Page 3: Table Of Contents
Table of Contents List of Figures......... . . 9 List of Tables .
Page 5 CLI Examples ..........Example 1.
Page 7 Queue Management Type ........CLI Examples .
Page 9: List Of Figures
List of Figures List of Figures Figure 1. Web Interface Panel-Example .............. 28 Figure 2. Web Interface Panel-Example .............. 29 Figure 3. Configuring an SNMP V3 User Profile ..........29 Figure 4. System Description Page............... 31 Figure 5. VLAN Example Network Diagram............34 Figure 6.
Page 10 Figure 84. CoS Configuration Example System Diagram........142 Figure 85. 802.1p Priority Mapping Page............143 Figure 86. CoS Trust Mode Configuration Page ..........143 Figure 87. IP DSCP Mapping Configuration Page..........144 © 2001- 2011 D-Link Corporation. All Rights Reserved.
Page 11 List of Figures Figure 88. CoS Interface Configuration Page............. 144 Figure 89. CoS Interface Queue Configuration Page ......... 145 Figure 90. CoS Interface Queue Status Page ............145 Figure 91. DiffServ Internet Access Example Network Diagram ...... 148 Figure 92. DiffServ Configuration..............152 Figure 93.
Page 13: List Of Tables
List of Tables List of Tables Table 1. Quick Start up Software Version Information ....22 Table 2. Quick Start up Physical Port Data ......22 Table 3.
Page 15: About This Book
About This Book This document provides an understanding of the CLI and Web configuration options for D-Link DWS-3000 features. Document Organization This document shows examples of the use of the Unified Switch in a typical network. It describes the use and advantages of specific functions provided by the Unified Switch and includes information about configuring those functions using the command-line interface (CLI) and Web interface.
Page 16: Cli/Web Examples - Slot/Port Designations
CLI/Web Examples - Slot/Port Designations To help you understand configuration tasks, this document contains examples from the CLI and Web Interfaces. The examples are based on the D-Link DWS-3000 switch and use the slot/port naming convention for interfaces, e.g. 0/2...
Page 17: Getting Started
Getting Started Connect a terminal to the switch to begin configuration. In-Band and Out-of-Band Connectivity Ask the system administrator to determine whether you will configure the switch for in-band or out-of-band connectivity. To use the Web Interface, you must set up your system for in-band connectivity.
Page 18 IP Address Unique IP address for the switch. Each IP parameter is made up of four decimal num- bers, ranging from 0 to 255. The default for all IP parameters is 10.90.90.90. © 2001- 2011 D-Link Corporation. All Rights Reserved.
Page 19: Configuring For Out-Of-Band Connectivity
Getting Started Subnet Subnet mask for the LAN. Gateway IP address of the default router, if the switch is a node outside the IP range of the LAN. 6. To enable these changes to be retained during a reset of the switch, type to return CTRL+Z to the main prompt, type...
Page 20: Starting The Switch
The IP address to be assigned to the management interface through which the switch is managed. • The IP subnet mask for the network. • The IP address of the default gateway. © 2001- 2011 D-Link Corporation. All Rights Reserved.
Page 21: Unified Switch Installation
Since a number of the Quick Setup commands admin require administrator account rights, D-Link suggests logging into an administrator account. Do not enter a password because the default mode does not use a password - after typ- press Enter two times.
Page 22: Table 1. Quick Start Up Software Version Information
Link Status - Indicates whether the link is up or down. Link Trap - Determines whether or not to send a trap when link status changes. LACP Mode - Displays whether LACP is enabled or disabled on this port. © 2001- 2011 D-Link Corporation. All Rights Reserved.
Page 23: Table 3. Quick Start Up User Account Management
Getting Started Quick Start up User Account Management Quick Start up User Account Management Table 3. Command Details Displays all of the users who are allowed to access the network- show users ing device (Privileged EXEC Mode) Access Mode - Shows whether the user is able to change parameters on the networking device(Read/Write) or is only able to view them (Read Only).
Page 24: Table 4. Quick Start Up Ip Address
Address and the gateway must be on the same subnet. <netmask> [gateway] (Privileged EXEC Mode) IP Address range from 0.0.0.0 to 255.255.255.255 Subnet Mask range from 0.0.0.0 to 255.255.255.255 Gateway Address range from 0.0.0.0 to 255.255.255.255 © 2001- 2011 D-Link Corporation. All Rights Reserved.
Page 25: Table 5. Uploading From Networking Device To Out-Of-Band Pc (Xmodem)
Getting Started Quick Start up Uploading from Networking Device to Out-of-Band PC (XMODEM) Uploading from Networking Device to Out-of-Band PC (XMODEM) Table 5. Command Details Starts the upload, displays the mode and type of copy nvram:startup-config <url> upload, and confirms the upload is progressing. (Privileged EXEC Mode) The types are: •...
Page 26: Table 6. Downloading From Out-Of-Band Pc To Networking Device (Xmodem) 25 Table 7. Downloading From Tftp Server
(Privileged EXEC Mode) You can reset the networking device or cold start the net- working device. © 2001- 2011 D-Link Corporation. All Rights Reserved.
Page 27: Using The Web Interface
Using the Web Interface This chapter is a brief introduction to the Web interface — it explains how to access the Web- based management panels to configure and manage the system. Tip: Use the Web interface for configuration instead of the CLI interface. Web configuration is quicker and easier than entering multiple required CLI commands.
Page 28: Starting The Web Interface
HTML page. A folder or subfolder has no corresponding HTML page. The third area, at the bottom-right of the panel, displays the currently selected device configuration status and/or the user configurable information that you have selected from the tree view. © 2001- 2011 D-Link Corporation. All Rights Reserved.
Page 29: Configuring An Snmp V3 User Profile
Using the Web Interface Figure 2. Web Interface Panel-Example Configuring an SNMP V3 User Profile Configuring an SNMP V3 user profile is a part of user configuration. Any user can connect to the switch using the SNMPv3 protocol, but for authentication and encryption, additional steps are needed.
Page 30: Command Buttons
Submit Pressing the Submit button sends the updated configuration to the switch. Configuration changes take effect immediately, but these changes are not retained across a power cycle unless a save is performed. © 2001- 2011 D-Link Corporation. All Rights Reserved.
Page 31: Switching The Date/Time Zone
Using the Web Interface Switching the Date/Time Zone To configure the system date and time, from the Administration navigation menu, select System Description (see Figure 4). System Description Page Figure 4. Starting the Web Interface...
Page 33: Virtual Lans
Virtual LANs Adding Virtual LAN (VLAN) support to a Layer 2 switch offers some of the benefits of both bridging and routing. Like a bridge, a VLAN switch forwards traffic based on the Layer 2 header, which is fast. Like a router, it partitions the network into logical segments, which provides better administration, security and management of multicast traffic.
Page 34: Vlan Configuration Example
You need an external RADIUS server to use the dynamic VLAN assignment feature. For information about how to configure the switch to allow dynamic VLAN assignments, see “Configuring Dynamic VLAN Assignment” on page 109. © 2001- 2011 D-Link Corporation. All Rights Reserved.
Page 35: Cli Examples
Virtual LANs CLI Examples The following examples show how to create VLANs, assign ports to the VLANs, and assign a VLAN as the default VLAN to a port. Example #1: Create Two VLANs Use the following commands to create two VLANs and to assign the VLAN IDs while leaving the names blank.
Page 36: Example #4: Assign Vlan3 As The Default Vlan
You can perform the same configuration in the CLI Examples section by using the Web interface. To create VLANs and specify port participation, use the LAN> L2 Features > VLAN> VLAN Configuration page. Figure 6. VLAN Configuration © 2001- 2011 D-Link Corporation. All Rights Reserved.
Page 37: Private Edge Vlans
Virtual LANs To specify the handling of untagged frames on receipt use the LAN> L2 Features > VLAN > Port Configuration page. Figure 7. VLAN Port Configuration Private Edge VLANs Use the Private Edge VLAN feature to prevent ports on the switch from forwarding traffic to each other even if they are on the same VLAN.
Page 38: Cli Example
Voice VLAN is enabled per-port basis. A port can participate only in one voice VLAN at a time. The Voice VLAN feature is disabled by default. To display the Voice VLAN Configuration page, click L2 Features > VLAN > Voice VLAN Configuration. © 2001- 2011 D-Link Corporation. All Rights Reserved.
Page 39: Figure 8. Voice Vlan Configuration
Virtual LANs Figure 8. Voice VLAN Configuration The Voice VLAN Configuration page contains the following fields: • Voice VLAN Admin Mode — Click Enable or Disable to administratively turn the Voice VLAN feature on or off for all ports. • Unit/Slot/Port —...
Page 41: Storm Control
Storm Control A traffic storm is a condition that occurs when incoming packets flood the LAN, which creates performance degradation in the network. The Unified Switch’s Storm Control feature protects against this condition. The Unified Switch provides broadcast, multicast, and unicast storm recovery for individual interfaces or for all interfaces.
Page 42: Example #2: Set Multicast Storm Control For All Interfaces
Configure storm-control thresholds. (DWS-3024) (Config)#storm-control multicast all level 8 (DWS-3024) (Config)#exit (DWS-3024) # Example #3: Set Unicast Storm Control for All Interfaces (DWS-3024) #config (DWS-3024) (Config)#storm-control unicast all level 5 (DWS-3024) (Config)#exit (DWS-3024) # © 2001- 2011 D-Link Corporation. All Rights Reserved.
Page 43: Web Interface
Storm Control Web Interface The Storm Control configuration options are available on the Port Configuration Web page under the Administration folder. Figure 9. Port Configuration (Storm Control) Web Interface...
Page 45: Trunking (Link Aggregation)
Trunking (Link Aggregation) This section shows how to use the Trunking feature (also known as Link Aggregation) to configure port-channels by using the CLI and the Web interface. The Link Aggregation (LAG) feature allows the switch to treat multiple physical links between two end-points as a single logical link called a port-channel.
Page 46: Example 1: Create Two Port-Channels
Use the show port-channel all command to show the logical interface ids you will use to identify the port-channels in subsequent commands. Assume that lag_10 is assigned id 3/1 and lag_20 is assigned id 3/2. © 2001- 2011 D-Link Corporation. All Rights Reserved.
Page 47: Example 2: Add The Physical Ports To The Port-Channels
Trunking (Link Aggregation) (DWS-3024) #show port-channel all Port- Link Log. Channel Adm. Trap Port Port Intf Name Link Mode Mode Mode Type Ports Speed Active ------ ------------- ----- ---- ---- ------ ------- ------ --------- ------ lag_10 Down Dis. Dynamic lag_20 Down Dis.
Page 48: Web Interface Configuration - Lags/Port-Channels
To perform the same configuration using the Web interface, use the LAN> L2 Features > Trunking > Configuration page. Figure 11. Trunking Configuration To create the port-channels, specify port participation and enable Link Aggregation (LAG) support on the switch. © 2001- 2011 D-Link Corporation. All Rights Reserved.
Page 49: Igmp Snooping
IGMP Snooping This section describes the Internet Group Management Protocol (IGMP) feature: IGMPv3 and IGMP Snooping. The IGMP Snooping feature enables the switch to monitor IGMP transactions between hosts and routers. It can help conserve bandwidth by allowing the switch to forward IP multicast traffic only to connected hosts that request multicast traffic.
Page 50: Example #2: Show Mac-Address-Table Igmpsnooping
Configure IGMP Group Membership Interval (secs). maxresponse Configure IGMP Max Response time (secs). mcrtrexpiretime Sets the Multicast Router Present Expiration time on the system. mrouter Configure Multicast Router port. (DWS-3026) (Interface 0/2)#set igmp © 2001- 2011 D-Link Corporation. All Rights Reserved.
Page 51: Web Examples
IGMP Snooping Web Examples The following web pages are used in the IGMP Snooping feature. Click Help for more information on the web interface. Figure 12. IGMP Snooping - Global Configuration and Status Page Web Examples...
Page 52: Figure 13. Igmp Snooping - Interface Configuration Page
Configuration Guide Figure 13. IGMP Snooping - Interface Configuration Page Figure 14. IGMP Snooping VLAN Configuration © 2001- 2011 D-Link Corporation. All Rights Reserved.
Page 53: Figure 15. Igmp Snooping - Vlan Status Page
IGMP Snooping Figure 15. IGMP Snooping - VLAN Status Page Figure 16. IGMP Snooping - Multicast Router Statistics Page Web Examples...
Page 54: Figure 17. Igmp Snooping - Multicast Router Configuration Page
Configuration Guide Figure 17. IGMP Snooping - Multicast Router Configuration Page Figure 18. IGMP Snooping - Multicast Router VLAN Statistics Page © 2001- 2011 D-Link Corporation. All Rights Reserved.
Page 55: Figure 19. Igmp Snooping - Multicast Router Vlan Configuration Page
IGMP Snooping Figure 19. IGMP Snooping - Multicast Router VLAN Configuration Page Web Examples...
Page 57: Port Mirroring
Port Mirroring This section describes the Port Mirroring feature, which can serve as a diagnostic tool, debugging tool, or means of fending off attacks. Overview Port mirroring selects network traffic from specific ports for analysis by a network analyzer, while allowing the same traffic to be switched to its destination. You can configure many switch ports as source ports and one switch port as a destination port.
Page 58: Example #2: Show The Port Mirroring Session
(DWS-3024) #show port 0/8 Admin Physical Physical Link Link LACP Intf Type Mode Mode Status Status Trap Mode ---- ---- ------ -------- -------- ------ ---- ---- Probe Enable Auto Down Enable Enable © 2001- 2011 D-Link Corporation. All Rights Reserved.
Page 59: Web Examples
Port Mirroring Web Examples The following web pages are used with the Port Mirroring feature. Figure 20. Multiple Port Mirroring Figure 21. Multiple Port Mirroring - Add Source Ports Web Examples...
Page 61: Link Layer Discovery Protocol
Link Layer Discovery Protocol The Link Layer Discovery Protocol (LLDP) feature allows individual interfaces on the switch to advertise major capabilities and physical descriptions. Network managers can view this information and identify system topology and detect bad configurations on the LAN. LLDP has separately configurable transmit and receive functions.
Page 62: Example #2: Set Interface Lldp Parameters
Receive Notify TLVs Mgmt --------- ------ -------- -------- -------- ------- ---- 0/10 Down Enabled Enabled Disabled TLV Codes: 0- Port Description, 1- System Name 2- System Description, 3- System Capabilities (DWS-3024) # © 2001- 2011 D-Link Corporation. All Rights Reserved.
Page 63: Using The Web Interface To Configure Lldp
Link Layer Discovery Protocol Using the Web Interface to Configure LLDP The LLDP menu page contains links to the following features: • LLDP Configuration • LLDP Statistics • LLDP Connections • LLDP Configuration Use the LLDP Global Configuration page to specify LLDP parameters. Figure 23.
Page 64: Figure 24. Lldp Interface Configuration
Notification Mode — Enables or disables remote change notifications. The default is dis- abled. • Included TLVs — Selects TLV information to transmit. Choices include System Name, System Capabilities, System Description, and Port Description. © 2001- 2011 D-Link Corporation. All Rights Reserved.
Page 65: Figure 25. Lldp Interface Summary
Link Layer Discovery Protocol Figure 25. LLDP Interface Summary Figure 26. LLDP Statistics You can also use the pages in the LAN> Monitoring > LLDP Status folder to view information about local and remote devices. Using the Web Interface to Configure LLDP...
Page 67: Denial Of Service Attack Protection
Denial of Service Attack Protection This section describes the D-Link DWS-3000 switch’s Denial of Service Protection feature. Overview Denial of Service: • Spans two categories: Protection of the Unified Switch Protection of the network • Protects against the exploitation of a number of vulnerabilities which would make the host or network unstable •...
Page 68: Web Interface
ICMP Mode........Enable Max ICMP Pkt Size......512 Web Interface You can configure the Denial of Service feature from the Denial of Service Protection Configuration page. Figure 27. Denial of Service Protection Configuration © 2001- 2011 D-Link Corporation. All Rights Reserved.
Page 69: Port Routing
Port Routing The first networks were small enough for the end stations to communicate directly. As networks grew, Layer 2 bridging was used to segregate traffic, a technology that worked well for unicast traffic, but had problems coping with large quantities of multicast packets. The next major development was routing, where packets were examined and redirected at Layer 3.
Page 70: Cli Examples
Example 2. Enabling Routing for Ports on the Switch Use the following commands to enable routing for ports on the switch. The default link-level encapsulation format is Ethernet. Configure the IP addresses and subnet masks for the ports. © 2001- 2011 D-Link Corporation. All Rights Reserved.
Page 71 Port Routing Network directed broadcast frames are dropped and the maximum transmission unit (MTU) size is 1500 bytes. config interface 0/2 routing ip address 192.150.2.2 255.255.255.0 exit exit config interface 0/3 routing ip address 192.130.3.1 255.255.255.0 exit exit config interface 0/5 routing ip address 192.64.4.1 255.255.255.0 exit...
Page 72: Using The Web Interface To Configure Routing
To configure routing on each interface, as shown in Example 2. Enabling Routing for Ports on Switch, use the LAN> L3 Features > IP > Interface Configuration page. Figure 30. IP Interface Configuration © 2001- 2011 D-Link Corporation. All Rights Reserved.
Page 73: Vlan Routing
VLAN Routing You can configure the Unified Switch with some ports supporting VLANs and some supporting routing. You can also configure the Unified Switch to allow traffic on a VLAN to be treated as if the VLAN were a router port. When a port is enabled for bridging (default) rather than routing, all normal bridge processing is performed for an inbound packet, which is then associated with a VLAN.
Page 74: Example 1: Create Two Vlans
10 exit interface 0/2 vlan participation include 10 exit interface 0/3 vlan participation include 20 exit exit config vlan port tagging all 10 vlan port tagging all 20 exit © 2001- 2011 D-Link Corporation. All Rights Reserved.
Page 75: Example 2: Set Up Vlan Routing For The Vlans And The Switch
VLAN Routing Next specify the VLAN ID assigned to untagged frames received on the ports. config interface 0/1 vlan pvid 10 exit interface 0/2 vlan pvid 10 exit interface 0/3 vlan pvid 20 exit exit Example 2: Set Up VLAN Routing for the VLANs and the Switch. The following commands show how to enable routing for the VLANs: vlan database vlan routing 10...
Page 76: Using The Web Interface To Configure Vlan Routing
Figure 32. VLAN Configuration Use the LAN> L2 Features > VLAN > Port Configuration page to specify the handling of untagged frames on receipt. Figure 33. VLAN Port Configuration © 2001- 2011 D-Link Corporation. All Rights Reserved.
Page 77: Figure 34. Vlan Routing Configuration
VLAN Routing Use the LAN> L3 Features > VLAN Routing > Configuration page to enable VLAN routing and configure the ports. Figure 34. VLAN Routing Configuration To enable routing for the switch, use the LAN> L3 Features > IP > Configuration page. Figure 35.
Page 78: Figure 36. Ip Interface Configuration
Configuration Guide Use the LAN> L3 Features > IP > Interface Configuration page to enable routing for the ports and configure their IP addresses and subnet masks. Figure 36. IP Interface Configuration © 2001- 2011 D-Link Corporation. All Rights Reserved.
Page 79: Virtual Router Redundancy Protocol
Virtual Router Redundancy Protocol When an end station is statically configured with the address of the router that will handle its routed traffic, a single point of failure is introduced into the network. If the router goes down, the end station is unable to communicate. Since static configuration is a convenient way to assign router addresses, Virtual Router Redundancy Protocol (VRRP) was developed to provide a backup mechanism.
Page 80: Example 1: Configuring Vrrp On The Switch As A Master Router
192.150.2.1 255.255.255.0 exit Enable VRRP for the switch. config ip vrrp exit Assign virtual router IDs to the port that will participate in the protocol. config interface 0/2 ip vrrp 20 © 2001- 2011 D-Link Corporation. All Rights Reserved.
Page 81: Example 2: Configuring Vrrp On The Switch As A Backup Router
Virtual Router Redundancy Protocol Specify the IP address that the virtual router function will recognize. Note that the virtual IP address on port 0/2 is the same as the port’s actual IP address, therefore this router will always be the VRRP master when it is active. And the priority default is 255. ip vrrp 20 ip 192.150.2.1 Enable VRRP on the port.
Page 82: Using The Web Interface To Configure Vrrp
Figure 38. IP Configuration To enable routing for the ports and configure their IP addresses and subnet masks, use the LAN> L3 Features > IP > Interface Configuration page. Figure 39. IP Interface Configuration © 2001- 2011 D-Link Corporation. All Rights Reserved.
Page 83: Figure 40. Vrrp Configuration
Virtual Router Redundancy Protocol To enable VRRP for the switch, use the LAN> L3 Features > VRRP > VRRP Configuration page. Figure 40. VRRP Configuration To configure virtual router settings, use the LAN> L3 Features > VRRP > Virtual Router Configuration page.
Page 85: Proxy Address Resolution Protocol (Arp)
Proxy Address Resolution Protocol (ARP) This section describes the Proxy Address Resolution Protocol (ARP) feature. Overview • Proxy ARP allows a router to answer ARP requests where the target IP address is not the router itself but a destination that the router can reach. •...
Page 86: Example #2: Ip Proxy-Arp
Example #2: ip proxy-arp DWS-3024) (Interface 0/24)#ip proxy-arp ? <cr> Press Enter to execute the command. (DWS-3024) (Interface 0/24)#ip proxy-arp Web Example The following web pages are used in the proxy ARP feature. Figure 42. Proxy ARP Configuration Web Example...
Page 87: Routing Information Protocol (Rip)
Routing Information Protocol (RIP) This section describes the Routing Information Protocol (RIP). RIP is an Interior Gateway Protocol (IGP) based on the Bellman-Ford algorithm and targeted at smaller networks (network diameter no greater than 15 hops). Overview The routing information is propagated in RIP update packets that are sent out both periodically and in the event of a network topology change.
Page 88: Rip Interface Configuration
If any invalid values are entered, an alert message is displayed with the list of all the valid values. To display the page, click L3 Features > RIP > Route Redistribution Configuration in the navigation menu. © 2001- 2011 D-Link Corporation. All Rights Reserved.
Page 89: Figure 45. Rip Route Redistribution Configuration
Routing Information Protocol (RIP) Figure 45. RIP Route Redistribution Configuration RIP Route Redistribution Configuration...
Page 91: Access Control Lists (Acls)
ACL Logging, you augment the ACL deny rule specification with a ‘log’ parameter that enables hardware hit count collection and reporting. The D-Link DWS-3000 switch uses a fixed five minute logging interval, at which time trap log entries are written for each ACL logging rule that accumulated a non-zero hit count during that interval.
Page 92: Mac Acls
Destination L4 Port • Every Packet • IP DSCP • IP Precedence • IP TOS • Protocol • Source IP with wildcard mask • Source L4 port • Destination Layer 4 port © 2001- 2011 D-Link Corporation. All Rights Reserved.
Page 93: Acl Configuration Process
Access Control Lists (ACLs) ACL Configuration Process To configure ACLs, follow these steps: • Create a MAC ACL by specifying a name. • Create an IP ACL by specifying a number. • Add new rules to the ACL. • Configure the match criteria for the rules. •...
Page 94: Example #1: Create Acl 179 And Define An Acl Rule
Enter access-list name up to 31 characters in length. rename Rename MAC Access Control List. (DWS-3024)(Config)#mac access-list extended mac1 ? <cr> Press Enter to execute the command. (DWS-3024) (Config)#mac access-list extended mac1 © 2001- 2011 D-Link Corporation. All Rights Reserved.
Page 95: Example #5: Specify Mac Acl Attributes
Access Control Lists (ACLs) Example #5: Specify MAC ACL Attributes (DWS-3024) (Config)#mac access-list extended mac1 (DWS-3024) (Config-mac-access-list)#deny ? <srcmac> Enter a MAC Address. Configure a match condition for all the source MAC addresses in the Source MAC Address field. (DWS-3024) (Config-mac-access-list)#deny any ? <dstmac>...
Page 96: Example #6 Configure Mac Access Group
(DWS-3024) (Interface 0/5)#mac access-group mac1 in 6 ? <cr> Press Enter to execute the command. (DWS-3024) (Interface 0/5)#mac access-group mac1 in 6 (DWS-3024) (Interface 0/5)#exit (DWS-3024) (Config)#exit (DWS-3024) # © 2001- 2011 D-Link Corporation. All Rights Reserved.
Page 97: Example #7 Set Up An Acl With Permit Action
Access Control Lists (ACLs) Example #7 Set up an ACL with Permit Action (DWS-3024) (Config)#mac access-list extended mac2 (DWS-3024) (Config-mac-access-list)#permit ? <srcmac> Enter a MAC Address. Configure a match condition for all the source MAC addresses in the Source MAC Address field. (DWS-3024) (Config-mac-access-list)#permit any ? <dstmac>...
Page 98: Web Examples
The following figures show the pages available to view and configure MAC ACL settings. Figure 47. MAC ACL Configuration Page - Create New MAC ACL Figure 48. MAC ACL Rule Configuration - Create New Rule © 2001- 2011 D-Link Corporation. All Rights Reserved.
Page 99: Figure 49. Mac Acl Rule Configuration Page - Add Destination Mac And Mac Mask
Access Control Lists (ACLs) Figure 49. MAC ACL Rule Configuration Page - Add Destination MAC and MAC Mask Figure 50. MAC ACL Rule Configuration Page - View the Current Settings Web Examples...
Page 101: Ip Acl Web Pages
Access Control Lists (ACLs) Figure 53. MAC ACL Rule Summary IP ACL Web Pages The following figures show the pages available to view and configure standard and extended IP ACL settings. Figure 54. IP ACL Configuration Page - Create a New IP ACL Web Examples...
Page 102: Figure 55. Ip Acl Configuration Page - Create A Rule And Assign An Id
Configuration Guide Figure 55. IP ACL Configuration Page - Create a Rule and Assign an ID Figure 56. IP ACL Rule Configuration Page - Rule with Protocol and Source IP Configuration © 2001- 2011 D-Link Corporation. All Rights Reserved.
Page 103: Figure 57. Attach Ip Acl To An Interface
Access Control Lists (ACLs) Figure 57. Attach IP ACL to an Interface Web Examples...
Page 105: 802.1X Network Access Control
802.1X Network Access Control Port-based network access control allows the operation of a system’s port(s) to be controlled to ensure that access to its services is permitted only by systems that are authorized to do so. Port Access Control provides a means of preventing unauthorized access by supplicants or users to the services offered by a System.
Page 106: 802.1X Network Access Control Example
10.10.10.10 radius server key acct 10.10.10.10 secret secret radius accounting mode authentication login radiusList radius dot1x defaultlogin radiusList dot1x system-auth-control interface 0/1 dot1x port-control force-authorized exit exit © 2001- 2011 D-Link Corporation. All Rights Reserved.
Page 107: Guest Vlan
802.1X Network Access Control Guest VLAN The Guest VLAN feature allows a switch to provide a distinguished service to unauthenticated users. This feature provides a mechanism to allow visitors and contractors to have network access to reach external network with no ability to surf internal LAN. When a client that does not support 802.1X is connected to an unauthorized port that is 802.1X-enabled, the client does not respond to the 802.1X requests from the switch.
Page 108: Configuring The Guest Vlan By Using The Web Interface
To enable the Guest VLAN features by using the Web interface, use the LAN> Security > 802.1x > 802.1X Setting page. To configure the Guest VLAN settings on a port, use the LAN> Security > 802.1x > 802.1X Port Setting page. © 2001- 2011 D-Link Corporation. All Rights Reserved.
Page 109: Configuring Dynamic Vlan Assignment
802.1X Network Access Control Configuring Dynamic VLAN Assignment The software also supports VLAN assignment for clients based on the RADIUS server authentication. To enable the switch to accept VLAN assignment by the RADIUS server, use the command in Global Config mode. authorization network radius To enable the VLAN Assignment Mode by using the Web interface, use the LAN>...
Page 111: Captive Portal
Captive Portal The Captive Portal (CP) feature allows you to block wired and wireless clients from accessing the network until user verification has been established. The example in this section shows how to configure a captive portal and associate it with a physical interface so that any wired client that attempts to access the network through that interface must enter a username and password that is verified by a local user database.
Page 112 4. Associate the appropriate interfaces to the configured captive portal. A. Navigate to the LAN > Security > Captive Portal > Interface Association page. B. Select Default from the CP Configuration menu. © 2001- 2011 D-Link Corporation. All Rights Reserved.
Page 113: Cli Example
Captive Portal C. In the Interface List column, CTRL + Click to select interface Slot 0 Port 1 through Slot 0 Port 10. D. Click Add. CLI Example Use the following commands to perform the same configuration by using the CLI. (DWS-3024) #configure captive-portal enable...
Page 114: Figure 61. Cp Web Page Customization-Global Parameters
To see an example, click LAN > Security > Captive Portal > CP Configuration > Default > English and select the the Authentication, Welcome, Logout, or Logout Success page. Figure 61. CP Web Page Customization—Global Parameters © 2001- 2011 D-Link Corporation. All Rights Reserved.
Page 115: Figure 62. Cp Web Page Customization-Authentication Page
Captive Portal Figure 62. CP Web Page Customization—Authentication Page Figure 63. CP Web Page Customization—Welcome Page Customizing the Captive Portal Web Page...
Page 116: Client Authentation Logout Request
‘authenticated’ until such time Captive Portal deauthenticates (i.e. session timeout, idle time, etc). For user logout to function properly, the client browser must be configured such that javascript is enabled and popup windows are allowed. © 2001- 2011 D-Link Corporation. All Rights Reserved.
Page 117: Captive Port Rate Limiting
Description: Maximum number of octets the user is allowed to transmit. After this limit has been reached the user will be disconnected. If the attribute is 0 or not present then use the value configured for the captive portal. Range: Integer Usage: Optional Radius Attribute: D-Link-Max- Output-Octets Number: 171, 125 Captive Port Rate Limiting...
Page 118 The WS acts as a NAS in this case. These parameters could also be configured for a user in the Local User Database. If the user does not have these parameters either through Local or RADIUS database, the parameters for the corresponding CP instance are applied to the user. © 2001- 2011 D-Link Corporation. All Rights Reserved.
Page 119: Port Security
Port Security This section describes the Port Security feature. Overview Port Security: • Allows for limiting the number of MAC addresses on a given port. • Packets that have a matching MAC address (secure packets) are forwarded; all other pack- ets (unsecure packets) are restricted.
Page 120: Cli Examples
Limit Limit Trap Mode ------ ------- ---------- --------- ---------- 0/10 Disabled 600 Disabled Example #3: (Config) port security (DWS-3024) (Config) #port-security ? <cr> Press Enter to execute the command. (DWS-3024) (Config) #port-security © 2001- 2011 D-Link Corporation. All Rights Reserved.
Page 121: Web Examples
Port Security Web Examples The following Web pages are used in the Port Security feature. Figure 66. Port Security Administration Figure 67. Port Security Interface Configuration Web Examples...
Page 122: Figure 68. Port Security Statically Configured Mac Addresses
Figure 68. Port Security Statically Configured MAC Addresses To view Port Security status information, navigate to LAN> Monitoring > Port Security from the navigation panel. Figure 69. Port Security Dynamically Learned MAC Addresses © 2001- 2011 D-Link Corporation. All Rights Reserved.
Page 123: Figure 70. Port Security Violation Status
Port Security Figure 70. Port Security Violation Status Web Examples...
Page 125: Radius
RADIUS Making use of a single database of accessible information – as in an Authentication Server – can greatly simplify the authentication and management of users in a large network. One such type of Authentication Server supports the Remote Authentication Dial In User Service (RADIUS) protocol as defined by RFC 2865.
Page 126: Radius Fail-Through And Failover Server Support
The RADIUS failthrough feature can be enabled or disabled by the administrator using the Web interface, the CLI, or SNMP. The RADIUS failover feature is enabled by default and cannot be disabled by the administrator. © 2001- 2011 D-Link Corporation. All Rights Reserved.
Page 127: Radius Configuration Examples
RADIUS RADIUS failthrough mode is not available for Captive Portal client authenti- NOTE: cation and RADIUS-based MAC authentication. RADIUS Configuration Examples Configuring RADIUS for Wired Clients This example configures two RADIUS servers at 10.10.10.10 and 11.11.11.11. Each server has a unique shared secret key. The shared secrets are configured to be secret1 and secret2 respectively.
Page 128: Figure 72. Add A Radius Server
Using the Web Interface The following Web screens show how to perform the configuration described in the example. Figure 72. Add a RADIUS Server © 2001- 2011 D-Link Corporation. All Rights Reserved.
Page 129: Figure 73. Configuring The Radius Server
RADIUS Figure 73. Configuring the RADIUS Server RADIUS Configuration Examples...
Page 130: Figure 74. Create An Authentication List
Configuration Guide Figure 74. Create an Authentication List Figure 75. Configure the Authentication List © 2001- 2011 D-Link Corporation. All Rights Reserved.
Page 131: Configuring Radius Fail-Through On A Managed Ap
RADIUS Figure 76. Set the User Login Configuring RADIUS Fail-through on a Managed AP This example configures a secondary Radius Server,and Radius fail-through feature in the global profile for an AP managed by a DWS-3000 Switch. (This example assumes that a primary RADIUS server has already been configured in the AP profile.) Note that the same commands can be used in Network Profile mode to configure these parameters on particular wireless network.
Page 133: Tacacs
TACACS+ TACACS+ (Terminal Access Controller Access Control System) provides access control for networked devices via one or more centralized servers. Similar to RADIUS, this protocol simplifies authentication by making use of a single database that can be shared by many clients on a large network.
Page 134: Configuring Tacacs+ By Using Cli Commands
The following CLI commands perform the configuration described in the example. config tacacs-server host 10.10.10.10 key tacacs1 exit tacacs-server host 11.11.11.11 key tacacs2 priority 2 exit authentication login tacacsList tacacs local users defaultlogin tacacsList exit © 2001- 2011 D-Link Corporation. All Rights Reserved.
Page 135: Configuring Tacacs+ By Using The Web Interface
TACACS+ Configuring TACACS+ by Using the Web Interface The following Web screens show how to perform the configuration described in the example. Figure 78. Add a TACACS+ Server Figure 79. Configuring the TACACS+ Server TACACS+ Configuration Example...
Page 136: Figure 80. Create An Authentication List (Tacacs+)
Configuration Guide Figure 80. Create an Authentication List (TACACS+) Figure 81. Configure the Authentication List (TACACS+) © 2001- 2011 D-Link Corporation. All Rights Reserved.
Page 137: Figure 82. Set The User Login (Tacacs+)
TACACS+ Figure 82. Set the User Login (TACACS+) TACACS+ Configuration Example...
Page 139: Class Of Service Queuing
Class of Service Queuing The Class of Service (CoS) feature lets you give preferential treatment to certain types of traffic over others. To set up this preferential treatment, you can configure the ingress ports, the egress ports, and individual queues on the egress ports to provide customization that suits your environment.
Page 140: Cos Mapping Table For Trusted Ports
• Queue management - tail drop Queue Management Type The D-Link DWS-3000 switch supports the tail drop method of queue management. This means that any packet forwarded to a full queue is dropped regardless of its importance. CLI Examples Figure 83 illustrates the network operation as it relates to CoS mapping and queue configuration.
Page 141: Figure 83. Cos Mapping And Queue Configuration
Class of Service Queuing Figure 83. CoS Mapping and Queue Configuration Ingress packet A Port 0/10 UserPri=3 mode='trust dot1p' 802.1p->COS Q Map packet B UserPri=7 packet C (untagged) packet D UserPri=6 port default priority->traffic class Egress Forward via Port 0/8 switch fabric to egress Port 0/8 strict...
Page 142: Figure 84. Cos Configuration Example System Diagram
80 Mbps (assuming a 100Mbps link speed), you would add a simple configuration line expressing the shaping rate as a percentage of link speed. configure interface traffic-shape 80 exit exit © 2001- 2011 D-Link Corporation. All Rights Reserved.
Page 143: Web Examples
Class of Service Queuing Web Examples The following web pages are used for the Class of Service feature. Figure 85. 802.1p Priority Mapping Page Figure 86. CoS Trust Mode Configuration Page Web Examples...
Page 144: Figure 87. Ip Dscp Mapping Configuration Page
Configuration Guide Figure 87. IP DSCP Mapping Configuration Page Figure 88. CoS Interface Configuration Page © 2001- 2011 D-Link Corporation. All Rights Reserved.
Page 145: Figure 89. Cos Interface Queue Configuration Page
Class of Service Queuing Figure 89. CoS Interface Queue Configuration Page Figure 90. CoS Interface Queue Status Page Web Examples...
Page 147: Differentiated Services
Policy – Defines the QoS attributes for one or more traffic classes. An example of an attri- bute is the ability to mark a packet at ingress. The D-Link DWS-3000 switch supports the ability to assign traffic classes to output CoS queues.
Page 148: Cli Example
Source IP 172.16.10.0 Test Marketing 255.255.255.0 Source IP 172.16.40.0 255.255.255.0 Source IP Source IP 172.16.20.0 172.16.30.0 255.255.255.0 255.255.255.0 DiffServ Inbound Configuration 1. Ensure DiffServ operation is enabled for the switch. config diffserv © 2001- 2011 D-Link Corporation. All Rights Reserved.
Page 149 Differentiated Services 2. Create a DiffServ class of type “all” for each of the departments, and name them. Define the match criteria -- Source IP address -- for the new classes. class-map match-all finance_dept match srcip 172.16.10.0 255.255.255.0 exit class-map match-all marketing_dept match srcip 172.16.20.0 255.255.255.0 exit class-map match-all test_dept...
Page 150: Adding Color-Aware Policing Attribute
After the policing is configured, the color aware attribute is configured. The color-aware attribute cannot be configured before policing. policy-map internet_access class finance_dept police-simple 100000 100 conform-action transmit violate-action drop conform-color color_class © 2001- 2011 D-Link Corporation. All Rights Reserved.
Page 151: Using The Web Interface To Configure Diffserv
Differentiated Services 3. View information about the DiffServ policy and class configuration. In the following example, the interface specified is interface 0/1. The policy is attached to interfaces 0/1 through 0/4. (DWS-3024) #show diffserv service 0/1 in DiffServ Admin Mode......Enable Interface........
Page 153: Figure 94. Diffserv Class Configuration - Add Match Criteria
Differentiated Services Figure 94. DiffServ Class Configuration - Add Match Criteria Figure 95. Source IP Address Using the Web Interface to Configure Diffserv...
Page 155: Figure 98. Diffserv Policy Configuration
Differentiated Services Figure 98. DiffServ Policy Configuration Figure 99. DiffServ Policy Configuration Using the Web Interface to Configure Diffserv...
Page 157: Figure 102. Diffserv Policy Summary
Differentiated Services Figure 102. DiffServ Policy Summary Figure 103. DiffServ Policy Attribute Summary Using the Web Interface to Configure Diffserv...
Page 158: Figure 104. Diffserv Service Configuration
Configuration Guide Figure 104. DiffServ Service Configuration Figure 105. DiffServ Service Summary © 2001- 2011 D-Link Corporation. All Rights Reserved.
Page 159: Configuring The Color-Aware Attribute By Using The Web
Differentiated Services Configuring the Color-Aware Attribute by Using the Web The following screens show the additional steps to take to configure the finance_dept class with a color-aware attribute. 1. Add a new class to serve as the auxiliary traffic class. A.
Page 160 C. After the screen refreshes, enter values for the Committed Rate and Committed Burst Size fields. D. Click Configure Selected Attribute. The DiffServ Policy Attribute Summary page appears so you can view information about all of the policies and their attributes configured on the system. © 2001- 2011 D-Link Corporation. All Rights Reserved.
Page 161: Diffserv For Voip Configuration Example
Differentiated Services DiffServ for VoIP Configuration Example One of the most valuable uses of DiffServ is to support Voice over IP (VoIP). VoIP traffic is inherently time-sensitive: for a network to provide acceptable service, a guaranteed transmission rate is vital. This example shows one way to provide the necessary quality of service: how to set up a class for UDP traffic, have that traffic marked on the inbound side, and then expedite the traffic on the outbound side.
Page 162: Configuring Diffserv Voip Support Example
5 exit class class_voip mark ip-dscp ef assign-queue 5 exit exit Attach the defined policy to an inbound service interface. interface 0/3 service-policy in pol_voip exit exit © 2001- 2011 D-Link Corporation. All Rights Reserved.
Page 163: Dhcp Filtering
DHCP Filtering This section describes the Dynamic Host Configuration Protocol (DHCP) Filtering feature. Overview DHCP filtering provides security by filtering untrusted DHCP messages. An untrusted message is a message that is received from outside the network or firewall, and that can cause traffic attacks within network.
Page 164: Cli Examples
From the Web interface, you can perform the following DHCP Filtering tasks: • Enable or disable administration mode on the switch • Enable or disable the DHCP Filtering trust mode on specific interfaces • View the interface binding information for DHCP Filtering © 2001- 2011 D-Link Corporation. All Rights Reserved.
Page 165: Figure 107. Dhcp Filtering Configuration
DHCP Filtering Use the DHCP Filtering Configuration page to configure the DHCP Filtering admin mode on the switch. Figure 107. DHCP Filtering Configuration Use the DHCP Filtering Interface Configuration page to configure DHCP Filtering on specific interfaces. Figure 108. DHCP Filtering Interface Configuration To view the DHCP Filtering settings on each interface, use the DHCP Filter Binding Information page under LAN >...
Page 167: Traceroute
Traceroute This section describes the Traceroute feature. Use Traceroute to discover the routes that packets take when traveling on a hop-by-hop basis to their destination through the network. • Maps network routes by sending packets with small Time-to-Live (TTL) values and watches the ICMP time-out announcements •...
Page 168 70 ms 60 ms 4.79.228.2 60 ms 60 ms 60 ms 216.115.96.185 110 ms 59 ms 70 ms 216.109.120.203 70 ms 66 ms 95 ms 216.109.118.74 78 ms 121 ms 69 ms © 2001- 2011 D-Link Corporation. All Rights Reserved.
Page 169: Configuration Scripting
Configuration Scripting Configuration Scripting allows you to generate a text-formatted script file that shows the current configuration of the system. You can generate multiple scripts and upload and apply them to more than one switch. Overview Configuration Scripting: • Provides scripts that can be uploaded and downloaded to the system. •...
Page 170: Example #2: Script List And Script Delete
Use this command to capture the running configuration into a script. (DWS-3024)#show running-config running-config.scr Config script created successfully. (DWS-3024)#script list Configuration Script Name Size(Bytes) ------------------------- ---------- running-config.scr 3201 1 configuration script(s) found. 1020799 bytes free. © 2001- 2011 D-Link Corporation. All Rights Reserved.
Page 171: Example #5: Copy Nvram: Script
Configuration Scripting Example #5: copy nvram: script Use this command to upload a configuration script. (DWS-3024) #copy nvram: script running-config.scr tftp://192.168.77.52/running-config.scr Mode......TFTP Set TFTP Server IP... 192.168.77.52 TFTP Path...../ TFTP Filename....running-config.scr Data Type....Config Script Source Filename....running-config.scr Are you sure you want to start? (y/n) y File transfer operation completed successfully.
Page 172: Example #7: Validate Another Configuration Script
00-18-00-00-00-10 interface 0/1 exit interface 0/2 exit interface 0/3 exit ... continues through interface 0/26 ... exit exit Configuration script 'default.scr' validation succeeded. © 2001- 2011 D-Link Corporation. All Rights Reserved.
Page 173: Outbound Telnet
Outbound Telnet This section describes the Outbound Telnet feature. Overview Outbound Telnet: • Feature establishes an outbound telnet connection between a device and a remote host. • When a telnet connection is initiated, each side of the connection is assumed to originate and terminate at a “Network Virtual Terminal”...
Page 174: Example #1: Show Network
Allow or disallow new telnet sessions. (DWS-3024) (Line)#transport output telnet ? <cr> Press Enter to execute the command. (DWS-3024) (Line)#transport output telnet (DWS-3024) (Line)# Example #4: session-limit and session-timeout (DWS-3024) (Line)#session-limit ? © 2001- 2011 D-Link Corporation. All Rights Reserved.
Page 175: Web Example
Outbound Telnet <0-5> Configure the maximum number of outbound telnet sessions allowed. (DWS-3024) (Line)#session-limit 5 (DWS-3024) (Line)#session-timeout ? <1-160> Enter time in minutes. (DWS-3024) (Line)#session-timeout 15 Web Example You can set up the Outbound Telnet session through the Web interface. You can: •...
Page 177: Pre-Login Banner
Pre-Login Banner This section describes the Pre-Login Banner feature. Overview Pre-Login Banner: • Allows you to create message screens when logging into the CLI Interface • By default, no Banner file exists • Banner can be uploaded or downloaded • File size cannot be larger than 2K The Pre-Login Banner feature is only for the CLI interface.
Page 178 CLI Banner file transfer operation completed successfully! (DWS-3024) #exit (DWS-3024) >logout DWS-3000 switch Login Banner - Unauthorized access is punishable by law. User: Note: The command “no clibanner” removes the banner from the switch. © 2001- 2011 D-Link Corporation. All Rights Reserved.
Page 179: Simple Network Time Protocol (Sntp)
Simple Network Time Protocol (SNTP) This section describes the Simple Network Time Protocol (SNTP) feature. Overview SNTP: • Used for synchronizing network resources • Adaptation of NTP • Provides synchronized network timestamp • Can be used in broadcast or unicast mode •...
Page 180: Example #3: Show Sntp Server
(DWS-3024) (Config) #sntp client mode unicast ? <cr> Press Enter to execute the command. (DWS-3024)(Config)#sntp broadcast client poll-interval ? <6-10> Enter value in the range (6 to 10). Poll interval is 2^(value) in seconds. © 2001- 2011 D-Link Corporation. All Rights Reserved.
Page 181: Example #6: Configuring Sntp Server
Simple Network Time Protocol (SNTP) Example #6: configuring sntp server (DWS-3024)(Config) #sntp server 192.168.10.234 ? <cr> Press Enter to execute the command. <1-3> Enter SNTP server priority from 1 to 3. Example #7: configure sntp client port (DWS-3024)(Config) #sntp client port 1 ? <cr>...
Page 182: Figure 113. Sntp Server Configuration Page
To configure SNTP server settings, use the LAN > Admin > SNTP > Time Zone Configuration page. Figure 114. Time Zone Configuration Page To configure SNTP server settings, use the LAN > Admin > SNTP > Summer Time Configuration page. © 2001- 2011 D-Link Corporation. All Rights Reserved.
Page 183: Figure 115. Summer Time Configuration Page
Simple Network Time Protocol (SNTP) Figure 115. Summer Time Configuration Page Web Interface Examples...
Page 185: Syslog
Syslog This section provides information about the Syslog feature. Overview Syslog: • Allows you to store system messages and/or errors • Can store to local files on the switch or a remote server running a syslog daemon • Method of collecting message logs from many systems Interpreting Log Files <130>...
Page 186: Cli Examples
<6> Nov 29 13:32:12 0.0.0.0-1 UNKN[295813352]: edb.c(360) 7 %% EDB Callback: Uni t Join: 1. <6> Nov 29 13:32:12 0.0.0.0-1 UNKN[293358784]: sysapi.c(1912) 8 %% Building defa ults for file simCfgData.cfg version 3 © 2001- 2011 D-Link Corporation. All Rights Reserved.
Page 187: Example #3: Show Logging Traplogs
Syslog Example #3: show logging traplogs (DWS-3024) #show logging traplogs Number of Traps Since Last Reset....16 Trap Log Capacity......256 Number of Traps Since Log Last Viewed..0 Log System Up Time Trap --- ------------------------ --------------------------------------- 0 6 days 20:22:35 Failed User Login: Unit: 1 User ID: 1 6 days 19:19:58 Multiple Users: Unit: 0 Slot: 3 Port: 1...
Page 188: Example #5: Logging Port Configuration
(DWS-3024) (Config)#logging host 192.168.21.253 4 1 ? <cr> Press Enter to execute the command. (DWS-3024) (Config)#logging host 192.168.21.253 4 1 (DWS-3024) (Config)#exit (DWS-3024) #show logging hosts Index IP Address Port Status ----- ----------------- ---- ------------- 192.168.21.253 Active © 2001- 2011 D-Link Corporation. All Rights Reserved.
Page 189: Web Examples
Syslog Web Examples The following web pages are used with the Syslog feature. Figure 116. Log - Syslog Configuration Page Figure 117. Buffered Log Configuration Page Web Examples...
Page 190: Figure 118. Log - Hosts Configuration Page - Add Host
Configuration Guide Figure 118. Log - Hosts Configuration Page - Add Host Figure 119. Log - Hosts Configuration Page © 2001- 2011 D-Link Corporation. All Rights Reserved.
Page 191: Port Description
Port Description The Port Description feature lets you specify an alphanumeric interface identifier that can be used for SNMP network management. CLI Example Use the commands shown below for the Port Description feature. Example #1: Enter a Description for a Port This example specifies the name “Test”...
Page 192: Configuring Port Description With The Web Interface
Configuration Guide Configuring Port Description with the Web Interface Use the following Web screen to enter Port Description information. Figure 120. Port Configuration Screen - Set Port Description © 2001- 2011 D-Link Corporation. All Rights Reserved.

D-Link DWS-3000 Series Configuration Manual

List of Figures

List of Tables

About this Book

1 Getting Started

2 Using the Web Interface

3 Virtual Lans

4 Storm Control

5 Trunking (Link Aggregation)

6 IGMP Snooping

7 Port Mirroring

8 Link Layer Discovery Protocol

9 Denial of Service Attack Protection

10 Port Routing

11 VLAN Routing

12 Virtual Router Redundancy Protocol

13 Proxy Address Resolution Protocol (ARP)

14 Routing Information Protocol (RIP)

15 Access Control Lists (Acls)

16 1X Network Access Control

17 Captive Portal

18 Port Security

19 Radius

20 Tacacs

21 Class of Service Queuing

22 Differentiated Services

23 DHCP Filtering

24 Traceroute

Quick Links

Configuration Guide

Related Manuals for D-Link DWS-3000 Series

Summary of Contents for D-Link DWS-3000 Series