................................. 40
Multiple Image Services .............................................................................................................................................................. 41
Firmware Information ................................................................................................................................................................................... 41
Config Firmware Image ................................................................................................................................................................................ 42
Ping Test ...................................................................................................................................................................................... 42
IPv4 Ping Test ............................................................................................................................................................................................... 42
IPv6 Ping Test ............................................................................................................................................................................................... 43
IPv6 Neighbor .............................................................................................................................................................................. 44
IPv6 Neighbor Settings ................................................................................................................................................................................. 44
Routing Table ............................................................................................................................................................................... 46
IPv4 Static/Default Route Settings ................................................................................................................................................................ 46
IPv6 Static/Default Route Settings ................................................................................................................................................................ 47
Gratuitous ARP Settings .............................................................................................................................................................. 48
Static ARP Settings ...................................................................................................................................................................... 50
DHCP Auto Configuration Settings ............................................................................................................................................. 51
DHCP/BOOTP Relay................................................................................................................................................................... 51
DHCP / BOOTP Relay Global Settings ........................................................................................................................................................ 51
The Implementation of DHCP Information Option 82 ............................................................................................................................ 54
DHCP/BOOTP Relay Interface Settings ....................................................................................................................................................... 55
DHCP Relay Option 60 Default Settings ...................................................................................................................................................... 55
DHCP Relay Option 60 Settings ................................................................................................................................................................... 56
DHCP Relay Option 61 Default Settings ...................................................................................................................................................... 57
DHCP Relay Option 61 Settings ................................................................................................................................................................... 57
DHCP Server ................................................................................................................................................................................ 58
DHCP Server Global Settings ....................................................................................................................................................................... 58
DHCP Server Exclude Address Settings ....................................................................................................................................................... 59
DHCP Server Pool Settings .......................................................................................................................................................................... 60
DHCP Server Dynamic Binding ................................................................................................................................................................... 62
DHCP Server Manual Binding ...................................................................................................................................................................... 63
DHCP Server Screening ............................................................................................................................................................... 64
DHCP Server Screening Global Settings ...................................................................................................................................................... 64
DHCP Server Screening Port Settings .......................................................................................................................................................... 65
Layer 2 Protocol Tunneling (L2PT) Settings ............................................................................................................................... 66
RSPAN ......................................................................................................................................................................................... 67
RSPAN State Settings ................................................................................................................................................................................... 67
RSPAN Settings ............................................................................................................................................................................................ 67
SNMP Manager ............................................................................................................................................................................ 70
SNMP Settings .............................................................................................................................................................................................. 70
SNMP Trap Settings ..................................................................................................................................................................................... 71
SNMP User Table ......................................................................................................................................................................................... 72
SNMP View Table ........................................................................................................................................................................................ 74
SNMP Group Table ...................................................................................................................................................................................... 75
SNMP Community Table .............................................................................................................................................................................. 76
SNMP Host Table ......................................................................................................................................................................................... 77
SNMP Engine ID .......................................................................................................................................................................................... 79
PoE ............................................................................................................................................................................................... 79
PoE System Settings ..................................................................................................................................................................................... 80
PoE Port Settings .......................................................................................................................................................................................... 80
sFlow ............................................................................................................................................................................................ 82
sFlow Global Settings ................................................................................................................................................................................... 83
sFlow Analyzer Settings ............................................................................................................................................................................... 83
sFlow Sampler Settings ................................................................................................................................................................................. 85
sFlow Poller Settings .................................................................................................................................................................................... 86
IP Multicast VLAN Replication ................................................................................................................................................... 88
IP Multicast VLAN Replication Global Settings .......................................................................................................................................... 88
IP Multicast VLAN Replication Settings ...................................................................................................................................................... 88
Single IP Management (SIM) Overview ...................................................................................................................................... 91
The Upgrade to v1.61 .............................................................................................................................................................................. 92
Single IP vs. Switch Stacking .................................................................................................................................................................. 93
SIM Using the Web Interface........................................................................................................................................................................ 93
Topology ....................................................................................................................................................................................................... 94
Tool Tips ................................................................................................................................................................................................. 97
Menu Bar ............................................................................................................................................................................................... 101
Firmware Upgrade ...................................................................................................................................................................................... 102
Configuration Backup/Restore .................................................................................................................................................................... 103
Upload Log ................................................................................................................................................................................................. 103
L2 Features ................................................................................................................................................... 104
VLANs ....................................................................................................................................................................................... 104
VLAN Description ...................................................................................................................................................................................... 104
Notes about VLANs on the DGS-3426G ............................................................................................................................................... 104
IEEE 802.1Q VLANs ............................................................................................................................................................................ 104
802.1Q VLAN Tags ............................................................................................................................................................................... 106
Port VLAN ID ....................................................................................................................................................................................... 106
Tagging and Untagging ......................................................................................................................................................................... 107
Ingress Filtering ..................................................................................................................................................................................... 107
Default VLANs ...................................................................................................................................................................................... 107
Port-based VLANs ................................................................................................................................................................................. 108
VLAN Segmentation ............................................................................................................................................................................. 108
VLAN and Trunk Groups ...................................................................................................................................................................... 108
Protocol VLANs .................................................................................................................................................................................... 108
Static VLAN Entry ..................................................................................................................................................................................... 109
GVRP Settings ............................................................................................................................................................................................ 111
Double VLANs ........................................................................................................................................................................................... 112
Regulations for Double VLANs ............................................................................................................................................................ 113
Double VLAN Settings ............................................................................................................................................................................... 114
PVID Auto Assign ...................................................................................................................................................................................... 116
MAC-based VLAN Settings ....................................................................................................................................................................... 117
Protocol VLAN ........................................................................................................................................................................................... 117
Protocol VLAN Group Settings ............................................................................................................................................................. 118
Protocol VLAN Port Settings ................................................................................................................................................................ 119
Trunking ..................................................................................................................................................................................... 121
Understanding Port Trunk Groups .............................................................................................................................................................. 121
Link Aggregation ........................................................................................................................................................................................ 122
LACP Port Settings ..................................................................................................................................................................................... 125
IGMP Snooping ......................................................................................................................................................................... 127
IGMP Snooping Settings ............................................................................................................................................................................ 127
Router Port Settings .................................................................................................................................................................................... 129
IGMP Snooping Static Group Settings ....................................................................................................................................................... 130
ISM VLAN Settings.................................................................................................................................................................................... 132
Restrictions and Provisos ....................................................................................................................................................................... 132
Limited IP Multicast (IGMP Filtering) Address Range Settings ................................................................................................................. 134
MLD Snooping .......................................................................................................................................................................... 136
MLD Control Messages ......................................................................................................................................................................... 136
MLD Snooping Settings .............................................................................................................................................................................. 136
MLD Router Port Settings .......................................................................................................................................................................... 138
Loop-back Detection Global Settings ........................................................................................................................................ 140
Spanning Tree ............................................................................................................................................................................ 142
802.1s MSTP ......................................................................................................................................................................................... 142
802.1w Rapid Spanning Tree ................................................................................................................................................................. 142
Port Transition States ............................................................................................................................................................................. 142
Edge Port ............................................................................................................................................................................................... 143
P2P Port ................................................................................................................................................................................................. 143
802.1D/802.1w/802.1s Compatibility .................................................................................................................................................... 143
STP Bridge Global Settings ........................................................................................................................................................................ 144
MST Configuration Identification ............................................................................................................................................................... 147
MSTP Port Information .............................................................................................................................................................................. 149
STP Instance Settings .................................................................................................................................................................................. 151
STP Port Settings ........................................................................................................................................................................................ 152
Forwarding & Filtering .............................................................................................................................................................. 153
Unicast Forwarding ..................................................................................................................................................................................... 153
Multicast Forwarding .................................................................................................................................................................................. 154
Multicast Filtering Mode............................................................................................................................................................................. 155
LLDP .......................................................................................................................................................................................... 155
LLDP Global Settings ................................................................................................................................................................................. 156
Basic LLDP Port Settings ........................................................................................................................................................................... 157
802.1 Extension LLDP Port Settings .......................................................................................................................................................... 158
802.3 Extension LLDP Port Settings .......................................................................................................................................................... 160
LLDP Management Address Settings ......................................................................................................................................................... 162
LLDP Statistics ........................................................................................................................................................................................... 164
LLDP Management Address Table ............................................................................................................................................................. 165
LLDP Local Port Table ............................................................................................................................................................................... 165
LLDP Remote Port Table............................................................................................................................................................................ 168
Q-in-Q ........................................................................................................................................................................................ 170
Q-in-Q Settings ........................................................................................................................................................................................... 170
VLAN Translation Settings ......................................................................................................................................................................... 171
QoS ................................................................................................................................................................ 173
QoS ............................................................................................................................................................................................ 173
The Advantages of QoS .............................................................................................................................................................................. 173
Understanding QoS ................................................................................................................................................................................ 174
Understanding IEEE 802.1p Priority ........................................................................................................................................................... 176
Bandwidth Control ..................................................................................................................................................................... 176
QoS Scheduling Mechanism ...................................................................................................................................................... 178
QoS Output Scheduling .............................................................................................................................................................. 179
Configuring the Combination Queue ..................................................................................................................................................... 180
802.1p Default Priority ............................................................................................................................................................... 180
802.1p User Priority ................................................................................................................................................................... 182
ACL (Access Control List) .......................................................................................................................... 183
Time Range ................................................................................................................................................................................ 183
Access Profile Table .................................................................................................................................................................. 184
ACL Flow Meter ........................................................................................................................................................................ 201
CPU Interface Filtering .............................................................................................................................................................. 205
CPU Interface Filtering State Settings ........................................................................................................................................................ 205
CPU Interface Filtering Table ..................................................................................................................................................................... 205
Security ......................................................................................................................................................... 220
Authorization Network State Settings ........................................................................................................................................ 220
Traffic Control ........................................................................................................................................................................... 221
Port Security ............................................................................................................................................................................... 223
Port Security Entries ................................................................................................................................................................................... 224
IP-MAC-Port Binding ................................................................................................................................................................ 225
General Overview .................................................................................................................................................................................. 225
Common IP Management Security Issues ............................................................................................................................................. 225
Solutions to Improve IP Management Security ..................................................................................................................................... 225
ARP Mode ............................................................................................................................................................................................. 225
ACL Mode ............................................................................................................................................................................................. 225
Strict and Loose State ............................................................................................................................................................................ 226
DHCP Snooping Option ........................................................................................................................................................................ 226
IMP Global Settings .................................................................................................................................................................................... 226
IMP Port Settings ........................................................................................................................................................................................ 228
IMP Entry Settings ...................................................................................................................................................................................... 229
DHCP Snooping Entries ............................................................................................................................................................................. 230
MAC Block List .......................................................................................................................................................................................... 230
802.1X ........................................................................................................................................................................................ 231
Guest VLANs.............................................................................................................................................................................................. 236
Limitations Using the Guest VLAN ...................................................................................................................................................... 236
Configure 802.1X Guest VLAN ................................................................................................................................................................. 236
Configure 802.1X Authenticator Parameter ................................................................................................................................................ 238
802.1X User ................................................................................................................................................................................................ 240
Initialize Port(s) .......................................................................................................................................................................................... 241
Reauthenticate Port(s) ................................................................................................................................................................................. 242
Authentic RADIUS Server .......................................................................................................................................................................... 244
Web-based Access Control (WAC) ........................................................................................................................................... 245
Conditions and Limitations .................................................................................................................................................................... 245
WAC Global State ...................................................................................................................................................................................... 245
WAC Port Settings ...................................................................................................................................................................................... 247
WAC User Account .................................................................................................................................................................................... 249
WAC Host Table Settings ........................................................................................................................................................................... 250
Trust Host ................................................................................................................................................................................... 251
Access Authentication Control ................................................................................................................................................... 252
Authentication Policy & Parameter Settings ............................................................................................................................................... 253
Application's Authentication Settings ......................................................................................................................................................... 253
Authentication Server Group ...................................................................................................................................................................... 254
Authentication Server Host ......................................................................................................................................................................... 255
Login Method Lists ..................................................................................................................................................................................... 257
Enable Method Lists ................................................................................................................................................................................... 258
Configure Local Enable Password .............................................................................................................................................................. 260
Enable Admin ............................................................................................................................................................................................. 261
RADIUS Accounting Settings .................................................................................................................................................................... 262
MAC-based Access Control (MAC) .......................................................................................................................................... 263
Notes About MAC-based Access Control ............................................................................................................................................. 263
MAC-based Access Control Global Settings .............................................................................................................................................. 263
MAC-based Access Control Local MAC Settings ...................................................................................................................................... 266
Safeguard Engine ....................................................................................................................................................................... 267
Safeguard Engine Settings .......................................................................................................................................................................... 268
Traffic Segmentation .................................................................................................................................................................. 269
Secure Socket Layer (SSL) ........................................................................................................................................................ 270
SSL ............................................................................................................................................................................................. 271
Secure Shell (SSH) ..................................................................................................................................................................... 272
SSH Server Configuration ........................................................................................................................................................................... 273
SSH Authentication Mode and Algorithm Settings .................................................................................................................................... 274
SSH User Authentication Mode .................................................................................................................................................................. 276
Multiple Authentication ............................................................................................................................................................. 277
Multiple Authentication Settings ................................................................................................................................................................ 277
Authentication Guest VLAN Settings ......................................................................................................................................................... 279
JWAC (Japanese Web-based Access Control) ........................................................................................................................... 280
JWAC Global Configuration ....................................................................................................................................................................... 280
JWAC Port Settings .................................................................................................................................................................................... 283
JWAC User Account ................................................................................................................................................................................... 286
JWAC Host Information ............................................................................................................................................................................. 287
JWAC Customize Page Language Settings ................................................................................................................................................. 288
JWAC Customize Page ............................................................................................................................................................................... 288
Monitoring .................................................................................................................................................... 290
Device Status .............................................................................................................................................................................. 290
Stacking Information .................................................................................................................................................................. 291
Stacking Device ......................................................................................................................................................................... 292
Module Information ................................................................................................................................................................... 292
CPU Utilization .......................................................................................................................................................................... 293
Port Utilization ........................................................................................................................................................................... 294
Packets ....................................................................................................................................................................................... 295
Received (Rx) ............................................................................................................................................................................................. 295
UMB Cast (RX) .......................................................................................................................................................................................... 297
Transmitted (TX) ........................................................................................................................................................................................ 299
Errors .......................................................................................................................................................................................... 301
Received (RX) ............................................................................................................................................................................................ 301
Transmitted (TX) ........................................................................................................................................................................................ 303
Packet Size ................................................................................................................................................................................. 305
Browse Router Port .................................................................................................................................................................... 307
Browse MLD Router Port .......................................................................................................................................................... 307
VLAN Status .............................................................................................................................................................................. 308
VLAN Status Port ...................................................................................................................................................................... 308
Port Access Control.................................................................................................................................................................... 309
Authenticator State ...................................................................................................................................................................................... 309
Authenticator Statistics ............................................................................................................................................................................... 310
Authenticator Session Statistics .................................................................................................................................................................. 310
Authenticator Diagnostics ........................................................................................................................................................................... 311
RADIUS Authentication ............................................................................................................................................................................. 311
RADIUS Account Client............................................................................................................................................................................. 311
MAC Address Table .................................................................................................................................................................. 313
IGMP Snooping Group .............................................................................................................................................................. 314
MLD Snooping Group ............................................................................................................................................................... 314
Switch Logs................................................................................................................................................................................ 315
Browse ARP Table ..................................................................................................................................................................... 316
Session Table ............................................................................................................................................................................. 316
IP Forwarding Table .................................................................................................................................................................. 316
Browse Routing Table ................................................................................................................................................................ 317
MAC-based Access Control Authentication Status ................................................................................................................... 317
Save, Reset and Reboot ................................................................................................................................ 318
Reset ........................................................................................................................................................................................... 318
Reboot System ........................................................................................................................................................................... 318
Save Services ............................................................................................................................................................................. 319
Save Changes .............................................................................................................................................................................................. 319
Configuration Information .......................................................................................................................................................................... 320
Current Configuration Settings ................................................................................................................................................................... 321
Appendix A ................................................................................................................................................... 322
Mitigating ARP Spoofing Attacks Using Packet Content ACL .................................................................................................................. 322
Appendix B ................................................................................................................................................... 329
Switch Log Entries ...................................................................................................................................................................................... 329
Appendix C ................................................................................................................................................... 339
Trap Logs .................................................................................................................................................................................................... 339
Glossary ........................................................................................................................................................ 344
xStack® DGS-3426G Layer 2 Gigabit Ethernet Managed Switch
xi
Intended Readers
The xStack® DGS-3426G Manual contains information for setup and management of the Switch. This manual is intended for
network managers familiar with network management concepts and terminology.
Typographical Conventions
Convention Description
[ ]
In a command line, square brackets indicate an optional entry. For example: [copy
filename] means that optionally you can type copy followed by the name of the file. Do
not type the brackets.
Bold font
Indicates a button, a toolbar icon, menu, or menu item. For example: Open the File
menu and choose Cancel. Used for emphasis. May also indicate system messages or
prompts appearing on screen. For example: You have mail. Bold font is also used to
represent filenames, program names and commands. For example: use the copy
command.
Boldface Typewriter
Font
Indicates commands and responses to prompts that must be typed exactly as printed in
the manual.
Initial capital letter
Indicates a window name. Names of keys on the keyboard have initial capitals. For
example: Click Enter.
Italics
Indicates a window name or a field. Also can indicate a variables or parameter that is
replaced with an appropriate word or string. For example: type filename means that the
actual filename should be typed instead of the word shown in italic.
Menu Name > Menu
Option
Menu Name > Menu Option Indicates the menu structure. Device > Port > Port
Properties means the Port Properties menu option under the Port menu option that is
located under the Device menu.
Notes, Notices, and Cautions
A NOTE indicates important information that helps make better use of the
device.
A NOTICE indicates either potential damage to hardware or loss of data
and tells how to avoid the problem.
A CAUTION indicates a potential for property damage, personal injury, or
death.
xStack® DGS-3426G Layer 2 Gigabit Ethernet Managed Switch
1
Section 1
Web-based Switch Configuration
Introduction
Logging on to the Web Manager
Web-Based User Interface
Basic Setup
Web Pages
Introduction
All software functions of the xStack® DGS-3426G Switch can be managed, configured and monitored via the embedded webbased (HTML) interface. Manage the Switch from remote stations anywhere on the network through a standard browser. The
browser acts as a universal access tool and can communicate directly with the Switch using the HTTP protocol.
The Web-based management module and the Console program (and Telnet) are different ways to access the same internal
switching software and configure it. Thus, all settings encountered in web-based management are the same as those found in the
console program.
Logging in to the Web Manager
To begin managing the Switch, simply run the browser installed on your computer and point it to the IP address you have defined
for the device. The URL in the address bar should read something like: http://123.123.123.123, where the numbers 123 represent
the IP address of the Switch.
NOTE: The factory default IP address is 10.90.90.90.
This opens the management module's user authentication dialog box, as seen below.
xStack® DGS-3426G Layer 2 Gigabit Ethernet Managed Switch
2
Figure 1- 1 Enter Network Password dialog box
Leave both the User Name field and the Password field blank and click OK. This will open the Web-based user interface. The
Switch management features available in the Web-based manager are explained below.
Web-based User Interface
The user interface provides access to various Switch configuration and management windows, allows the user to view
performance statistics, and permits graphical monitoring of the system status.
Areas of the User Interface
The figure below shows the user interface. Three distinct areas divide the user interface, as described in the table.
xStack® DGS-3426G Layer 2 Gigabit Ethernet Managed Switch
3
Area 2
Area 1
Area 3
Figure 1- 2 Main Web-Manager window
Area Function
Area 1
Select the menu or window to display. Open folders and click the hyperlinked menu buttons and
subfolders contained within them to display menus. Click the D-Link logo to go to the D-Link website.
Area 2
Presents a graphical near real-time image of the front panel of the Switch. This area displays the
Switch's ports and expansion modules, showing port activity, duplex mode, or flow control,
depending on the specified mode.
Some management functions, including port configuration are accessible here.
Area 3
Presents switch information based on user selection and the entry of configuration data.
xStack® DGS-3426G Layer 2 Gigabit Ethernet Managed Switch
4
Web Pages
When connecting to the management mode of the Switch with a web browser, a login screen is displayed. Enter a user name and
password to access the Switch's management mode.
Below is a list of the main folders available in the Web interface:
Administration – Contains the following folders and windows: IP Address, Interface Settings, Stacking, Port Configuration, User
Accounts, Password Encryption, Port Mirroring, System Log, System Severity Settings, SNTP Settings, MAC Notification
Settings, TFTP Services, Multiple Image Services, Ping Test, IPv6 Neighbor, Routing Table, Gratuitous ARP Settings, Static
ARP Settings, DHCP Auto Configuration, DHCP/BOOTP Relay, DHCP Server, DHCP Server Screening, L2PT Tunneling
Settings, RSPAN, SNMP Manager, PoE, sFlow, IP Multicast VLAN Replication, and Single IP Management Settings.
L2 Features – Contains the following folders and windows: VLAN, Trunking, IGMP Snooping, MLD Snooping, Loopback
Detection Global Settings, Spanning Tree, Forwarding & Filtering, LLDP, and QinQ.
QoS – Contains the following folders and windows: Bandwidth Control, QoS Scheduling Mechanism, QoS Output Scheduling,
802.1p Default Priority, and 802.1p User Priority.
ACL – Contains the following following folders and windows: Time Range, Access Profile Table, ACL Flow Meter and CPU
Interface Filtering.
Security – Contains the following folders and windows: Authorization Network State Settings, Traffic Control, Port Security, IP-
MAC-Port Binding, 802.1X, Web Authentication, Trust Host, Access Authentication Control, MAC Based Access Control,
Safeguard Engine, Traffic Segmentation, SSL, SSH, Multiple Authentication, and JWAC.
Monitoring – Contains the following folders and windows: Device Status, Module Information, CPU Utilization, Port Utilization,
Packets, Errors, Packet Size, Browse Router Port, Browse MLD Router Port, VLAN Status, VLAN Status Port, Port Access
Control, MAC Address Table, IGMP Snooping Group, MLD Snooping Group, Switch Logs, Brow se ARP Table, Session Table,
IP Forwarding Table, Browse Routing Table and MAC Based Access Control Authentication Status.
Save Services – Contains the following folders and windows: Save Changes, Configure Information, and Current Configuration
Settings.
Reset, Reboot System and Logout window links are displayed in the main directory.
NOTE: Be sure to configure the user name and password in the User
Accounts window before connecting the Switch to the greater network.
xStack® DGS-3426G Layer 2 Gigabit Ethernet Managed Switch
5
Section 2
Administration
DGS-3426G Web Management Tool
IP Address
Interface Settings
Stacking
Port Configuration
User Accounts
Password Encryption
Port Mirroring
System Log
System Severity Settings
SNTP Settings
MAC Notification Settings
TFTP Services
Multiple Image Services
Ping Test
IPv6 Neighbor
Routing Table
Gratuitous ARP Settings
Static ARP Settings
DHCP Auto Configuration Settings
DHCP/BOOTP Relay
DHCP Server
DHCP Server Screening
Layer 2 Protocol Tunneling (L2PT) Settings
RSPAN
SNMP Manager
PoE
sFlow
IP Multicast VLAN Replication
Single IP Management (SIM) Overview
xStack® DGS-3426G Layer 2 Gigabit Ethernet Managed Switch
6
Device Information
The Device Information window contains the main
settings for all major functions for the Switch. It
appears automatically when you log on to the Switch.
To return to the Device Information window after
viewing other windows, click the DGS-3426G Web
Management Tool folder. The Device Information
window shows the Switch’s MAC Address (assigned
by the factory and unchangeable), the Boot PROM,
Firmware Version, Hardware Version and Serial
Number. This information is helpful to keep track of
PROM and firmware updates and to obtain the
Switch's MAC address for entry into another network
device's address table, if necessary. The user may also
enter a System Name, System Location and System
Contact to aid in defining the Switch, to the user's
preference. In addition, this window displays the
status of functions on the Switch to quickly assess
their current global status. Some Functions are hyperlinked for easy access from the Device Information
window.
Many miscellaneous functions are enabled and
disabled in the Device Information window.
Figure 2 - 1 Device Information window
Device Information window configurable parameters include those described in the table below.
Parameter Description
System Name
Enter a system name for the Switch, if so desired. This name will identify it in the Switch
network.
System Location
Enter the location of the Switch, if so desired.
System Contact
Enter a contact name for the Switch, if so desired.
Serial Port Auto
Logout Time
Select the logout time used for the console interface. This automatically logs the user out after
an idle period of time, as defined. Choose from the following options: 2 Minutes, 5 Minutes, 10
Minutes, 15 Minutes or Never. The default setting is 10 minutes.
Serial Port Baud
Rate
This field specifies the baud rate for the serial port on the Switch. The default setting is 115200.
xStack® DGS-3426G Layer 2 Gigabit Ethernet Managed Switch
7
MAC Address
Aging Time
This field specifies the length of time a learned MAC Address will remain in the forwarding table
without being accessed (that is, how long a learned MAC Address is allowed to remain idle). To
change this, type in a different value representing the MAC address age-out time in seconds.
The MAC Address Aging Time can be set to any value between 10 and 1,000,000 seconds. The
default setting is 300 seconds.
IGMP Snooping
To enable system-wide IGMP Snooping capability, select Enabled. IGMP snooping is Disabled
by default. Enabling IGMP snooping allows the user to specify use of a multicast router only
(see below). To configure IGMP Snooping for individual VLANs, use the IGMP Snooping
window under the IGMP Snooping folder.
IGMP Multicast
Router Only
This field specifies that the Switch should only forward all multicast traffic to a multicast-enabled
router, if enabled. Otherwise, the Switch will forward all multicast traffic to any IP router. The
default is Disabled.
MLD Snooping
To enable system-wide MLD Snooping capability, select Enabled. MLD snooping is Disabled by
default. Enabling MLD snooping allows you to specify use of a multicast router only (see below).
To configure MLD Snooping for individual VLANs, use the MLD Snooping window under the
MLD Snooping folder.
MLD Multicast
Router Only
This field specifies that the Switch should only forward all multicast traffic to a multicast-enabled
router, if enabled. Otherwise, the Switch will forward all multicast traffic to any IP router. The
default is Disabled.
GVRP Status
Use this drop-down menu to enable or disable GVRP on the Switch.
Telnet Status
Telnet configuration is Enabled by default. If you do not want to allow configuration of the
system through Telnet choose Disabled.
Telnet TCP Port
Number (1-65535)
The TCP port number used for Telnet management of the Switch. The "well-known" TCP port for
the Telnet protocol is 23.
Web Status
Web-based management is Enabled by default. If you choose to disable this by selecting
Disabled, you will lose the ability to configure the system through the Web interface as soon as
these settings are applied.
Web TCP Port
Number (1-65535)
The TCP port number used for Web-based management of the Switch. The "well-known" TCP
port for the Telnet protocol is 80.
SNMP Status
SNMP is Disabled by default. The Switch supports the SNMP versions 1, 2c, and 3. Once
SNMP is enabled, you can choose among three versions to monitor and control the Switch. The
three versions of SNMP vary in the level of security provided between the management station
and the network device.
RMON Status
Remote monitoring (RMON) of the Switch is Enabled or Disabled here.
Link Aggregation
Algorithm
The algorithm that the Switch uses to balance the load across the ports that make up the port
trunk group is defined by this definition. Choose MAC Source, MAC Destination, MAC Src &
Dest, IP Source, IP Destination or IP Src & Dest (See the Link Aggregation section of this
manual).
Switch 802.1X
MAC Address may enable by port or the Switch’s 802.1X function; the default is Disabled. This
field must be enabled to view and configure certain windows for 802.1X. More information
regarding 802.1X, its functions and implementation can be found later in this section, under the
Port Access Entity folder.
Port-Based 802.1X specifies that ports configured for 802.1X are initialized based on the port
number only and are subject to any authorization parameters configured.
MAC-based Authorization specifies that ports configured for 802.1X are initialized based on the
port number and the MAC address of the computer being authorized and are then subject to any
authorization parameters configured.
Auth Protocol
The user may use the drop-down menu to choose between RADIUS EAP and Local for the
802.1X authentication protocol on the Switch. The default setting is RADIUS EAP.
802.1X Authen
Network RADIUS
The user may use the drop-down menu to Enable or Disable the 802.1X Authen Network
RADIUS on the Switch. The default setting is Enabled.
802.1X Authen
FailOver
The user may use the drop-down menu to Enable or Disable the 802.1X Authen FailOver on the
Switch. The default setting is Disabled.
xStack® DGS-3426G Layer 2 Gigabit Ethernet Managed Switch
8
Forward EAPOL
PDU
The user may use the drop-down menu to Enable or Disable the Forward EAPOL PDU on the
Switch. The default setting is Disabled.
HOL Prevention
If this option is enabled it prevents the forwarding of data to a port that is blocked. Traffic that
would normally be sent to the buffer memory of the Switch’s TX queue is dropped so that
memory usage is conserved and performance across all ports remains high.
Jumbo Frame
This field will enable or disable the Jumbo Frame function on the Switch. The default is
Disabled. Max. Jumbo frame size = 9216 bytes if this is enabled.
Syslog State
The user may globally enable or disable the Syslog function here by using the drop-down menu.
The default is Disabled.
ARP Aging time
(0-65535)
The user may set the ARP Aging Time here by entering a time between 0 and 65535 minutes.
The default setting is 20 minutes.
Click Apply to implement changes made.
IPv6
The xStack® DGS-3426G has the capability to support the following:
• IPv6 unicast, multicast and anycast addresses
• Allow for IPv6 packet forwarding
• IPv6 fragmentation and re-assembly
• Processing of IPv6 packet and extension headers
• Static IPv6 route configuration
• IPv6 Neighbor Discovery
• Link-Layer Address resolution, Neighbor Unreachability Detection, and Duplicate Address Detection over broadcast
mediums (ex: Ethernet)
• Send Router Advertisement
• ICMPv6 functionality
The following sections will briefly explain IPv6, its functionality and how IPv6 is implemented on this Switch.
Overview
IP version 6 is the logical successor to IP version 4. It was known that IPv4 could not support the amount of addresses that would
eventually be needed for not only each person, but each device that would require an IP address, and therefore a system with a
larger pool of IP addresses was r equired. IPv6 has addressed that issue, along with other issues that enhance routing over the
network, provide better security and improve Quality of Service for Internet users. Some of the improvements made were:
Expanding the Capabilities for IP Addressing – IPv6 has increased the size of the IP address from 32 bits to 128 bits. As a
result, the addressing hierarchy has been greatly expanded, more nodes now have the capability of having a unique IP address an d
the method of assigning an IP address to an interface has become cleaner and quick er. Unicast and multicast addresses still exist
but in a purer form and multicast addresses now have a scope field which increases the scalability of multicast routing. Also, an
anycast address has been added, which will send packets to the closest node which is a part of a group of nodes, thereby
eliminating a specified device for a particular group.
Simplifying the Packet Header – The IPv6 packet header has been simplified from IPv4 as some headers have been modified or
dropped altogether, which improves processing speed and cost. The IPv6 header now has a fixed length of 40 bytes consisting of
an 8-byte header and two 16-byte IP addresses (source and destination).
Extensions and Options Enhancement – Packet header option fields encoding has been enhanced to allow for proficient
forwarding of packets due to lesser restrictions on packet option length and encoding method. This enhancement will also allow
new option fields to be integrated into the IPv6 system without hassles and limitations. These optional headers are placed between
the header and the payload of a packet, if they are necessary at all.
Authentication and Privacy Extension Support – New authentication capabilities use extensions for data integrity and data
confidentiality for IPv6.
xStack® DGS-3426G Layer 2 Gigabit Ethernet Managed Switch
9
Flow Labeling – This new capability allows packets to be streamlined into certain traffic “flows” if labeled by the sender. In this
way, services such as “real time services or non-default quality of service can receive special attention for improved flow quality.
xStack® DGS-3426G Layer 2 Gigabit Ethernet Managed Switch
10
Packet Format
As in IPv4, the IPv6 packet consists of the packet header and the payload, but the difference occurs in the packet header which has
been amended and improved for better packet flow and processing. The following will outline and detail the IPv6 enhancements
and parts of the IPv6 packet, with special attention to the packet header.
IPv6 Header
The IPv6 packet header has been modified and simplified from IPv4. The header length, identification, flags, fragment offset and
header checksum have all been removed in the IPv6 header due to lack of necessity or improvement to a better function of the
header. The minimum header length is now 20 bytes but may be increased to as much as 60 bytes, using 4-byte increment
extensions. The following picture is an example of an IPv6 packet header.
Eight fields make up the basic IPv6 packet header:
Version – This 4-bit field defines the packet version, which is IPv6 and is defined as the number 6.
Traffic Class – This 1-byte field replaces the Type of Service field used in IPv4 and is used to process real-time data and other
data requiring special packet management. This field defines the Class of Service priority of an IPv6 packet.
Flow Label – This 20-bit field is used to facilitate the handling of real-time traffic. Hosts sending data can place a flow label into
this field to identify a sequence of packets that have an identical set of options. In this way, router can process these packets more
efficiently once the flow class has been identified and the rest of the packet header no longer needs to be fully processed, just the
flow label and the source address. All flow label packets must have identical source and destination addresses.
Payload Length – Known as the datagram length in IPv4, this 16-bit field specifies the length of the IPv6 data carried after the
header of the packet. Extension headers are considered part of the payload and are included in the length specified here.
Next Header – This 8-bit field is used to identify the header immediately following the IPv6 header. When this field is set after
the hop by-hop header, it defines the extension header that will appear after the destinatio n address. Each extension head er must
be preceded by a Next Header field. Integers used to define extension headers in the next Header field use the same values as IPv4
(ex: 6=TCP, 17=UDP, etc.).
Hop Limit - Similar to the TTL field in IPv4, this 8-bit field defines the number of hops remaining after the packet has been
processed by a node, instead of the number of seconds left to live as on an IPv4 network . This field will decrement by one after
every node it passes and the packet will be discarded once this field reaches zero.
Source Address – This 16-byte field defines the IPv6 address of the source node sending the packet.
Destination Address – This 16-byte field defines the IPv6 address of the destination node receiving the packet. This may or may
not be the final destination node of this packet, depending on the routing header, if present.
xStack® DGS-3426G Layer 2 Gigabit Ethernet Managed Switch
11
Extension Headers
Extension headers are used to identify optional parameters regarding IPv6 packets such as routing, fragmentation of packets or
authentication parameters. The types of extension headers supported are Hop-by-Hop, Routing, Fragment, Destination Options,
Authentication and Encapsulating Security Payload. These extension headers are placed between the IPv6 packet header and the
payload and are linked together by the aforementioned Next Header, as shown below.
IPv6 header
Next Header = TCP
TCP header + data
IPv6 header
Next Header = Routing
Routing Header
Next Header = TCP
TCP header + data
IPv6 header
Next Header =
Destination Options
Destination Options
Header
Next Header = Routing
Routing Header
Next Header = TCP
TCP header + data
Each header has a specific place in the header chain and must follow the following order:
• IPv6 Header
• Hop-By-Hop Header (Must follow the IPv6 header)
• Destination Options
• Routing Header
• Fragment Header
• Authentication Header
• Encapsulating Security Payload Header
• Destination Options Header
• Upper Layer Header
There may be zero, one or more extension headers in the IPv6 header, they must be processed in order and they are to be in
increments of 8 octets in the IPv6 packet. Nodes that do not recognize the field of the extension header will discard the packet and
send a relevant ICMPv6 message back to the source.
Packet Fragmentation
At times, packets are sent out to a destination that exceed the size of the Path MTU, so the source node is required to split these
packets into fragments in individual packets which will be rebuilt when it reaches its final destination. Each of the packets that
will be fragmented is given an Identification value, by the source node. It is essential that each of these Identification values is
different than any other fragmented packet recently sent that include the same source and destination address. The original packet
is divided into two parts, a fragmentable part and an unfragmentable part. The unfragmentable part of the packet consists of the
IPv6 header and any extension headers present, up to the routing extension header. The fragmentable part has the payload plus any
extension headers that must be processed by the final destination node. This part will be divided into multiple packets that ar e of a
size that can be accepted by the Path MTU. The IPv6 header is then included with this fragmented part and sent to its destination.
Once all parts of the fragmented packet reach its destination, they are reassembled using the Fragment Identification value,
provided that the source and destination addresses are identical.
Address Format
To address the problem of finding a larger pool of IP addresses for IPv6, the size and format of the IPv4 format needed to be
changed. Quadrupling the size of the address, from 32 bits to 128 bits, and encoding addresses using the hexadecimal form were
used to solve the prob lem. In IPv4, the format of the address loo ked like xxx.xxx.xxx.xxx, where the x’ s represent integers from
0-9 (ex. 136.145.225.121). Now in IPv6, the format of the address resembles xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx where a
xStack® DGS-3426G Layer 2 Gigabit Ethernet Managed Switch
12
set of xxxx represents a 16-bit hexadecimal value (ex. 2D83:0C76:3140:0000:0000:020C:417A:3214). Although this address
looks long and cumbersome, there are some compression rules that will shorten the format of the IPv6 address to make it more
compatible to the user.
One such compression rule that is used is to remove leading zeros from any 16-bit hexadecimal value. This is only for zeros th at
begin the value, not for zeros within the value or ones that are ending the value. Therefore, if we take the previous example IPv6
address and use the compression rules, our IPv6 address would look like this:
2D83:0C76:3140:0000:0000:020C:417A:3214 Æ 2D83:C76:3140:0:0:20C:417A:3214
The second compression method is to change a string of zero bits into two colons. At times, there may be strings of empty values
in the IPv6 address that are unused for this address, but they are necessary for the format of other IPv6 addresses with alternate
purposes. To compress these zero strings, the format “::” is used to represent multiple zero fields in the address. This double colon
can only be used once in the IPv6 address because when a computer finds a colon, it will expand this field with as many zeros as
is necessary to reach the 128-bit address size. If two strings of zeros are present, separated by another non-zero field, a zero must
be used to represent one of the two zero fields. So, if we reduce our example using this compression, it would look like this:
2D83:0C76:3140:0000:0000:020C:417A:3214 Æ 2D83:C76:3140:0:0:20C:417A:3214 Æ2D83:C76:3140::20C:417A:3214
When IPv4 and IPv6 nodes are mixed in a network, the IPv6 notation overcomes the difficulty of using an IPv4 address by
converting it to the IPv6 format using zeros at the beginning of the IPv4 address. For example, an IP address of 192.168.1.1 is
represented in IPv6 format x:x:x:x:d.d.d.d where the x’s are a string of zeros and the d’s represent the normal IPv4 address. (ex.
0:0:0:0:192.168.1.1 or condensed ::192.168.1.1 or hex form ::C0A8:1:1).
Types
IPv6 addresses are classified into three main categories, unicast, multicast and anycast.
Unicast – This address represents a single interface on an IPv6 node. Any packet with a unicast address as its destination address
will only be sent to that specific node. Two types of unicast addresses are mainly used for IPv6.
• Link-Local – Defined by the IPv6 address prefix FE80::/10, link-local addresses allow for communication to occur
between devices on a local link. These addresses are used in neighbor discovery and stateless autoconfiguration.
• Global Aggregateable - Defined using a global routing prefix in the range of 2000::/3 to E000::/3, global addresses are
aggregated using these routing prefixes to produce unique IPv6 addresses, which will limit global routing table entries.
The MAC address of the device is used to produce this address in this form:
Global Routing Prefix + Site Level Aggregator + MAC address (first 3 bits) + FFFE + MAC Address (last 3 bits)
So if your MAC address looks like 00-0C-6E-6B-EB-0C, your IPv6 address may resemble
2000::C:6E:6B:FF:FE:EB:0C/64.
Multicast – Like IPv4, multicast addresses are used to send packets to multiple destinations on a network. These interfaces must
be a part of the multicast group. IPv6 multicast prefixes begin with the prefix FF00::/8. FF represents the binary 1111 1111 which
identifies a multicast address. The first zero, which is a 4-bit integer, represents the lifetime of the packet. An entry of zero in this
field represents a permanent multicast address and an entry of one represents a temporary multicast address. The second zero,
which is also a 4-bit integer, defines the scope of the multicast address. This scope defines to what places the multicast address is
valid. For example, a value of 1 defines the node, 2 defines the link, 5 defines a site, 8 defines a organization and so on. Not all
integers are in use for the scope field. An example of this would be FF02 where the 2 represents a multicast packet going to all the
nodes on a local link.
Anycast – The anycast address will send messages to the nearest node of a particular group. This address is assigned to multiple
interfaces in the group but only the node with the closest proximity will receive the message. These anycast addresses are
allocated from the unicast address space and therefore have no real defined prefix to distinguish it from other IPv6 addresses. The
main purpose of the anycast address is to identify a set of routers owned by an organization providing Internet service. It could
also be used to identify a set of routers connected to a particular subnet or permitting entrance to a specific routing domain.
Two other special types of addresses exist in IPv6. The unspecified address has a value of 0:0:0:0:0:0:0:0 which is comparable to
the 0.0.0.0 address in IPv4. This address is used to indicate the lack of a valid IP address on a node and may be used by a device
when booting and requesting address configuration notification. In its IPv6 condensed form, it appears as “::” and should not be
statically or dynamically assigned to an interface, nor should it be the destination address of an IPv6 packet, or located within the
routing header.
The second type of special address is the loopback address which is represented by 0:0:0:0:0:0:0:1, or ::1 in its compressed form.
It is akin to the 127.0.0.1 address in IPv4 and is used in troubleshooting and testing IP stacks. This address, like the unspecified
address, and should not be statically or dynamically assigned to an interface.
xStack® DGS-3426G Layer 2 Gigabit Ethernet Managed Switch
13
ICMPv6
Network professionals are already very familiar with ICMP for IPv4, which is an essential tool in the IPv4 network, relaying
messages about network problems and the general condition of the network. ICMPv6 is the successor to the IPv4 version and
performs many of the same basic functions as its precursor, yet is not compatible with ICMPv4. ICMPv6 has made improvements
over its forerunner, with such enhancements as managing multicast group memberships and allowing for neighbor discovery by
resolving link-layer addresses attached to the same link and identifying changes in those addresses. ICMP can also discover
routers, determine which neighbors can be reached and map IP addresses to MAC addresses within the network. ICMPv6 is a vital
part of the IPv6 network and must be implemented on every IPv6 node for operations to function normally.
Two kinds of ICMP messages are apparent on the IPv6 network:
Error Messages – ICMP error messages are sent out on the network when packet sizes exceed the path MTU (Maximum Transfer
Unit), when the hop count of the IPv6 packet has been surpassed, when messages cannot reach their intended destination and
when there are parameter problems within the IPv6 packet.
Informational Messages – ICMP informational messages send out packets describing current network information valuable to
devices on the network. A common and useful ICMPv6 informational message is the ping program use to discover the availability
a device, by using a ping request and reply format. Other informational messages include Path MTU discovery, which is used to
determine the maximum size of data packets that can be allowed to be transferred, and N eighbor Discovery messages, which
discover routers that can forward packets on the network. Neighbor discovery will be discussed further in the next section.
Neighbor Discovery
Neighbor discovery is a new feature incorporated in IPv6. In IPv4, no means were available to tell if a neighbor could be reached.
Now, combining ICMP messages and ARP, neighbors can be detected and their layer 2 addresses (MAC Address) can be
identified. This feature can also discover neighboring routers th at can forward p ackets and keep track of the reach ability o f routers,
as well as if changes occur within link-layer addresses of nodes on the network or identical unicast addresses are present on the
local link.
The functionality of the Neighbor Discovery feature is based on ICMPv6 packets, Neighbor Solicitation and Router
Advertisement messages circulating on the network. When a node wishes to determine link layer addresses of other nodes on the
same link, it produces a Neighbor Solicitation message to be circulated on the local link. When received by a neighbor, this
neighbor will produce Router Advertisements immediately to be returned. These Router Advertisements will contain a multicast
address as the destination address and have an ICMP type of 134 (the specified number for Router Advertisements), as well as
having the link-layer address of the node sending the advertisement. Router Advertisement messages may be periodic, specified in
the advertisement by having the all-nodes multicast address FF02::1, or sent out as a result of receiving a Neighbor Solicitation
message, specified in the advertisement by having the address of the interface that first sent the solicitation message. Once
confirmation of the Neighbor has been reached, packets can now be exchanged on the link.
Neighbor Unreachability Detection
At times on the network, problems occur in reaching the Neighbor node or getting a response from the Neighbor. A neighbor is
considered reachable when it has received and processed packets sent to it, and in return sends a packet back notifying a
affirmative response. This response may come in the form of an indication from an upper-layer protocol, like TCP, noting that
progress is being made, or in response from a Neighbor Solicitation message in the form of a Router Advertisement message. If
responses are not received from the node, it is considered unreachable and a Destination Unreachable message is received in the
form of an ICMP packet. This Destination Unreachable ICMP packet will contain the reason for the fault, located in the code field
of the ICMP header. Five possible reasons for the failure can be stated:
1. There is no route or destination (Code 0).
2. Communication has been administratively prohibited, such as a firewall or filter (Code 1)
3. Beyond the scope of the source address, when the multicast scope of the source address is smaller than the scope of the
destination address (Code 2)
4. The address is unreachable (Code 3)
5. The port is unreachable (Code 4)
xStack® DGS-3426G Layer 2 Gigabit Ethernet Managed Switch
14
Duplicate Address Detection (DAD)
DAD messages are used to specify that there is more than one node on a local link possessing the same IP address. IPv6 addresses
are only leased for a defined period of time. When that time expires, the address will become invalid and another address must be
addressed to the node. To ensure that this new address is unique on the local link, a node runs a DAD process to determine the
uniqueness of the new address. This is done through th e use of a Neighbor Solicitation message containing a Tentative addr ess.
This message will detect if another node on the local link has this Tentative address. If the Tentative address is found on another
node, that node will send out a Neighbor Advertisement message, the process will be terminated, and manual configuration will be
necessary. If no answer is forthcoming regarding this Neighbor Solicitation message containing the tentative address, the address
is allotted to the node and connectivity is established.
Assigning IP Addresses
For IPv4 addresses, users may only assign one address per interface and only one address may be used on a particular VLAN. Yet,
IPv6 addresses are different. All IPv6 interfaces on the switch must have at least one IPv6 link-local unicast address, if the user is
employing the IPv6 addressing scheme. Multiple IPv6 addresses may be configured for IPv6 interfaces, regardless of type,
whether it is unicast, multicast or anycast. The scope of the address has some bearing on the assigning multiple addresses to a
single interface as well. If multiple physical interfaces are considered as one interface on the Internet layer, multiple unicast
addresses may be alloted to multiple physical interfaces, which would be beneficial for load sharing on these interfaces. This is
dependent on these unicast addresses having a scope smaller than the link-local address, if these unicast addresses are not the
source or destination address for IPv6 packets to or from address that are not IPv6 neighbors of the interface in question.
IP Interface Setup
Each VLAN must be configured prior to setting up the VLAN’s corresponding IP interface.
An example is presented below:
VLAN Name VID Switch Ports
System (default) 1 5, 6, 7, 8, 21, 22, 23, 24
Engineer 2 9, 10, 11, 12
Marketing 3 13, 14, 15, 16
Finance 4 17, 18, 19, 20
Sales 5 1, 2, 3, 4
Backbone 6 25, 26
Table 2- 1 VLAN Example - Assigned Ports
In this case, six IP interfaces are required, so a CIDR notation of 10.32.0.0/11 (or a 11-bit) addressing scheme will work. This
addressing scheme will give a subnet mask of 11111111.11100000.00000000.00000000 (binary) or 255.224.0.0 (decimal).
Using a 10.xxx.xxx.xxx IP address notation, the above example would give six network addresses and six subnets.
Any IP address from the allowed range of IP addresses for each subnet can be chosen as an IP address for an IP interface on the
switch.
For this example, we have chosen the next IP address above the network address for the IP interface’s IP Address:
VLAN Name VID Network Number IP Address
System (default) 1 10.32.0.0 10.32.0.1
Engineer 2 10.64.0.0 10.64.0.1
Marketing 3 10.96.0.0 10.96.0.1
Finance 4 10.128.0.0 10.128.0.1
Sales 5 10.160.0.0 10.160.0.1
Backbone 6 10.192.0.0 10.192.0.1
Table 2- 2 VLAN Example – Assigned IP Interfaces
xStack® DGS-3426G Layer 2 Gigabit Ethernet Managed Switch
15
The six IP interfaces, each with an IP address (listed in the table above), and a subnet mask of 255.224.0.0 can be entered into the
Setup IP Interface window.
IP Address
The IP Address may initially be set using the console interface prior to connecting to it through the Ethernet. If the Switch IP
address has not yet been changed, read the introduction of the xStack
®
DGS-3426G CLI Manual for more information. To change
IP settings using the web manager you must access the IP Address menu located in the Administration folder.
To configure the Switch's IPv4 address:
To view this window, click Administration > IP Address, as shown below:
Figure 2 - 2 IP Address Settings window
To manually assign the Switch's IP address, subnet mask, and default gateway address:
1. Select Manual from the Get IP From drop-down menu.
2. Enter the appropriate IP Address and Subnet Mask.
3. If accessing the Switch from a different subnet from the one it is installed on, enter the IP address of the Default Gateway.
If managing the Switch from the subnet on which it is installed, the user may leave the default address (0.0.0.0) in this
field.
4. If the Switch has no previously configured VLANs, the user can use the default VLAN Name. The default VLAN
contains all of the Switch ports as members. If the Switch has previously configured VLANs, the user will need to enter
the VLAN ID of the VLAN that contains the port connected to the management station that will access the Switch. The
Switch will allow management access from stations with the same VID listed here.
NOTE: The Switch's factory default IP address is 10.90.90.90 with a
subnet mask of 255.0.0.0 and a default gateway of 0.0.0.0.
To use the BOOTP or DHCP protocols to assign the Switch an IP address, subnet mask, and default gateway address:
Use the Get IP From: drop-down menu to choose from BOOTP or DHCP. This selects the method the Switch assigns an IP
address on the next reboot.
The following fields can be set or modified:
xStack® DGS-3426G Layer 2 Gigabit Ethernet Managed Switch
16
Parameter Description
BOOTP
The Switch will send out a BOOTP broadcast request when it is powered up. The BOOTP protocol
allows IP addresses, network masks, and default gateways to be assigned by a central BOOTP
server. If this option is set, the Switch will first look for a BOOTP server to provide it with this
information before using the default or previously entered settings.
DHCP
The Switch will send out a DHCP broadcast request when it is powered up. The DHCP protocol
allows IP addresses, network masks, and default gateways to be assigned by a DHCP server. If
this option is set, the Switch will first look for a DHCP server to provide it with this information
before using the default or previously entered settings.
Manual
Allows the entry of an IP address, Subnet Mask, and a Default Gateway for the Switch. These
fields should be of the form xxx.xxx.xxx.xxx, where each xxx is a number (represented in decimal
form) between 0 and 255. This address should be a unique address on the network assigned for
use by the network administrator.
Subnet Mask
A Bitmask that determines the extent of the subnet that the Switch is on. Should be of the form
xxx.xxx.xxx.xxx, where each xxx is a number (represented in decimal) between 0 and 255. The
value should be 255.0.0.0 for a Class A network, 255.255.0.0 for a Class B network, and
255.255.255.0 for a Class C network, but custom subnet masks are allowed.
Default
Gateway
IP address that determines where packets with a destination address outside the current subnet
should be sent. This is usually the address of a router or a host acting as an IP gateway. If your
network is not part of an intranet, or you do not want the Switch to be accessible outside your local
network, you can leave this field unchanged.
VLAN Name
This allows the entry of a VLAN Name from which a management station will be allowed to manage
the Switch using TCP/IP (in-band via Web manager or Telnet). Management stations that are on
VLANs other than the one entered here will not be able to manage the Switch in-band unless their
IP addresses are entered in the Security IP Management window. If VLANs have not yet been
configured for the Switch, the default VLAN contains all of the Switch's ports. There are no entries
in the Security IP Management table, by default, so any management station that can connect to
the Switch can access the Switch until a management VLAN is specified or Management Station IP
Addresses are assigned.
Click Apply to implement changes made.
This window also contains the current IPv6 setup on the Switch. Configuring IPv6 interfaces can be done in under the Interface
Settings heading, by clicking the link IPv6 Interface Settings, which will be discussed in the next section.
Setting the Switch's IP Address using the Console Interface
Each Switch must be assigned its own IP Address, which is used for communication with an SNMP network manager or other
TCP/IP application (for example BOOTP, TFTP). The Switch's default IP address is 10.90.90.90. The default Switch IP address
can be changed to meet the specification of your networking address scheme.
The IP address for the Switch must be set before the Web-based manager can manage the switch. The Switch IP address can be
automatically set using BOOTP or DHCP protocols, in which case the actual address assigned to the Switch must be known. The
IP address may be set using the Command Line Interface (CLI) over the console serial port as follows:
• Starting at the command line prompt, enter the commands config ipif System ipaddress xxx.xxx.xxx.xxx/
yyy.yyy.yyy.yyy. Where the x's represent the IP address to be assigned to the IP interface named System and the y's
represent the corresponding subnet mask.
• Alternatively, the user can enter config ipif System ipaddress xxx.xxx.xxx.xxx/z. Where the x's represent the IP
address to be assigned to the IP interface named System and the z represents the correspond ing number of subnets in
CIDR notation.
The IP interface named System on the Switch can be assigned an IP address and subnet mask, which can then be used to connect a
management station to the Switch's Telnet or Web-based management agent.
Successful entry of the command will produce a “Success” message, indicating that the command execution was correctly. The
user may now utilize this address to configure or manage the Switch through Telnet, the Command Line Interface (CLI) or the
Web-based management (GUI).
xStack® DGS-3426G Layer 2 Gigabit Ethernet Managed Switch
17
Interface Settings
The IP address may initially be set using the console interface prior to connecting to it through the Ethernet. If the Switch IP
address has not yet been changed, read the introduction of the xStack
®
DGS-3426G CLI Manual for more information. To change
IP settings using the Web manager, users must access the IP Address window (Administration > IP Address). Open
Administration folder and click Interface Settings to access two folders to set up IP interfaces on the Switch, one for IPv4
addresses, IPv4 Interface Settings, and one for IPv6 addresses, IPv6 Interface Settings.
IPv4 Interface Settings
To view this window, click Administration > Interface Settings > IPv4 Interface Settings, as shown below:
Figure 2 - 3 IPv4 Interface Settings window
To manually assign the Switch's IPv4 address and its related configurations, click the Add button, revealing the following window
to configure.
Figure 2 - 4 IPv4 Interface Settings - Add
To modify an existing Interface, click that interface’s hyperlinked Interface Name, which will produce this window:
Figure 2 - 5 IPv4 Interface Settings – Modify
Enter a name for the new interface to be added in the Interface Name field (if editing an IP interface, the Interface Name will
already be in the top field as seen in the window above). Enter the interface’s IP address and subnet mask in the corresponding
xStack® DGS-3426G Layer 2 Gigabit Ethernet Managed Switch
18
fields. Pull the Interface Admin State drop-down menu to Enabled and click Apply to enter to make the IP interface effective. To
view entries in the IP Interface Settings, click the Show All IP Interface Entries
hyperlink. Use the Save Changes dialog box
from the Save Services folder to enter the changes into NV-RAM.
The following fields can be set or modified:
Parameter Description
Interface Name
This field displays the name for the IP interface or it is used to add a new interface created
by the user. The default IP interface is named “System”.
IP Address
This field allows the entry of an IPv4 address to be assigned to this IP interface.
Subnet Mask
This field allows the entry of a subnet mask to be applied to this IP interface.
VLAN Name
This field displays the VLAN name directly associated with this interface.
Interface Admin. State
Use the drop-down menu to enable or disable configuration on this interface.
Click Apply to implement changes made.
NOTE: The Switch's factory default IP address is 10.90.90.90 with a
subnet mask of 255.0.0.0 and a default gateway of 0.0.0.0.
IPv6 Interface Settings
This window is used to set up IPv6 interfaces and addresses for the Switch.
To view this window, click Administration > Interface Settings > IPv6 Interface Settings, as shown below:
Figure 2 - 6 IPv6 Interface Settings window
To add a new IPv6 interface, click the Add button, which will display the following window.
Figure 2 - 7 IPv6 Interface Settings – Add
To add an Interface, enter an Interface Name in the field provided, along with a corresponding VLAN Name, set the Interface
Admin. State to Enabled and click Apply. Newly created interfaces will appear in the IPv6 Interface Settings window.
To change the settings for a configured Interface, click the corresponding Modify button, which will display the following
window for the user to configure.
xStack® DGS-3426G Layer 2 Gigabit Ethernet Managed Switch
19
Figure 2 - 8 IPv6 Interface Settings – Edit
The following fields may be viewed or modified. Click Apply to set the changes made.
Parameter Description
Interface Name
This field displays the name for the IP interface or it is used to add a new interface or
change an existing interface name. The default IP interface is named “System”.
The Interface field is used for addresses on the link-local network. It is recommended that
the user enter the specific interface for a link-local IPv6 address. For Global Ipv6
addresses, this field may be omitted.
Automatic Link Local
Address
Use this drop-down menu to enable or disable the Automatic Link Local Address. When
enabled, the switch will automatically create an IPv6 link-local address for the switch.
Once the user enables this feature and clicks Apply, an IPv6 address will be produced
based on the MAC address of the switch and the new entry will appear in the following
Link-Local Address field.
Link-local Address
This field displays the IPv6 address created automatically by the Switch, based on the
MAC Address of the Switch. This is a site local address used only for local routing.
Global Unicast
Address
This field is the unicast address that will be used by the Switch for packets coming from
outside the site-local address, or the public IPv6 address, when connected directly to the
Internet.
VLAN Name
This field states the VLAN Name directly associated with this interface.
Loading...