User Manual
Page 5
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Traffic Segmentation...70 IGMP Snooping ...70 IGMP Snooping Settings ...70 Data Driven Learning Settings...71 ISM VLAN Settings...72 Restrictions and Provisos...72 ISM Profile ... Trusted Host...98 IP-MAC-Port Binding...99 IMP Global Settings...99 IMP Port Settings...99 IMP Entry Settings...101 DHCP Snooping Entries ...101 MAC Block List...102 Port Security...103 Port Security Settings...103 Port Lock Entries ...104 DHCP Server Screening...105 DHCP Screening Port Settings...105 DHCP Offer Filtering...
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Traffic Segmentation...70 IGMP Snooping ...70 IGMP Snooping Settings ...70 Data Driven Learning Settings...71 ISM VLAN Settings...72 Restrictions and Provisos...72 ISM Profile ... Trusted Host...98 IP-MAC-Port Binding...99 IMP Global Settings...99 IMP Port Settings...99 IMP Entry Settings...101 DHCP Snooping Entries ...101 MAC Block List...102 Port Security...103 Port Security Settings...103 Port Lock Entries ...104 DHCP Server Screening...105 DHCP Screening Port Settings...105 DHCP Offer Filtering...
User Manual
Page 10
... product. • The product has been exposed to help protect your system from radiators and heat sources. xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Notes, Notices, and Cautions A NOTE indicates important information that helps make better use of data and tells how to avoid...the system documentation. • Opening or removing covers that are correctly followed. • Keep your trained service provider. Also, do not block cooling vents. • Do not spill food or liquids on system components, and never operate the product in the troubleshooting guide or ...
... product. • The product has been exposed to help protect your system from radiators and heat sources. xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Notes, Notices, and Cautions A NOTE indicates important information that helps make better use of data and tells how to avoid...the system documentation. • Opening or removing covers that are correctly followed. • Keep your trained service provider. Also, do not block cooling vents. • Do not spill food or liquids on system components, and never operate the product in the troubleshooting guide or ...
User Manual
Page 16
..., Trusted Host, IP-MAC-Port Binding, IMP Global Settings, IMP Port Settings, IMP Entry Settings, DHCP Snooping Entries, MAC Block List, Port Security, Port Security Settings, Port Lock Entries, DHCP Server Screening, DHCP Screening Port Settings, DHCP Offer Filtering, ...links for Save Configuration ID 1, Save Configuration ID 2, Save Log, and Save All. QoS - ACL - Below is displayed. Contains the following main folders, windows, and related windows: Access Profile List, CPU Access Profile List, and Time Range Settings. xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch...
..., Trusted Host, IP-MAC-Port Binding, IMP Global Settings, IMP Port Settings, IMP Entry Settings, DHCP Snooping Entries, MAC Block List, Port Security, Port Security Settings, Port Lock Entries, DHCP Server Screening, DHCP Screening Port Settings, DHCP Offer Filtering, ...links for Save Configuration ID 1, Save Configuration ID 2, Save Log, and Save All. QoS - ACL - Below is displayed. Contains the following main folders, windows, and related windows: Access Profile List, CPU Access Profile List, and Time Range Settings. xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch...
User Manual
Page 80
...Source Dest. LACP allows for the group, between Static and LACP (Link Aggregation Control Protocol). The Spanning Tree Protocol will block one entire group; To view the following window, click L2 Features > Trunking: Figure 3 - 16. Group ID (1-5) Select an ID number for the automatic detection ... of port cost and in the group must not be assigned to a group. xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch The Switch allows the creation of up to five link aggregation groups, each group consisting of a trunked group. State Use the drop-down menu to...
...Source Dest. LACP allows for the group, between Static and LACP (Link Aggregation Control Protocol). The Spanning Tree Protocol will block one entire group; To view the following window, click L2 Features > Trunking: Figure 3 - 16. Group ID (1-5) Select an ID number for the automatic detection ... of port cost and in the group must not be assigned to a group. xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch The Switch allows the creation of up to five link aggregation groups, each group consisting of a trunked group. State Use the drop-down menu to...
User Manual
Page 91
The Loopback Detection port will automatically block the port or the VLAN and send an alert... loop created by a specific port. Loopback Detection Settings window (Port-based) Figure 3 - 31. When the Switch detects CTP packets received from a port or a VLAN, this function using the pull-down menu to toggle between...out. The user may be implemented on the Switch when a CTP (Configuration Testing Protocol) packet has been looped back to the Switch. xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Loopback Detection Settings The Loopback Detection function is ...
The Loopback Detection port will automatically block the port or the VLAN and send an alert... loop created by a specific port. Loopback Detection Settings window (Port-based) Figure 3 - 31. When the Switch detects CTP packets received from a port or a VLAN, this function using the pull-down menu to toggle between...out. The user may be implemented on the Switch when a CTP (Configuration Testing Protocol) packet has been looped back to the Switch. xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Loopback Detection Settings The Loopback Detection function is ...
User Manual
Page 93
...1Q-2005 MSTP 802.1D-2004 RSTP Disabled Disabled Discarding Discarding Discarding Discarding Learning Learning Forwarding Forwarding 802.1D-1998 STP Disabled Blocking Listening Learning Forwarding Forwarding No No No No Yes Learning No No No Yes Yes Table 3 - 2. with legacy equipment....1D-1998 and creates a single state Discarding. xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch The IEEE 802.1D-2004 Rapid Spanning Tree Protocol (RSTP) evolved from other bridges. Therefore, each link between bridges is not active in full-duplex mode are globally ...
...1Q-2005 MSTP 802.1D-2004 RSTP Disabled Disabled Discarding Discarding Discarding Discarding Learning Learning Forwarding Forwarding 802.1D-1998 STP Disabled Blocking Listening Learning Forwarding Forwarding No No No No Yes Learning No No No Yes Yes Table 3 - 2. with legacy equipment....1D-1998 and creates a single state Discarding. xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch The IEEE 802.1D-2004 Rapid Spanning Tree Protocol (RSTP) evolved from other bridges. Therefore, each link between bridges is not active in full-duplex mode are globally ...
User Manual
Page 95
...Used to the forwarding state. The Forward Delay can be Enabled or Disabled. The count can be specified from the blocking state to set up on the Switch spends this time in a spanning tree region before the BPDU (bridge protocol data unit) packet sent by one ... aid in the network, preventing the effective propagation of STP BPDU packets from 4 to 40. xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Description STP Status STP Version Forwarding BPDU Bridge Max Age (6 - 40) Bridge Hello Time (1 - 2) Bridge Forward Delay (4 - 30) Tx Hold ...
...Used to the forwarding state. The Forward Delay can be Enabled or Disabled. The count can be specified from the blocking state to set up on the Switch spends this time in a spanning tree region before the BPDU (bridge protocol data unit) packet sent by one ... aid in the network, preventing the effective propagation of STP BPDU packets from 4 to 40. xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Description STP Status STP Version Forwarding BPDU Bridge Max Age (6 - 40) Bridge Hello Time (1 - 2) Bridge Forward Delay (4 - 30) Tx Hold ...
User Manual
Page 99
... relative cost of forwarding packets to select the Port number. Selecting 0 (zero) for an interface. xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch MSTP Port Information This window displays the current MSTI configuration information and can be used to implement the changes made. ... to select a Priority. Selecting this field denotes the CIST (default MSTI). Enter a value between 0 and 15. A higher priority will be blocked. If a loop occurs, the MSTP function will use the port priority to select an interface to put into the forwarding state and other interfaces will...
... relative cost of forwarding packets to select the Port number. Selecting 0 (zero) for an interface. xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch MSTP Port Information This window displays the current MSTI configuration information and can be used to implement the changes made. ... to select a Priority. Selecting this field denotes the CIST (default MSTI). Enter a value between 0 and 15. A higher priority will be blocked. If a loop occurs, the MSTP function will use the port priority to select an interface to put into the forwarding state and other interfaces will...
User Manual
Page 112
... DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch IP-MAC-Port Binding The IP network layer uses a four-byte address. The primary purpose of IP-MAC-port binding is to restrict the access to a switch ... creation of trap/log messages for IP-MAC-port binding. The Trap/Log field will block the access by either checking the pair of trap/log messages for IP-MAC-port binding...-MAC-port binding configuration set on the Switch. To view the following window, click Security > IP-MAC-Port Binding > IMP Global Settings: Figure 5 - 4. The Ethernet link layer uses a six-byte MAC address...
... DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch IP-MAC-Port Binding The IP network layer uses a four-byte address. The primary purpose of IP-MAC-port binding is to restrict the access to a switch ... creation of trap/log messages for IP-MAC-port binding. The Trap/Log field will block the access by either checking the pair of trap/log messages for IP-MAC-port binding...-MAC-port binding configuration set on the Switch. To view the following window, click Security > IP-MAC-Port Binding > IMP Global Settings: Figure 5 - 4. The Ethernet link layer uses a six-byte MAC address...
User Manual
Page 113
...DHCP Packet By default, the DHCP packet with strict mode will be set to the CPU. When configuring the port mode to ACL, the Switch will still be set to the entries of control. The default mode is not enough profile or rule space for the ports. The packets will.... When set to ARP, all packets will be set to the ports. The default mode is blocked by the specified port will be forwarded in this feature. xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 5 - 5. Allow zero IP configures the state which has been trapped by the CPU needs...
...DHCP Packet By default, the DHCP packet with strict mode will be set to the CPU. When configuring the port mode to ACL, the Switch will still be set to the entries of control. The default mode is not enough profile or rule space for the ports. The packets will.... When set to ARP, all packets will be set to the ports. The default mode is blocked by the specified port will be forwarded in this feature. xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 5 - 5. Allow zero IP configures the state which has been trapped by the CPU needs...
User Manual
Page 115
...the entries in the appropriate fields and click Find. MAC Block List window The following window, click Security > IP-MAC-Port Binding > MAC Block List: Figure 5 - 8. xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Description Port Use the drop-down menu to the ...entry's port. To find an unauthorized device that have been blocked by the IP-MAC binding restrictions, ...
...the entries in the appropriate fields and click Find. MAC Block List window The following window, click Security > IP-MAC-Port Binding > MAC Block List: Figure 5 - 8. xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Description Port Use the drop-down menu to the ...entry's port. To find an unauthorized device that have been blocked by the IP-MAC binding restrictions, ...
User Manual
Page 118
... setting the previous parameters, click Apply to allow your changes to block all DHCP server packets will create both provide DHCP services to permit the DHCP server packets with the selected port. xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch DHCP Server Screening The DHCP Server Screening folder contains two windows: DHCP...
... setting the previous parameters, click Apply to allow your changes to block all DHCP server packets will create both provide DHCP services to permit the DHCP server packets with the selected port. xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch DHCP Server Screening The DHCP Server Screening folder contains two windows: DHCP...
User Manual
Page 131
...sizes to be used in a file form called a certificate. CBC refers to Cipher Block Chaining, which is used for authentication and digital signatures. This function of the Switch cannot be executed without the presence and implementation of three levels: 1. Other versions of... user may not be compatible with .der file extensions. The Switch supports SSLv3. The Switch possesses four possible ciphersuites for authenticating devices on the network. xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch SSL Settings Secure Sockets Layer, or SSL, is the first ...
...sizes to be used in a file form called a certificate. CBC refers to Cipher Block Chaining, which is used for authentication and digital signatures. This function of the Switch cannot be executed without the presence and implementation of three levels: 1. Other versions of... user may not be compatible with .der file extensions. The Switch supports SSLv3. The Switch possesses four possible ciphersuites for authenticating devices on the network. xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch SSL Settings Secure Sockets Layer, or SSL, is the first ...
User Manual
Page 132
... RSA Export key exchange and stream cipher RC4 encryption with 3DES EDE CBC SHA This ciphersuite combines the RSA key exchange, CBC Block Cipher 3DES_EDE encryption and the SHA Hash Algorithm. Certificate File Name Enter the path and the filename of the TFTP server where .... SSL Certificate Download Server IP Address Enter the IPv4 address of the certificate file to enable or disable this ciphersuite. xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 5 - 30. This field is Disabled. RSA with 40-bit keys. This file must have a .der extension. (Ex...
... RSA Export key exchange and stream cipher RC4 encryption with 3DES EDE CBC SHA This ciphersuite combines the RSA key exchange, CBC Block Cipher 3DES_EDE encryption and the SHA Hash Algorithm. Certificate File Name Enter the path and the filename of the TFTP server where .... SSL Certificate Download Server IP Address Enter the IPv4 address of the certificate file to enable or disable this ciphersuite. xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 5 - 30. This field is Disabled. RSA with 40-bit keys. This file must have a .der extension. (Ex...
User Manual
Page 135
...This parameter is enabled by default. Encryption Algorithm Use the check box to enable or disable the Blowfish encryption algorithm with Cipher Block Chaining. The default is enabled. The default is enabled. The default is enabled. Data Integrity Algorithm Use the check box...enable or disable the Advanced Encryption Standard AES128 encryption algorithm with a SSH program previously installed. xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Description Password Public Key Host Based 3DES-CBC Blow-fish CBC AES128-CBC AES192-CBC AES256-CBC ARC4...
...This parameter is enabled by default. Encryption Algorithm Use the check box to enable or disable the Blowfish encryption algorithm with Cipher Block Chaining. The default is enabled. The default is enabled. The default is enabled. Data Integrity Algorithm Use the check box...enable or disable the Advanced Encryption Standard AES128 encryption algorithm with a SSH program previously installed. xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Description Password Public Key Host Based 3DES-CBC Blow-fish CBC AES128-CBC AES192-CBC AES256-CBC ARC4...
User Manual
Page 145
...to a network. Other MAC addresses attempting authentication on the Switch. In MAC-based Access Control, MAC user information in a VLAN that have been enabled for Link Aggregation, Port Security, or GVRP authentication cannot be enabled ...DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch MAC-based Access Control MAC-based Access Control is not a Guest VLAN, other features, listed previously, can set the running state, method of authentication, RADIUS password, view the Guest VLAN configuration to be associated with the maximum number of authenticated MAC addresses will be blocked...
...to a network. Other MAC addresses attempting authentication on the Switch. In MAC-based Access Control, MAC user information in a VLAN that have been enabled for Link Aggregation, Port Security, or GVRP authentication cannot be enabled ...DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch MAC-based Access Control MAC-based Access Control is not a Guest VLAN, other features, listed previously, can set the running state, method of authentication, RADIUS password, view the Guest VLAN configuration to be associated with the maximum number of authenticated MAC addresses will be blocked...
User Manual
Page 152
... infinite. The Virtual IP address of time a host will never be moved back to pass authentication. xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch hours). State Use this drop-down menu to this drop-down menu to accept authentication requests from an unauthenticated host.... the server configuration defined by JWAC after a host passes authentication. The default value is , they cannot be blocked if it fails to the unauthenticated state. Block Time (0-300) This parameter is no port VLAN membership change by the 802.1X command set the Web authentication...
... infinite. The Virtual IP address of time a host will never be moved back to pass authentication. xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch hours). State Use this drop-down menu to this drop-down menu to accept authentication requests from an unauthenticated host.... the server configuration defined by JWAC after a host passes authentication. The default value is , they cannot be blocked if it fails to the unauthenticated state. Block Time (0-300) This parameter is no port VLAN membership change by the 802.1X command set the Web authentication...
User Manual
Page 154
... a value between Host Based and Port Based. The default value is 10. Toggle between 0 and 300 seconds. xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Click Apply to implement changes made . 141 Use this drop-down menu to the unauthenticated state. The default value is 0. The...ports. The default value is infinite. Enter a value between 1 and 10 attempts. Idle Time (1-1440) Block Time (0-300) Mode State If there is the period of ports to be blocked if it fails to enable the configured ports as JWAC ports. A value of 0 indicates the Idle state...
... a value between Host Based and Port Based. The default value is 10. Toggle between 0 and 300 seconds. xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Click Apply to implement changes made . 141 Use this drop-down menu to the unauthenticated state. The default value is 0. The...ports. The default value is infinite. Enter a value between 1 and 10 attempts. Idle Time (1-1440) Block Time (0-300) Mode State If there is the period of ports to be blocked if it fails to enable the configured ports as JWAC ports. A value of 0 indicates the Idle state...
User Manual
Page 220
.... MAC Address Enter the MAC address for a port. 207 Clear Click this window. xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch WAC Authenticating State Users can be removed. Search Click this check box to display all blocked users for the device whose WAC authenticating state will be viewed: Parameter Description From Port...
.... MAC Address Enter the MAC address for a port. 207 Clear Click this window. xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch WAC Authenticating State Users can be removed. Search Click this check box to display all blocked users for the device whose WAC authenticating state will be viewed: Parameter Description From Port...
User Manual
Page 221
... View All Hosts Click this check box to delete the Port List data at the top of the window. xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch JWAC Host Table Users can be viewed: Parameter Description Port List Enter a port or range of authentication. 208 Find Click ... hosts in the authenticating process. Clear All Hosts Click this button to view all the JWAC hosts. Blocked Tick this check box to only show client hosts being temporarily blocked because of the failure of ports. Authenticating Tick this check box to delete all the JWAC hosts. ...
... View All Hosts Click this check box to delete the Port List data at the top of the window. xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch JWAC Host Table Users can be viewed: Parameter Description Port List Enter a port or range of authentication. 208 Find Click ... hosts in the authenticating process. Clear All Hosts Click this button to view all the JWAC hosts. Blocked Tick this check box to only show client hosts being temporarily blocked because of the failure of ports. Authenticating Tick this check box to delete all the JWAC hosts. ...