D-LINK DWS-3227P User Manual

Configuration Guide

Product Model : DWS-3000 Series Unified Wired & Wireless Access System Release 3.0

February 2011

Configuration Guide

List of Figures. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

List of Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

About This Book . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Document Organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

CLI/Web Examples - Slot/Port Designations . . . . . . . . . . . . . . . . . . . . . . . 16

Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

CLI Documentation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

1 Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

In-Band and Out-of-Band Connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Configuring for In-Band Connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Configuring for Out-of-Band Connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Starting the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Initial Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Unified Switch Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Quick Starting the Networking Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

System Information and System Setup. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

2 Using the Web Interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Configuring for Web Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Starting the Web Interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

Web Page Layout. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

Configuring an SNMP V3 User Profile. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

Command Buttons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

Switching the Date/Time Zone. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

3 Virtual LANs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

VLAN Configuration Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

Configuring a Guest VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

Configuring Dynamic VLAN Assignments . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

CLI Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

Example #1: Create Two VLANs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

Example #2: Assign Ports to VLAN2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

Example #3: Assign Ports to VLAN3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

Example #4: Assign VLAN3 as the Default VLAN . . . . . . . . . . . . . . . . . . . . . 36

Example #5: Assign IP Addresses to VLAN 2 . . . . . . . . . . . . . . . . . . . . . . . . . 36

Web Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

Private Edge VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

CLI Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

Voice VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

Configuration Guide

4 Storm Control. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .41

5 Trunking (Link Aggregation) . . . . . . . . . . . . . . . . . . . . . . . . . . .45

6 IGMP Snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .49

CLI Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

Example #1: Set Broadcast Storm Control for All Interfaces . . . . . . . . . . . . . 41

Example #2: Set Multicast Storm Control for All Interfaces . . . . . . . . . . . . . . 42

Example #3: Set Unicast Storm Control for All Interfaces . . . . . . . . . . . . . . . 42

Web Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

CLI Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

Example 1: Create two port-channels: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

Example 2: Add the physical ports to the port-channels: . . . . . . . . . . . . . . . . 47

Example 3: Enable both port-channels: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

Web Interface Configuration — LAGs/Port-channels . . . . . . . . . . . . . . . . 48

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

CLI Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

Example #1: show igmpsnooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

Example #2: show mac-address-table igmpsnooping . . . . . . . . . . . . . . . . . . . 50

Example #3: set igmp (Global Config Mode) . . . . . . . . . . . . . . . . . . . . . . . . . 50

Example #4: set igmp (Interface Config Mode). . . . . . . . . . . . . . . . . . . . . . . . 50

Web Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

7 Port Mirroring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .57

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

CLI Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

Example #1: Set up a Port Mirroring Session . . . . . . . . . . . . . . . . . . . . . . . . . 57

Example #2: Show the Port Mirroring Session . . . . . . . . . . . . . . . . . . . . . . . . 58

Example #3: Show the Status of All Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

Example #4: Show the Status of the Source and Destination Ports. . . . . . . . . 58

Web Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

8 Link Layer Discovery Protocol. . . . . . . . . . . . . . . . . . . . . . . . . .61

CLI Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

Example #1: Set Global LLDP Parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . 61

Example #2: Set Interface LLDP Parameters . . . . . . . . . . . . . . . . . . . . . . . . . 62

Example #3: Show Global LLDP Parameters . . . . . . . . . . . . . . . . . . . . . . . . . 62

Example #4 Show Interface LLDP Parameters . . . . . . . . . . . . . . . . . . . . . . . . 62

Using the Web Interface to Configure LLDP . . . . . . . . . . . . . . . . . . . . . . . 63

9 Denial of Service Attack Protection . . . . . . . . . . . . . . . . . . . . . .67

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

CLI Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

Web Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68

10 Port Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .69

Port Routing Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

CLI Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

Example 1. Enabling Routing for the Switch . . . . . . . . . . . . . . . . . . . . . . . . . 70

Example 2. Enabling Routing for Ports on the Switch . . . . . . . . . . . . . . . . . . 70

Using the Web Interface to Configure Routing. . . . . . . . . . . . . . . . . . . . . . 72

11 VLAN Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

VLAN Routing Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

CLI Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

Example 1: Create Two VLANs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74

Example 2: Set Up VLAN Routing for the VLANs and the Switch.. . . . . . . . . 75

Using the Web Interface to Configure VLAN Routing . . . . . . . . . . . . . . . . 76

12 Virtual Router Redundancy Protocol. . . . . . . . . . . . . . . . . . . . 79

CLI Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79

Example 1: Configuring VRRP on the Switch as a Master Router. . . . . . . . . 80

Example 2: Configuring VRRP on the Switch as a Backup Router . . . . . . . . 81

Using the Web Interface to Configure VRRP . . . . . . . . . . . . . . . . . . . . . . . 82

13 Proxy Address Resolution Protocol (ARP). . . . . . . . . . . . . . . . 85

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85

CLI Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85

Example #1 show ip interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85

Example #2: ip proxy-arp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

Web Example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

14 Routing Information Protocol (RIP). . . . . . . . . . . . . . . . . . . . . 87

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

RIP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

RIP Interface Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88

RIP Route Redistribution Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . 88

15 Access Control Lists (ACLs) . . . . . . . . . . . . . . . . . . . . . . . . . . . 91

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91

Limitations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91

MAC ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92

IP ACLs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92

ACL Configuration Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

IP ACL CLI Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

Example #1: Create ACL 179 and Define an ACL Rule . . . . . . . . . . . . . . . . . 94

Example #2: Define the Second Rule for ACL 179 . . . . . . . . . . . . . . . . . . . . . 94

Example #3: Apply the rule to Inbound Traffic on Port 0/2 . . . . . . . . . . . . . . 94

MAC ACL CLI Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94

Example #4: Set up a MAC Access List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94

Example #5: Specify MAC ACL Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . 95

Example #6 Configure MAC Access Group . . . . . . . . . . . . . . . . . . . . . . . . . . 96

Example #7 Set up an ACL with Permit Action. . . . . . . . . . . . . . . . . . . . . . . . 97

Configuration Guide

16 802.1X Network Access Control. . . . . . . . . . . . . . . . . . . . . . . .105

17 Captive Portal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

Example #8: Show MAC Access Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

Web Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98

MAC ACL Web Pages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98

IP ACL Web Pages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101

802.1x Network Access Control Example. . . . . . . . . . . . . . . . . . . . . . . . . 106

Guest VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

Configuring the Guest VLAN by Using the CLI. . . . . . . . . . . . . . . . . . . . . . . 107

Configuring the Guest VLAN by Using the Web Interface. . . . . . . . . . . . . . . 108

Configuring Dynamic VLAN Assignment . . . . . . . . . . . . . . . . . . . . . . . . . 109

Web Example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

CLI Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113

Customizing the Captive Portal Web Page . . . . . . . . . . . . . . . . . . . . . . . . 113

Client Authentation Logout Request . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116

Captive Port Rate Limiting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117

18 Port Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119

Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119

CLI Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120

Example #1: show port security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120

Example #2: show port security on a specific interface . . . . . . . . . . . . . . . . 120

Example #3: (Config) port security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120

Web Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121

19 RADIUS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .125

Client Name in Local MAC Authentication List . . . . . . . . . . . . . . . . . . . . 125

RADIUS Fail-through and Failover Server Support . . . . . . . . . . . . . . . . 126

RADIUS Configuration Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

Configuring RADIUS for Wired Clients. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

Configuring RADIUS Fail-through on a Managed AP . . . . . . . . . . . . . . . . . 131

20 TACACS+. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .133

TACACS+ Configuration Example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133

Configuring TACACS+ by Using CLI Commands. . . . . . . . . . . . . . . . . . . . . 134

Configuring TACACS+ by Using the Web Interface . . . . . . . . . . . . . . . . . . . 135

21 Class of Service Queuing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .139

Ingress Port Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139

Trusted and Untrusted Ports/CoS Mapping Table . . . . . . . . . . . . . . . . . . . . . 139

CoS Mapping Table for Trusted Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140

Egress Port Configuration - Traffic Shaping . . . . . . . . . . . . . . . . . . . . . . 140

Queue Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140

Queue Management Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140

CLI Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140

Web Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143

22 Differentiated Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147

CLI Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148

DiffServ Inbound Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148

Adding Color-Aware Policing Attribute . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150

Using the Web Interface to Configure Diffserv. . . . . . . . . . . . . . . . . . . . . 151

Configuring the Color-Aware Attribute by Using the Web . . . . . . . . . . . . . . 159

DiffServ for VoIP Configuration Example . . . . . . . . . . . . . . . . . . . . . . . . 161

Configuring DiffServ VoIP Support Example . . . . . . . . . . . . . . . . . . . . . . . . 162

23 DHCP Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163

Limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163

CLI Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164

Example #1: Enable DHCP Filtering for the Switch . . . . . . . . . . . . . . . . . . 164

Example #2: Enable DHCP Filtering for an Interface . . . . . . . . . . . . . . . . . 164

Example #3: Show DHCP Filtering Configuration . . . . . . . . . . . . . . . . . . . 164

Web Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164

24 Traceroute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167

CLI Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167

25 Configuration Scripting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169

Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169

CLI Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169

Example #1: script. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169

Example #2: script list and script delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170

Example #3: script apply running-config.scr . . . . . . . . . . . . . . . . . . . . . . . . 170

Example #4: show running-config . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170

Example #5: copy nvram: script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171

Example #6: script validate running-config.scr . . . . . . . . . . . . . . . . . . . . . . 171

Example #7: Validate another Configuration Script. . . . . . . . . . . . . . . . . . . 172

26 Outbound Telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173

CLI Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173

Example #1: show network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174

Example #2: show telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174

Example #3: transport output telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174

Example #4: session-limit and session-timeout. . . . . . . . . . . . . . . . . . . . . . . 174

Web Example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175

Configuration Guide

27 Pre-Login Banner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .177

28 Simple Network Time Protocol (SNTP). . . . . . . . . . . . . . . . . .179

29 Syslog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .185

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177

CLI Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179

CLI Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179

Example #1: show sntp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179

Example #2: show sntp client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179

Example #3: show sntp server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180

Example #4: configure sntp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180

Example #5: configure sntp client mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180

Example #6: configuring sntp server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181

Example #7: configure sntp client port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181

Web Interface Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185

Interpreting Log Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185

CLI Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186

Example #1: show logging. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186

Example #2: show logging buffered. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186

Example #3: show logging traplogs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187

Example 4: show logging hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187

Example #5: logging port configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188

Web Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189

30 Port Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .191

CLI Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191

Example #1: Enter a Description for a Port . . . . . . . . . . . . . . . . . . . . . . . . . 191

Example #2: Show the Port Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191

Configuring Port Description with the Web Interface . . . . . . . . . . . . . . . 192

List of Figures

Figure 1. Web Interface Panel-Example .............................................................. 28

Figure 2. Web Interface Panel-Example .............................................................. 29

Figure 3. Configuring an SNMP V3 User Profile ................................................ 29

Figure 4. System Description Page....................................................................... 31

Figure 5. VLAN Example Network Diagram....................................................... 34

Figure 6. VLAN Configuration ............................................................................ 36

Figure 7. VLAN Port Configuration..................................................................... 37

Figure 8. Voice VLAN Configuration .................................................................. 39

Figure 9. Port Configuration (Storm Control) ...................................................... 43

Figure 10. LAG/Port-channel Example Network Diagram .................................. 46

Figure 11. Trunking Configuration....................................................................... 48

Figure 12. IGMP Snooping - Global Configuration and Status Page................... 51

Figure 13. IGMP Snooping - Interface Configuration Page ................................. 52

Figure 14. IGMP Snooping VLAN Configuration ............................................... 52

Figure 15. IGMP Snooping - VLAN Status Page................................................. 53

Figure 16. IGMP Snooping - Multicast Router Statistics Page ............................ 53

Figure 17. IGMP Snooping - Multicast Router Configuration Page .................... 54

Figure 18. IGMP Snooping - Multicast Router VLAN Statistics Page ................ 54

Figure 19. IGMP Snooping - Multicast Router VLAN Configuration Page ........ 55

Figure 20. Multiple Port Mirroring....................................................................... 59

Figure 21. Multiple Port Mirroring - Add Source Ports ....................................... 59

Figure 22. System - Port Utilization Summary..................................................... 60

Figure 23. LLDP Global Configuration................................................................ 63

Figure 24. LLDP Interface Configuration ............................................................ 64

Figure 25. LLDP Interface Summary ................................................................... 65

Figure 26. LLDP Statistics.................................................................................... 65

Figure 27. Denial of Service Protection Configuration ..................................... 68

Figure 28. Port Routing Example Network Diagram ........................................... 70

Figure 29. IP Configuration .................................................................................. 72

Figure 30. IP Interface Configuration................................................................... 72

Figure 31. VLAN Routing Example Network Diagram....................................... 74

Figure 32. VLAN Configuration .......................................................................... 76

Figure 33. VLAN Port Configuration................................................................... 76

Figure 34. VLAN Routing Configuration............................................................. 77

Figure 35. Enabling Routing................................................................................. 77

Figure 36. IP Interface Configuration................................................................... 78

Figure 37. VRRP Example Network Configuration............................................. 80

Figure 38. IP Configuration .................................................................................. 82

Figure 39. IP Interface Configuration................................................................... 82

Figure 40. VRRP Configuration ........................................................................... 83

Figure 41. Virtual Router Configuration .............................................................. 83

Figure 42. Proxy ARP Configuration ................................................................... 86

Figure 43. RIP Configuration ............................................................................... 88

List of Figures

Configuration Guide

Figure 44. RIP Interface Configuration ................................................................ 88

Figure 45. RIP Route Redistribution Configuration............................................. 89

Figure 46. IP ACL Example Network Diagram ................................................... 93

Figure 47. MAC ACL Configuration Page - Create New MAC ACL ................. 98

Figure 48. MAC ACL Rule Configuration - Create New Rule ............................ 98

Figure 49. MAC ACL Rule Configuration Page - Add Destination MAC and MAC

Mask...................................................................................................................... 99

Figure 50. MAC ACL Rule Configuration Page - View the Current Settings ..... 99

Figure 51. ACL Interface Configuration ............................................................ 100

Figure 52. MAC ACL Summary ........................................................................ 100

Figure 53. MAC ACL Rule Summary................................................................ 101

Figure 54. IP ACL Configuration Page - Create a New IP ACL........................ 101

Figure 55. IP ACL Configuration Page - Create a Rule and Assign an ID ........ 102

Figure 56. IP ACL Rule Configuration Page - Rule with Protocol and Source IP Con-

figuration............................................................................................................. 102

Figure 57. Attach IP ACL to an Interface........................................................... 103

Figure 58. IP ACL Summary.............................................................................. 104

Figure 59. IP ACL Rule Summary ..................................................................... 104

Figure 60. DWS-3000 with 802.1x Network Access Control ............................ 106

Figure 61. CP Web Page Customization—Global Parameters........................... 114

Figure 62. CP Web Page Customization—Authentication Page........................ 115

Figure 63. CP Web Page Customization—Welcome Page ................................ 115

Figure 64. CP Web Page Customization—Logout Page .................................... 116

Figure 65. CP Web Page Customization——Logout Success Page .................. 116

Figure 66. Port Security Administration............................................................. 121

Figure 67. Port Security Interface Configuration ............................................... 121

Figure 68. Port Security Statically Configured MAC Addresses ....................... 122

Figure 69. Port Security Dynamically Learned MAC Addresses....................... 122

Figure 70. Port Security Violation Status ........................................................... 123

Figure 71. RADIUS Servers in a DWS-3000 Network ...................................... 127

Figure 72. Add a RADIUS Server ...................................................................... 128

Figure 73. Configuring the RADIUS Server ...................................................... 129

Figure 74. Create an Authentication List............................................................ 130

Figure 75. Configure the Authentication List..................................................... 130

Figure 76. Set the User Login............................................................................. 131

Figure 77. DWS-3000 with TACACS+.............................................................. 134

Figure 78. Add a TACACS+ Server................................................................... 135

Figure 79. Configuring the TACACS+ Server ................................................... 135

Figure 80. Create an Authentication List (TACACS+) ...................................... 136

Figure 81. Configure the Authentication List (TACACS+) ............................... 136

Figure 82. Set the User Login (TACACS+) ....................................................... 137

Figure 83. CoS Mapping and Queue Configuration ........................................... 141

Figure 84. CoS Configuration Example System Diagram.................................. 142

Figure 85. 802.1p Priority Mapping Page........................................................... 143

Figure 86. CoS Trust Mode Configuration Page ................................................ 143

Figure 87. IP DSCP Mapping Configuration Page............................................. 144

List of Figures

Figure 88. CoS Interface Configuration Page..................................................... 144

Figure 89. CoS Interface Queue Configuration Page ......................................... 145

Figure 90. CoS Interface Queue Status Page ...................................................... 145

Figure 91. DiffServ Internet Access Example Network Diagram ...................... 148

Figure 92. DiffServ Configuration...................................................................... 152

Figure 93. DiffServ Class Configuration............................................................ 152

Figure 94. DiffServ Class Configuration - Add Match Criteria ......................... 153

Figure 95. Source IP Address ............................................................................. 153

Figure 96. DiffServ Class Configuration............................................................ 154

Figure 97. DiffServ Class Summary................................................................... 154

Figure 98. DiffServ Policy Configuration .......................................................... 155

Figure 99. DiffServ Policy Configuration .......................................................... 155

Figure 100. DiffServ Policy Class Definition..................................................... 156

Figure 101. Assign Queue .................................................................................. 156

Figure 102. DiffServ Policy Summary ............................................................... 157

Figure 103. DiffServ Policy Attribute Summary................................................ 157

Figure 104. DiffServ Service Configuration....................................................... 158

Figure 105. DiffServ Service Summary ............................................................. 158

Figure 106. DiffServ VoIP Example Network Diagram .................................... 161

Figure 107. DHCP Filtering Configuration ........................................................ 165

Figure 108. DHCP Filtering Interface Configuration......................................... 165

Figure 109. DHCP Filter Binding Information................................................... 166

Figure 110. Telnet Session Configuration .......................................................... 175

Figure 111. SNTP Settings Configuration Page ................................................. 181

Figure 112. SNTP Server Configuration Page.................................................... 181

Figure 113. SNTP Server Configuration Page.................................................... 182

Figure 114. Time Zone Configuration Page ....................................................... 182

Figure 115. Summer Time Configuration Page.................................................. 183

Figure 116. Log - Syslog Configuration Page .................................................... 189

Figure 117. Buffered Log Configuration Page ................................................... 189

Figure 118. Log - Hosts Configuration Page - Add Host ................................... 190

Figure 119. Log - Hosts Configuration Page...................................................... 190

Figure 120. Port Configuration Screen - Set Port Description ........................... 192

Configuration Guide

List of Tables

Table 1. Quick Start up Software Version Information . . . . . . . . . . . . . . . . . . . . 22

Table 2. Quick Start up Physical Port Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

Table 3. Quick Start up User Account Management . . . . . . . . . . . . . . . . . . . . . . 23

Table 4. Quick Start up IP Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

Table 5. Uploading from Networking Device to Out-of-Band PC (XMODEM) 25 Table 6. Downloading from Out-of-Band PC to Networking Device (XMODEM) 25

Table 7. Downloading from TFTP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Table 8. Setting to Factory Defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

List of Tables

Configuration Guide

About This Book

This document provides an understanding of the CLI and Web configuration options for D-Link DWS-3000 features.

Document Organization

This document shows examples of the use of the Unified Switch in a typical network. It describes the use and advantages of specific functions provided by the Unified Switch and includes information about configuring those functions using the command-line interface (CLI) and Web interface.

The Unified Switch can operate as a Layer 2 switch, a Layer 3 router, or a combination switch/ router. The switch also includes support for network management and Quality of Service functions such as Access Control Lists and Differentiated Services. The functions you choose to activate will depend on the size and complexity of your network.

This document illustrates configuration for the following functions:

• L2 Features

- Virtual LANs (VLANs)

- Storm Control

- Trunking (Link Aggregation/Port Channels)

- Internet Group Management Protocol (IGMP) Snooping

- Port Mirroring

- Link Layer Discovery Protocol (LLDP)

- Denial of Service Attack Protection

• L3 Features

- Port Routing

- VLAN Routing

- Virtual Router Redundancy Protocol (VRRP)

- Proxy ARP

- Routing Information Protocol (RIP)

• Security Features

- 802.1x Network Access Control

- Captive Portal

- RADIUS

- TACACS+

- Port Security

• Quality of Service (QoS)

- Access Control Lists (ACLs)

- Class of Service (CoS)

- Differentiated Services

Document Organization 15

Configuration Guide

• Management

CLI/Web Examples - Slot/Port Designations

To help you understand configuration tasks, this document contains examples from the CLI and Web Interfaces. The examples are based on the D-Link DWS-3000 switch and use the slot/port naming convention for interfaces, e.g. 0/2

Audience

- DHCP Filtering

- Traceroute

- Configuration Scripting

- Outbound Telnet

- Pre-Login Banner

- Simple Network Time Protocol (SNTP)

- Syslog

- Port Description

Use this guide if you are a(n):

• Experienced system administrator who is responsible for configuring and operating a net-

work using the D-Link DWS-3000 switch

• Level 1 and/or Level 2 Support provider

To obtain the greatest benefit from this guide, you should have an understanding of the Unified Switch. You should also have basic knowledge of Ethernet and networking concepts.

CLI Documentation

The DWS-3000 CLI Command Reference gives information about the CLI commands used to configure the switch. The document provides CLI descriptions, syntax, and default values.

Refer to the DWS-3000 CLI Command Reference for information on:

• D-Link DWS-3000 switch command overview

• Command structure

Getting Started

Connect a terminal to the switch to begin configuration.

In-Band and Out-of-Band Connectivity

Ask the system administrator to determine whether you will configure the switch for in-band or out-of-band connectivity. To use the Web Interface, you must set up your system for in-band connectivity.

Configuring for In-Band Connectivity

In-band connectivity allows you to access the switch from a remote workstation using the Ethernet network. To use in-band connectivity, you must configure the switch with IP information (IP address, subnet mask, and default gateway).

Configure for In-band connectivity using one of the following methods:

• BootP or DHCP

• EIA-232 port

Using BootP or DHCP

You can assign IP information initially over the network or over the Ethernet service port through BootP or DHCP. Check with your system administrator to determine whether BootP or DHCP is enabled.

You need to configure the BootP or DHCP server with information about the switch —obtain this information through the serial port connection using the the server with the following values:

IP Address

Unique IP address for the switch. Each IP parameter is made up of four decimal numbers, ranging from 0 to 255. The default for all IP parameters is

10.90.90.90.

Subnet

Subnet mask for the LAN

show network command. Set up

In-Band and Out-of-Band Connectivity 17

Configuration Guide

Gateway

MAC Address

When you connect the switch to the network for the first time after setting up the BootP or DHCP server, it is configured with the information supplied above. The switch is ready for inband connectivity over the network.

If you do not use BootP or DHCP, access the switch through the EIA-232 port, and configure the network information as described below.

Using the EIA-232 Port

You can use a locally or remotely attached terminal to configure in-band management through the EIA-232 port.

1. To use a locally attached terminal, attach one end of a null-modem serial cable to the

2. Set up the terminal for VT100 terminal emulation.

IP address of the default router, if the switch is a node outside the IP range of the LAN

MAC address of the switch

EIA-232 port of the switch and the other end to the COM port of the terminal or workstation. For remote attachment, attach one end of the serial cable to the EIA-232 port of the switch and the other end to the modem.

A. Set the terminal ON.

B. Launch the VT100 application.

C. Configure the COM port as follows:

I. Set the data rate to 115,200 baud.

II. Set the data format to 8 data bits, 1 stop bit, and no parity.

III. Set the flow control to none.

IV. Select the proper mode under Properties.

V. Select Terminal keys.

3. The Log-in User prompt displays when the terminal interface initializes.

Enter an approved user name and password. The default is

admin for the user name and

the password is blank.

The switch is installed and loaded with the default configuration.

4. Reduce network traffic by turning off the Network Configuration Protocol. Enter the following command:

configure network protocol none

5. Set the IP address, subnet mask, and gateway address by issue the following command:

config network parms <ipaddress> <netmask> [<gateway>]

IP Address

Unique IP address for the switch. Each IP parameter is made up of four decimal numbers, ranging from 0 to 255. The default for all IP parameters is 10.90.90.90.

Subnet

Subnet mask for the LAN.

Gateway

IP address of the default router, if the switch is a node outside the IP range of the LAN.

6. To enable these changes to be retained during a reset of the switch, type

to the main prompt, type changes.

7. To view the changes and verify in-band information, issue the command:

8. The switch is configured for in-band connectivity and ready for Web-based management.

save config at the main menu prompt, and type y to confirm the

Configuring for Out-of-Band Connectivity

To monitor and configure the switch using out-of-band connectivity, use the console port to connect the switch to a terminal desktop system running terminal emulation software. The console port connector is a female DB-9 connector, implemented as a data terminal equipment (DTE) connector.

1 Getting Started

CTRL+Z to return

show network.

The following hardware is required to use the console port:

• VT100-compatible terminal, or a desktop, or a portable system with a serial port running

VT100 terminal emulation software.

• An RS-232 cable with a male DB-9 connector for the console port and the appropriate

connector for the terminal.

Perform the following tasks to connect a terminal to the switch console port using out-of-band connectivity:

1. Connect the RS-232 cable to the terminal running VT100 terminal emulation software.

2. Configure the terminal emulation software as follows:

A. Select the appropriate serial port (serial port 1 or serial port 2) to connect to the con-

sole.

B. Set the data rate to 115,200 baud.

C. Set the data format to 8 data bits, 1 stop bit, and no parity.

D. Set the flow control to none.

E. Select the proper mode under

F. Select Terminal keys.

NOTE: When using HyperTerminal with Microsoft Windows 2000, make sure that

you have Windows 2000 Service Pack 2 or later installed. With Windows 2000 Service Pack 2, the arrow keys function properly in HyperTerminal's VT100 emulation. Go to www.microsoft.com dows 2000 service packs.

Properties.

for more information on Win-

3. Connect the RS-232 cable directly to the switch console port, and tighten the captive

retaining screws.

In-Band and Out-of-Band Connectivity 19

Configuration Guide

Starting the Switch

1. Make sure that the switch console port is connected to a VT100 terminal or a VT100 ter-

2. Locate an AC power receptacle.

3. Deactivate the AC power receptacle.

4. Connect the switch to the AC receptacle.

5. Activate the AC power receptacle.

When the power is turned on with the local terminal already connected, the switch goes through a power-on self-test (POST). POST runs every time the switch is initialized and checks hardware components to determine if the switch is fully operational before completely booting. If POST detects a critical problem, the startup procedure stops. If POST passes successfully, a valid executable image is loaded into RAM. POST messages are displayed on the terminal and indicate test success or failure. The boot process runs for approximately 60 seconds.

minal emulator via the RS-232 crossover cable.

Initial Configuration

NOTE: The initial simple configuration procedure is based on the following assump-

tions:

• The switch was not configured before and is in the same state as when you received it.

• The switch booted successfully.

• The console connection was established and the console prompt appears on the screen of a

VT100 terminal or terminal equivalent.

The initial switch configuration is performed through the console port. After the initial configuration, you can manage the switch either from the already-connected console port or remotely through an interface defined during the initial configuration.

NOTE: The switch is not configured with a default user name and password.

NOTE: All of the settings below are necessary to allow the remote management of the

switch through Telnet (Telnet client) or HTTP (Web browser).

Before setting up the initial configuration of the switch, obtain the following information from your network administrator:

• The IP address to be assigned to the management interface through which the switch is

managed.

• The IP subnet mask for the network.

• The IP address of the default gateway.

Unified Switch Installation

This section contains procedures to help you become acquainted quickly with the switch software.

Before installing the Unified Switch, you should verify that the switch operates with the most recent firmware.

Quick Starting the Networking Device

1. Configure the switch for In-band or Out-of-Band connectivity. In-band connectivity

allows access to the Unified Switch locally or from a remote workstation. You must configure the device with IP information (IP address, subnet mask, and default gateway).

2. Turn the Power ON.

3. Allow the device to load the software until the login prompt appears. The device initial

state is called the default mode.

4. When the prompt asks for operator login, do the following steps:

- Type admin at the login prompt. Since a number of the Quick Setup commands

require administrator account rights, D-Link suggests logging into an administrator account. Do not enter a password because the default mode does not use a password - after typing

admin, press Enter two times.

- The CLI User EXEC prompt is displayed.

- Type enable to switch to the Privileged EXEC mode from User EXEC.

- Type configure to switch to the Global Config mode from Privileged EXEC.

- Type exit to return to the previous mode.

- Enter ? to show a list of commands that are available in the current mode.

1 Getting Started

NOTE: For more information about the configuration modes, see the CLI Command

Reference.

System Information and System Setup

This section describes the commands you use to view system information and to setup the network device. The tables below contain the Quick Start commands that allow you to view or configure the following information:

• Software versions

• Physical port data

• User account management

• IP address configuration

• Uploading from Networking Device to Out-of-Band PC (Only XMODEM)

• Downloading from Out-of-Band PC to Networking Device (Only XMODEM)

• Downloading from TFTP Server

• Restoring factory defaults

For each of these tasks, a table shows the command syntax, the mode you must be in to execute the command, and the purpose and output of the command. If you configure any network parameters, you should execute the

write command.

Unified Switch Installation 21

Configuration Guide

This command saves the changes to the configuration file. You must be in the correct mode to execute the command. If you do not save the configuration, all changes are lost when you power down or reset the networking device.

Quick Start up Software Version Information

Table 1 . Quick Start up Software Version Information

show hardware

(Privileged EXEC Mode)

Command Details

Switch: 1

System Description..................... D-Link DWS-3026

Machine Model.......................... DWS-3026

Serial Number.......................... 123456abcdef

FRU Number..............................

Maintenance Level...................... A

Manufacturer........................... 0xbc00

Burned In MAC Address.................. 00:01:17:86:34:55

Software Version....................... D.4.18.8

Additional Packages.................... QOS

Quick Start up Physical Port Data

Table 2 . Quick Start up Physical Port Data

Command Details

show port all

(Privileged EXEC Mode)

Displays the ports

Interface - slot/port, See the CLI Command Reference for more informa- tion about naming conventions.

Type - Indicates if the port is a special type of port.

Admin Mode - Selects the Port Control Administration State.

Physical Mode - Selects the desired port speed and duplex mode.

Physical Status - Indicates the port speed and duplex mode.

Link Status - Indicates whether the link is up or down.

Link Trap - Determines whether or not to send a trap when link status changes.

LACP Mode - Displays whether LACP is enabled or disabled on this port.

Wireless

Quick Start up User Account Management

Table 3 . Quick Start up User Account Management

Command Details

show users

(Privileged EXEC Mode)

show loginsession

(User EXEC Mode)

users passwd <username>

(Global Config Mode)

write

(Privileged EXEC Mode)

logout

(User EXEC and Privileged EXEC Modes)

Displays all of the users who are allowed to access the networking device

Access Mode - Shows whether the user is able to change parameters on the networking device(Read/Write) or is only able to view them (Read Only).

As a factory default, the admin user has Read/Write access and the guest user has Read Only access. There can only be one Read/Write user and up to five Read Only users.

Displays all of the login session information.

Allows the user to set passwords or change passwords needed to login

A prompt appears after the command is entered requesting the user’s old password. In the absence of an old password, leave the area blank. The user must press Enter to execute the command.

The system then prompts the user for a new password; then a prompt to confirm the new password. If the new password and the confirmed password match, a confirmation message is displayed.

A user password should not be more than eight characters in length.

This command saves passwords and all other changes to the device.

If you do not save the configuration by entering this command, all configurations are lost when a power cycle is performed on the networking device or when the networking device is reset.

Logs the user out of the networking device.

1 Getting Started

Unified Switch Installation 23

Configuration Guide

Quick Start up IP Address

To view the network parameters the operator can access the device by the following three methods.

• Simple Network Management Protocol - SNMP

• Te lnet

• We b Br owser

NOTE: Helpful Hint: The user should do a ‘copy system:running-config

Table 4 . Quick Start up IP Address

show network

(User EXEC Mode)

network parms <ipaddr> <netmask> [gateway]

(Privileged EXEC Mode)

nvram:startup-config’ after configuring the network parameters so that the configurations are not lost

Command Details

Displays the Network Configurations

IP Address - IP Address of the interface

Default IP is 10.90.90.90

Subnet Mask - IP Subnet Mask for the interface

Default is 255.0.0.0

Default Gateway - The default Gateway for this interface

Default value is 0.0.0.0

Burned in MAC Address - The Burned in MAC Address used for in-band connectivity

Locally Administered MAC Address - Can be configured to allow a locally administered MAC address

MAC Address Type - Specifies which MAC address should be used for in-band connectivity

Network Configurations Protocol Current - Indicates which network protocol is being used

Default is none

Management VLAN ID - Specifies VLAN ID

Sets the IP Address, subnet mask, and gateway of the router. The IP Address and the gateway must be on the same subnet.

IP Address range from 0.0.0.0 to 255.255.255.255

Subnet Mask range from 0.0.0.0 to 255.255.255.255

Gateway Address range from 0.0.0.0 to 255.255.255.255

1 Getting Started

Quick Start up Uploading from Networking Device to Out-of-Band PC (XMODEM)

Table 5 . Uploading from Networking Device to Out-of-Band PC (XMODEM)

Command Details

copy nvram:startup-config <url>

(Privileged EXEC Mode)

copy nvram:errorlog <url>

(Privileged EXEC Mode)

Starts the upload, displays the mode and type of upload, and confirms the upload is progressing.

The types are:

• config - configuration file

• errorlog - error log

• log- message log

• traplog - trap log

copy nvram:log <url>

(Privileged EXEC Mode)

copy nvram:traplog <url>

(Privileged EXEC Mode)

Quick Start up Downloading from Out-of-Band PC to Networking Device (XMODEM)

The

<url> must be specified as:

xmodem:<filepath>/<filename>

If you are using HyperTerminal, you must specify where the file is to be received by the PC.

Table 6 .

copy <url> nvram:startup-config

(Privileged EXEC Mode)

copy <url> system:image

(Privileged EXEC Mode)

Downloading from Out-of-Band PC to Networking Device (XMODEM)

Command Details

Sets the destination (download) datatype to be an image (system:image) or a configuration file (nvram:startup-config).

<url> must be specified as:

The

xmodem:<filepath>/<filename>

If you are using Hyper Terminal, you must specify which file is to be sent to the networking device.

Unified Switch Installation 25

Configuration Guide

Quick Start up Downloading from TFTP Server

Before starting a TFTP server download, the operator must complete the Quick Start up for the IP Address.

Table 7 . Downloading from TFTP Server

copy <tftp://<ipaddress>/<filepath>/ <filename>> nvram:startup-config

(Privileged EXEC Mode)

copy <tftp://<ipaddress>/<filepath>/ <filename>> system:image

(Privileged EXEC Mode)

Quick Start up Factory Defaults

Command Details

Sets the destination (download) datatype to be an image (system:image) or a configuration file (nvram:startup-config).

The URL must be specified as:

tftp://<ipaddress>/<filepath>/<filename>.

The nvram:startup-config option downloads the configuration file using tftp and system:image option downloads the code file.

Table 8 .

Setting to Factory Defaults

Command Details

clear config

(Privileged EXEC Mode)

write Enter yes when the prompt pops up that asks if you want to

yes when the prompt pops up to clear all the configu-

Enter rations made to the networking device.

save the configurations made to the networking device.

reload (or cold boot the network-

ing device)

(Privileged EXEC Mode)

Enter yes when the prompt pops up that asks if you want to reset the system.

You can reset the networking device or cold start the networking device.

Using the Web Interface

This chapter is a brief introduction to the Web interface — it explains how to access the Webbased management panels to configure and manage the system.

Tip: Use the Web interface for configuration instead of the CLI interface. Web configuration is quicker and easier than entering multiple required CLI commands.

You can manage your switch through a Web browser and Internet connection. This is referred to as Web-based management. To use Web-based management, the system must be set up for in-band connectivity.

To access the switch, the Web browser must support:

• HTML version 4.0, or later

• HTTP version 1.1, or later

• JavaScript

• Java

version 1.2, or later

Runtime Plug-in 1.50-06 or later

There are equivalent functions in the Web interface and the terminal interface — both applications usually employ the same menus to accomplish a task. For example, when you log in, there is a Main Menu with the same functions available, etc.

There are several differences between the Web and terminal interfaces. For example, on the Web interface the entire forwarding database can be displayed, while the terminal interface only displays 10 entries starting at specified addresses.

To terminate the Web interface session, click the Logout button.

Configuring for Web Access

To enable Web access to the switch:

1. Configure the switch for in-band connectivity. The Getting Started section of this docu-

ment gives instructions for doing this.

2. Enable Web mode:

A. At the CLI prompt, enter the

B. Set Web Mode to Enabled.

show network command.

Configuring for Web Access 27

Configuration Guide

Starting the Web Interface

Follow these steps to start the switch Web interface:

1. Enter the IP address of the switch in the Web browser address field.

2. Enter the appropriate User Name and Password. The User Name and associated Password

Figure 1. Web Interface Panel-Example

are the same as those used for the terminal interface. Click on the Login button.

3. The System Description Menu displays as shown in Figure 2, with the navigation tree appearing to the left of the screen.

4. Make a selection by clicking on the appropriate item in the navigation tree.

Web Page Layout

A Web interface panel for the switch Web page consists of three areas (Figure 2).

A banner graphic of the switch appears across the top of the panel.

The second area, a hierarchical-tree view appears to the left of the panel. The tree consists of a combination of folders, subfolders, and configuration and status HTML pages. You can think of the folders and subfolders as branches and the configuration and status HTML pages as leaves. Only the selection of a leaf (not a folder or subfolder) will cause the display of a new HTML page. A folder or subfolder has no corresponding HTML page.

The third area, at the bottom-right of the panel, displays the currently selected device configuration status and/or the user configurable information that you have selected from the tree view.

Figure 2. Web Interface Panel-Example

2 Using the Web Interface

Configuring an SNMP V3 User Profile

Configuring an SNMP V3 user profile is a part of user configuration. Any user can connect to the switch using the SNMPv3 protocol, but for authentication and encryption, additional steps are needed. Use the following steps to configure an SNMP V3 new user profile.

Figure 3. Configuring an SNMP V3 User Profile

1. From the LAN navigation menu, select LAN> Administration> User Accounts (see

Figure 3).

Starting the Web Interface 29

Configuration Guide

2. Using the User pull-down menu, select Create to create a new user.

3. Enter a new user name in the User Name field.

4. Enter a new user password in the Password field and then retype it in the Confirm

NOTE: If SNMPv3 Authentication is to be implemented for this user, set a password

5. If you do not need authentication, go to Step 9.

6. To enable authentication, use the Authentication Protocol pull-down menu to select

7. If you do not need encryption, go to Step 9.

8. To enable encryption, use the Encryption Protocol pull-down menu to select DES for the

9. Click Submit.

Command Buttons

Password field.

of eight or more alphanumeric characters.

either MD5 or SHA for the authentication protocol.

encryption scheme. Then, enter an encryption code of eight or more alphanumeric characters in the Encryption Key field.

The following command buttons are used throughout the Web interface panels for the switch:

Save Pressing the Save button implements and saves the changes you just made.

Some settings may require you to reset the system in order for them to take effect.

Refresh Pressing the Refresh button that appears next to the Apply button in Web

interface panels refreshes the data on the panel.

Submit Pressing the Submit button sends the updated configuration to the switch.

Configuration changes take effect immediately, but these changes are not retained across a power cycle unless a save is performed.

+ 162 hidden pages

D-LINK DWS-3227P User Manual

Configuration Guide

Table of Contents

List of Figures

List of Tables

About This Book

Document Organization

CLI/Web Examples - Slot/Port Designations

Audience

CLI Documentation

Getting Started

In-Band and Out-of-Band Connectivity

Configuring for In-Band Connectivity

Using BootP or DHCP

Using the EIA-232 Port

Configuring for Out-of-Band Connectivity

Starting the Switch

Initial Configuration

Unified Switch Installation

Quick Starting the Networking Device

System Information and System Setup

Quick Start up Software Version Information

Quick Start up Physical Port Data

Quick Start up User Account Management

Quick Start up IP Address

Quick Start up Uploading from Networking Device to Out-of-Band PC (XMODEM)

Quick Start up Downloading from Out-of-Band PC to Networking Device (XMODEM)

Quick Start up Downloading from TFTP Server

Quick Start up Factory Defaults

Using the Web Interface

Configuring for Web Access

Starting the Web Interface

Web Page Layout

Configuring an SNMP V3 User Profile

Command Buttons