D-Link DGS-3100 guide

Notes about ‘IP’ and ‘MAC’ Based ACLs in the DGS-3100 Series

DGS-3100 Series Gigabit Stackable Managed Switch User Manual

Notes about ‘IP’ and ‘MAC’ Based ACLs in the DGS-3100 Series

ACLs can be configured in DGS-3100 series via the WEB GUI in two ways: through the ‘ACL Configuration Wizard’ screen (by automatic creation of profile and rule) and through the ‘ACL Profile List’ page by manual creation of profiles and rules.

By using the ‘ACL Configuration Wizard’ page the user can create simple ACLs in a simple way, after setting a rule via this page, the system will create an ‘Access Profile’ and also an ‘Access Rule’ and will bind it to a port or a group of ports. Each operation via the Wizard can create either MAC based ACL or IP based ACL, the user can’t combine both types of ACLs in the same operation.

NOTE: Access Profile can be a MAC Access Profile or an IP Access Profile, when using the ACL Conriguration Wizard, ‘IP’ or ‘MAC’ should be selected in the ‘From’ and ‘To’ dropdowns. When using the ‘Access Profile List’ page, after clicking: ‘Add Access Profile’, the user can choose wether to create ‘L2 ACL’ (MAC) or ‘L3 ACL’ (IP).

•The user can set IP based ACL and MAC Based ACL on the same port(s) is the following: way:

–Go to ‘Add Access Profile’ page.

–Add L2 Access Profile with the desired fields.

–Add L3 Access Profile with the desired fields.

–Go to ‘Access Rule List’ page, create rules for both profiles and apply it on the same port(s). Now you have on the port(s) IP Based ACL and MAC Based ACL.

NOTE: Adding rules to specific profile will have a unique Access ID in the range 1-240.

When the user is adding a rule to different profiles he can’t use the same Access ID for different rules.

162

Image 174

D-Link user manual Notes about ‘IP’ and ‘MAC’ Based ACLs in the DGS-3100 Series

Contents

D-Link DGS-3100 SERIES GIGABIT STACKABLE MANAGED SWITCH User ManualV2.20 Warnung FCC WarningCE Mark Warning Precaución Table of Contents Defining SNMP Host Table Configuring Port Security Safety Cautions General Precautions for Rack-Mountable Products PrefaceDGS-3100 Series Gigabit Stackable Managed Switch User Manual System Overview Viewing the Device Device Management Methods DGS-3100 Series Front Panel System OverviewViewing the Device Figure 1 DGS-3100 Series 48 Port Front Panel Web Based Management Interface Device Management MethodsCommand Line Console SNMP-Based Management Notes, Notices, and Cautions Safety CautionsUser Guide Overview NOTE A NOTE indicates important information that helps you make better use of your device An object has fallen into the product The power cable, extension cable, or plug is damagedUnplug the power cable before removing the power supply The product has been exposed to water General Precautions for Rack-Mountable Products Battery Handling Reminder Protecting Against Electrostatic Discharge Understanding the D-Link Embedded Web Interface Using the Web-Based User InterfaceGETTING STARTED View 2. Device Figure 1-1. Device Information Page1. Tree View Information View Locating Devices Using the Tool MenuDisplaying the Stack Status 1. Click Device Locator. The Device Locator Page opens Backing up and Restoring Configuration Files Figure 1-3 Config Backup and Restore PageField Http TFTP Resetting the Device 1. Click Reset. The Factory Reset Page opensFigure 1-4 Factory Reset Page Downloading the Firmware 1. Click Firmware Download. The Firmware Download Page opensFigure 1-5 Firmware Download Page Field HTTP Download TFTP Download Figure 1-6 System Reboot Page Rebooting the System1. Click System Reboot. The System Reboot Page opens 2. Define the Select Unit to Reboot field Name Using the Web System ComponentsComponent Description CONFIGURING BASIC CONFIGURATION Field Device Type System Contact System Name System Location Viewing Device InformationFigure 2-1 Device Information Page Firmware Version Hardware Version System Time System Up Time Safeguard Engine SNMP Trap SSL GVRP Setting Jumbo Frames Field Boot Version MAC Address IP Address Subnet Mask Default GatewayLogin Timeout minutes Time Source 802.1D Spanning Tree DHCP Client BPDU Forwarding IGMP Snooping Broadcast Storm Control 802.1X Status 3. Define the System Location and Login Timeout minutes fields Defining System InformationSystem Contact System Name System Location Login Timeout minutes Figure 2-2 System Information Page Figure 2-3 IP Address Page Defining IP Addresses1. Click Configuration IP Address. The IP Address Page opens Field Advanced Stacking Managing StackingManaging Stacking Modes Allocating Unit IDs Defining a Stacking Master Master Enabled Stacking MembersAssigning Unit IDs Defining a Stacking Back Up Master Stack Startup Process Discovering the Stacking MasterElecting a Stacking Master Unit and Stacking Port Configuration Allocating Unit IDs/Resolving Unit ID Conflicts Managing a Self-Ordered Stack Building Stacks - Quick StartStack Resiliency Managing a New Manually Ordered Stack Building New Manually Ordered Stacks Stack Management ExamplesReplacing Failed Stacking-Members in a Running Stack Adding Stacking Members to an Existing Manually Ordered Stack Replacing a Failed Stack Master Dividing Stacks Page Merging Stacks Stacking Cable FailureInserting Excess Stacking Members When switches are added to a running stack, the Unit ID Allocation and Duplicate ID Conflict Resolution process detects an error if too many switches are present in the stack, and no changes are to stacking members that originally belonged to the group managed by the newly elected master. The original switches retain their ID assignments and configurations. The stacking members that originally belonged to the group managed by the Stack Master that lost the Master Election process are shut down Configuring Stacking Figure 2-4 Stacking Settings PageField Stacking Master Current Stack ID New Stack ID after reset Figure 2-5 Port Setting Page Configuring Port PropertiesDefining Ports Field Unit From Port To Port State Speed Field Flow Control Learning Unit Viewing Port PropertiesFigure 2-6 Port Description Page From Port Figure 2-7 ARP Settings Page ARP Settings1. Click Configuration ARP Settings. The ARP Settings Page opens Static ARP Settings Field User Name New Password Access Right Confirm New Password Configuring User Accounts1. Click Configuration User Accounts. The User Accounts Page opens Figure 2-8 User Accounts Page 2. Click 3. Define the value 2. Click . The user account is deleted, and the device is updatedTo edit the User Accounts Page 1. Select a name on the User List 1. Select an entry Index Managing System LogsFigure 2-9 System Log Host Page Severity Example Configuring SNTPStratum Stratum Stratum Stratum Time level T1 T2 T3 T4 Time Source Figure 2-10 Time Settings PageField Time Setting Time in HH MM SS Current Time Configuring Daylight Savings Time Figure 2-11 TimeZone Settings Page Daylight Saving Time Offset in Minutes Time Zone Offsetfrom GMT DST Repeating Settings SectionsField Daylight Savings Time State Field From Which Week of the Month From Day of Week From Month DST Annual Settings Section Field FromMonth FromDay FromTime ToMonth ToDay ToTime Configuring SNMP Parameters Authentication Privacy Key Management Field View Name Subtree OID View Type Defining SNMP ViewsFigure 2-12 SNMP View Table Page 2. Define the View Name, Subtree OID and View Type fields Field Group Name Read View Name Write View Name Defining SNMP GroupsFigure 2-13 SNMP Group Table Page Community/View TestReadView PWriteView PrivateView Field Notify View Name Security Model Security Level Figure 2-14 SNMP User Table Page Defining SNMP UsersAuth-Protocol by Password Password Confirm Password Field User Name Group Name SNMP V3 Encryption Auth-Protocol by Key Confirm Key2. Define the User Name, Group Name, and SNMP V3 Encryption fields 2. Define the Community Name, and View Name, Access Right fields Defining SNMP CommunitiesAccess Rights Figure 2-15 SNMP Community Table Page Defining SNMP Host Table To define the SNMP Host Table PageFigure 2-16 SNMP Host Table Page Host IP Address SNMP VersionCommunity String / SNMPv3 User Name Defining SNMP Engine ID Field Engine ID Use DefaultFigure 2-17 SNMP Engine ID Page Enabling SNMP Traps Figure 2-18 SNMP Configuration Trap PageField SNMP Traps SNMP Authentication Traps DHCP Auto Configuration Figure 2-19 DHCP Auto Configuration PageField DHCP Auto Configuration Field Unit Image Version Update Time Dual Image ServicesFirmware Information Figure 2-20 Firmware Information Page Defines the image file used for reboot. The possible values are Config Firmware ImageFigure 2-21 Config Firmware Image Page Image CONFIGURING L2 FEATURES Figure 3-1. Jumbo Frame Page Enabling Jumbo Frames1. Click L2 Features Jumbo Frame. The Jumbo Frame Page opens Field Jumbo Frame VLAN Description Configuring VLANsUnderstanding IEEE 802.1p Priority Notes about VLANs on the DGS-3100 Series Term Untagging Ingress port Egress port Figure 3-2. IEEE 802.1Q Packet Forwarding 802.1Q VLAN Tags Figure 3-3. IEEE 802.1Q TagFigure 3-4. Adding an IEEE 802.1Q Tag Port VLAN ID Tagging and UntaggingIngress Filtering VLAN Status Default VLANsVLAN and Trunk Groups Switch Ports Figure 3-5. VLAN Configuration Page Defining VLAN Properties1. Click L2 Features 802.1Q VLAN. The VLAN Configuration Page opens Field VID VLAN Name Untag VLAN Ports Tag VLAN Ports Figure 3-6. Add/Edit VLAN Information Page Configuring GVRP 1. Click L2 Features GVRP Settings. The GVRP Setting Page opensFigure 3-7. GVRP Setting Page Field GRVP Global Setting Unit From Port To Port PVID GVRP Ingress Acceptable Frame Type4. Define the PVID, GVRP, Ingress, and Acceptable Frame Type fields Figure 3-8. Trunking Configuration Page Defining Trunking1. Click L2 Features Trunking. The Trunking Configuration Page opens Field Unit Group ID Type Ports Notes about Trunking on the DGS-3100 Series Source Ports Traffic SegmentationFigure 3-9. Traffic Segmentation Page Forwarding Ports Timeout Configuring LACPFigure 3-10. LACP Port Settings Page 4. Define the Port-Priority and LACP Timeout fields Leave Timer Defining IGMP Snooping1. Click L2 Features IGMP Snooping. The IGMP Snooping Page opens Figure 3-11. IGMP Snooping Page Static Router Port Setting Edit button Host TimeoutRouter Timeout 2. Click . The Static Router Ports Settings Page opens Static Router Ports PortsDynamic Router Ports Figure 3-13. Port Mirroring Page Configuring Port Mirroring1. Click L2 Features Port Mirroring. The Port Mirroring Page opens Field Status Unit Target Port Source Port Defines that port mirroring is not applied to the ports 4. Define the Unit, Tx, and Rx. fields under Source Port SettingField None 2. Define the Status, Unit, and Target fields Configuring Spanning Tree Version Classic STP Rapid STP Multiple STP STP Status Defining Spanning Tree Global ParametersFigure 3-14. STP Bridge Global Settings Page STP Version Bridge Hello Time 1 Bridge Priority 0Bridge Max Age 6 Bridge Forward Delay Defining STP Port Settings Figure 3-15. STP Port Settings PageField Unit From Port To Port Cost 0=Auto Field Edge Forwarding BPDU P2P State Configuration Name Defining Multiple Spanning Tree Configuration IdentificationFigure 3-16. MST Configuration Identification Page Revision Level Defining MSTP Port Information Figure 3-17. MSTI Config Information PageField Unit Port Instance ID Internal Path Cost Priority Status Field Role 4. Define the Internal Path Cost and Priority fields Figure 3-18. Unicast Forwarding Page Defining Forwarding and FilteringDefining Unicast Forwarding Field Aging Time VID MAC Address Unit Port Multicast MAC Address Defining Multicast ForwardingFigure 3-19. Multicast Forwarding Page Egress The entry is deleted, and the device is updated 4. Click To restore the default settings 1. ClickThe default settings are restored 3. Select either all, or individual ports CONFIGURING QUALITY OF SERVICE Configuring 1p Figure 4-1. Mapping QoS on the Switch Understanding QoS Figure 4-2. Bandwidth Control Page Defining Bandwidth Settings1. Click QoS Bandwidth Control. The Bandwidth Control Page opens No Limit Field Unit From Port To Port Storm Control Type State Threshold 3500 Configuring Storm ControlFigure 4-3. Traffic Control Settings Page Broadcast Storm Broadcast and Multicast Storm Mapping Ports to Packet Priorities Figure 4-4. 802.1P Default Priority Page2. Define the Unit, From Port, To Port, Prioirity fields Mapping Priority to Classes Queues Figure 4-5. 802.1P User Priority PageField Priority Class ID Configuring QoS Scheduling Mechanism Field Class ID Mechanism WeightFigure 4-6. QoS Scheduling Mechanism Page Defining Multi-Layer CoS Settings Figure 4-7. Multi-Layer CoS Setting Page SECURITY FEATURES Figure 5-8. Safeguard Engine Page Configuring Safeguard Engine1. Click Security Safeguard Engine. The Safeguard Engine Page opens Field Safeguard Engine 1. Click Security Trusted Host. The Trusted Host Page opens Configuring Trust HostField IP1 Access to Switch IP2 Access to Switch IP3 Access to Switch Figure 5-9.Trusted Host Page 1. Click Security Port Security. The Port Security Page opens Configuring Port SecurityField Unit From Port To Port Admin State Max Address0-64 Port Figure 5-10. Port Security Page 1. Click Security Guest Vlan. The Guest VLAN Page opens Configuring Guest VLANsField Max Learning Addr Figure 5-11 Guest VLAN Page Configuring Port Authentication Component Authenticators Supplicants/Clients Authentication ServerState Controlled Access Uncontrolled Access SuppTimeout 1-65535 sec 1. Click Security 802.1X Setting. The 802.1X Setting Page opensFigure 5-12. 802.1X Setting Page ServerTimeout 1-65535 sec Control Mode ServerTimeout 1-65535 sec 1. Click Security 802.1X Setting. The 802.1X Setting Page opensSuppTimeout 1-65535 sec ReAuthEnabled Control FieldDescription UnitPage DGS-3100 Series Gigabit Stackable Managed Switch User Manual DGS-3100 Series Gigabit Stackable Managed Switch User Manual Defining RADIUS Settings Figure 5-13. Authentic RADIUS Server PageField Succession RADIUS Server Authentic Port Accounting Port Key Configuring Secure Socket Layer Security 1. Click Security SSL. The SSL Configuration Settings Page opens Figure 5-14. SSL Configuration Settings Page Field SSL Status Ciphersuite Status Configuring Secure Shell Security Figure 5 -15. SSH Configuration PageField SSH Server Status Port Defining SSH Algorithm Settings Public Key Algorithm Figure 5-16. SSH Algorithm Settings PagePublic key Data Integrity Algorithm Defining Application Authentication Settings Figure 5-17. Application Authentication Settings PageField Application Login Method List Enable Method List Timeout 1-30secs Configuring Authentication Server HostsFigure 5-18. Authentication Server Host Page Protocol Defining Login Methods Figure 5-19. Login Method Lists PageField Method List Name Method Method Field Method Method Description are Defining Enable Methods Figure 5-20. Enable Method Lists PageField Method List Name Method Field Method Method Method Old Local Enable Password Configuring Local Enable PasswordFigure 5-21. Configure Local Enable Password Page Provide the current network Enable password MONITORING THE DEVICE Viewing Stacking Information Field Master ID Backup ID Box ID Runtime version H/W versionFigure 6-1 Stacking Information Page Figure 6-2. CPU Utilization Page Viewing CPU Utilization1. Click Monitoring CPU Utilization. The CPU Utilization Page opens Field Utilization Time Interval Record Number Show/Hide Viewing Port Utilization Figure 6-3. Port Utilization PageField Unit Port Utilization Time Interval Record Number Show/Hide Figure 6-4. Packet Size Page Viewing Packet Size Information1. Click Monitoring Packet Size. The Packet Size Page opens Field Unit Port Packet Size Analysis - Selected Port Number Figure 6-5. ReceivedRX Page Viewing Received Packet Statistics1. Click Monitoring Packets ReceivedRX. The ReceivedRX Page opens Field Unit Port Bytes Packets Time Interval Record Number Show/Hide Figure 6-6. UMBcastRX Page Viewing UMBcast Packet Statistics1. Click Monitoring Packets UMBcastRX. The UMBcastRX Page opens Field Unit Port Unicast Multicast Broadcast Time Interval Viewing Transmitted Packet Statistics Figure 6-7. TransmittedTX PageField Unit Port Bytes Packets Time Interval Field Record Number Show/Hide Field Time Interval Server UDP Port Timeouts Requests Challenges Viewing RADIUS Authenticated Session StatisticsFigure 6-8. RADIUS Authentication Page Accepts Rejects Viewing ARP Table Figure 6-9 Browse ARP Table PageField VLAN Name IP Address Total Entries MAC Address Type Viewing Router Ports Figure 6-10 Browse Router Port PageField VID Unit Port Viewing Session Table Figure 6-11 Browse Session Table PageField ID From User Privilege Name Viewing IGMP Group Information Figure 6-12 IGMP Snooping Group PageField VID VLAN Name VLAN Name Multicast Group MAC Address Port Defining Dynamic and Static MAC Addresses Figure 6-13 MAC Address Table PageField Unit Port VLAN Name MAC Address VID Type To view all entries, click To clear static entries, click 2. Select the Stacking member in the Unit field3. Define the Port, VLAN Name, and MAC Address fields 4. Click To clear dynamic entries, click Figure 6-14 System Log Page Viewing System Log1. Click Monitoring System Log. The System Log Page opens Field ID Time Log Description Severity MANAGING POWER OVER ETHERNET DEVICES Figure 7-1 PoE Port Setting Page Defining PoE System Information1. Click PoE PoE Port Setting. The PoE Port Setting Page opens PoE Enable Normal - Indicates that the power supply unit is functioning Indicates the power consumption is 7WIndicates the power consumption is 15.4W Off - Indicates that the power supply unit is not functioning Figure 7-2 PoE System Setting Page Displaying and Editing PoE System Information1. Click PoE PoE System Setting. The PoE System Setting Page opens System Power Threshold DEFINING ACCESS PROFILE LISTS Service Type ACL Configuration WizardFigure 8-1 ACL Configuration Wizard Page From UDPAll - Specifies a UDP Packets filtering TCP Source Port - Matches the packet to the TCP Source PortTCP Destination Port - Matches the packet to the TCP Destination Port UDP Source Port - Matches the packet to the UDP Source Port Displays the access rule Defining Access Profile Lists1. Click ACL Access Profile List. The ACL Profile List Page opens Adding ACL Profiles Figure 8-3 Add ACL Profile Page L2 ACLL3 ACL To define L2 MAC Address ACL profile Defining Level 2 ACLFigure 8-4 ACL Profile L2 ACL Tagged Page Figure 8-5 ACL Profile L2 ACL Tagged MAC Address Page To define L2 802.1Q VLAN ACL profile Source MAC MaskDestination MAC Mask Figure 8-6 ACL Profile L2 ACL Tagged VLAN Page To define L2 Ether Type ACL profile Figure 8-7 ACL Profile L2 ACL Tagged Ether Type Page Defining Level 3 ACL Figure 8-8 ACL Profile L2 ACL Untagged PageFigure 8-9 Add ACL Profile L3 Page To define L3 IPv4 Address ACL profile To define L3 IPv4 DSCP ACL profileFigure 8-10 ACL Profile L3 ACL ICMP IPv4 DSCP Page Figure 8-11 ACL Profile L3 ACL ICMP IPv4 Address Page ICMP Type To define L3 ICMP ACL profileFigure 8-12 ACL Profile L3 ACL ICMP Page ICMP Code To define L3 IGMP ACL profile Figure 8-13 ACL Profile L3 IGMP PageFigure 8-14 ACL Profile L3 IGMP Selected Page Figure 8-15 ACL Profile L3 TCP Page To define L3 TCP Port ACL profileFigure 8-16 ACL Profile L3 TCP Port Page To define L3 TCP Flag ACL Profile Figure 8-17 ACL Profile L3 TCP Flag Page If L3 ACL UDP is selected, the page updates as follows Figure 8-18 ACL Profile L3 UDP PageFigure 8-19 ACL Profile L3 UDP Port Page Description Figure 8-20 Access Profile List Page Defining Access Rules ListsClick ACL Access Profile List The Access Profile List Page opens Filter Access ID 1. Click . The Add Access Rule Page opensFigure 8-21 Add Access Rule Page IP based ACL Source ID 3. Click . The rule is changed, and the device is updated 2. Define the Rule Detail fields Figure 8-22 ACL Finder Page Finding ACL Rules1. Click ACL ACL Finder The ACL Finder Page opens Profile ID list box Destination MAC Figure 8-23 Rule Detail PageSource MAC Ether Type Notes about ‘IP’ and ‘MAC’ Based ACLs in the DGS-3100 Series Notes about ACLs capacity in the DGS-3100 Series Limited Lifetime Warranty for the product is defined as follows Reorient or relocate the receiving antenna Product Registration LIMITED WARRANTY Warranty PeriodProduct Type What You Must Do For Warranty Service What Is Not Covered is not contemplated in the documentation for the product, or if the model or serial number has been altered, tampered with, defaced or removed FCC Warning TrademarksCopyright Statement Tech Support for customers within the United States TECHNICAL SUPPORTTechnical Support Tech Support for customers within Canada D-Link UK & Ireland Technical Support over the Internet For Customers within The United Kingdom & IrelandFor Customers within Canada D-Link UK & Ireland Technical Support over the Telephone Technische Unterstützung Support technique destiné aux clients établis au Canada Assistance techniqueSupport technique destiné aux clients établis en France Link Asistencia Técnica Asistencia Técnica de D-Link por teléfonoAsistencia Técnica de D-Link a través de Internet D-Link Mediterraneo S.r.L Supporto tecnicoSupporto tecnico per i clienti residenti in Italia Gli ultimi aggiornamenti e la documentazione sono Tech Support for customers within Belgium Technical SupportTech Support for customers within the Netherlands Tech Support for customers within Luxemburg Pomoc techniczna webové stránce firmy D-Link Technická podporaAktualizované verze software a uživatelských příruček najdete na D-Link poskytuje svým zákazníkům bezplatnou technickou podporu Technikai Támogatás D-Link Magyarország D-Link Teknisk telefon Support Teknisk SupportTeknisk Support Du kan finne programvare oppdateringer og bruker Tlf. 7026 D-Link teknisk support på InternettetD-Link teknisk support over telefonen Hverdager kl. 0800 Tuotteen takuun voimassaoloajan Tekninen tuki palvelee seuraavasti Teknistä tukea asiakkaille SuomessaD-Link tarjoaa teknistä tukea asiakkailleen Arkisin klo. 9 - 21 numerosta uppdateringar och annan användarinformation Teknisk Support för kunder i SverigePå vår hemsida kan du hitta mer information om mjukvaru D-Link tillhandahåller teknisk support till kunder i Sverige Você pode encontrar atualizações de software e documentação de Suporte TécnicoSuporte Técnico para clientes no Portugal Assistência Técnica Τηλεφωνική υποστήριξη D-Link Τεχνική ΥποστήριξηΓια πελάτες εντός του Ελλαδικού χώρου Τηλ 210 86 11 Φαξ 210 86 53 Δευτέρα-Παρασκευή India Tech Support for customers inAustralia Indonesia, Malaysia, Singapore and Thailand http//support.dlink-me.com Technical SupportTech Support for customers in e-mail amostafa@dlink-me.com доступны на Интернет-сайте D-Link Техническая поддержкаОбновления программного обеспечения и документация D-Link предоставляет бесплатную поддержку для клиентов Asistencia Técnica Telefone Suporte TécnicoSuporte Técnico para clientes no Brasil São Paulo +11-2185-9301 Segunda à sexta Das 8h30 às 18h30 D-Link 免付費技術諮詢專線 D-Link 友訊科技台灣分公司技術支援資訊電子郵件：dssqaservice@dlink.com.tw 0800-002-615 Update perangkat lunak dan dokumentasi pengguna dapat Dukungan TeknisDukungan Teknis untuk pelanggan diperoleh pada situs web D-Link 办公地址：北京市东城区北三环东路 36 号环球贸易中心 B 座 26F 02-05 室邮编技术支持您可以在 D-Link 的官方網站找到產品的軟件升級和使用手冊技术支持中心电话：8008296688 技术支持中心传真：02885176948 International Offices Product Model Product installed in type of computerRegistration Card All Countries and Regions Excluding USA Product Serial No