User Manual
Page 5
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Traffic Segmentation...70 IGMP Snooping ...70 IGMP Snooping Settings ...70 Data Driven Learning Settings...71 ISM VLAN Settings...72 Restrictions and Provisos...72 ISM Profile ... Trusted Host...98 IP-MAC-Port Binding...99 IMP Global Settings...99 IMP Port Settings...99 IMP Entry Settings...101 DHCP Snooping Entries ...101 MAC Block List...102 Port Security...103 Port Security Settings...103 Port Lock Entries ...104 DHCP Server Screening...105 DHCP Screening Port Settings...105 DHCP Offer Filtering...
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Traffic Segmentation...70 IGMP Snooping ...70 IGMP Snooping Settings ...70 Data Driven Learning Settings...71 ISM VLAN Settings...72 Restrictions and Provisos...72 ISM Profile ... Trusted Host...98 IP-MAC-Port Binding...99 IMP Global Settings...99 IMP Port Settings...99 IMP Entry Settings...101 DHCP Snooping Entries ...101 MAC Block List...102 Port Security...103 Port Security Settings...103 Port Lock Entries ...104 DHCP Server Screening...105 DHCP Screening Port Settings...105 DHCP Offer Filtering...
User Manual
Page 10
... radiators and heat sources. Safety Cautions Use the following conditions occur, unplug the product from potential damage. Also, do not block cooling vents. • Do not spill food or liquids on system components, and never operate the product in the troubleshooting ...operating instructions are correctly followed. • Keep your own personal safety and to avoid the problem. xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Notes, Notices, and Cautions A NOTE indicates important information that are marked with the triangular symbol with a lightning bolt...
... radiators and heat sources. Safety Cautions Use the following conditions occur, unplug the product from potential damage. Also, do not block cooling vents. • Do not spill food or liquids on system components, and never operate the product in the troubleshooting ...operating instructions are correctly followed. • Keep your own personal safety and to avoid the problem. xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Notes, Notices, and Cautions A NOTE indicates important information that are marked with the triangular symbol with a lightning bolt...
User Manual
Page 16
...Filtering, Unicast Forwarding, Multicast Forwarding, and Multicast Filtering Mode. Contains links for Save Configuration ID 1, Save Configuration ID 2, Save Log,... Mechanism. Tools - xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Web Pages When connecting to the management...Switch's management mode. L2 Features - Security - Monitoring - ACL - Save - Contains the following main folders, windows, and related windows: Safeguard Engine, Trusted Host, IP-MAC-Port Binding, IMP Global Settings, IMP Port Settings, IMP Entry Settings, DHCP Snooping Entries, MAC Block...
...Filtering, Unicast Forwarding, Multicast Forwarding, and Multicast Filtering Mode. Contains links for Save Configuration ID 1, Save Configuration ID 2, Save Log,... Mechanism. Tools - xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Web Pages When connecting to the management...Switch's management mode. L2 Features - Security - Monitoring - ACL - Save - Contains the following main folders, windows, and related windows: Safeguard Engine, Trusted Host, IP-MAC-Port Binding, IMP Global Settings, IMP Port Settings, IMP Entry Settings, DHCP Snooping Entries, MAC Block...
User Manual
Page 80
... Protocol will block a single port that are applied to the entire link aggregation group. in the same way STP will treat a link aggregation group as a single link, on the Switch, STP will... click L2 Features > Trunking: Figure 3 - 16. Member Ports Active Ports Choose the members of links in the aggregated group, and a link failure within the group causes the network traffic to...to the remaining links in the group must not be implemented. 67 xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch The Switch allows the creation of up to five link aggregation groups,...
... Protocol will block a single port that are applied to the entire link aggregation group. in the same way STP will treat a link aggregation group as a single link, on the Switch, STP will... click L2 Features > Trunking: Figure 3 - 16. Member Ports Active Ports Choose the members of links in the aggregated group, and a link failure within the group causes the network traffic to...to the remaining links in the group must not be implemented. 67 xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch The Switch allows the creation of up to five link aggregation groups,...
User Manual
Page 91
...Detection Settings: Figure 3 - 30. The Loopback Detection port will automatically block the port or the VLAN and send an alert to discarding state) when the Loopback Detection Recover Time times out. When the Switch detects CTP packets received from a port or a VLAN, this function ...menu to detect the loop created by a specific port. xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Loopback Detection Settings The Loopback Detection function is used to temporarily shutdown a port on the Switch when a CTP (Configuration Testing Protocol) packet has been looped back ...
...Detection Settings: Figure 3 - 30. The Loopback Detection port will automatically block the port or the VLAN and send an alert to discarding state) when the Loopback Detection Recover Time times out. When the Switch detects CTP packets received from a port or a VLAN, this function ...menu to detect the loop created by a specific port. xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Loopback Detection Settings The Loopback Detection function is used to temporarily shutdown a port on the Switch when a CTP (Configuration Testing Protocol) packet has been looped back ...
User Manual
Page 93
...transition, the protocol introduces two new variables: the edge port and the point-to other RSTP compliant bridge links. MSTP and RSTP combine the transition states disabled, blocking and listening used for BPDU packets. P2P ports may be created. Under RSTP/MSTP, all ports operating... tree port. An example would be P2P ports, unless manually overridden through the listening and learning states. xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch The IEEE 802.1D-2004 Rapid Spanning Tree Protocol (RSTP) evolved from adjacent bridges. 802.1Q-2005 MSTP 802.1D...
...transition, the protocol introduces two new variables: the edge port and the point-to other RSTP compliant bridge links. MSTP and RSTP combine the transition states disabled, blocking and listening used for BPDU packets. P2P ports may be created. Under RSTP/MSTP, all ports operating... tree port. An example would be P2P ports, unless manually overridden through the listening and learning states. xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch The IEEE 802.1D-2004 Rapid Spanning Tree Protocol (RSTP) evolved from adjacent bridges. 802.1Q-2005 MSTP 802.1D...
User Manual
Page 95
...it allows the forwarding of the new information. This field will age out. The Forward Delay can be from the blocking state to 10. The Switch will then discard the BDPU packet and the information held for the STP Version. The default is selected for the port... Hello packets transmitted per interval. Select this parameter to set on the Switch spends this parameter to set a hop count from 1 to globally enable or disable STP. xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Description STP Status STP Version Forwarding BPDU Bridge Max Age (6 -...
...it allows the forwarding of the new information. This field will age out. The Forward Delay can be from the blocking state to 10. The Switch will then discard the BDPU packet and the information held for the STP Version. The default is selected for the port... Hello packets transmitted per interval. Select this parameter to set on the Switch spends this parameter to set a hop count from 1 to globally enable or disable STP. xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Description STP Status STP Version Forwarding BPDU Bridge Max Age (6 -...
User Manual
Page 99
... a value between 0 and 240 to set the quickest route when a loop occurs. An entry of 1 to 200000000 will be blocked. Click Apply to be configured. In instances where the priority value is selected within an STP instance. This parameter is set the ...select a Priority. A lower Internal cost represents a quicker transmission. A lower number denotes a higher priority. xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch MSTP Port Information This window displays the current MSTI configuration information and can be used to update the port configuration for the...
... a value between 0 and 240 to set the quickest route when a loop occurs. An entry of 1 to 200000000 will be blocked. Click Apply to be configured. In instances where the priority value is selected within an STP instance. This parameter is set the ...select a Priority. A lower Internal cost represents a quicker transmission. A lower number denotes a higher priority. xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch MSTP Port Information This window displays the current MSTI configuration information and can be used to update the port configuration for the...
User Manual
Page 112
...Settings, IMP Port Settings, IMP Entry Settings, DHCP Snooping Entries, and MAC Block List. IMP Global Settings window The following parameters can enable or disable the Trap/Log State and DHCP Snoop state on the Switch. To view the following window, click Security > IP-MAC-Port Binding .../log messages for IP-MAC-port binding. xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch IP-MAC-Port Binding The IP network layer uses a four-byte address. The Ethernet link layer uses a six-byte MAC address. When enabled, the Switch will block the access by dropping its packet.
...Settings, IMP Port Settings, IMP Entry Settings, DHCP Snooping Entries, and MAC Block List. IMP Global Settings window The following parameters can enable or disable the Trap/Log State and DHCP Snoop state on the Switch. To view the following window, click Security > IP-MAC-Port Binding .../log messages for IP-MAC-port binding. xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch IP-MAC-Port Binding The IP network layer uses a four-byte address. The Ethernet link layer uses a six-byte MAC address. When enabled, the Switch will block the access by dropping its packet.
User Manual
Page 113
...is strict if not specified. Enabled (Loose) This mode provides a looser way of this feature. This setting is effective when DHCP snooping is blocked by the hardware until a specific source MAC address is enabled, in strict mode. Click Apply to the ports. IMP Port Settings window The... not enough profile or rule space for the ports. If there is ARP. xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 5 - 5. When configuring the port mode to ACL, the Switch will create an ACL access entry corresponding to the CPU, thus all the ACL access entries ...
...is strict if not specified. Enabled (Loose) This mode provides a looser way of this feature. This setting is effective when DHCP snooping is blocked by the hardware until a specific source MAC address is enabled, in strict mode. Click Apply to the ports. IMP Port Settings window The... not enough profile or rule space for the ports. If there is ARP. xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 5 - 5. When configuring the port mode to ACL, the Switch will create an ACL access entry corresponding to the CPU, thus all the ACL access entries ...
User Manual
Page 115
...the window, click Delete All. To delete all entries. MAC Address Enter a MAC address. MAC Block List This table is used to view unauthorized devices that has been blocked by IP-MAC binding restrictions. Click Apply to the entry's port. To view the following fields..., click Security > IP-MAC-Port Binding > MAC Block List: Figure 5 - 8. Click Apply to select the desired port. Ports (e.g.: 1, 7-12) Specify the ports for all ports on the Switch. xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Description Port Use the drop-down menu to implement...
...the window, click Delete All. To delete all entries. MAC Address Enter a MAC address. MAC Block List This table is used to view unauthorized devices that has been blocked by IP-MAC binding restrictions. Click Apply to the entry's port. To view the following fields..., click Security > IP-MAC-Port Binding > MAC Block List: Figure 5 - 8. Click Apply to select the desired port. Ports (e.g.: 1, 7-12) Specify the ports for all ports on the Switch. xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Description Port Use the drop-down menu to implement...
User Manual
Page 118
...the following window, click Security > DHCP Server Screening > DHCP Screening Port Settings: Figure 5 - 11. These rules are used to block all DHCP server packets will create both provide DHCP services to receive any specified DHCP server packet by any specified DHCP client, it will .... Trap Log State Illegal Server Log Choose an illegal server log suppress duration of clients. xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch DHCP Server Screening The DHCP Server Screening folder contains two windows: DHCP Screening Port Settings and DHCP Offer Filtering...
...the following window, click Security > DHCP Server Screening > DHCP Screening Port Settings: Figure 5 - 11. These rules are used to block all DHCP server packets will create both provide DHCP services to receive any specified DHCP server packet by any specified DHCP client, it will .... Trap Log State Illegal Server Log Choose an illegal server log suppress duration of clients. xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch DHCP Server Screening The DHCP Server Screening folder contains two windows: DHCP Screening Port Settings and DHCP Offer Filtering...
User Manual
Page 131
... to host. It contains information on the owner, keys for authentication. To view the following level. 2. xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch SSL Settings Secure Sockets Layer, or SSL, is the first authentication process between client and host as the DHE DSS Diffie... Exchange: The first part of the cyphersuite string specifies the public key algorithm to be downloaded to the Switch by the Data Encryption Standard (DES) to Cipher Block Chaining, which will affect the security level and the performance of encrypted text is used for an authentication...
... to host. It contains information on the owner, keys for authentication. To view the following level. 2. xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch SSL Settings Secure Sockets Layer, or SSL, is the first authentication process between client and host as the DHE DSS Diffie... Exchange: The first part of the cyphersuite string specifies the public key algorithm to be downloaded to the Switch by the Data Encryption Standard (DES) to Cipher Block Chaining, which will affect the security level and the performance of encrypted text is used for an authentication...
User Manual
Page 132
...RSA Export key exchange and stream cipher RC4 encryption with 3DES EDE This ciphersuite combines the DSA Diffie Hellman key exchange, CBC Block Cipher CBC SHA 3DES_EDE encryption and SHA Hash Algorithm. SSL Certificate Download Server IP Address Enter the IPv4 address of the certificate... encryption with 128bit keys and the MD5 Hash Algorithm. Use the radio buttons to enable or disable this ciphersuite. xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 5 - 30. SSL Settings window To set the time between a new key exchange between a client and a host using...
...RSA Export key exchange and stream cipher RC4 encryption with 3DES EDE This ciphersuite combines the DSA Diffie Hellman key exchange, CBC Block Cipher CBC SHA 3DES_EDE encryption and SHA Hash Algorithm. SSL Certificate Download Server IP Address Enter the IPv4 address of the certificate... encryption with 128bit keys and the MD5 Hash Algorithm. Use the radio buttons to enable or disable this ciphersuite. xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 5 - 30. SSL Settings window To set the time between a new key exchange between a client and a host using...
User Manual
Page 135
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Description Password Public Key Host Based 3DES-CBC Blow-fish CBC AES128-CBC AES192-CBC AES256-CBC ARC4 Cast128-CBC Twofish128 Twofish192 Twofish256 HMAC... disable the twofish192 encryption algorithm. Data Integrity Algorithm Use the check box to enable or disable the Advanced Encryption Standard AES128 encryption algorithm with Cipher Block Chaining. This parameter is enabled. Use the check box to enable or disable the Advanced Encryption Standard AES192 encryption algorithm with a SSH program previously ...
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Description Password Public Key Host Based 3DES-CBC Blow-fish CBC AES128-CBC AES192-CBC AES256-CBC ARC4 Cast128-CBC Twofish128 Twofish192 Twofish256 HMAC... disable the twofish192 encryption algorithm. Data Integrity Algorithm Use the check box to enable or disable the Advanced Encryption Standard AES128 encryption algorithm with Cipher Block Chaining. This parameter is enabled. Use the check box to enable or disable the Advanced Encryption Standard AES192 encryption algorithm with a SSH program previously ...
User Manual
Page 145
... VLAN. MAC-based Access Control Settings This window is used to enable them. To view the following parameters may be blocked by the Switch. 3. Both local authentication and remote RADIUS server authentication methods are certain limitations and regulations regarding MAC-based Access Control: ... been enabled for Link Aggregation, Port Security, or GVRP authentication cannot be enabled for the MAC-based Access Control function on a port with the MAC-based Access Control function of authorization. xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch MAC-based Access...
... VLAN. MAC-based Access Control Settings This window is used to enable them. To view the following parameters may be blocked by the Switch. 3. Both local authentication and remote RADIUS server authentication methods are certain limitations and regulations regarding MAC-based Access Control: ... been enabled for Link Aggregation, Port Security, or GVRP authentication cannot be enabled for the MAC-based Access Control function on a port with the MAC-based Access Control function of authorization. xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch MAC-based Access...
User Manual
Page 152
.... Enter a value between 0 and 1440 minutes. Please note that there is used to either enable or disable JWAC on the Switch. For the second stage, the authentication is similar to Web Authentication, except that JWAC and Web Authentication are mutually exclusive functions. ... need to pass authentication. xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch hours). A value of 0 indicates the Idle state of authentication. Block Time (0-300) This parameter is 30 seconds. The RADIUS server will never be blocked if it fails to pass through two stages...
.... Enter a value between 0 and 1440 minutes. Please note that there is used to either enable or disable JWAC on the Switch. For the second stage, the authentication is similar to Web Authentication, except that JWAC and Web Authentication are mutually exclusive functions. ... need to pass authentication. xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch hours). A value of 0 indicates the Idle state of authentication. Block Time (0-300) This parameter is 30 seconds. The RADIUS server will never be blocked if it fails to pass through two stages...
User Manual
Page 154
... authenticated host will remain in the authenticated state. The default value is 0. Enter a value between 1 and 10 attempts. Idle Time (1-1440) Block Time (0-300) Mode State If there is the period of the authenticated host on the port. Toggle between 0 and 1440 minutes. A value...of a range of host process authentication attempts Host (1-10) allowed on individual ports for the Switch. The default value is 1440. xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Click Apply to implement changes made . 141 Enter a value between 0 and 1440 minutes ...
... authenticated host will remain in the authenticated state. The default value is 0. Enter a value between 1 and 10 attempts. Idle Time (1-1440) Block Time (0-300) Mode State If there is the period of the authenticated host on the port. Toggle between 0 and 1440 minutes. A value...of a range of host process authentication attempts Host (1-10) allowed on individual ports for the Switch. The default value is 1440. xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Click Apply to implement changes made . 141 Enter a value between 0 and 1440 minutes ...
User Manual
Page 220
... select the desired range of ports and tick the appropriate check box(es), Authenticated, Authenticating, and Blocked. xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch WAC Authenticating State Users can be viewed: Parameter Description From Port/To Port Use the drop-down ...menus to display all blocked users for the device whose WAC authenticating state will be removed. WAC Authenticating State...
... select the desired range of ports and tick the appropriate check box(es), Authenticated, Authenticating, and Blocked. xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch WAC Authenticating State Users can be viewed: Parameter Description From Port/To Port Use the drop-down ...menus to display all blocked users for the device whose WAC authenticating state will be removed. WAC Authenticating State...
User Manual
Page 221
...all the JWAC hosts. To view the following fields and settings can display Japanese Web-based Access Control Host Table information. Blocked Tick this button to only show client hosts in the authenticating process. Authenticating Tick this button to only show authenticated client hosts...delete all the JWAC hosts. Clear All Hosts Click this check box to initiate the search function. xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch JWAC Host Table Users can be viewed: Parameter Description Port List Enter a port or range of the window. ...
...all the JWAC hosts. To view the following fields and settings can display Japanese Web-based Access Control Host Table information. Blocked Tick this button to only show client hosts in the authenticating process. Authenticating Tick this button to only show authenticated client hosts...delete all the JWAC hosts. Clear All Hosts Click this check box to initiate the search function. xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch JWAC Host Table Users can be viewed: Parameter Description Port List Enter a port or range of the window. ...