Page 1 D-Link ™ DES-3028/DES-3028P/DES-3052/DES-3052P Managed 10/100Mbps Fast Ethernet Switch Release I Manual...
Page 2 Microsoft Corporation. Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products. D-Link Computer Corporation disclaims any proprietary interest in trademarks and trade names other than its own.
Page 3: Table Of Contents
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Table of Contents Preface ......................................vii Intended Readers..................................viii Typographical Conventions ................................ viii Notes, Notices, and Cautions ..............................viii Safety Instructions ..................................ix Safety Cautions ......................................ix General Precautions for Rack-Mountable Products ............................x Protecting Against Electrostatic Discharge ..............................xi...
Page 4 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch IP Address....................................24 Port Configuration..................................27 Port Settings ........................................27 Port Error Disabled .......................................28 Port Description ......................................29 DHCP/BOOTP Relay .................................. 30 DHCP/BOOTP Relay Global Settings ................................30 DHCP/BOOTP Relay Interface Settings...............................32 User Accounts....................................33 Port Mirroring ....................................
Page 5 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Unicast Forwarding.......................................70 Multicast Forwarding ....................................71 Multicast Filtering Mode....................................72 SMTP Service ....................................73 SMTP Server Settings ....................................74 SMTP Service .......................................74 L2 Features ..............................76 VLANs......................................76 Static VLAN Entry......................................80 GVRP Settings ......................................82 Trunking.......................................
Page 6 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Download Certificate ....................................139 Ciphersuite ........................................139 SSH ......................................142 SSH Server Configuration...................................142 SSH Authentication Mode and Algorithm Settings.............................143 SSH User Authentication ....................................145 802.1X......................................146 Configure 802.1x Guest VLAN ..................................152 802.1x Authenticator Settings ..................................153 Local Users .........................................156...
Page 7 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch RADIUS Authentication .....................................191 RADIUS Accounting ....................................194 Auth Diagnostics......................................196 Auth Session Statistics ....................................198 Auth Statistics ......................................199 Auth State........................................200 Reset......................................201 Reboot System ................................... 203 Save Changes ..................................... 203 Logout......................................204 Technical Specifications ..........................205 System Log Entries ............................211...
Page 8: Preface
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Preface The DES-3028/DES-3028P/DES-3052/DES-3052P User Manual is divided into sections that describe the system installation and operating instructions with examples. Section 1, Introduction - Describes the Switch and its features. Section 2, Installation - Helps you get started with the basic installation of the Switch and also describes the front panel, rear panel, side panels, and LED indicators of the Switch.
Page 9: Intended Readers
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Intended Readers The DES-3028/DES-3028P/DES-3052/DES-3052P User Manual contains information for setup and management of the Switch. The term, “the Switch” will be used when referring to all four switches. This manual is intended for network managers familiar with network management concepts and terminology.
Page 10: Safety Instructions
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Safety Instructions Use the following safety guidelines to ensure your own personal safety and to help protect your system from potential damage. Throughout this document, the caution icon ( ) is used to indicate cautions and precautions that you need to review and follow.
Page 11: General Precautions For Rack-Mountable Products
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch • To help protect your system from sudden, transient increases and decreases in electrical power, use a surge suppressor, line conditioner, or uninterruptible power supply (UPS). • Position system cables and power cables carefully; route cables so that they cannot be stepped on or tripped over. Be sure that nothing rests on any cables.
Page 12: Protecting Against Electrostatic Discharge
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch CAUTION: The system chassis must be positively grounded to the rack cabinet frame. Do not attempt to connect power to the system until grounding cables are connected. A qualified electrical inspector must inspect completed power and safety ground wiring. An energy hazard will exist if the safety ground cable is omitted or disconnected.
Page 13: Introduction
Rear Panel Description DES-3028/28P/52/52P The DES-3028, DES-3028P, DES-3052, and the DES-3052P are all members of the D-Link Switch family. These Switches provides unsurpassed performance, fault tolerance, scalable flexibility, robust security, standard-based interoperability and impressive technology to future-proof departmental and enterprise network deployments with an easy migration path.
Page 14 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch RFC2665 Ether-like MIB • RFC2863 Interface MIB • Private MIB • RFC2674 for 802.1p • IEEE 802.1x MIB • IEEE 802.3x flow control in full duplex mode • IEEE 802.1p Priority Queues •...
Page 15: Ports
Two 1000Base-T Ports One female DCE RS-232 DB-9 One female DCE RS-232 DB-9 console port console port The following table lists the features and compatibility for each type of port present in the DES-3028/28P/52/52P. 10/100/1000BASE-T SFP Combo 1000BASE-T Combo SFP Transceivers Supported: IEEE 802.3 compliant...
Page 16: Front-Panel Components
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Front-Panel Components DES-3028P • Twenty-four 10/100Mbps BASE-T ports • Two Combo 1000BASE-T/SFP ports located to the right • Two 1000BASE-T ports located to the right • One female DCE RS-232 DB-9 console port •...
Page 17: Leds
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch LEDs The following table lists the LEDs located on models of the DES-30xx Switches along with their corresponding description: Location LED Indicative Color Status Description Solid Light Power On Power...
Page 18: Installing The Sfp Ports
Installing the SFP ports The DES-3028/28P/52/52P Switches are equipped with SFP (Small Form Factor Portable) ports, which are to be used with fiber- optical transceiver cabling in order to uplink various other networking devices for a gigabit link that may span great distances.
Page 19: Installation
DCE RS-232 console cable • If any item is missing or damaged, please contact your local D-Link Reseller for replacement. Before You Connect to the Network The site where you install the Switch may greatly affect its performance. Please follow these guidelines for setting up the Switch.
Page 20: Installing The Switch Without The Rack
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Installing the Switch without the Rack When installing the Switch on a desktop or shelf, the rubber feet included with the Switch should first be attached. Attach these cushioning feet on the bottom at each corner of the device. Allow enough ventilation space between the Switch and any other objects in the vicinity.
Page 21: Mounting The Switch In A Standard 19" Rack
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Mounting the Switch in a Standard 19" Rack CAUTION: Installing systems in a rack without the front and side stabilizers installed could cause the rack to tip over, potentially resulting in bodily injury under certain circumstances. Therefore, always install the stabilizers before installing components in the rack.
Page 22: Connecting The Switch
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Section 3 Connecting the Switch Switch to End Node Switch to Hub or Switch Connecting to Network Backbone or Server NOTE: All 10/100/1000Mbps NWay Ethernet ports can support both MDI- II and MDI-X connections.
Page 23: Switch To Hub Or Switch
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Switch to Hub or Switch These connections can be accomplished in a number of ways using a normal cable. A 10BASE-T hub or switch can be connected to the Switch via a twisted-pair Category 3, 4 or 5 UTP/STP cable.
Page 24: Introduction To Switch Management
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Section 4 Introduction to Switch Management Management Options Web-based Management Interface SNMP-Based Management Managing User Accounts Command Line Console Interface through the Serial Port Connecting the Console Port (RS-232 DCE)
Page 25 12. Enter the commands to complete your desired tasks. Many commands require administrator-level access privileges. Read the next section for more information on setting up user accounts. See the DES-3028/28P/52/52P CLI Manual on the documentation CD for a list of all commands and additional information on using the CLI.
Page 26: First Time Connecting To The Switch
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch First Time Connecting to the Switch The Switch supports user-based security that can allow you to prevent unauthorized users from accessing the Switch or changing its settings. This section tells how to log onto the Switch.
Page 27: Snmp Settings
The DES-3028/28P/52/52P supports SNMP versions 1, 2c, and 3. You can specify which version of SNMP you want to use to monitor and control the Switch. The three versions of SNMP vary in the level of security provided between the management station and the network device.
Page 28: Ip Address Assignment
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch information or receive traps using SNMP v.1 while assigning a higher level of security to another group, granting read/write privi- leges using SNMP v.3. Using SNMP v.3 individual users or groups of SNMP managers can be allowed to perform or be restricted from performing specific SNMP management functions.
Page 29 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch config ipif System ipaddress xxx.xxx.xxx.xxx/yyy.yyy.yyy.yyy Where the x's represent the IP address to be assigned to the IP interface named System and the y's represent the corresponding subnet mask. Alternatively, you can enter config ipif System ipaddress xxx.xxx.xxx.xxx/z. Where the x's represent the IP address to be assigned to the IP interface named System and the z represents the corresponding number of subnets in CIDR notation.
Page 30: Web-Based Switch Configuration
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Section 5 Web-based Switch Configuration Introduction Login to Web manager Web-Based User Interface Basic Setup Reboot Basic Switch Setup Network Management Switch Utilities Network Monitoring IGMP Snooping Status Introduction All software functions of the Switch can be managed, configured and monitored via the embedded web-based (HTML) interface.
Page 31: Web-Based User Interface
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 5- 1. Enter Network Password dialog Enter “admin” in both the User Name and Password fields and click OK. This will open the Web-based user interface. The Switch management features available in the web-based manager are explained below.
Page 32 Area 1 Select the folder or window to be displayed. The folder icons can be opened to display the hyper- linked window buttons and subfolders contained within them. Click the D-Link logo to go to the D- Link website. Area 2 Presents a graphical near real-time image of the front panel of the Switch.
Page 33: Web Pages
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Web Pages When you connect to the management mode of the Switch with a web browser, a login window is displayed. Enter a user name and password to access the Switch's management mode.
Page 34: Administration
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Section 6 Administration IP Address Port Configuration DHCP/BOOTP Relay User Accounts Port Mirroring System Log Settings Log Settings SNTP Settings MAC Notification Settings TFTP Services Multiple Image Services Ping Test...
Page 35: Device Information
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Device Information This window contains the main settings for all major functions for the Switch and appears automatically when you log on. To return to the Device Information window, click the DES-...
Page 36 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch rates to choose from, 9600, 19200, 38400 and 115200. For a connection to the Switch using Rate the CLI interface, the baud rate must be set to 9600, which is the default setting.
Page 37: Ip Address
The IP address may initially be set using the console interface prior to connecting to it through the Ethernet. If the Switch IP address has not yet been changed, read the introduction of the DES-3028/28P/52/52P CLI Manual or return to Section 4 of this manual for more information.
Page 38 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch The IP Address Settings options are: Parameter Description The Switch will send out a BOOTP broadcast request when it is powered up. The BOOTP BOOTP protocol allows IP addresses, network masks, and default gateways to be assigned by a central BOOTP server.
Page 39 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch...
Page 40: Port Configuration
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Port Configuration This section contains information for configuring various attributes and properties for individual physical ports, including port speed and flow control. Port Settings Click Administration > Port Configuration > Port Settings to display the following window: To configure switch ports: 1.
Page 41: Port Error Disabled
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch The following parameters can be configured: Parameter Description From…. To Use the pull-down menus to select the port or range of ports to be configured. State Toggle this field to either enable or disable a given port or group of ports.
Page 42: Port Description
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Port Description The Switch supports a port description feature where the user may name various ports on the Switch. To assign names to various ports, click Administration > Port Configuration > Port Description to view the...
Page 43: Dhcp/Bootp Relay
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch DHCP/BOOTP Relay To enable and configure DHCP/BOOTP Relay Global Settings on the Switch, click Administration > DHCP/BOOTP Relay>: DHCP/BOOTP Relay Global Settings Figure 6- 6. DHCP/ BOOTP Relay Global Settings window...
Page 44 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Check field. Enabled – When the field is toggled to Enable, the relay agent will check the validity of the packet’s option 82 field. If the switch receives a packet that contains the option-82 field from a DHCP client, the switch drops the packet because it is invalid.
Page 45: Dhcp/Bootp Relay Interface Settings
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch The Implementation of DHCP Information Option 82 in the DES-3028/28P/52/52P switches The config dhcp_relay option_82 command configures the DHCP relay agent information option 82 setting of the switch. The formats for the circuit ID sub-option and the remote ID sub-option are as follows: NOTE: For the circuit ID sub-option of a standalone switch, the module field is always zero.
Page 46: User Accounts
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 6- 8. DHCP/BOOTP Relay Interface Settings and DHCP/BOOTP Relay Interface Table window The following parameters may be configured or viewed. Parameter Description Interface The IP interface on the Switch that will be connected directly to the Server.
Page 47 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 6- 11. User Account Modify Table window Modify or delete an existing user account in the User Account Modify Table. To delete the user account, click on the Delete button.
Page 48: Port Mirroring
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Port Mirroring The Switch allows you to copy frames transmitted and received on a port and redirect the copies to another port. You can attach a monitoring device to the mirrored port, such as a sniffer or an RMON probe, to view details about the packets passing through the first port.
Page 49: System Log Settings
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch System Log Settings The Switch can send Syslog messages to up to four designated servers using the System Log Server. In the Administration folder, click System Log Settings, to view the window shown below.
Page 50 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch kernel messages user-level messages mail system system daemons security/authorization messages messages generated internally by syslog line printer subsystem network news subsystem UUCP subsystem clock daemon security/authorization messages FTP daemon NTP subsystem...
Page 51: Log Settings
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Log Settings The Log settings can be changed by clicking the System Log Settings link to open the following window: Figure 6- 16. Log Settings window The following parameters can be set:...
Page 52: Sntp Settings
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch SNTP Settings Time Settings To configure the time settings for the Switch, open the Administration folder. Then the SNTP Settings folder and click on the Time Settings link, revealing the following window for the user to configure.
Page 53: Time Zone And Dst
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Click Apply to implement changes made. Time Zone and DST The following are windows used to configure time zones and Daylight Savings time settings for SNTP. Open the Administration folder, then the SNTP Settings folder and click on the Time Zone and DST link, revealing the following window.
Page 54 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch from GMT in +/- Time (GMT.) HH:MM DST Repeating Settings Using repeating mode will enable DST seasonal time adjustment. Repeating mode requires that the DST beginning and ending date be specified using a formula. For example, specify to begin DST on Saturday during the second week of April and end DST on Sunday during the last week of October.
Page 55: Mac Notification Settings
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch MAC Notification Settings MAC Notification is used to monitor MAC addresses learned and entered into the forwarding database. To globally set MAC notification on the Switch, open the following window by opening the MAC Notification Settings in the Administration folder.
Page 56 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch The user also has the option of transferring firmware and configuration files to and from the internal Flash drive, located on the Switch. Using this window, the user can add a configuration or firmware file from a TFTP server to the flash memory, or transfer that firmware or configuration file to a TFTP server.
Page 57: Multiple Image Services
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Multiple Image Services To configure the files located on the Flash memory, use the following windows to guide you. Firmware Information This window is used to view boot up firmware images.
Page 58: Ping Test
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Ping Test Ping is a small program that sends ICMP Echo packets to the IP address you specify. The destination node then responds to or "echoes" the packets sent from the Switch. This is very useful to verify connectivity between the Switch and other nodes on the network.
Page 59 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 6- 24. Safeguard Engine example For every consecutive checking interval that reveals a packet flooding issue, the Switch will double the time it will discard ingress ARP and IP broadcast packets. In the example above, the Switch doubled the time for dropping ARP and IP broadcast packets when consecutive flooding issues were detected at 5 second intervals.
Page 60 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch To configure the Switch’s Safeguard Engine, change the State to Enabled. To configure the parameters for the Safeguard Engine, click the CPU Utilization Settings button, which will alter the previous window to look like this: Figure 6- 26.
Page 61: Snmp Manager
The DES-3028/28P/52/52P supports the SNMP versions 1, 2c, and 3. The default SNMP setting is disabled. You must enable SNMP. Once SNMP is enabled you can choose which version you want to use to monitor and control the Switch. The three versions of SNMP vary in the level of security provided between the management station and the network device.
Page 62: Snmp Traps Settings
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch SNMP Traps Settings The following window is used to enable and disable trap settings for the SNMP function on the Switch. To view this window for configuration, click Administration > SNMP Manager > SNMP Trap Settings: Figure 6- 27.
Page 63 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Group Name This name is used to specify the SNMP group created can request SNMP messages. SNMP Version V1 - Indicates that SNMP version 1 is in use. V2 - Indicates that SNMP version 2 is in use.
Page 64 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch between 8 and 16 alphanumeric characters. Encrypted Checking the corresponding box will enable encryption for SNMP V3 and is only operable in SNMP V3 mode. To implement changes made, click Apply. To return to the SNMP User Table, click the Show All SNMP User Table Entries link.
Page 65: Snmp View Table
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch SNMP View Table This window is used to assign views to community strings that define which MIB objects can be accessed by a remote SNMP manager. To view the SNMP View Table window, open the SNMP Manager folder under Administration and click the SNMP View Table entry.
Page 66: Snmp Group Table
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch manager can access. To implement your new settings, click Apply. To return to the SNMP View Table, click the Show All SNMP View Table Entries link. SNMP Group Table An SNMP Group created with this table maps SNMP users (identified in the SNMP User Table) to the views created in the previous menu.
Page 67: Snmp Community Table Configuration
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 6- 35. SNMP Group Table Configuration window The following parameters can set: Parameter Description Group Name Type an alphanumeric string of up to 32 characters. This is used to identify the new SNMP group of SNMP users.
Page 68: Snmp Host Table
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch To configure SNMP Community entries, open the SNMP Manager folder, (located in the Administration folder) and click the SNMP Community Table link, which will open the following window: Figure 6- 36. SNMP Community Table Configuration window...
Page 69: Snmp Engine Id
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch The following parameters can set: Parameter Description Host IP Address Type the IP address of the remote management station that will serve as the SNMP host for the Switch. SNMP Version V1 - To specifies that SNMP version 1 will be used.
Page 70: Poe System
DES-3052P follow the standard PSE (Power Source over Ethernet) pinout Alternative A, whereby power is sent out over pins 1, 2, 3 and 6. Both the DES-3028P and DES-3052P work with all D-Link 802.3af capable devices. The DES-3028P and DES-3052P include the following PoE features: Auto-discovery recognizes the connection of a PD (Power Device) and automatically sends power to it.
Page 71: Poe Port Configuration
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch PoE Port Configuration Figure 6- 41. PoE Port Configuration window The previous window contains the following fields to configure for PoE: Parameter Description PoE System Power Limit Sets the limit of power to be used from the Switch’s power source to PoE ports. The user may configure a Power Limit between 37 and 185W (for the DES-3028P) and 37 and 370W (for the DES-3052P).
Page 72 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch critical priority ports to power up. PoE Configuration From… To… Select a range of ports from the pull-down menus to be enabled or disabled for PoE. State Use the pull-down menu to enable or disable ports for PoE.
Page 73: Single Ip Settings
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Single IP Settings Simply put, D-Link Single IP Management is a concept that will stack switches together over Ethernet instead of using stacking ports or modules. There are some advantages in implementing the "Single IP Management" feature: 1.
Page 74: Sim Settings
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch The Upgrade to v1.6 To better improve SIM management, the DES-3028/28P/52/52P Switches have been upgraded to version 1.6 in this release. Many improvements have been made, including: 1. The Commander Switch (CS) now has the capability to automatically rediscover member switches that have left the SIM group, either through a reboot or web malfunction.
Page 75: Parameters Description
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 6- 43. SIM Settings window (enabled) If the Switch Administrator wishes to configure the Switch as a Commander Switch (CS), select Commander from the Role State field and click Apply. The window will change once again to look like this: Figure 6- 44.
Page 76: Topology
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Topology The Topology window will be used to configure and manage the Switch within the SIM group and requires Java script to function properly on your computer. The Java Runtime Environment on your server should initiate and lead you to the topology window, as seen below.
Page 77: Icon Description
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch will have no entry in this field. MAC Address Displays the MAC address of the corresponding Switch. Model Name Displays the full model name of the corresponding Switch. To view the Topology Map, click the View menu in the toolbar and then Topology, which will produce the following window.
Page 78: Tool Tips
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Unknown device Non-SIM devices Tool Tips In the Topology view window, the mouse plays an important role in configuration and in viewing device information. Setting the mouse cursor over a specific device in the topology window (tool tip) will display the same information about a specific device as the Tree view does.
Page 79: Right-Click
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Right-Click Right-clicking on a device will allow the user to perform various functions, depending on the role of the Switch in the SIM group and the icon associated with it.
Page 80: Commander Switch Icon
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Commander Switch Icon Figure 6- 51. Right-Clicking a Commander Icon The following options may appear for the user to configure: Collapse - To collapse the group that will be represented by a single icon.
Page 81: Menu Bar
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Add to group - Add a candidate to a group. Clicking this option will reveal the following dialog for the user to enter • a password for authentication from the Candidate Switch before being added to the SIM group. Click OK to enter the password or Cancel to exit the window.
Page 82: Firmware Upgrade
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 6- 57. About window Firmware Upgrade This screen is used to upgrade firmware from the Commander Switch to the Member Switch. To access the following window, click Administration > Single IP Management Settings > Firmware Upgrade. Member Switches will be listed in the table and will be specified by Port (port on the CS where the MS resides), MAC Address, Model Name and Version.
Page 83: Upload Log
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Upload Log The following window is used to upload log files from SIM member switches to a specified PC. To view this window click Administration > Single IP Management > Upload Log File. To upload a log file, enter the IP address of the SIM member switch and then enter a path on your PC where you wish to save this file.
Page 84: Multicast Forwarding
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Multicast Forwarding The following figure and table describe how to set up Multicast Forwarding on the Switch. Open the Forwarding Filtering folder and click on the Multicast Forwarding link to see the entry window below: Figure 6- 62.
Page 85: Multicast Filtering Mode
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Multicast Filtering Mode The following figure and table describe how to set up multicast forwarding on the Switch. Open the Forwarding Filtering folder and click on the Multicast Filtering Mode Setup link to see the entry window below: Figure 6- 64.
Page 86: Smtp Service
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch SMTP Service SMTP or Simple Mail Transfer Protocol is a function of the Switch that will send switch events to mail recipients based on e-mail addresses entered using the commands below. The Switch is to be configured as a client of SMTP while the server is a remote device that will receive messages from the Switch, place the appropriate information into an e-mail and deliver it to recipients configured on the Switch.
Page 87: Smtp Server Settings
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch SMTP Server Settings The following window is used to configure the fields to set up the SMTP server for the switch, along with setting e-mail addresses to which switch log files can be sent when a problem arises on the Switch. To open the following window, open the Administration folder, then the SMTP Service folder and then click the SMTP Server Settings link.
Page 88 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 6- 66. SMTP Service window The following parameters can be set: Parameter Description Subject Enter the subject of the test e-mail. Content Enter the content of the test e-mail.
Page 89: L2 Features
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Section 7 L2 Features VLAN Trunking IGMP Snooping Spanning Tree VLANs A Virtual Local Area Network (VLAN) is a network topology configured according to a logical scheme rather than the physical layout.
Page 90: Q Vlan Tags
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch 802.1Q-compliant switches through a single physical connection and allows Spanning Tree to be enabled on all ports and work normally. The IEEE 802.1Q standard restricts the forwarding of untagged packets to the VLAN of which the receiving port is a member.
Page 91: Tagging And Untagging
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 7- 2. IEEE 802.1Q Tag The EtherType and VLAN ID are inserted after the MAC source address, but before the original EtherType/Length or Logical Link Control. Because the packet is now a bit longer than it was originally, the Cyclic Redundancy Check (CRC) must be recalculated.
Page 92: Default Vlans
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch If the packet is not tagged with VLAN information, the ingress port will tag the packet with its own PVID as a VID (if the port is a tagging port). The switch then determines if the destination port is a member of the same VLAN (has the same VID) as the ingress port.
Page 93: Static Vlan Entry
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Static VLAN Entry In the L2 Features folder, open the VLAN folder and click the Static VLAN Entry link to open the following window: Figure 7- 4. Static VLANs Entry Settings window The 802.1Q Static VLANs window lists all previously configured VLANs by VLAN ID and VLAN Name.
Page 94 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 7- 6. 802.1Q Static VLANs window - Modify The following fields can then be set in either the Add or Modify 802.1Q Static VLANs windows: Parameter Description Allows the entry of a VLAN ID in the Add dialog box, or displays the VLAN ID of an existing VLAN in the Modify dialog box.
Page 95: Gvrp Settings
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch GVRP Settings In the L2 Features folder, open the VLAN folder and click GVRP Settings. The GVRP Settings window, shown left, allows you to determine whether the Switch will share its VLAN configuration information with other GARP VLAN Registration Protocol (GVRP) enabled switches.
Page 96: Trunking
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Trunking Port trunk groups are used to combine a number of ports together to make a single high-bandwidth data pipeline. The Switch supports up to six port trunk groups with 2 to 8 ports in each group. A potential bit rate of 800 Mbps can be achieved.
Page 97: Link Aggregation
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Link Aggregation To configure port trunking, click L2 Features > Trunking > Link Aggregation to bring up the following window: Figure 7- 9. Link Aggregation window To configure port trunk groups, click the Add button to add a new trunk group and use the Port Trunking Configuration menu (see example below) to set up trunk groups.
Page 98 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 7- 11. LACP Port Settings window To configure LACP port trunk settings, select a port range using the From and To drop-down menus, select either Passive or Active Mode, and then click Apply to let your changes take effect.
Page 99: Igmp Snooping
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch IGMP Snooping Internet Group Management Protocol (IGMP) snooping allows the Switch to recognize IGMP queries and reports sent between network stations or devices and an IGMP host. When enabled for IGMP snooping, the Switch can open or close a port to a specific device based on IGMP messages passing through the Switch.
Page 100: Static Router Ports Settings
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch VLAN Name This is the VLAN Name that, along with the VLAN ID, identifies the VLAN for which to modify the IGMP Snooping Settings. Query Interval This field is used to set the time (in seconds) between transmitting IGMP queries.
Page 101: Spanning Tree
This Switch supports three versions of the Spanning Tree Protocol; 802.1d STP, 802.1w Rapid STP and MSTP. 802.1d STP will be familiar to most networking professionals. However, since 802.1w RSTP has been recently introduced to D-Link managed Ethernet switches, a brief introduction to the technology is provided below followed by a description of how to set up 802.1d STP and 802.1w RSTP.
Page 102: Port Transition States
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch The IEEE 802.1w Rapid Spanning Tree Protocol (RSTP) evolved from the 802.1d STP standard. RSTP was developed in order to overcome some limitations of STP that impede the function of some recent switching innovations, in particular, certain Layer 3 functions that are increasingly handled by Ethernet switches.
Page 103 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch STP LoopBack Prevention When connected to other switches, STP is an important configuration in consistency for delivering packets to ports and can greatly improve the throughput of your switch. Yet, even this function can malfunction with the emergence of STP BPDU packets that occasionally loopback to the Switch, such as BPDU packets looped back from an unmanaged switch connected to the DES-3028P.
Page 104: Stp Bridge Global Settings
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch STP Bridge Global Settings To open the following window, open Spanning Tree in the L2 features folder and click the STP Bridge Global Settings link. Figure 7- 16. STP Bridge Global Settings window...
Page 105 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch STP Version Use the pull-down menu to choose the desired version of STP to be implemented on the Switch. There are two choices: STPCompatability - Select this parameter to set the Spanning Tree Protocol (STP) globally on the switch.
Page 106: Stp Port Settings
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch STP Port Settings STP can be set up on a port per port basis. To view the following window click L2 Features > Spanning Tree > STP Port Settings: Figure 7- 17. STP Port Settings window In addition to setting Spanning Tree parameters for use on the switch level, the Switch allows for the configuration of groups of ports, each port-group of which will have its own spanning tree, and will require some of its own configuration settings.
Page 107: Mst Configuration Identification
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch 0 (auto) - Setting 0 for the external cost will automatically set the speed • for forwarding packets to the specified port(s) in the list for optimal efficiency. Default port cost: 100Mbps port = 200000. Gigabit port = 20000.
Page 108 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 7- 18. MST Configuration Identification window The window above contains the following information: Parameter Description Configuration Name A previously configured name set on the Switch to uniquely identify the MSTI (Multiple Spanning Tree Instance).
Page 109 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch VID List (1-4094) This field is used to specify the VID range from configured VLANs set on the Switch. Supported VIDs on the Switch range from ID number 1 to 4094.
Page 110: Stp Instance Settings
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Type This field allows the user to choose a desired method for altering the MSTI settings. The user has four choices. Add - Select this parameter to add VIDs to the MSTI ID, in conjunction with the •...
Page 111: Mstp Port Information
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch CIST (default MSTI). Type The Type field in this window will be permanently set to Set Priority Only. Priority (0-61440) Enter the new priority in the Priority field. The user may set a priority value between 0- 61440.
Page 112 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch media speed of the interface. value 1-2000000 - Selecting this parameter with a value in the range of 1 to • 2000000 will set the quickest route when a loop occurs. A lower Internal cost represents a quicker transmission.
Page 113: Cos
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Section 8 Port Bandwidth 802.1p Default Priority 802.1p User Priority CoS Scheduling Mechanism CoS Output Scheduling Priority Settings TOS Priority Settings DSCP Priority Settings Port Mapping Priority Settings MAC Priority The Switch supports 802.1p priority queuing Quality of Service.
Page 114: Understanding Cos
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 8- 1. An Example of the Default CoS Mapping on the Switch The picture above shows the default priority setting for the Switch. Class-3 has the highest priority of the four priority classes of service on the Switch.
Page 115: Port Bandwidth
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch For weighted round-robin queuing, if each CoS queue has the same weight value, then each CoS queue has an equal opportunity to send packets just like round-robin queuing. For weighted round-robin queuing, if the weight for a CoS is set to 0, then it will continue processing the packets from this CoS until there are no more packets for this CoS.
Page 116: 802.1P Default Priority
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Parameter Description From/To A consecutive group of ports may be configured starting with the selected port. Type This drop-down menu allows you to select between RX (receive,) TX (transmit,) and Both.
Page 117: 802.1P User Priority
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch 802.1p User Priority When using 802.1p priority mechanism, the packet is examined for the presence of a valid 802.1p priority tag. If the tag is present, the packet is assigned to a programmable egress queue based on the value of the tagged priority. The tagged priority can be designated to any of the available queues.
Page 118: Cos Output Scheduling
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch The Scheduling Mechanism has the following parameters. Parameter Description Strict Denoting a Strict scheduling will set the highest queue to be emptied first while the other queues will follow the weighted round-robin scheduling scheme.
Page 119: Priority Settings
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Priority Settings Priority Settings can be specified on this window. Select a port range using the From and To drop-down menus and select a Type from the drop-down menu, Port Mapping, 802.1p, MAC Mapping, TOS, DSCP, or None.
Page 120: Tos Priority Settings
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch TOS Priority Settings When using the TOS/DSCP priority mechanism, the packet is classified based on the TOS/DSCP field in the IP header. If the tag is present, the packet is assigned to a programmable egress queue based on the value of the tagged priority. The tagged priority can be designated to any of the available queues.
Page 121: Dscp Priority Settings
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch DSCP Priority Settings When using the DSCP/TOS priority mechanism, the packet is classified based on the DSCP/TOS field in the IP header. If the tag is present, the packet is assigned to a programmable egress queue based on the value of the tagged priority. The tagged priority can be designated to any of the available queues.
Page 122: Port Mapping Priority Settings
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Port Mapping Priority Settings When using the port-based priority mechanism, the port-based priority (high or low) assigned to each ingress port determines the egress queue assigned to frames arriving via the given ingress port. The frames will be assigned to either the highest queue or the lowest queue.
Page 123 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 8- 10. Port Mapping Priority Settings window Click Apply to implement changes made.
Page 124: Mac Priority
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch MAC Priority When using the MAC Priority mechanism, the packet is classified based on the MAC Priority field priority in the MAC config entry. Follow these steps: create a static FDB on this window, disable other Priority for that class (in the windows for TOS Priority Settings, DSCP Priority Settings, and Port Mapping Priority Settings), enable MAC Mapping Priority on the Priority Settings window, and set the static FDB designated as 0-3 priority on this window.
Page 125: Acl
Time Range The DES-3028/28P/52/52P Switches allow you to configure a time period durring each Access Profile will be active. Use the window below to name the time range and then specify when the Access Profile that will be configured below will be active.
Page 126 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch between the three Access Profile Configuration windows by using the Type drop-down menu. The window shown below is the Access Profile Configuration window for Ethernet. Note: The Profile ID is used for relative priority for an Access Profile should a conflict arise between a rule created in one profile and a rule created in a different profile.
Page 127 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 9- 4. Access Profile Configuration window (IP) The following parameters can be set, for IP: Parameter Description Profile ID (1-256) Type in a unique identifier number for this profile set. The number is used to set the relative priority for the profile.
Page 128 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Protocol Selecting this option instructs the Switch to examine the protocol type value in each frame's header. You must then specify what protocol(s) to include according to the following guidelines: Select ICMP to instruct the Switch to examine the Internet Control Messages Protocol (ICMP) field in each frame's header.
Page 129 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch This screen will aid the user in Switch to mask packet headers beginning with the offset value specified. The following fields are used to configure the Packet Content Mask: Parameter...
Page 130 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 9- 7. Access Rule Configuration window (IP) Configure the following Access Rule Configuration settings: Parameter Description Profile ID This is the identifier number for this profile set. Mode Select Permit to specify that the Switch, according to any additional rule, forward the packets that match the access profile added (see below).
Page 131 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch section of this manual. VLAN Name Allows the entry of a name for a previously configured VLAN. Source IP Enter an IP Address mask for the source IP address. Destination IP Enter an IP Address mask for the destination IP address.
Page 132 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch To remove a previously created rule, select it and click the button. To add a new Access Rule, click the Add button: Figure 9- 10. Access Rule Configuration window (Ethernet) To set the Access Rule for Ethernet, adjust the following parameters and click Apply.
Page 133 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Source MAC Enter a MAC Address for the source MAC address. Destination MAC Enter a MAC Address mask for the destination MAC address. 802.1p (0-7) Enter a value from 0 to 7 to specify that the access profile will apply only to packets with this 802.1p priority value.
Page 134 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch To remove a previously created rule, select it and click the button. Access rules are indexed using the Access ID number. To locate a specific Access Rule in the table, enter the Access ID and click Find. To display all rules in the table, click the View All Entries button.
Page 135 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Offset This field will instruct the Switch to mask the packet header beginning with the offset value specified: You can specify an offset of between 0 and 76 bytes. •...
Page 136: Cpu Interface Filtering
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch CPU Interface Filtering Due to a chipset limitation and the need for extra switch security, the DES-30xx switch series incorporates CPU Interface filtering. This added feature increases the running security of the Switch by enabling the user to create a list of access rules for packets destined for the Switch’s CPU interface.
Page 137 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 9- 17. CPU Interface Filtering Configuration window – Ethernet Parameter Description Profile ID (1-3) Type in a unique identifier number for this profile set. This value can be set from 1 to 3.
Page 138 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch The following is the CPU Interface Filtering Configuration window for IP. Figure 9- 18. CPU Interface Filtering Configuration window - IP The following parameters can be modified: Parameter Description Profile ID (1-3) Type in a unique identifier number for this profile set.
Page 139 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Select ICMP to instruct the Switch to examine the Internet Control Message Protocol (ICMP) field in each frame's header. Select Type to further specify that the access profile will apply an ICMP type •...
Page 140 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch This window will aid the user in configuring the Switch to mask packet headers beginning with the offset value specified. The following fields are used to configure the Packet Content Mask:...
Page 141 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 9- 21. CPU Interface Filtering Rule Table window Click the Add Profile button to continue on to the CPU Interface Filtering Rule Table window. A new and unique window, for Ethernet, IP and Packet Content will open as shown in the examples below.
Page 142 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Type Selected profile based on Ethernet (MAC Address), IP address or Packet Content. Ethernet instructs the Switch to examine the layer 2 part of each packet header. • IP instructs the Switch to examine the IP address in each frame's header.
Page 143 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 9- 24. CPU Interface Filtering Rule Table window – IP To create a new rule set for an access profile click the Add button. A new window is displayed. To remove a previously created rule, click the corresponding button.
Page 144 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch VLAN Name Allows the entry of a name for a previously configured VLAN. Source IP Enter an IP Address mask for the source IP address. Destination IP Enter an IP Address mask for the destination IP address.
Page 145 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 9- 28. CPU Interface Filtering Rule Configuration window - Packet Content Mask To set the Access Rule for Ethernet, adjust the following parameters and click Apply. Parameters Description Profile ID This is the identifier number for this profile set.
Page 146 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch value (48-63) - Enter a value in hex form to mask the packet from byte 48 to byte • value (64-79) - Enter a value in hex form to mask the packet from byte 64 to byte •...
Page 147: Security
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Section 10 Security Traffic Control Port Security Port Lock Entries 802.1X Trusted Host Access Authentication Control Traffic Segmentation Traffic Control On a computer network, packets such as Multicast packets and Broadcast packets continually flood the network as normal procedure.
Page 148 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch If this field times out and the packet storm continues, the port will be placed in a Shutdown Forever mode which will produce a warning message to be sent to the Trap Receiver. Once in Shutdown Forever mode, the only method of recovering this port is to manually recoup it using the Port Configuration window in the Administration folder and selecting the disabled port and returning it to an Enabled status.
Page 149 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch and 30 seconds with the default setting of 5 seconds. Click Apply to implement the settings made. NOTE: Traffic Control cannot be implemented on ports that are set for Link Aggregation (Port Trunking).
Page 150: Port Security
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Port Security A given ports’ (or a range of ports') dynamic MAC address learning can be locked such that the current source MAC addresses entered into the MAC address forwarding table can not be changed once the port lock is enabled.
Page 151 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 10- 3. Port Lock Entries window This function is only operable if the Mode in the Port Security window is selected as Permanent or DeleteOnReset, or in other words, only addresses that are permanently learned by the Switch can be deleted. Once the entry has been defined by entering the...
Page 152: Ssl
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Secure Sockets Layer or SSL is a security feature that will provide a secure communication path between a host and client through the use of authentication, digital signatures and encryption. These security functions are implemented through the use of a...
Page 153 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 10- 4. Download Certificate and Ciphersuite window To download certificates, set the following parameters and click Apply. Parameter Description Certificate Type Enter the type of certificate to be downloaded. This type refers to the server responsible for issuing certificates.
Page 154 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Ciphersuite RSA with RC4 128 This ciphersuite combines the RSA key exchange, stream cipher RC4 encryption with 128- bit keys and the MD5 Hash Algorithm. Use the pull-down menu to enable or disable this ciphersuite.
Page 155: Ssh
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch SSH is an abbreviation of Secure Shell, which is a program allowing secure remote login and secure network services over an insecure network. It allows a secure login to remote host computers, a safe method of executing commands on a remote end node, and will provide secure encrypted and authenticated communication between two non-trusted hosts.
Page 156: Ssh Authentication Mode And Algorithm Settings
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Parameter Description SSH Server Status Use the pull-down menu to enable or disable SSH on the Switch. The default is Disabled. Max Session (1-8) Enter a value between 1 and 8 to set the number of users that may simultaneously access the Switch.
Page 157 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch The following algorithms may be set: Parameter Description SSH Authentication Mode and Algorithm Settings Password This parameter may be enabled if the administrator wishes to use a locally configured password for authentication on the Switch. The default is Enabled.
Page 158: Ssh User Authentication
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch SSH User Authentication The following windows are used to configure parameters for users attempting to access the Switch through SSH. To access the following window, click Security > SSH > SSH User Authentication Mode.
Page 159: 146
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch 802.1X 802.1x Port-Based and MAC-Based Access Control The IEEE 802.1x standard is a security measure for authorizing and authenticating users to gain access to various wired or wireless devices on a specified Local Area Network by using a Client and Server based access control model. This is accomplished by using a RADIUS server to authenticate users trying to access a network by relaying Extensible Authentication Protocol over LAN (EAPOL) packets between the Client and the Server.
Page 160: Authentication Server
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Authentication Server The Authentication Server is a remote device that is connected to the same network as the Client and Authenticator, must be running a RADIUS Server program and must be configured properly on the Authenticator (Switch). Clients connected to a port on the Switch must be authenticated by the Authentication Server (RADIUS) before attaining any services offered by the Switch on the LAN.
Page 161: Authentication Process
Figure 10- 14. The 802.1x Authentication Process The D-Link implementation of 802.1x allows network administrators to choose between two types of Access Control used on the Switch, which are: 1. Port-Based Access Control – This method requires only one user to be authenticated per port by a remote RADIUS server to allow the remaining users on the same port access to the network.
Page 162 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch detects events that indicate the attachment of an active device at the remote end of the link, or an active device becoming inactive. These events can be used to control the authorization state of the Port and initiate the process of authenticating the attached device if the Port is unauthorized.
Page 163 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch MAC-Based Network Access Control RADIUS Server Ethernet Switch … 802.1X 802.1X 802.1X 802.1X 802.1X 802.1X 802.1X 802.1X 802.1X 802.1X 802.1X 802.1X Client Client Client Client Client Client Client Client Client...
Page 164: Guest Vlans
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Guest VLANs On 802.1x security enabled networks, there is a need for non 802.1x supported devices to gain limited access to the network, due to lack of the proper 802.1x software or incompatible devices, such as...
Page 165: Configure 802.1X Guest Vlan
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Configure 802.1x Guest VLAN In the Security menu, open the 802.1x folder and click Configure 802.1x Guest VLAN, which will display the following window for the user to configure. Remember, to set a Guest 802.1x VLAN, the user must first configure a normal VLAN which can be enabled here for Guest VLAN status.
Page 166: 802.1X Authenticator Settings
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch 802.1x Authenticator Settings To configure the 802.1X Authenticator Settings, click Security > 802.1X > 802.1X Authenticator Settings: Figure 10- 19. 802.1x Authenticator Settings window To configure the settings by port, click on its corresponding Ports link, which will display the following table to configure:...
Page 167 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 10- 20. 802.1X Authenticator Settings window (Modify) This window allows users to set the following features: Parameter Description From/To] Enter the port or ports to be set. AdmDir Sets the administrative-controlled direction to either In or Both.
Page 168 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch SuppTimeout This value determines timeout conditions in the exchanges between the Authenticator and the client. The default setting is 30 seconds. ServerTimeout This value determines timeout conditions in the exchanges between the Authenticator and the authentication server.
Page 169: Local Users
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Local Users In the Security folder, open the 802.1x folder and click 802.1X User to open the 802.1x User window. This window will allow the user to set different local users on the Switch.
Page 170: Initializing Ports For Mac Based 802.1X
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Connecting, Authenticating, Authenticated, Aborting, Held, ForceAuth, ForceUnauth, and N/A. Backend State The Backend Authentication State will display one of the following: Request, Response, Success, Fail, Timeout, Idle, Initialize, and N/A.
Page 171: Reauthenticate Port(S) For Port Based 802.1X
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Reauthenticate Port(s) for Port Based 802.1x This window allows reauthentication of a port or group of ports by using the pull-down menus From and To and clicking Apply. The Reauthenticate Port Table displays the current status of the reauthenticated port(s) once Apply has been clicked.
Page 172: Reauthenticate Port(S) For Mac-Based 802.1X
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Reauthenticate Port(s) for MAC-based 802.1x To reauthenticate ports for the MAC side of 802.1x, the user must first enable 802.1x by MAC address in the DES-30xx Web Management Tool window. Click Security > 802.1x > Reauthenticate Port(s) to open the following window: Figure 10- 25.
Page 173: Trusted Host
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Authentic Port Set the RADIUS authentic server(s) UDP port. The default port is 1812. Accounting Port Set the RADIUS account server(s) UDP port. The default port is 1813. Set the key the same as that of the RADIUS server.
Page 174: Access Authentication Control
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Access Authentication Control The TACACS/XTACACS/TACACS+/RADIUS commands allow users to secure access to the Switch using the TACACS/XTACACS/TACACS+/RADIUS protocols. When a user logs in to the Switch or tries to access the administrator level privilege, he or she is prompted for a password.
Page 175: Authentication Policy And Parameter Settings
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Authentication Policy and Parameter Settings This command will enable an administrator-defined authentication policy for users trying to access the Switch. When enabled, the device will check the Login Method List and choose a technique for user authentication upon login.
Page 176: Authentication Server Group
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Parameter Description Application Lists the configuration applications on the Switch. The user may configure the Login Method List and Enable Method List for authentication for users utilizing the Console (Command Line Interface) application, the Telnet application, SSH and the WEB (HTTP) application.
Page 177: Authentication Server Host
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 10- 31. Add a Server Host to Server Group (radius) window To add an Authentication Server Host to the list, enter its IP address in the IP Address field, choose the protocol associated with the IP address of the Authentication Server Host and click Add to Group to add this Authentication Server Host to the group.
Page 178 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 10- 33. Authentication Server Host Settings window To add an Authentication Server Host, click the Add button, revealing the following window: Figure 10- 34. Authentication Server Host Settings – Add window To edit an Authentication Server Host, click the IP address hyperlink, revealing the following window: Figure 10- 35.
Page 179 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch protocol. TACACS+ - Enter this parameter if the server host utilizes the TACACS+ • protocol. RADIUS - Enter this parameter if the server host utilizes the RADIUS protocol. • Port (1-65535) Enter a number between 1 and 65535 to define the virtual port number of the authentication protocol on a server host.
Page 180: Login Method Lists
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Login Method Lists This command will configure a user-defined or default Login Method List of authentication techniques for users logging on to the Switch. The sequence of techniques implemented in this command will affect the authentication result. For example, if a user enters a sequence of techniques, for example TACACS –...
Page 181: Enable Method Lists
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 10- 38. Login Method List – Add window To define a Login Method List, set the following parameters and click Apply: Parameter Description Method List Name Enter a method list name defined by the user of up to 15 characters.
Page 182 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch To view the following table, click Security > Access Authentication Control > Enable Method Lists: Figure 10- 39. Enable Method List Settings window To delete an Enable Method List defined by the user, click the under the Delete heading corresponding to the entry desired to be deleted.
Page 183 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch section entitled Local Enable Password must set the local enable password. none - Adding this parameter will require an authentication to access the Switch. • radius - Adding this parameter will require the user to be authenticated using the •...
Page 184: Configure Local Enable Password
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Configure Local Enable Password This window will configure the locally enabled password for the Enable Admin command. When a user chooses the "local_enable" method to promote user level privileges to administrator privileges, he or she will be prompted to enter the password configured here that is locally set on the Switch.
Page 185: Traffic Segmentation
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Traffic Segmentation Traffic segmentation is used to limit traffic flow from a single port to a group of ports on a single Switch. This method of segmenting the flow of traffic is similar to using VLANs to limit traffic, but is more restrictive. It provides a method of directing traffic that does not increase the overhead of the Master switch CPU.
Page 186 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 10- 46. Setup Forwarding ports window This window allows the user to determine which port on a given switch will be allowed to forward packets to other ports on that switch.
Page 187: Monitoring
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Section 11 Monitoring CPU Utilization Port Utilization Packets Packet Errors Packet Size MAC Address Switch Log IGMP Snooping Group Browse Router Port Static ARP Settings Session Table Port Access Control...
Page 188: Port Utilization
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Parameter Description Time Interval Select the desired setting between 1s and 60s, where "s" stands for seconds. The default value is one second. Record Number Select number of times the Switch will be polled between 20 and 200. The default value is 200.
Page 189: Packets
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Clear Clicking this button clears all statistics counters on this window. Packets The Web Manager allows various packet statistics to be viewed as either a line graph or a table. Six windows are offered.
Page 190 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 11- 4. Rx Packets Analysis Table The following fields may be set or viewed: Parameter Description Time Interval Select the desired setting between 1s and 60s, where "s" stands for seconds. The default value is one second.
Page 191: Umb Cast (Rx)
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch UMB Cast (RX) Click the UMB Cast (RX) link in the Packets folder of the Monitoring menu to view the following graph of UMB cast packets received on the Switch. To select a port to view these statistics for, use the Port pull-down menu. The user may also use the real- time graphic of the Switch at the top of the web page by simply clicking on a port.
Page 192 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 11- 6. Rx Packets Analysis window (table for Unicast, Multicast, and Broadcast Packets) The following fields may be set or viewed: Parameter Description Time Interval Select the desired setting between 1s and 60s, where "s" stands for seconds. The default value is one second.
Page 193: Transmitted (Tx)
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Transmitted (TX) Click the Transmitted (TX) link in the Packets folder of the Monitoring menu to view the following graph of packets transmitted from the Switch. To select a port to view these statistics for, use the Port pull-down menu. The user may also use the real-time graphic of the Switch at the top of the web page by simply clicking on a port.
Page 194: Packet Errors
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 11- 8. Tx Packets Analysis window (table for Bytes and Packets) The following fields may be set or viewed: Parameter Description Time Interval Select the desired setting between 1s and 60s, where "s" stands for seconds. The default value is one second.
Page 195: Received (Rx)
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Received (RX) Click the Received (RX) link in the Error folder of the Monitoring menu to view the following graph of error packets received on the Switch. To select a port to view these statistics for, select the port by using the Port pull-down menu. The user may also use the real-time graphic of the Switch at the top of the web page by simply clicking on a port.
Page 196: Transmitted (Tx)
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch The following fields can be set: Parameter Description Time Interval Select the desired setting between 1s and 60s, where "s" stands for seconds. The default value is one second. Record Number Select number of times the Switch will be polled between 20 and 200.
Page 197 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 11- 11. Tx Error Analysis window (line graph) To view the Transmitted Error Packets Table, click the link View Table, which will show the following table: Figure 11- 12. Tx Error Analysis window (table)
Page 198: Packet Size
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch 200. ExDefer Counts the number of packets for which the first transmission attempt on a particular interface was delayed because the medium was busy. CRC Error Counts otherwise valid packets that did not end on a byte (octet) boundary.
Page 199 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch To view the Packet Size Analysis Table, click the link View Table, which will show the following table: Figure 11- 14. Rx Size Analysis window (table) The following fields can be set or viewed:...
Page 200: Mac Address
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch MAC Address This allows the Switch's dynamic MAC address forwarding table to be viewed. When the Switch learns an association between a MAC address and a port number, it makes an entry into its forwarding table. These entries are then used to forward packets through the Switch.
Page 201: Switch Log
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Switch Log The Web manager allows the Switch's history log, as compiled by the Switch's management agent, to be viewed. To view the Switch history log, open the Monitoring folder and click the Switch Log link.
Page 202: Igmp Snooping Group
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch IGMP Snooping Group This window allows the Switch’s IGMP Snooping Group Table to be viewed. IGMP Snooping allows the Switch to read the Multicast Group IP address and the corresponding MAC address from IGMP packets that pass through the Switch. The number of IGMP reports that were snooped is displayed in the Reports field.
Page 203: Browse Router Port
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Browse Router Port This displays which of the Switch’s ports are currently configured as router ports. A router port configured by a user (using the console or Web-based management interfaces) is displayed as a static router port, designated by S. A router port that is dynamically configured by the Switch is designated by D.
Page 204: Session Table
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 11- 21. Static ARP Settings – Edit window Session Table The Session Table allows the user to view detailed information on the current configuration session of the Switch. Information such as the Session ID of the user, initial Login Time, Live Time, configuration connection From the Switch, Level and Name of the user are displayed.
Page 205 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 11- 23. RADIUS Authentication window The user may also select the desired time interval to update the statistics, between 1s and 60s, where “s” stands for seconds. The default value is one second. To clear the current statistics shown, click the Clear button in the top left hand corner.
Page 206 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch BadAuthenticators The number of RADIUS Access-Response packets containing invalid authenticators or Signature attributes received from this server. UnknownTypes The number of RADIUS packets of unknown type which were received from this server on...
Page 207: Radius Accounting
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch RADIUS Accounting This window shows managed objects used for managing RADIUS accounting clients, and the current statistics associated with them. It has one row for each RADIUS authentication server that the client shares a secret with. To view the RADIUS Accounting, click Monitoring >...
Page 208 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch UnknownTypes The number of RADIUS packets of unknown type which were received from this server on the accounting port. PacketsDropped The number of RADIUS packets, which were received from this server on the accounting...
Page 209: Auth Diagnostics
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Auth Diagnostics This table contains the diagnostic information regarding the operation of the Authenticator associated with each port. An entry appears in this table for each port that supports the Authenticator function. To view the Authenticator Diagnostics, click Monitoring >...
Page 210 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch TimeoutsAuthenticating Counts number times that state machine transitions from AUTHENTICATING to ABORTING, as a result of the Backend Authentication state machine indicating authentication timeout (authTimeout = TRUE). FailAuthenticating Counts number...
Page 211: Auth Session Statistics
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Auth Session Statistics This table contains the session statistics objects for the Authenticator PAE associated with each port. An entry appears in this table for each port that supports the Authenticator function. To view the Authenticator Session Statistics, click Monitoring > Port Access Control >...
Page 212: Auth Statistics
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch 5) AuthControlledPortControl set to ForceUnauthorized 6) Port re-initialization 7) Port Administratively Disabled 8) Not Terminated Yet Octets Rx The number of octets received in user data frames on this port during the session.
Page 213: Auth State
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch The following fields can be viewed: Parameter Description Port The identification number assigned to the Port by the System in which the Port resides. Frames Rx The number of valid EAPOL frames that have been received by this Authenticator.
Page 214: Reset
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Figure 11- 28. Authenticator State window The user may select the desired time interval to update the statistics, between 1s and 60s, where “s” stands for seconds. The default value is one second.
Page 215 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch NOTE: Only the Reset System option will enter the factory default parameters into the Switch’s non-volatile RAM, and then restart the Switch. All other options enter the factory defaults into the current configuration, but do not save this configuration.
Page 216: Reboot System
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Reboot System The following window is used to restart the Switch. Figure 11- 30. Reboot System window Clicking the Yes radio button will instruct the Switch to save the current configuration to non-volatile RAM before restarting the Switch.
Page 217: Logout
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Logout Click the Logout button on the Logout window to immediately exit the Switch. Figure 11- 32. Logout window...
Page 218: Technical Specifications
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Appendix A Technical Specifications General IEEE 802.3 10BASE-T Ethernet Protocols IEEE 802.3u 100BASE-TX Fast Ethernet IEEE 802.3ab 1000BASE-T Gigabit Ethernet IEEE 802.3z 1000BASE-T (SFP “Mini GBIC”) IEEE 802.1D Spanning Tree IEEE 802.1D/S/W Spanning Tree...
Page 219 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Physical and Environmental Input: 100~240V, AC/10A, 50~60Hz Internal Power Supply Output: DES-3028/DES-3052: 12V, 3.3A (Max) DES-3028P: 12V, 3.3A/50V, 3.7A (Max) DES-3052P: 12V,10.5A/50V,7.5A (Max) Power Consumption DES-3028 – 25W DES-3052 – 26W DES-3028P –...
Page 220 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch PoE Features DES-3028P:Random 12 ports PoE Capable Ports DES-3052P:Random 24 ports DES-3028P: Per port 15.4W (Default), Output capacity for DES-3028P 185W Power consumption Max. 225W Power feeding for PoE DES-3052P: Per port 15.4W (Default),...
Page 221 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch LED indicators Location LED Indicative Color Status Description Solid Light Power On Power Green Light off Power Off Per Device Solid Light Console on Console Green Blinking POST is in progress/ POST is failure.
Page 222 Store and Forward Switching Capacity 12.8Gbps for DES-3028/DES-3028P 17.6Gbps for DES-3052/DES-3052P 64 Byte system packet forwarding rate 9.5 million packets per second for DES-3028/DES-3028P 13.1 million packets per second for DES-3052/DES-3052P Priority Queues 4 Priority Queues per port MAC Address Table...
Page 223 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch SFP Transceivers Supported: 1. DEM-310GT (1000BASE-LX) 2. DEM-311GT (1000BASE-SX) 3. DEM-314GT (1000BASE-LH) 4. DEM-315GT (1000BASE-ZX) 5. DEM-210 (Single Mode 100BASE-FX) 6. DEM-211 (Multi Mode 100BASE-FX) -WDM Transceiver Supported: 1.DEM-330T (TX-1550/RX-1310nm),up to 10km,Single-Mode 2.DEM-330R (TX-1310/RX-1550nm), up to 10km,Single-Mode...
Page 224: System Log Entries
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Appendix B System Log Entries The following table lists all possible entries and their corresponding meanings that will appear in the System Log of this Switch. Event Category Log Content...
Page 225 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Event Category Log Content Severity Description <macaddr>) Log message upload was Log message upload by console Warning unsuccessful was unsuccessful! (Username: <username>, IP: <ipaddr>, MAC: <macaddr>) Interface Port link up Port <unitID:portNum>...
Page 226 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Event Category Log Content Severity Description <ipaddr>, MAC: <macaddr>) Login failed through Telnet Login failed through Telnet Warning (Username: <username>, IP: <ipaddr>, MAC: <macaddr>) Logout through Telnet Logout through Telnet (Username: Informational <username>, IP: <ipaddr>, MAC:...
Page 227 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Event Category Log Content Severity Description Successful login through Successful login through Console Informational Console authenticated by authenticated by AAA local method AAA local method (Username: <username>) Login failed through...
Page 228 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Event Category Log Content Severity Description Successful login through Successful login through Web from Informational Web authenticated by AAA <userIP> authenticated by AAA none method none method (Username: <username>, MAC: <macaddr>)
Page 229 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Event Category Log Content Severity Description <macaddr>) Successful login through Successful login through Telnet Informational Telnet authenticated by from <userIP> authenticated by AAA server AAA server <serverIP> (Username: <username>, MAC: <macaddr>)
Page 230 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Event Category Log Content Severity Description Successful Enable Admin Successful Enable Admin through Informational through SSH authenticated SSH from <userIP> authenticated by AAA local_enable by AAA local_enable method method (Username: <username>, MAC: <macaddr>)
Page 231 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Event Category Log Content Severity Description server (Username: <username>, MAC: <macaddr>) Enable Admin failed Enable Admin failed through Telnet Warning through Telnet from <userIP> authenticated by authenticated by AAA AAA server <serverIP> (Username: server <username>, MAC: <macaddr>)
Page 232: Cable Lengths
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Appendix C Cable Lengths Use the following table to as a guide for the maximum cable lengths. Standard Media Type Maximum Distance Mini-GBIC 1000BASE-LX, Single-mode fiber module 10km 1000BASE-SX, Multi-mode fiber module...
Page 233: Glossary
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch Appendix D Glossary 1000BASE-SX: A short laser wavelength on multimode fiber optic cable for a maximum length of 2000 meters 1000BASE-LX: A long wavelength for a "long haul" fiber optic cable for a maximum length of 10 kilometers 100BASE-FX: 100Mbps Ethernet implementation over fiber.
Page 234 DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch LAN - Local Area Network: A network of connected computing resources (such as PCs, printers, servers) covering a relatively small geographic area (usually not larger than a floor or building). Characterized by high data rates and low error rates.
Page 235 FCC Warning This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with this manual, may cause harmful interference to radio communications.
Page 236: Warranties/Registration
Hardware. The Warranty Period shall extend for an additional ninety (90) days after any repaired or replaced Hardware is delivered. If a material defect is incapable of correction, or if D-Link determines in its sole discretion that it is not practical to repair or replace the defective Hardware, the price paid by the original purchaser for the defective Hardware will be refunded by D-Link upon return to D-Link of the defective Hardware.
Page 237: Copyright Statement
OF THE PRODUCT IS WITH THE PURCHASER OF THE PRODUCT. Limitation of Liability: TO THE MAXIMUM EXTENT PERMITTED BY LAW, D-LINK IS NOT LIABLE UNDER ANY CONTRACT, NEGLIGENCE, STRICT LIABILITY OR OTHER LEGAL OR EQUITABLE THEORY FOR ANY LOSS OF USE OF THE PRODUCT, INCONVENIENCE OR DAMAGES OF ANY...
Page 238 Spare parts and spare kits: Ninety (90) days The customer's sole and exclusive remedy and the entire liability of D-Link and its suppliers under this Limited Warranty will be, at D-Link’s option, to repair or replace the defective Hardware during the Warranty Period at no charge to the original owner or to refund the actual purchase price paid. Any repair or replacement will be rendered by D-Link at an Authorized D-Link Service Office.
Page 239 D-Link; and Products that have been purchased from inventory clearance or liquidation sales or other sales in which D-Link, the sellers, or the liquidators expressly disclaim their warranty obligation pertaining to the product. While necessary maintenance or repairs on your Product can be performed by any company, we recommend that you use only an Authorized D-Link Service Office.
Page 240: Product Registration
Product Registration Register your D-Link product online at http://support.dlink.com/register/ Product registration is entirely voluntary and failure to complete or return this form will not diminish your warranty rights.
Page 241 D-Link will then provide you with a Limited Lifetime Warranty reference number for this product. Please retain your original dated proof of purchase with a note of the serial number, and Limited Lifetime Warranty reference number together with this warranty statement and place each document in a safe location.
Page 242: Disclaimer Of Warranty
To the extent allowed by local law, the remedies in this warranty statement are customer’s sole and exclusive remedies. Except as indicated above, in no event will D-Link or its suppliers be liable for loss of data or for indirect, special, incidental, consequential (including lost profit or data), or other damage, whether based in a contract, tort, or otherwise.
Page 243: Tech Support
Tech Support Technical Support You can find software updates and user documentation on the D-Link website. Tech Support for customers within Australia: D-Link Technical Support over the Telephone: 1300-766-868 Monday to Friday 8:00am to 8:00pm EST Saturday 9:00am to 1:00pm EST D-Link Technical Support over the Internet: http://www.dlink.com.au...
Page 244: Technical Support
Technical Support You can find software updates and user documentation on the D-Link website. Tech Support for customers within South Eastern Asia and Korea: D-Link South Eastern Asia and Korea Technical Support over the Telephone: +65-6895-5355 Monday to Friday 9:00am to 12:30pm, 2:00pm-6:00pm Singapore Time D-Link Technical Support over the Internet: email:support@dlink.com.sg...
Page 245 Technical Support You can find software updates and user documentation on the D-Link website. Tech Support for customers within India D-Link Technical Support over the Telephone: +91-22-26526741 +91-22-26526696 –ext 161 to 167 Monday to Friday 9:30AM to 7:00PM D-Link Technical Support over the Internet: http://ww.dlink.co.in...
Page 246 D-Link provides free technical support for customers for the duration of the warranty period on this product. Customers can contact D-Link technical support through our web site or by phone. Tech Support for customers within the Russia D-Link Technical Support over the Telephone:...
Page 247 Technical Support You can find software updates and user documentation on the D-Link website. Tech Support for customers within the U.A.E & North Africa: D-Link Technical Support over the Telephone: (971) 4-391-6480 (U.A.E) Sunday to Wednesday 9:00am to 6:00pm GMT+4 Thursday 9:00am to 1:00pm GMT+4 D-Link Middle East &...
Page 248 Technical Support You can find software updates and user documentation on the D-Link website. Tech Support for customers within South Africa and Sub Sahara Region: D-Link South Africa and Sub Sahara Technical Support over the Telephone: +27-12-665-2165 08600 DLINK ( For South Africa only )
Page 249 Technical Support You can find updates and user documentation on the D-Link website Tech Support for Latin America customers: D-Link Technical Support over the followings Telephones: Argentina: 0800-666 1442 Monday to Friday 09:00am to 22:00pm Chile: 800-214 422 Monday to Friday 08:00am to 21:00pm...
Page 250 Обновления программного обеспечения и документация доступны на Интернет-сайте D-Link. D-Link предоставляет бесплатную поддержку для клиентов в течение гарантийного срока. Клиенты могут обратиться в группу технической поддержки D-Link по телефону или через Интернет. Техническая поддержка D-Link: (495) 744-00-99 Техническая поддержка через Интернет...
Page 251 Sitio Web www.dlinkla.com El servicio de soporte técnico tiene presencia en numerosos países de la Región Latino América, y presta asistencia gratuita a todos los clientes de D-Link, en forma telefónica e internet, a través de la casilla soporte@dlinkla.com Soporte Técnico Help Desk Argentina:...
Page 252 Você pode encontrar atualizações de software e documentação de usuário no site da D-Link Brasil www.dlinkbrasil.com.br. A D-Link fornece suporte técnico gratuito para clientes no Brasil durante o período de vigência da garantia deste produto. Suporte Técnico para clientes no Brasil: Telefone São Paulo (11) 2185-9301...
Page 254 Technical Support You can find software updates and user documentation on the D-Link website. D-Link provides free technical support for customers within the United States and within Canada for the duration of the warranty period on this product. U.S. and Canadian customers can contact D-Link technical support through our website, or by phone.
Page 255 Technical Support You can find software updates and user documentation on the D-Link websites. If you require product support, we encourage you to browse our FAQ section on the Web Site before contacting the Support line. We have many FAQ’s which we hope will provide you a speedy resolution for...
Page 256 Technische Unterstützung Aktualisierte Versionen von Software und Benutzerhandbuch finden Sie auf der Website von D-Link. D-Link bietet kostenfreie technische Unterstützung für Kunden innerhalb Deutschlands, Österreichs, der Schweiz und Osteuropas. Unsere Kunden können technische Unterstützung über unsere Website, per E-Mail oder telefonisch anfordern.
Page 257: Assistance Technique
Assistance technique Vous trouverez la documentation et les logiciels les plus récents sur le site web D-Link. Vous pouvez contacter le service technique de D-Link par notre site internet ou par téléphone. Support technique destiné aux clients établis en France: Assistance technique D-Link par téléphone :...
Page 258 Asistencia Técnica Puede encontrar las últimas versiones de software así como documentación técnica en el sitio web de D-Link. D-Link ofrece asistencia técnica gratuita para clientes residentes en España durante el periodo de garantía del producto. Asistencia Técnica de D-Link por teléfono:...
Page 259 Supporto tecnico Gli ultimi aggiornamenti e la documentazione sono disponibili sul sito D-Link. Supporto tecnico per i clienti residenti in Italia D-Link Mediterraneo S.r.L. Via N. Bonnet 6/B 20154 Milano Supporto Tecnico dal lunedì al venerdì dalle ore 9.00 alle ore 19.00 con orario continuato...
Page 260 Technical Support You can find software updates and user documentation on the D-Link website. D-Link provides free technical support for customers within Benelux for the duration of the warranty period on this product. Benelux customers can contact D-Link technical support through our website, or by phone.
Page 261: Pomoc Techniczna
Najnowsze wersje oprogramowania i dokumentacji użytkownika można znaleźć w serwisie internetowym firmy D-Link. D-Link zapewnia bezpłatną pomoc techniczną klientom w Polsce w okresie gwarancyjnym produktu. Klienci z Polski mogą się kontaktować z działem pomocy technicznej firmy D-Link za pośrednictwem Internetu lub telefonicznie.
Page 262 Technická podpora Aktualizované verze software a uživatelských příruček najdete na webové stránce firmy D-Link. D-Link poskytuje svým zákazníkům bezplatnou technickou podporu Zákazníci mohou kontaktovat oddělení technické podpory přes webové stránky, mailem nebo telefonicky Web: http://www.dlink.cz/suppport/ E-mail: support@dlink.cz Telefon: 224 247 503 Telefonická...
Page 263 Technikai Támogatás Meghajtó programokat és frissítéseket a D-Link Magyarország weblapjáról tölthet le. Telefonon technikai segítséget munkanapokon hétfőtől- csütörtökig 9.00 – 16.00 óráig és pénteken 9.00 – 14.00 óráig kérhet a (1) 461-3001 telefonszámon vagy a support@dlink.hu emailcímen. Magyarországi technikai támogatás : D-Link Magyarország...
Page 264 Teknisk Support Du kan finne programvare oppdateringer og bruker dokumentasjon på D-Links web sider. D-Link tilbyr sine kunder gratis teknisk support under produktets garantitid. Kunder kan kontakte D-Links teknisk support via våre hjemmesider, eller på tlf. Teknisk Support: D-Link Teknisk telefon Support:...
Page 265 Teknisk Support Du finder software opdateringer og bruger- dokumentation på D-Link’s hjemmeside. D-Link tilbyder gratis teknisk support til kunder i Danmark i hele produktets garantiperiode. Danske kunder kan kontakte D-Link’s tekniske support via vores hjemmeside eller telefonisk. D-Link teknisk support over telefonen: Tlf.
Page 266 Teknistä tukea asiakkaille Suomessa: D-Link tarjoaa teknistä tukea asiakkailleen. Tuotteen takuun voimassaoloajan. Tekninen tuki palvelee seuraavasti: Arkisin klo. 9 - 21 numerosta 0800-114 677 Internetin kautta Ajurit ja lisätietoja tuotteista. http://www.dlink.fi Sähköpostin kautta voit myös tehdä kyselyitä.
Page 267 Teknisk Support På vår hemsida kan du hitta mer information om mjukvaru uppdateringar och annan användarinformation. D-Link tillhandahåller teknisk support till kunder i Sverige under hela garantitiden för denna produkt. Teknisk Support för kunder i Sverige: D-Link Teknisk Support via telefon: 0770-33 00 35 Vardagar 08.00-20.00...
Page 268 Você pode encontrar atualizações de software e documentação de http://www.dlink.pt utilizador no site de D-Link Portugal A D-Link fornece suporte técnico gratuito para clientes no Portugal durante o período de vigência de garantia deste produto. Suporte Técnico para clientes no Portugal: Assistência Técnica:...
Page 269 Τεχνική Υποστήριξη Μπορείτε να βρείτε software updates και πληροφορίες για τη χρήση των προϊόντων στις ιστοσελίδες της D-Link Η D-Link προσφέρει στους πελάτες της δωρεάν υποστήριξη στον Ελλαδικό χώρο Μπορείτε να επικοινωνείτε µε το τµήµα τεχνικής υποστήριξης µέσω της ιστοσελίδας ή µέσω τηλεφώνου...
Page 271: International Offices
URL: www.dlink.com.au URL: www.dlink.com.cn URL: www.dlink.no India Taiwan Finland D-Link House, Kurla Bandra Complex Road Latokartanontie 7A No. 289 , Sinhu 3rd Rd., Neihu District , Off CST Road, Santacruz (East) FIN-00700 HELSINKI Taipei City 114 ,Taiwan Mumbai - 400098...
Page 272: Registration Card
8. What category best describes your company? Aerospace Engineering Education Finance Hospital Legal Insurance/Real Estate Manufacturing Retail/Chainstore/Wholesale Government Transportation/Utilities/Communication System house/company Other________________________________ 9. Would you recommend your D-Link product to a friend? Don't know yet 10.Your comments on this product?

This manual is also suitable for:

Des-3028p Des-3052 Des-3052p

D-Link DES-3028 User Manual

Quick Links

Related Manuals for D-Link DES-3028

Summary of Contents for D-Link DES-3028