User Manual: D-Link™ DGS-3100 SERIES Gigabit Stackable Managed Switch

D-Link™ DGS-3100 SERIES
GIGABIT STACKABLE MANAGED SWITCH
User Manual
V2.00
Information in this document is subject to change without notice.
© 2007 D-Link Computer Corporation. All rights reserved.
Reproduction in any manner whatsoever without the written permission of D-Link Computer Corporation is strictly
forbidden.
Trademarks used in this text: D-Link and the D-Link logo are trademarks of D-Link Computer Corporation; Microsoft and
Windows are registered trademarks of Microsoft Corporation.
Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names
or their products. D-Link Computer Corporation disclaims any proprietary interest in trademarks and trade names other than
its own.
FCC Warning
This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the
FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is
operated in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy and, if not
installed and used in accordance with this user’s guide, may cause harmful interference to radio communications. Operation
of this equipment in a residential area is likely to cause harmful interference in which case the user will be required to
correct the interference at his own expense.
CE Mark Warning
This is a Class A product. In a domestic environment, this product may cause radio interference in which case the user may
be required to take adequate measures.
Warnung!
Dies ist ein Produkt der Klasse A. Im Wohnbereich kann dieses Produkt Funkstoerungen verursachen. In diesem Fall kann
vom Benutzer verlangt werden, angemessene Massnahmen zu ergreifen.
Precaución!
Este es un producto de Clase A. En un entorno doméstico, puede causar interferencias de radio, en cuyo case, puede
requerirse al usuario para que adopte las medidas adecuadas.
Attention!
Ceci est un produit de classe A. Dans un environnement domestique, ce produit pourrait causer des interférences radio,
auquel cas l`utilisateur devrait prendre les mesures adéquates.
Attenzione!
Il presente prodotto appartiene alla classe A. Se utilizzato in ambiente domestico il prodotto può causare interferenze radio,
nel cui caso è possibile che l`utente debba assumere provvedimenti adeguati.
VCCI Warning
December 2007 P/N

Table of Contents
PREFACE..................................................................................................................................................................I
System Overview .................................................................................................................................................................. ii
Viewing the Device............................................................................................................................................................... ii
DGS-3100 series Front Panel............................................................................................................................................ ii
DGS-3100-24TG Front Panel ........................................................................................................................................... ii
Device Management Methods.............................................................................................................................................. iii
User Guide Overview........................................................................................................................................................... iv
Intended Audience ............................................................................................................................................................... iv
Notes, Notices, and Cautions ............................................................................................................................................... iv
Safety Cautions .................................................................................................................................................................... iv
General Precautions for Rack-Mountable Products ............................................................................................................. vi
GETTING STARTED................................................................................................................................................1
Using the Web-Based User Interface .................................................................................................................................... 1
Understanding the D-Link Embedded Web Interface ........................................................................................................... 1
Using the Tool Menu ............................................................................................................................................................ 3
Displaying the Stack Status............................................................................................................................................... 3
Locating Devices............................................................................................................................................................... 3
Backing up and Restoring Configuration Files ................................................................................................................. 4
Resetting the Device ......................................................................................................................................................... 5
Downloading the Firmware............................................................................................................................................... 6
Rebooting the System ....................................................................................................................................................... 7
Using the Web System Components..................................................................................................................................... 8
CONFIGURING BASIC CONFIGURATION ............................................................................................................9
Viewing Device Description ............................................................................................................................................... 10
Defining System Information.............................................................................................................................................. 12
Defining IP Addresses ........................................................................................................................................................ 13
Managing Stacking ............................................................................................................................................................. 14
Understanding Stacking Topologies ............................................................................................................................... 15
Stacking Members and Unit ID....................................................................................................................................... 15
Removing and Replacing Stacking Members ................................................................................................................. 15
Exchanging Stacking Members....................................................................................................................................... 16
Switching the Stacking Master........................................................................................................................................ 16
Configuring Stacking ...................................................................................................................................................... 17
Defining Ports ..................................................................................................................................................................... 18
Configuring Port Properties ............................................................................................................................................ 18
Viewing Port Properties .................................................................................................................................................. 20
ARP Settings....................................................................................................................................................................... 21
Configuring User Accounts................................................................................................................................................. 22
Managing System Logs....................................................................................................................................................... 24
Configuring SNTP .............................................................................................................................................................. 25
Configuring Daylight Savings Time ................................................................................................................................... 27
Configuring SNMP ............................................................................................................................................................. 31
Defining SNMP Views ................................................................................................................................................... 32
Defining SNMP Groups.................................................................................................................................................. 33
Defining SNMP Users..................................................................................................................................................... 35
Defining SNMP Communities ........................................................................................................................................ 37
Defining the SNMP Host Table ...................................................................................................................................... 38
Defining the SNMP Engine ID ....................................................................................................................................... 40
Enabling SNMP Traps .................................................................................................................................................... 41
DHCP Auto Configuration.................................................................................................................................................. 42
Dual Image Services ........................................................................................................................................................... 44
Firmware Information ..................................................................................................................................................... 44
Config Firmware Image .................................................................................................................................................. 45
CONFIGURING L2 FEATURES.............................................................................................................................46
Enabling Jumbo Frames...................................................................................................................................................... 47
Configuring VLANs ........................................................................................................................................................... 48
VLAN Description .......................................................................................................................................................... 48
Notes about VLANs on the DGS-3100 Series ................................................................................................................ 48
IEEE 802.1Q VLANs...................................................................................................................................................... 48
802.1Q VLAN Tags ........................................................................................................................................................ 50
Port VLAN ID................................................................................................................................................................. 51
Tagging and Untagging................................................................................................................................................... 51
Ingress Filtering .............................................................................................................................................................. 51
Default VLANs ............................................................................................................................................................... 52
VLAN and Trunk Groups ............................................................................................................................................... 52
VLAN Status................................................................................................................................................................... 52
Defining VLAN Properties ............................................................................................................................................. 53
Configuring GVRP ............................................................................................................................................................. 55
Defining Trunking............................................................................................................................................................... 57
Traffic Segmentation........................................................................................................................................................... 58
Configuring LACP.............................................................................................................................................................. 59
Defining IGMP Snooping ................................................................................................................................................... 60
Configuring Port Mirroring................................................................................................................................................. 63
Configuring Spanning Tree................................................................................................................................................. 65
Defining Spanning Tree Global Parameters.................................................................................................................... 66
Defining STP Port Settings ............................................................................................................................................. 68
Defining Multiple Spanning Tree Configuration Identification...................................................................................... 70
Defining MSTP Port Information ................................................................................................................................... 71
Defining Forwarding and Filtering ..................................................................................................................................... 73
Defining Unicast Forwarding.......................................................................................................................................... 73
Defining Multicast Forwarding....................................................................................................................................... 74
CONFIGURING QUALITY OF SERVICE ..............................................................................................................76
Understanding QoS ............................................................................................................................................................. 76
Defining Bandwidth Settings .............................................................................................................................................. 78
Configuring Storm Control ................................................................................................................................................. 79
Mapping Ports to Packet Priorities...................................................................................................................................... 80
Mapping Priority to Classes (Queues) ................................................................................................................................ 81
Configuring QoS Scheduling Mechanism........................................................................................................................... 82
Defining Multi-Layer CoS Settings .................................................................................................................................... 83
SECURITY FEATURES .........................................................................................................................................84
Configuring the Safeguard Engine...................................................................................................................................... 93
Configuring Trust Host ....................................................................................................................................................... 94
Configuring Port Security ................................................................................................................................................... 95
Configuring Guest VLANs ................................................................................................................................................. 96
Configuring Port Authentication 802.1X ............................................................................................................................ 97
Defining RADIUS Settings............................................................................................................................................... 100
Configuring Secure Socket Layer Security ....................................................................................................................... 101
Configuring Secure Shell Security................................................................................................................................ 102
Defining SSH Algorithm Settings................................................................................................................................. 104
Defining Application Authentication Settings .................................................................................................................. 106
Configuring the Authentication Server Hosts ................................................................................................................... 107
Defining the Login Methods ............................................................................................................................................. 108
Defining the Enable Methods............................................................................................................................................ 110
Configuring the Local Enable Password ........................................................................................................................... 112
MONITORING THE DEVICE............................................................................................................................... 113
Viewing Stacking Information .......................................................................................................................................... 114
Viewing the CPU Utilization ............................................................................................................................................ 116
Viewing Port Utilization ................................................................................................................................................... 117
Viewing Packet Size Information ..................................................................................................................................... 118
Viewing Received Packet Statistics .............................................................................................................................. 119
Viewing UMB_cast Packet Statistics............................................................................................................................ 120
Viewing Transmitted Packet Statistics.......................................................................................................................... 121
Viewing RADIUS Authenticated Session Statistics ......................................................................................................... 123
Viewing the ARP Table .................................................................................................................................................... 124
Viewing Router Ports........................................................................................................................................................ 125
Viewing Session Table...................................................................................................................................................... 126
Viewing IGMP Group Information................................................................................................................................... 127
Defining Dynamic and Static MAC Addresses................................................................................................................. 128
Viewing System Log......................................................................................................................................................... 130
MANAGING POWER OVER ETHERNET DEVICES.......................................................................................... 131
Defining PoE System Information .................................................................................................................................... 132
Displaying and Editing PoE System Information ............................................................................................................. 134
DEFINING ACCESS PROFILE LISTS...................................................................................................................52
ACL Configuration Wizard................................................................................................................................................. 53
Defining Access Profile Lists.............................................................................................................................................. 55
Adding ACL Profiles ...................................................................................................................................................... 55
Defining Access Rules Lists ............................................................................................................................................... 68
Finding ACL Rules ............................................................................................................................................................. 70
DGS-3100 Series Gigabit Stackable Managed Switch User Manual
Preface
This preface provides an overview to the guide, and includes the following sections:
• General Precautions for Rack-Mountable Products
• System Overview
• Viewing the Device
• Device Management Methods
•
• User Guide Overview
• Intended Audience
• Notes, Notices, and Cautions
• Safety Cautions
i
System Overview
The DGS-3100 series and the DGS-3100-24TG Gigabit Ethernet Switches enhance networks by providing a powerful
switch that eliminates network bottlenecks, enabling network administrators to fine tune network configurations.
The DGS-3100 series and the DGS-3100-24TG are perfect for departmental and enterprise connections, and are ideal for
backbone and server connections.
Viewing the Device

The devices described in this section are stackable Gigabit Ethernet Managed Switches. Device management is performed
using an Embedded Web Server (EWS) or through a Command Line Interface (CLI). The device configuration is performed
via an RS-232 interface. This section contains descriptions for the following:
• DGS-3100 series Front Panel
• DGS-3100-24TG Front Panel
DGS-3100 Series Front Panel

The DGS-3100 series provides 24/48 high performance 1000BASE-T ports. The 1000Base-T ports operate at 10/100/1000,
and connect to backbones, end-stations, and servers. The DGS-3100 series also provides 4 Mini-GBIC (SFP) combo ports
which connect fiber optic media to switches, servers, or network backbone. The DGS-3100 series provides an additional
RS-232 DEC Diagnostic port (console port) for managing the switch via a console terminal or PC with a Terminal
Emulation Program.
Figure 1 DGS-3100 Series 48 Port Front Panel
DGS-3100-24TG Front Panel

The DGS-3100-24TG provides eight high performance 1000BASE-TX ports. The 1000Base-The ports operate at
10/100/1000, and connect to backbones, end-stations, and servers. The DGS-3100-24TG also provides 16 Mini-GBIC (SFP)
combo ports which connect fiber optic media to switches, servers, or network backbone. The DGS-3100-24TG provides an
additional RS-232 DEC Diagnostic port (console port) for managing the switch via a console terminal or PC with a
Terminal Emulation Program.
Figure 2 DGS-3100-24TG Front Panel
ii
Device Management Methods

The DGS-3100 series and DGS-3100-24TG provides different methods for managing the device including:
• Web Based Management Interface
• SNMP-Based Management
• Command Line Console
For Telnet management, the system provides an in-band port.
Web Based Management Interface
Once the device is installed, network mangers can configure the switch, monitor the LED panel, and display statistics
graphically via a web browser, including:
• Netscape Navigator (version 7.0 and higher)
• Microsoft® Internet Explorer (version 5.0).
• Mozilla Firefox (version 2.0)
SNMP-Based Management
The system also provides SNMP-compatible console program, and supports SNMPv1, SNMPv2, and SNMPv3. The SNMP
agent decodes the incoming SNMP messages, and replies to requests with MIB objects stored in the database. The SNMP
agent updates the MIB objects to generate statistics and counters.
Command Line Console
The device also supports device configuration using the Command Line Interface. A terminal is connected to device via the
serial console port.
.
iii
User Guide Overview

This section provides an overview to the DGS-3100 series and the DGS-3100-24TG Switch Manual, including the guide
structure and a chapter overview:
• Section 1, Getting Started — Provides general background for understanding and using the Embedded Web
System, including an explanation of the interface buttons and general system functions.
• Section 2, Defining the Basic Device Configuration — Provides information for viewing system information,
defining IP addresses, managing stacking, defining ports, configuring SNMP management, and defining the system
time settings.
• Section 3, Configuring L2 Features — Provides information for enabling and configuring Jumbo frames, VLANs,
Trunks (LAGs), PVE, Multicast forwarding, and Spanning Tree.
• Section 4, Configuring Quality of Service — Provides information for ability to implement QoS and priority
queuing within a network.
• Section 5, Configuring Device Security — Provides information for enabling and configuring device security.
• Section 6, Monitoring the Device — Provides information for monitoring the device.
• Section 7, Managing Power over Ethernet Devices — Provides information configuring the PoE function.
• Section 8, Defining Access Profile Lists — Provides information for configuring the ACL.
Intended Audience
The DGS-3100 series/DGS-3100-24TG User Guide contains information for configuring and managing the DGS-3100
series/DGS-3100-24TG Switches. This guide is intended for network managers familiar with network management concepts
and terminology.
Notes, Notices, and Cautions
NOTE: A NOTE indicates important information that helps you make better use of your device.
NOTICE: A NOTICE indicates either potential damage to hardware or loss of data and tells you
how to avoid the problem.
CAUTION: A CAUTION indicates a potential for property damage, personal injury, or death.
Safety Cautions
Use the following safety guidelines to ensure your own personal safety and to help protect your system from potential
damage. Throughout this safety section, the caution icon ( ) is used to indicate cautions and precautions that you need to
review and follow.
To reduce the risk of bodily injury, electrical shock, fire, and damage to the equipment, observe the following precautions.
• Do not service any product except as explained in your system documentation. Opening or removing covers that
are marked with the triangular symbol with a lightning bolt may expose you to electrical shock. Only a trained
service technician should service components inside these compartments.
iv
• If any of the following conditions occur, unplug the product from the electrical outlet and replace the part or
contact your trained service provider:
– The power cable, extension cable, or plug is damaged.
– An object has fallen into the product.
– The product has been exposed to water.
– The product has been dropped or damaged.
– The product does not operate correctly when you follow the operating instructions.
• Keep your system away from radiators and heat sources. Also, do not block the cooling vents.
• Do not spill food or liquids on your system components, and never operate the product in a wet environment. If the
system gets wet, see the appropriate section in your troubleshooting guide or contact your trained service provider.
• Do not push any objects into the openings of your system. Doing so can cause a fire or an electric shock by
shorting out interior components.
• Use the product only with approved equipment.
• Allow the product to cool before removing covers or touching internal components.
• Operate the product only from the type of external power source indicated on the electrical ratings label. If you are
not sure of the type of power source required, consult your service provider or local power company.
• To help avoid damaging your system, be sure the voltage selection Switch (if provided) on the power supply is set
to match the power available at your location:
– 115 volts (V)/60 hertz (Hz) in most of North and South America and some Far Eastern countries such as South
Korea and Taiwan
– 100 V/50 Hz in eastern Japan and 100 V/60 Hz in western Japan
– 230 V/50 Hz in most of Europe, the Middle East, and the Far East
• Also be sure that attached devices are electrically rated to operate with the power available in your location.
• Use only approved power cable(s). If you have not been provided with a power cable for your system or for any
AC-powered option intended for your system, purchase a power cable that is approved for use in your country. The
power cable must be rated for the product and for the voltage and current marked on the product's electrical ratings
label. The voltage and current rating of the cable should be greater than the ratings marked on the product.
• To help prevent an electric shock, plug the system and peripheral power cables into properly grounded electrical
outlets. These cables are equipped with three-prong plugs to help ensure proper grounding. Do not use adapter
plugs or remove the grounding prong from a cable. If you must use an extension cable, use a 3-wire cable with
properly grounded plugs.
• Observe extension cable and power strip ratings. Make sure that the total ampere rating of all products plugged into
the extension cable or power strip does not exceed 80 percent of the ampere ratings limit for the extension cable or
power strip.
• To help protect your system from sudden, transient increases and decreases in electrical power, use a surge
suppressor, line conditioner, or uninterruptible power supply (UPS).
• Position system cables and power cables carefully; route cables so that they cannot be stepped on or tripped over.
Be sure that nothing rests on any cables.
• Do not modify power cables or plugs. Consult a licensed electrician or your power company for site modifications.
Always follow your local/national wiring rules.
• When connecting or disconnecting power to hot-pluggable power supplies, if offered with your system, observe the
following guidelines:
– Install the power supply before connecting the power cable to the power supply.
– Unplug the power cable before removing the power supply.
– If the system has multiple sources of power, disconnect power from the system by unplugging all power cables
from the power supplies.
Move products with care; ensure that all casters and/or stabilizers are firmly connected to the system. Avoid sudden stops
and uneven surfaces.
v
General Precautions for Rack-Mountable Products
Observe the following precautions for rack stability and safety. Also refer to the rack installation documentation
accompanying the system and the rack for specific caution statements and procedures.
Systems are considered to be components in a rack. Thus, "component" refers to any system as well as to various
peripherals or supporting hardware.
CAUTION: Installing systems in a rack without the front and side stabilizers installed could cause
the rack to tip over, potentially resulting in bodily injury under certain circumstances. Therefore,
always install the stabilizers before installing components in the rack.
After installing system/components in a rack, never pull more than one component out of the rack
on its slide assemblies at one time. The weight of more than one extended component could
cause the rack to tip over and may result in serious injury.
• Before working on the rack, make sure that the stabilizers are secured to the rack, extended to the floor, and that
the full weight of the rack rests on the floor. Install front and side stabilizers on a single rack or front stabilizers for
joined multiple racks before working on the rack.
Always load the rack from the bottom up, and load the heaviest item in the rack first.
Make sure that the rack is level and stable before extending a component from the rack.
Use caution when pressing the component rail release latches and sliding a component into or out of a rack; the slide rails
can pinch your fingers.
After a component is inserted into the rack, carefully extend the rail into a locking position, and then slide the component
into the rack.
Do not overload the AC supply branch circuit that provides power to the rack. The total rack load should not exceed 80
percent of the branch circuit rating.
Ensure that proper airflow is provided to components in the rack.
Do not step on or stand on any component when servicing other components in a rack.
NOTE: A qualified electrician must perform all connections to DC power and to safety grounds.
All electrical wiring must comply with applicable local or national codes and practices.
CAUTION: Never defeat the ground conductor or operate the equipment in the absence of a
suitably installed ground conductor. Contact the appropriate electrical inspection authority or an
electrician if you are uncertain that suitable grounding is available.
CAUTION: The system chassis must be positively grounded to the rack cabinet frame. Do not
attempt to connect power to the system until grounding cables are connected. Completed power
and safety ground wiring must be inspected by a qualified electrical inspector. An energy hazard
will exist if the safety ground cable is omitted or disconnected.
vi
Protecting Against Electrostatic Discharge

Static electricity can harm delicate components inside your system. To prevent static damage, discharge static electricity
from your body before you touch any of the electronic components, such as the microprocessor. You can do so by
periodically touching an unpainted metal surface on the chassis.
You can also take the following steps to prevent damage from electrostatic discharge (ESD):
1. When unpacking a static-sensitive component from its shipping carton, do not remove the component from the
antistatic packing material until you are ready to install the component in your system. Just before unwrapping the
antistatic packaging, be sure to discharge static electricity from your body.
2. When transporting a sensitive component, first place it in an antistatic container or packaging.
3. Handle all sensitive components in a static-safe area. If possible, use antistatic floor pads and workbench pads and
an antistatic grounding strap.
Battery Handling Reminder
CAUTION: This is danger of explosion if the battery is incorrectly replaced. Replace only with the
same or equivalent type recommended by the manufacturer. Discard used batteries according to
the manufacturer's instructions.
vii
1
GETTING STARTED
To begin managing the device, simply run the browser installed on the management station and point it to the IP address
defined for the device. For example; http://123.123.123.123. Please note that the proxy for session connection should be
turned off.
NOTE: The Factory default IP address for the Switch is 10.90.90.90.
This section contains information on starting the D-Link Embedded Web Interface. To access the D-Link user interface:
1. Open an Internet browser. Ensure that pop-up blockers are disabled. If pop-up blockers are enabled, edit, add, and
device information messages may not open.
2. Enter the device IP address in the address bar and press Enter.
Using the Web-Based User Interface

The user interface provides access to various switch configuration and management windows, allows you to view
performance statistics, and permits you to graphically monitor the system status. The screen captures in this Guide represent the
DGS-3100-48 48 port device. The Web pages in the 24 port and the DGS-3100-24TG devices may vary slightly.
Understanding the D-Link Embedded Web Interface

The D-Link Embedded Web Interface Device Information Page contains the following information:
View Description
Tree View Displays the different system features, and configuration options.
Zoom View Located at the top of the home page, the port LED indicators provide a visual
representation of the ports on the D-Link front panel.
Menu Information View Located below the Zoom View, displays Save, Tool menu, Stack ID, and Logout buttons. Also
displays Up Time information and User Loggin Identification.
Device Information View Located in the main part of the home page, the device view provides a view of the
device, an information or table area, and configuration instructions.
Stacking Status View Located at the bottom left corner of the home page, the stacking status view provides
a graphic representation of the stacking links and ports status.
Table 1-1. Web Interface Views
1
Figure 1-1. Device Information Page

The following table describes the main 6 areas on the Device Information Page:
View Description
1. Tree View Select the folder or window to be displayed. The folder icons can be opened to display the
hyperlinked menu buttons and subfolders contained within them.
2. Device Presents Switch information based on the selection and the entry of configuration data
Information View
3. Menu Presents the Save button, a menu for accessing device tools, and a menu for Stack ID
Information View selection. The current Up Time and current User Loggin information is reported. The Logout button is
also here.
4. Zoom View Presents a graphical near real-time image of the front panel of the Switch. This area displays
the Switch's ports and expansion modules, showing port activity, duplex mode, or flow
control, depending on the specified mode.
Various areas of the graphic can be selected for performing management functions, including
port configuration
5 Device Provides access to the device logout, and provides information about the Safe Guard mode
Application Buttons currently enabled on the device.
6 Stacking Status Provides a graphic representation of the stacking links and ports status.
View
Table 1-2. Main Areas
2
Using the Tool Menu

The tool menu contains menu options for:
• Displaying the Stack Status
• Locating Devices
• Backing up and Restoring Configuration Files
• Factory Reset Page
• Downloading the Firmware
• System Reboot Page
Displaying the Stack Status

The Stacking Information Page provides specific information for stacked devices. For more information, see Section 3,
Managing Stacking.
Locating Devices
The Device Locator Page enables locating system devices by activating LED locators. To locate devices:
1. Click > Device Locator. The Device Locator Page opens.
Figure 1-2. Device Locator Page
2. Click . The LED locator is activated for 20 seconds.
3
Backing up and Restoring Configuration Files

The Config Backup and Restore Page contains fields for uploading the software from the device to an HTTP or an TFTP
server. To back up and restore configuration files:
1. Click > Config Backup & Restore. The Config Backup and Restore Page opens.
Figure 1-3 Config Backup and Restore Page

The Config Backup and Restore Page contains the following fields:
Field Description
Http Indicates that the system files are backed up or restored via an HTTP server. The possible
field values are:
Backup current setting to file — Backs up the current configuration files via the HTTP
server.
Restore saved setting from file — Restores the current configuration files via the HTTP
server.
TFTP Indicates that the system files are backed up or restored via an TFTP server. The possible field
values are:
Server IP — Specifies the TFTP Server IP Address to which files are backed up or from
which they are restored.
File — Indicates the file that is backed up or restored.
Backup current setting to server — Backs up the current configuration files via the TFTP
server.
Restore saved setting from server — Restores the current configuration files via the TFTP
server.
2. Select HTTP or TFTP field.
3. Define the selected server method fields.
To backup files, click .

To restore files, click .
4
Resetting the Device

The Factory Reset Page restores the factory defaults. To restore the device to the factory default settings:
1. Click > Reset. The Factory Reset Page opens:
Figure 1-4 Factory Reset Page
2. Click . The factory default settings are restored, and the device is updated.
5
Downloading the Firmware

Firmware files manage the device. The Firmware Download Page enables downloading files either via an HTTP or a TFTP
server. To download Firmware:
1. Click > Firmware Download. The Firmware Download Page opens:
Figure 1-5 Firmware Download Page

The Firmware Download Page contains the following fields:
Field Description
HTTP Download Indicates that the Firmware file is downloaded via an HTTP server.
Unit — Indicates if the Firmware file is downloaded to a specific stacking member or to
All stacking members.
File — Indicates the Firmware file that is downloaded to the stack or specific device.
TFTP Download Indicates that the Firmware file is downloaded via a TFTP server.
Unit — Indicates if the Firmware file is downloaded to a specific stacking member or to
All stacking members.
Server IP Address — Specifies the TFTP Server IP Address from which files are
downloaded.
File — Indicates the Firmware file that is downloaded to the stack or specific device.
2. Select HTTP or TFTP Download field.
3. Define the Unit field.
4. For Http download, define the File field, or alternatively, browse to select the file.
5. Click . The Firmware is downloaded, and the device is updated.
6
Rebooting the System

The System Reboot Page provides a method for selecting one, or all of the units to be rebooted. To reboot the system:
1. Click > System Reboot. The System Reboot Page opens:
Figure 1-6 System Reboot Page

The System Reboot Page contains the Select Unit to Reboot field. The possible values are:
Value Description
All Resets all stacking members.
01 - 06 Resets the specific stack member.
2. Define the Select Unit to Reboot field.

3. Click . The selected unit(s) is/are rebooted.
7
Using the Web System Components

The following table contains information for using the drop-down menus, buttons, and tool tips.
Component Name Description
Activate Activates field commands
Add Adds selected items
ALL Selects all

Apply Applies field settings
Backup Evokes backup
Cancel Cancels settings
Clear Clears selected settings and fields
Clear All Clears all settings and fields
Delete Deletes selected fields
Delete VID Deletes VLAN Identification

Download Starts downloading system files.
Edit Modifies configuration Information
Factory Reset Resets the factory defaults
Find Finds a table entry.
System Reboot Reboot the system

Refresh Refreshes device information.
Restore Restores the factory defaults.
View All Entry Displays table entries.
Table 1-3. User Interface Buttons
8
2
CONFIGURING BASIC CONFIGURATION
This section contains information for viewing device information, defining IP addresses, managing stacking, defining port
parameters, configuring system user accounts, configuring and managing system logs, defining the system time, and
configuring SNMP system management. This section contains the following topics:
• Viewing Device Description
• Defining System Information
• Defining IP Addresses
• Managing Stacking
• Defining Ports
• ARP Settings
• Configuring User Accounts
• Managing System Logs
• Configuring SNTP
• Configuring SNMP
• DHCP Auto Configuration
• Dual Image Services
9
Viewing Device Description

The Device Information Page contains parameters for configuring general device information, including the system name,
location, and contact, the system MAC Address, System Object ID, System Up Time, and MAC addresses, and both
software, boot, and hardware versions.
In addition the Device Information Page provides shortcuts to device feature pages. To define the general system
information:
• Click DGS-3100-xx in the Tree View. The Device Information Page opens:
Figure 2-1 Device Information Page

The Device Information Page contains the following fields:
Field Description
Device Type Displays the factory defined device name and type.
System Contact Displays the name of the contact person. The field range is 0-160 characters.
System Name Displays the user-defined system name.
System Location Displays the location where the system is currently running. The field range is 0-160
characters.
Firmware Version Displays the installed software version number.
Hardware Version Displays the installed device hardware version number.
System Time Displays the system time. The field format is Day/Month/Year.
System Up Time Displays the amount of time since the most recent device reset. The system time is
displayed in the following format: Days, Hours, Minutes, and Seconds. For example, 41
days, 2 hours, 22 minutes and 15 seconds.
10
Field Description
Boot Version Displays the installed device boot version number.
MAC Address Displays the MAC address assigned to the device.
IP Address Displays the IP address assigned to the device.
Subnet Mask Displays the subnet mask assigned to the device.
Default Gateway Displays the device default gateway assigned to the device.
Login Timeout (minutes) Indicates the amount of time after which if no user activity occurs, the device times out.
The default is 10 minutes.
Time Source Provides a shortcut to viewing the system clock settings.
802.1D Spanning Tree Indicates if STP is enabled on the device, and provides a shortcut to viewing the STP
settings.
DHCP Client Indicates if DCHP Client is enabled on the device, and provides a shortcut to viewing the
DHCP Client settings.
Safeguard Engine Indicates if the Safeguard Engine is enabled on the device, and provides a shortcut to
viewing the Safeguard Engine settings.
SNMP Trap Indicates if SNMP Traps are enabled on the device, and provides a shortcut to viewing
the SNMP Traps settings.
SSL Indicates if Secure Socket Layer (SSL) is enabled on the device, and provides a shortcut
to viewing the SSL settings.
GVRP Setting Indicates if Group VLAN Registration Protocol is enabled.
Jumbo Frames Indicates if Jumbo Frames are enabled on the device, and provides a shortcut to viewing
the Jumbo Frames settings.
BPDU Forwarding Indicates if BPDU Forwarding is enabled on the device, and provides a shortcut to
viewing the BPDU Forwarding settings.
IGMP Snooping Indicates if IGMP Snooping is enabled on the device, and provides a shortcut to viewing
the IGMP Snooping settings.
Broadcast Storm Control Indicates if Broadcast Storm Control is enabled on the device, and provides a shortcut to
viewing the Broadcast Storm Control settings.
802.1X Status Indicates if 802.1X is enabled on the device, and provides a shortcut to viewing the
802.1X settings.
SSH Indicates if Secure Shell Protocol (SSH) is enabled on the device, and provides a shortcut
to viewing the SSH settings.
Port Mirroring Indicates if Port Mirroring is enabled.
To view settings for a device feature:
1. Select a device feature under the Device Status and Quick Configuration Section.
2. Click setting next to the feature name. The configuration page for the selected device feature opens.
11
Defining System Information

The System Information Page provides device information about specific stacking members. To view system information:
1. Click Configuration > System Information. The System Information Page opens:
Figure 2-2 System Information Page

The System Information Page contains the following fields:
Field Description
Unit ID Displays the stack master unit ID.
MAC Address Displays the MAC address assigned to the device
Firmware Version Displays the stacking member’s software version number.
Hardware Version Displays the stacking member’s hardware version number.
System Contact Displays the name of the contact person. The field range is 0-160 characters.
System Name Defines the user-defined system name.
System Location Defines the location where the system is currently running. The field range is 0-160
characters.
Login Timeout (minutes) Defines the amount of time the device times out when no user activity occurs. The default is
10 minutes.
2. Define the System Name field.
3. Define the System Location and Login Timeout (minutes) fields.
4. Click . The system information is defined, and the device is updated.
12
Defining IP Addresses
The IP Address Page contains fields for assigning IP addresses. Packets are forwarded to the default IP when frames are
sent to a remote network via the Default Gateway. The configured IP address must belong to the same IP address subnet of
one of the IP interfaces. The Dynamic Host Configuration Protocol (DHCP) assigns dynamic IP addresses to devices on a
network. DHCP ensures that network devices can have a different IP address every time the device connects to the network.
1. Click Configuration > IP Address. The IP Address Page opens:
Figure 2-3 IP Address Page

The IP Address Page contains the following fields:
Field Description
Static When selected, the IP address is static and user-defined in the IP Address field. This is the
default value.
DHCP When selected, the IP address is retrieved from a DHCP server.
IP Address Defines the IP address. This field is active if the IP address is static.
Subnet Mask Defines the address mask that manages sub-netting on the network. The default value is
255.255.255.0.
Gateway Defines the default gateway. The default gateway manages connections to other subnets
and other networks.
Management VLAN Defines the management VLAN.
Name
2. Select the IP address type in either the Static or DHCP fields.
3. If Static is the defined IP address type, define the IP Address field.
4. Define the Subnet Mask, Gateway, and Management VLAN Name fields.
5. Click . The IP address information is defined, and the device is updated.
13
Managing Stacking
Stacking provides multiple switch management through a single point as if all stack members are a single unit. All stack
members are accessed through a single IP address through which the stack is managed. The stack can be managed from the
following:
• Web-based Interface
• SNMP Management Station
• Command Line Interface (CLI)
Devices support stacking up to six units per stack, or can operate as stand-alone units.
During the stacking setup, one switch is selected as the Stacking Master and another stacking member can be selected as the
Backup Master. All other devices are selected as stack members, and assigned a unique unit ID.
Switch software is downloaded separately for each stack member. However, all units in the stack must be running the same
software version.
Switch stacking and configuration is maintained by the Stacking Master. The Stacking Master detects and reconfigures the
ports with minimal operational impact in the event of the following circumstances:
• Unit Failure
• Inter-unit Stacking Link Failure
• Unit Insertion
• Removing a Stacking Unit
Stacked devices operate in a ring or chain topology. A ring topology occurs when devices in the stack are connected to each
other forming a circle. Each stacked device accepts data and sends it to the device to which it is physically connected. The
packet continues through the stack until it reaches the destination port. The system automatically determines the optimal
path on which to send traffic.
Most difficulties incurred in ring topologies occur when a device in the ring becomes non-functional, or a link is severed. In
a stack, the system automatically switches to a stacking failover feature on the device without any system downtime. An
SNMP message is automatically generated, but no stack management action is required. However, the stacking link or
stacking member must be repaired to ensure the stacking integrity.
After the stacking issues are resolved, the device can be reconnected to the stack without interruption, and the ring topology
is restored.
A chain topology occurs when devices in the stack are connected in a chain-like fashion. Each stacked device accepts data
and sends it along the chain to the next device to which it is physically connected. The packet continues through the stack
until it reaches the destination port.
14
Understanding Stacking Topologies

If a failure occurs in the ring topology, the stack reverts to chain topology. In the chain topology, devices operate in a chain
formation. The Stacking Master determines where the packets are sent. Each unit is connected to two neighboring devices,
except for the top and bottom units.
Stacking Members and Unit ID

Stacking Unit IDs are essential to the stacking configuration. The stacking operation is determined during the boot process.
The operation mode is determined by the Unit ID selected during the initialization process. For example, if the user selected
stand-alone mode, the device boots as a stand-alone device.
The device units are shipped with the default Unit ID of the stand-alone unit. If the device is operating as a stand-alone unit,
all stacking LEDs are off. Once the user selects a different Unit ID, the default Unit ID is not erased and remains valid, even
if the unit is reset.
Unit ID 1 and Unit ID 2 are reserved for Master enabled units. Unit IDs 3 to 6 can be defined for stack members.
When the Master unit boots or when inserting or removing a stack member, the Master unit initiates a stacking discovering
process.
If two members are discovered with the same Unit ID the stack continues to function, however only the unit with the older
join time joins the stack. A message is sent to the user notifying that a unit failed to join the stack.
Removing and Replacing Stacking Members

Stacking members 1 and 2 are Stacking Master enabled units. Units 1 and 2 are designated as either master or secondary
units. The stacking master assignment is performed during the configuration process. One Master enabled stack member is
elected master and the other elected as secondary master, according to the following decision process:
• If only one Stacking Master enabled unit is present, it is elected Master.
• If two Stacking Masters enabled stacking members are present, and one has been manually configured as the
Stacking Master, the manually configured member is elected Stacking Master.
• If two Master-enabled units are present and neither has been manually configured as the Stacking Master, the unit
with the longer up-time is elected Stacking Master.
• If the two Master enabled stacking members are the same age, Unit 1 is elected Stacking Master.
Two stacking members are considered the same age if they were inserted within the same ten minute interval.
For example, stack member 2 is inserted in the first minute of a ten-minute cycle, and stack member 1 is inserted in fifth
minute of the same cycle, the units are considered the same age. If there are two Master enabled units that are the same age,
then Unit 1 is elected master.
The Stacking Master and the Secondary Master maintain a warm standby. The warm standby ensures that the Secondary
Master takes over from the Stacking Master if a failover occurs. This guarantees that the stack continues to operate normally.
During the warm standby, the Master and the Secondary Master are synchronized with the static configuration only. When
the Stacking Master is configured, the Stacking Master must synchronize the Stacking Secondary Master. The Dynamic
configuration is not saved, for example, dynamically learned MAC addresses are not saved.
Each port in the stack has a specific Unit ID, port type, and port number, which is part of both the configuration commands
and the configuration files. Configuration files are managed only from the device Stacking Master, including:
• Saving to the FLASH
• Uploading Configuration files to an external TFTP Server
• Downloading Configuration files from an external TFTP Server
Whenever a reboot occurs, topology discovery is performed, and the Master learns all units in the stack. Unit IDs are saved
in the unit and are learned through topology discovery. If a unit attempts to boot without a selected Master, and the unit is
not operating in stand-alone mode, the unit does not boot.
Configuration files are changed only through explicit user configuration. Configuration files are not automatically modified
when:
• Units are Added
• Units are Removed
15
• Units are reassigned Unit IDs

• Units toggle between Stacking Mode and Stand-alone Mode
Each time the system reboots, the Startup Configuration file in the Master unit is used to configure the stack. If a stack
member is removed from the stack, and then replaced with a unit with the same Unit ID, the stack member is configured
with the original device configuration. Only ports which are physically present are displayed in the D-Link Web
Management Interface home page, and can be configured through the web management system. Non-present ports are
configured through the CLI or SNMP interfaces.
Exchanging Stacking Members

If a stack member with the same Unit ID replaces an existing Unit ID with the same Unit ID, the previous device
configuration is applied to the inserted stack member. If the new inserted device has either more than or less ports than the
previous device, the relevant port configuration is applied to the new stack member.
Switching the Stacking Master

The Secondary Master replaces the Stacking Master if the following events occur:
• The Stacking Master fails or is removed from the stack.
• Links from the Stacking Master to the stacking members fails.
A soft switchover is performed either via web interface or with the CLI.
Switching between the Stacking Master unit and the Backup Master unit results in a limited service loss. Any dynamic
tables are relearned if a failure occurs. The running configuration file is synchronized between Stacking Master and the
Backup Master, and continues running on the Backup Master.
16
Configuring Stacking
The Stacking Settings Page allows network managers to either reset the entire stack or a specific device within the stack.
Save all device configuration changes before the device is reset to ensure the changes are saved. If the Stacking Master is
reset, the entire stack is reset.
1. Click Configuration > Stacking Settings. The Stacking Settings Page opens:
Figure 2-4 Stacking Settings Page

The Stacking Settings Page contains the following fields:
Field Description
Stacking Master Defines the stacking member with either stacking ID of 1 or 2 as the Stacking Master. The
possible field values are:
Unit 1 — Defines the member with the Unit ID 1 as the Stacking Master after the device is
reset.
Unit 2 — Defines the member with the Unit ID 2 as the Stacking Master after the device is
reset.
Current Stack ID Displays the Stacking Member ID that the new Unit ID will replace after the device is reset.
New Stack ID after Defines the unit ID assigned to the Stacking Member after the device reset.
reset
2. Select the Stacking Master in the Stacking Master field.
3. Select a Unit ID in the New Stack ID after reset field.
4. Click . The stacking master is activated and the Unit IDs are changed after the device is reset.
17
Defining Ports
• Configuring Port Properties
• Viewing Port Properties
Configuring Port Properties

The Port Setting Page contains parameters for configuring port properties. Gigabit ports operate in full duplex mode only,
and take on certain characteristics that are different from the other choices listed.
To define port parameters:
1. Click Configuration >Port Configuration > Port Setting. The Port Setting Page opens:
Figure 2-5 Port Setting Page

The Port Setting Page contains the following fields:
Field Description
Unit Defines the stacking member for which the port settings are displayed.
From Port Defines the port number from which the port parameters are displayed.
To Port Defines the port number to which the port parameters are displayed.
State Defines whether the port is currently operational or non-operational. The possible field values
are:
Enabled — Indicates that the port is currently receiving and transmitting traffic.
Disabled — Indicates that the port is currently not receiving and not transmitting traffic. This
is the default value.
Speed Defines the configured rate for the port. The port rate determines what speed setting options are
available. Port speeds can only be configured when auto negotiation is disabled. The possible
field values:
10M/Full — Indicates the port is currently operating at 10 Mbps and full duplex mode.
18
Field Description
10M/Half — Indicates the port is currently operating at 10 Mbps and half duplex mode.
100M/Half — Indicates the port is currently operating at 100 Mbps and half duplex mode.
Auto —Indicates the port is automatically configured to the fastest network traffic the
interface can manage.
Flow Control Defines the flow control scheme used for the various port configurations. Ports configured for
full-duplex use 802.3x flow control, half-duplex ports use backpressure flow control, and Auto
ports use an automatic selection of the two. The default is Disabled.
Learning Defines whether MAC address learning is enabled on the ports. The possible field values are:
Enabled — Enables MAC address learning on the port. If MAC address learning is enabled,
the source and destination MAC address are recorded in the Forwarding Table.
Disabled — Disables MAC address learning. This is the default value.
2. Define the Unit, From Port, To Port, State, Speed, Flow Control, and Learning fields.
3. Click . The port configuration is saved, and the device is updated.
19
Viewing Port Properties

The Port Description Page allows network managers provide a description of device ports. To define a port description:
1. Click Configuration > >Port Configuration > Port Description. The Port Description Page opens:
Figure 2-6 Port Description Page

The Port Description Page contains the following fields:
Field Description
Unit Defines the stacking member for which the port settings are displayed.
From Port Defines the port number from which the port parameters are configured.
To Port Defines the port number to which the port parameters are configured.
Description Defines a user-defined port description.
2. Define the Unit, From Port, To Port, and Description fields.
3. Click . The port description is saved, and the device is updated.
20
ARP Settings
The Address Resolution Protocol (ARP) converts IP addresses into physical addresses and maps the IP address to a MAC
address. ARP allows a host to communicate with other hosts only when the IP addresses of its neighbors are known. To
define ARP information:
1. Click Configuration > ARP Settings. The ARP Settings Page opens:
Figure 2-7 ARP Settings Page

The ARP Settings Page contains the following fields:
Field Description
Interface Name Defines the interface name.
ARP Aging Time (1-65535) Defines the amount of time (in seconds) that passes between ARP Table entry requests.
Following the ARP Entry Age period, the entry is deleted from the table. The range is 1
- 65535. The default value is 300 seconds.
IP Address Defines the station IP address associated with the MAC address.
MAC Address Defines the station MAC address associated in the ARP table with the IP address.
Static ARP Settings Displays current static ARP settings table, detailing the user-defined interface name, IP
address, and MAC address of each entry.
2. Define the Interface Name and ARP Aging Time fields.
3. Click . The ARP global setting is updated.

4. Define the IP Address and MAC Address fields.
5. Click . The ARP settings are saved, and the device is updated.
21
Configuring User Accounts

User accounts including user passwords and access rights are defined on the User Accounts Page. To define user account
information:
1. Click Configuration > User Accounts. The User Accounts Page opens:
Figure 2-8 User Accounts Page

The User Accounts Page contains the following fields:
Field Description
User Name Defines the user name. The user name can contain up-to 15 characters.
New Password Defines the password assigned to the user account. The password can contain up-to 15
characters.
Access Right Displays the user access level. The possible field values are:
Admin — Assigns the user full administrative access through both the Web Interface and
the CLI.
Operator — Assigns the user operator-level access, which is similar to Admin access
except that the operator cannot update the firmware, startup configuration, user accounts,
or restore factory reset.
User — Assigns the user read-only access through the CLI only. A User cannot access the
Web Interface.
Confirm New Password Confirms the user password.
2. Define the User Name field.
3. Select the user access level in the Access Right field.
4. Enter a new password in the New Password field and then re-enter it again in the Confirm New Password field.
5. Click . The new user accounts, passwords, and access rights are defined and the device is updated.
22
To edit the User Accounts Page:

1. Select a name on the User List.
2. Click .
3. Define the value.
4. Click . The new access rights are saved, and device is updated.
To delete a User Accounts Page entry:
1. Select an entry.
2. Click . The user account is deleted, and the device is updated.
23
Managing System Logs

System Logs record and manage events and report errors and informational messages. Event messages have a unique format,
as per the Syslog protocols recommended message format for all error reporting. For example, Syslog and local device
reporting messages are assigned a severity code, and include a message mnemonic, which identifies the source application
generating the message. Messages are filtered based on their urgency or relevancy. Each message severity determines the set
of event logging devices that are sent per each event message.
1. Click Configuration > System Log Host. The System Log Host Page opens:
Figure 2-9 System Log Host Page

The System Log Host Page contains the following fields:
Field Description
Index Defines the log index entry number.
Severity Defines the minimum severity from which warning logs are sent to the server. There
are two levels. When a severity level is selected, all severity level choices above the
selection are selected automatically. The possible levels are:
Warning — The lowest level of a device warning. The device is functioning, but an
operational problem has occurred.
Informational — Provides device information.
All — Displays all levels of system logs.
Server IP Displays the IP address of the Log Server Host.
Facility Defines an application from which system logs are sent to the remote server. Only one
facility can be assigned to a single server. If a second facility level is assigned, the first
facility is overridden.
UDP Port(514 or 1-65535) Defines the UDP port to which the server logs are sent. The possible range is 1 - 65535.
The default value is 514.
24
2. Define the Index, Severity, Server IP, Facility, and UDP Port fields.
3. Click . The System Log Host is defined, and the device is updated.
To delete a log entry:
1. Select the entry.
2. Click . The entry is deleted, and the device is updated.
Configuring SNTP
The device supports the Simple Network Time Protocol (SNTP). SNTP assures accurate network device clock time
synchronization up to the millisecond. Time synchronization is performed by a network SNTP server. The device operates
only as an SNTP client, and cannot provide time services to other systems. The device polls Unicast type servers for the
server time.
Time sources are established by stratums. Stratums define the accuracy of the reference clock. The higher the stratum
(where zero is the highest), the more accurate the clock. The device receives time from stratum 1 and above.
The following is an example of stratums:
Stratum Example
Stratum 0 A real time clock (such as a GPS system) is used as the time source.
Stratum 1 A server that is directly linked to a Stratum 0 time source is used as the time source. Stratum 1
time servers provide primary network time standards
Stratum 2 The time source is distanced from the Stratum 1 server over a network path. For example, a
Stratum 2 server receives the time over a network link, via NTP, from a Stratum 1 server.
Information received from SNTP servers is evaluated based on the Time level and server type. SNTP time definitions are
assessed and determined by the following time levels:
Time level SNTP Time Definition
T1 The time at which the original request was sent by the client.
T2 The time at which the original request was received by the server.
T3 The time at which the server sent the client a reply.
T4 The time at which the client recived the server's reply.
Polling for Time Information

SNTP is used to poll time information from SNTP server. Using SNTP enables accurate system clock.
The Time Settings Page allows network managers to enable and configure the SNTP time settings on the device. To enable
SNTP:
1. Click Configuration > SNTP Settings > Time Settings. The Time Settings Page opens:
25
Figure 2-10 Time Settings Page

The Time Settings Page contains the following fields:
Status
Field Description
Time Source Defines the time source by which the system time is set. The possible field values are:
SNTP — Indicates that the system time is retrieved from a SNTP server.
System Clock — Indicates that the system time is set locally by the device.
Current Time Displays the current date and time.
SNTP Settings Section
Field Description
SNTP First Server Defines the IP address of primary SNTP server from which the system time is
retrieved.
SNTP Second Server Defines the IP address of secondary SNTP server from which the system time is
retrieved.
SNTP Poll Interval in Seconds Defines the interval (in seconds) at which the SNTP server is polled for Unicast
information. The range is 60-86400 seconds. The Poll Interval default is 1024 seconds.
Set Current Time
Field Description
Time Setting Defines the current system date. The field format is Day/Month/Year.
Time in HH MM SS Defines the current system time. The field format is HH:MM:SS based on the 24-hour
clock (Military Time) For example, 9:00PM is configured as 21:00:00.
2. Select a time source in the Time Source field.
3. Define the fields.
4. Click . The SNTP settings are defied, and the device is updated.
26
Configuring Daylight Savings Time

The TimeZone Settings Page contains fields for defining system time parameters for both the local hardware clock and the
external SNTP clock. If the system time is kept using an external SNTP clock, and the external SNTP clock fails, the system
time reverts to the local hardware clock. Daylight saving times can be enabled on the device.
The following is a list of daylight savings start and end times in specific countries:
• Albania — From the last weekend of March until the last weekend of October.
• Australia — From the end of October until the end of March.
• Australia - Tasmania — From the beginning of October until the end of March.
• Armenia — From the last weekend of March until the last weekend of October.
• Austria — From the last weekend of March until the last weekend of October.
• Bahamas — From April to October, in conjunction with daylight savings in the United States.
• Belarus — From the last weekend of March until the last weekend of October.
• Belgium — From the last weekend of March until the last weekend of October.
• Brazil — From the third Sunday in October until the third Saturday in March. Clocks go forward one hour in most
areas of southeast Brazil for daylight savings.
• Chile —Easter Island: from March 9 until October 12. The rest of the country, from the first Sunday in March, or
after March 9.
• China — China does not use daylight saving time.
• Canada — From the first Sunday in April until the last Sunday of October. Daylight saving times are usually
regulated by provincial and territorial governments. Exceptions may exist in certain municipalities.
• Cuba — From the last Sunday of March to the last Sunday of October.
• Cyprus — From the last weekend of March until the last weekend of October.
• Denmark — From the last weekend of March until the last weekend of October.
• Egypt — From the last Friday in April until the last Thursday in September.
• Estonia — From the last weekend of March until the last weekend of October.
• Finland — From the last weekend of March until the last weekend of October.
• France — From the last weekend of March until the last weekend of October.
• Germany — From the last weekend of March until the last weekend of October.
• Greece — From the last weekend of March until the last weekend of October.
• Hungary — From the last weekend of March until the last weekend of October.
• India — India does not use daylight saving time.
• Iran — From Farvardin 1 until Mehr 1.
• Iraq — From April 1 until October 1.
• Ireland — From the last weekend of March until the last weekend of October.
• Israel — Varies year-to-year.
• Italy — From the last weekend of March until the last weekend of October.
• Japan — Japan does not use daylight saving time.
• Jordan — From the last weekend of March until the last weekend of October.
• Latvia — From the last weekend of March until the last weekend of October.
• Lebanon — From the last weekend of March until the last weekend of October.
• Lithuania — From the last weekend of March until the last weekend of October.
• Luxembourg — From the last weekend of March until the last weekend of October.
• Macedonia — From the last weekend of March until the last weekend of October.
• Mexico — From the first Sunday in April at 02:00 to the last Sunday in October at 02:00.
• Moldova — From the last weekend of March until the last weekend of October.
27
• Montenegro — From the last weekend of March until the last weekend of October.
• Netherlands — From the last weekend of March until the last weekend of October.
• New Zealand — From the first Sunday in October until the first Sunday on or after March 15.
• Norway — From the last weekend of March until the last weekend of October.
• Paraguay — From April 6 until September 7.
• Poland — From the last weekend of March until the last weekend of October.
• Portugal — From the last weekend of March until the last weekend of October.
• Romania — From the last weekend of March until the last weekend of October.
• Russia — From the last weekend of March until the last weekend of October.
• Serbia — From the last weekend of March until the last weekend of October.
• Slovak Republic - From the last weekend of March until the last weekend of October.
• South Africa — South Africa does not use daylight saving time.
• Spain — From the last weekend of March until the last weekend of October.
• Sweden — From the last weekend of March until the last weekend of October.
• Switzerland — From the last weekend of March until the last weekend of October.
• Syria — From March 31 until October 30.
• Taiwan — Taiwan does not use daylight saving time.
• Turkey — From the last weekend of March until the last weekend of October.
• United Kingdom — From the last weekend of March until the last weekend of October.
• United States of America — From the second Sunday in March at 02:00 to the first Sunday in November at
02:00.
To configure the system time:
• Click Configuration > SNTP Settings > TimeZone Settings. The TimeZone Settings Page opens:
Figure 2-11 TimeZone Settings Page
28
The TimeZone Settings Page contains the following fields:

Field Description
Daylight Savings Time State Defines type of DST enabled on the device. The possible field values are:
Disable — Disables DST on the device. This is the default values.
Repeating — Enables setting repeating DST. This option requires defining
begin and end times by specific dates.
Annual — Enables setting annual DST. This option requires defining begin
and end times by the specific day and hour.
Daylight Saving Time Offset in Defines the local DST offset in minutes. This field is used for non-USA and
Minutes European countries. The default time is 60 minutes. The possible field values
are:
30 — Defines the local offset for 30 minutes.
Time Zone Offset:from GMT Indicates the difference between Greenwich Mean Time (GMT) and local time.
For example, the Time Zone Offset for Paris is GMT +1, while the Time Zone
Offset for New York is GMT –5.
DST Repeating Settings Sections

The Repeating Mode enables setting repeating DST. This option requires defining begin and end times by specific dates. For
example, the network administrator defines that DST begins the second Saturday during April and ends on the last Sunday
in October.
Field Description
From Which Week of Defines which numeric week of the month DST begins. The possible field values are:
the Month First — Indicates the first week of a month.
Second — Indicates the second week of a month.
Third — Indicates the third week of a month.
Fourth — Indicates the fourth week of a month.
From Day of Week Defines the week day DST starts. The field range is Sunday–Saturday.
From Month Defines the month DST starts. The field range is January–December.
From time in HH MM Defines the time of day DST starts. The field format is Hour:Minutes based on the 24-hour
clock (Military Time). For example, 9:00PM is configured as 21:00.
To Which Week of Defines which numeric week of the month DST ends. The possible field values are:
the Month First — Indicates the first week of a month.
Second — Indicates the second week of a month.
Third — Indicates the third week of a month.
Fourth — Indicates the fourth week of a month.
To Day of Week Defines the week day DST ends. The field range is Sunday–Saturday.
To Month Defines the month DST ends. The field range is January–December.
To time in HH MM Defines the time of day DST ends. The field format is Hour:Minutes based on the 24-hour clock
(Military Time). For example, 9:00PM is configured as 21:00.
29
DST Annual Settings Section

The Annual Mode enables setting a DST seasonal time adjustment. This option requires defining begin and end times by the
specific day and hour. For example, the network administrator defines that DST begins April 3 and ends October 14.
Field Description
From:Month Defines the month of the year that DST starts. The field options are January-December.
From:Day Defines the date on which DST starts. The field options are 1-31.
From:Time Defines the time at which DST starts. The field format is HH:MM based on the 24-hour clock
(Military Time) For example, 9:00PM is configured as 21:00.
To:Month Defines the month of the year in which DST ends. The field options are January-December.
To:Day Defines the date on which DST ends. The field options are 1-31.
To:Time Defines the time at which DST ends. The field format is HH:MM based on the 24-hour clock
(Military Time) For example, 9:00PM is configured as 21:00.
1. Select a daylight savings time source in the Daylight Saving Time State field.
3. Click . Daylight Savings Time is configured, and the device is updated.
30
Configuring SNMP
Simple Network Management Protocol (SNMP) provides a method for managing network devices. The device supports the
following SNMP versions:
• SNMP version 1
• SNMP version 2c
• SNMP version 3
SNMP v1 and v2c
The SNMP agents maintain a list of variables used to manage the device. The variables are defined in the Management
Information Base (MIB). The SNMP agent defines the MIB specification format, as well as the format used to access the
information over the network. Access rights to the SNMP agents are controlled by access strings.
SNMP v3
SNMP v3 applies access control and a new traps mechanism. In addition, User Security Model (USM) parameters are
defined for SNMPv3, including:
Parameters Description
Authentication Provides data integrity and data origin authentication.
Privacy Prevents message content disclosure. Cipher Block-Chaining (CBC) is used for encryption.
Either authentication is enabled on a SNMP message, or both authentication and privacy are
enabled on an SNMP message. However, privacy cannot be enabled without authentication.
Key Management Defines key generation, key updates, and key use.
The device supports SNMP notification filters based on Object IDs (OIDs). OIDs are used by the system to manage device
features. SNMP v3 supports the following features:
• Security
• Feature Access Control
• Traps
31
Defining SNMP Views

SNMP views provide or block access to device features or aspects of features. For example, a view can be defined to show
that SNMP group A has Read Only (R/O) access to Multicast groups, while SNMP group B has Read-Write (R/W) access to
Multicast groups. Feature access is granted via the MIB name or MIB Object ID.
1. Click Configuration > SMNP Settings > SNMP View Table. The SNMP View Table Page opens:
Figure 2-12 SNMP View Table Page

The SNMP View Table Page contains the following fields:
Field Description
View Name Defines the view name (limited to 30 alphanumeric characters).
Subtree OID Defines the device feature OID included in, or excluded from, the selected SNMP view.
View Type Defines whether the defined OID branch will be included in, or excluded from, the selected
SNMP view.
2. Define the View Name, Subtree OID and View Type fields.
3. Click . The SNMP View Table is defined, and the device is updated.
To delete a view from the SNMP View Table Page:
1. Select an entry on the list.
32
Defining SNMP Groups

The SNMP Group Table Page provides information for creating SNMP groups and assigning SNMP access control
privileges to SNMP groups. Groups enable network managers to assign access rights to specific device features or feature
aspects. To define SNMP groups:
1. Click Configuration > SMNP Settings > SNMP Group Table. The SNMP Group Table Page opens:
Figure 2-13 SNMP Group Table Page

The SNMP Group Table Page contains the following fields:
Field Description
Group Name Defines the user-defined group name to which access control rules are applied (limited to 30
alphanumeric characters).
Read View Name Defines a Read Only view. The Read Only view management access is restricted to read-only,
and changes cannot be made to the assigned SNMP view. The possible values are:
Community/View
TestReadView
PWriteView
PrivateView
Write View Name Defines a Write view. The Management view access is read/write, and changes can be made to
the assigned SNMP view. The possible values are:
Community/View
TestReadView
PWriteView
PrivateView
33
Field Description
Notify View Name Defines a Notify view. The Notify view sends traps for the assigned SNMP view. This is
applicable for SNMPv3 only. The possible values are:
Community/View
TestReadView
PWriteView
PrivateView
Security Model Defines the SNMP version attached to the group. The possible field values are:
SNMPv1 — Defines SNMPv1 as the security model for the group.
Security Level Defines the security level attached to the group. Security levels apply to SNMPv3 only. The
possible field values are:
NoAuthNoPriv — Defines that neither the Authentication nor the Privacy security levels are
assigned to the group.
AuthNoPriv — Authenticates SNMP messages, and ensures that the SNMP message’s origin
is authenticated.
AuthPriv — Encrypts SNMP messages.
2. Define the Group Name, Read View Name, Write View Name, and Notify View Name fields.
3. Select a security model from the Security Model list.
4. Click . The SNMP groups are defined, and the device is updated.
To delete a Group Name from the SNMP Group Table Page List:
1. Select a Group Name.
2. Click . The Group Name is deleted, and the device is updated.
34
Defining SNMP Users

The SNMP User Table Page enables assigning system users to SNMP groups and defining the user authentication method.
To assign system users:
1. Click Configuration > SMNP Settings >SNMP User Table. The SNMP User Table Page opens:
Figure 2-14 SNMP User Table Page

The SNMP User Table Page contains the following fields:
Field Description
User Name Defines the SNMP user name included in the SNMP user group.
Group Name Defines the SNMP user group name.
SNMP V3 Encryption Defines the SNMPv3 user authentication method. The possible field values are:
None —No user authentication is used.
Password — Provides user authentication via the HMAC-SHA-96 authentication
level password or HMAC-MD5-96 password.
Key — Provides user authentication via the HMAC-MD5 algorithm or the HMAC-
SHA-96 authentication level.
Auth-Protocol by Password Selects the authentication password type used to authenticate users. The possible field
values are:
MD5 — Defines that HMAC-MD5-96 password is used for authentication.
SHA — Defines that HMAC-SHA-96 authentication level password is used for
authentication.
Password Defines the password used for authentication.
Confirm Password Confirms the password used for authentication.
35
Field Description
Auth-Protocol by Key Selects the authentication key type used to authenticate users. The possible field values
are:
MD5 — Defines that users are authenticated via a HMAC-MD5 algorithm key.
SHA — Defines that users are authenticated via a HMAC-SHA-96 authentication
level key.
Key Defines the authentication key for authentication.
Confirm Key Confirms the authentication key for authentication.
2. Define the User Name, Group Name, and SNMP V3 Encryption fields.
3. Define the authentication password or authentication key.
4. Click . The SNMP authentication method is defined, and the device is updated.
36
Defining SNMP Communities

Access rights are managed by defining communities, using the SNMP Community Table Page. When the community names
are changed, access rights are also changed. SNMP communities are defined only for SNMP v1 and SNMP v2c. To define
SNMP communities:
1. Click Configuration > SMNP Settings > SNMP Community Table. The SNMP Community Table Page opens:
Figure 2-15 SNMP Community Table Page

The SNMP Community Table Page contains the following fields:
Field Description
Community Name Defines advanced SNMP community group name (limited to 32 alphanumeric characters).
View Name Defines the group of MIB objects that a remote SNMP manager is allowed to access on the
switch.
Access Rights Defines the access rights of the community. The possible field values are:
Read Only — Management access is restricted to read only, and changes cannot be made to
the community.
Read Write — Management access is read/write and changes can be made to the device
configuration, but not to the community.
2. Define the Community Name, and View Name, Access Right fields.
3. Click . The SNMP Community Table is defined, and the device is updated.
To delete a SNMP Community Table Page List entry:
1. Select a Community Name.
37
Defining the SNMP Host Table

The SNMP Host Table Page contains information for defining filters that determine whether traps are sent to specific users,
as well as the trap type sent. SNMP notification filters provide the following services:
• Identifying Management Trap Targets
• Trap Filtering
• Selecting Trap Generation Parameters
• Providing Access Control Checks
To define the SNMP Host Table Page:
1. Click Configuration > SMNP Settings > SNMP Host Table. The SNMP Host Table Page opens:
Figure 2-16 SNMP Host Table Page
38
The SNMP Host Table Page contains the following fields:

Field Description
Host IP Address Defines the IP address to which the traps are sent.
SNMP Version Defines the trap type. The possible field values are:
SNMP V1 — Indicates that SNMP Version 1 traps are sent.
SNMP V2c —Indicates that SNMP Version 2 traps are sent.
V3-NoAuth-NoPriv — Indicates that the SNMP version 3 is assigned
with a NoAuth-NoPriv security level.
V3-Auth-NoPriv — Indicates that the SNMP version 3 is assigned with
an Auth-NoPriv security level.
V3-Auth-Priv — Indicates that the SNMP version 3 is assigned with an
Auth-Priv security level.
Community String / SNMPv3 User Name Defines the community string or assigned to the SNMP V3 user.
2. Define the Host IP Address field.
3. Select the trap type in the SNMP Version field.
4. Define the Community String / SNMPv3 User Name field.
5. Click . The SNMP Host Table is defined, and the device is updated.
To delete a SNMP Host Table Page List entry:
1. Select an entry.
39
Defining the SNMP Engine ID

The Engine ID is a unique identifier used for SNMP V3 implementations. This is an alphanumeric string used to identify the
SNMP engine on the switch. To define the SNMP Engine ID:
1. Click Configuration > SMNP Settings > SNMP Engine ID. The SNMP Engine ID Page opens:
Figure 2-17 SNMP Engine ID Page

The SNMP Engine ID Page contains the following fields:
Field Description
Engine ID Defines the local device Engine ID. The field value is a hexadecimal string. Each byte in
hexadecimal character strings is two hexadecimal digits. Each byte can be separated by a period
or a colon. The Engine ID must be defined before SNMPv3 is enabled. Select a default Engine
ID that is comprised of an Enterprise number and the default MAC address.
Use Default When selected, provides the device-generated Engine ID. The default Engine ID is based on the
device MAC address and is defined per standard as:
First 4 octets — first bit = 1, the rest is IANA Enterprise number.
Fifth octet — Set to 3 to indicate the MAC address that follows.
Last 6 octets — MAC address of the device.
2. Define the Engine ID or Use Default checkbox.
3. Click . The SNMP Engine ID is defined, and the device is updated.
40
Enabling SNMP Traps

The SNMP Configuration Trap Page contains parameters for defining SNMP notification parameters. To enable SNMP
notifications: To enable SNMP Traps:
1. Click Configuration > SMNP Settings > SNMP Trap Configuration. The SNMP Configuration Trap Page
opens:
Figure 2-18 SNMP Configuration Trap Page

The SNMP Configuration Trap Page contains the following fields:
Field Description
SNMP Traps Specifies whether the device can send SNMP notifications. The possible field values are:
Enable — Enables SNMP notifications. This is the default value.
Disable — Disables SNMP notifications.
SNMP Authentication Specifies whether the device can send traps upon authentication failure notification.
Traps Enable — Enables the device to send authentication failure notifications. This is the default
value.
Disable — Disables the device from sending authentication failure notifications.
2. Define the SNMP Traps and SNMP Authentication Traps fields.
3. Click . The SNMP trap status is modified, and the device is updated.
41
DHCP Auto Configuration

In the DHCP Auto Configuration
, users can enable or disable automatic download of the latest image and configuration files from the DHCP server. During
reboot, if DHCP Auto Configuration is enabled, the device polls the DHCP Server. From the DHCP server, the device
receives the following, if necessary:
• IP address – If the device needs an IP address, it will receive one from the DHCP server. If the device already has
a DHCP-defined IP address, it will retain the current address.
• Image file – If an updated image file is available on the network, and the DHCP server’s latest instruction file
refers to it, the device downloads the image file.
• Configuration file – If an updated configuration file is available on the network, and the DHCP server’s latest
instruction file refers to it, the device downloads the file as its new Running Configuration, and also saves it as the
Startup Configuration.
To enable DHCP Auto Configuration:
1. Click Configuration > DHCP Auto Configuration. The DHCP Auto Configuration
2. opens:
Figure 2-19 DHCP Auto Configuration Page

The DHCP Auto Configuration
contains the following fields:
Field Description
DHCP Auto Specifies whether the device gets an IP address, updated image file, and updated configuration
Configuration file through the DHCP Server whenever the device reboots. The DHCP server maintains the
TFTP Server IP address, where the files are saved. The possible field values are:
• Enabled — Enables automatic updates from the DHCP server.
• Disabled — Disables automatic updates from the DHCP server. This is the default
value.
42
3. Select Enabled to turn on DHCP Auto configuration or Disabled to turn it off. Disabled is the default.
4. Click . The DHCP automatic configuration update is modified, and the device is updated.
43
Dual Image Services

The device contains two software images, one for reboot and one for backup, in its flash memory. Each image includes all
permanent configurations and data required to operate the device. When a software download is successfully completed, the
new image automatically becomes the new reboot file, unless the user manually configures the other file to be active. In a
stacked system, the user can define the active image file for every unit in the stack.
This feature includes two screens:
• Firmware Information
• Config Firmware Image
Firmware Information
The Firmware Information Page contains information about the image files stored for the device, or in case of a stacked
system, for all devices in the stack. To view the list of device images:
• Click Configuration > Dual Image Services > Firmware Information. The Firmware Information Page opens:
Figure 2-20 Firmware Information Page

The Firmware Information Page contains the following fields:
Field Description
Unit Displays the stacking member for which the firmware image information is displayed.
Image Each device has two image files, one for reboot and one for backup. Upon software upgrade
download, the downloaded image file is designated for reboot, although users can modify this in
the Config Firmware Image page. The possible values are:
• 1 – Image-1 is the latest downloaded image file.
• 2 – Image-2 is the previously downloaded image file.
An “*” indicates that this image file is used for reboot.
44
Field Description
Version Displays the image file’s version number.
Update Time Displays the time and date that the file was downloaded to the device.
Config Firmware Image

The Config Firmware Image Page allows users to change each device’s image file. To change the reboot file:
1. Click Configuration > Dual Image Services > Config Firmware Image. The Config Firmware Image Page
opens:
Figure 2-21 Config Firmware Image Page

The Config Firmware Image Page contains the following fields:
Field Description
Unit Defines the stacking member for which the reboot image file is defined.
Image Defines the image file used for reboot. The possible values are:
• 1 – Image-1 is the latest downloaded image file.
• 2 – Image-2 is the previously downloaded image file.
2. Select the Unit and choose its reboot Image file.
3. Click . The device will use the defined image file the next time it reboots.
45
3
CONFIGURING L2 FEATURES
This section contains information for enabling and configuring L2 Features. This section contains the following topics:
• Enabling Jumbo Frames
• Defining VLAN Properties
• Configuring GVRP
• Defining Trunking
• Traffic Segmentation
• Configuring LACP
• Defining IGMP Snooping
• Configuring Port Mirroring
• Configuring Spanning Tree
• Defining Forwarding and Filtering
46
Enabling Jumbo Frames

Jumbo Frames enable transmitting identical data in fewer frames. The Jumbo Frame Page allows network managers to
enable Jumbo Frames on the device. This ensures less overhead, lower processing time, and fewer interruptions.
1. Click L2 Features > Jumbo Frame. The Jumbo Frame Page opens:
Figure 3–1. Jumbo Frame Page

The Jumbo Frame Page contains the following field:
Field Description
Jumbo Frame Defines whether Jumbo Frames are enabled on the device. The possible field values are:
Enabled — Enables Jumbo Frames on the device.
Disabled — Disables Jumbo Frames on the device. This is the default value.
2. Select Enable in the Jumbo Frames field. Jumbo Frames are enabled only after the device is reset.
3. Click . Jumbo Frames are enabled after the device is reset.
47
Configuring VLANs
Priority tagging is an IEEE 802.1p defined standard function designed to provide a means of managing traffic on networks
where many different types of data are transmitted simultaneously. It is intended to alleviate problems associated with the
delivery of time-critical data over congested networks. The quality of applications dependent on such data, such as video
conferencing, can be severely and adversely affected by even very small delays in transmission.
IEEE 802.1p standard-compliant network devices recognize the priority level of data packets and can assign priority labels
or tags to packets, as well as strip priority tags from packets. The priority tag determines the packet's degree of
expeditiousness and the queue to which it is assigned.
Priority tags are assigned values from 0 to 7, with 0 being assigned to the lowest priority data, and 7 to the highest.
Generally, tag 7 is used for data associated with video or audio applications, sensitive to even slight delays, or for data from
specified end users whose data transmissions warrant special consideration.
The switch enables increased definition for handling priority tagged data packets on the network. Using queues to manage
priority tagged data enables user-specification for the data’s relative priority to suit the needs of the network. Circumstances
can arise where it is advantageous to group two or more differently tagged packets into the same queue. Generally, however,
it is recommended that the highest priority queue, Queue 1, be reserved for data packets with a priority value of 7.
A weighted round robin system is employed on the switch to determine the rate at which the queues are emptied of packets.
The ratio used for clearing the queues is 4:1. This means that the highest priority queue, Queue 1, clears four packets for
every one packet cleared from Queue 0.
It is important that the priority queue settings on the switch are for all ports, and all devices connected to the switch are
affected. The priority queuing system is especially beneficial for networks that employ priority tag assignment capable
switches.
VLAN Description
A Virtual Local Area Network (VLAN) is a network topology configured according to a logical scheme rather than the
physical layout. VLANs can be used to combine any collection of LAN segments into an autonomous user group that
appears as a single LAN. VLANs also logically segment the network into different broadcast domains so that packets are
forwarded only between ports within the VLAN. Typically, a VLAN corresponds to a particular subnet, although not
necessarily.
VLANs can enhance performance by conserving bandwidth, and improve security by limiting traffic to specific domains.
A VLAN is a collection of end nodes grouped by logic instead of physical location. End nodes that frequently communicate
with each other are assigned to the same VLAN, regardless of where they are physically on the network. Logically, a VLAN
can be equated to a broadcast domain, because broadcast packets are forwarded to only members of the VLAN on which the
broadcast was initiated.
Notes about VLANs on the DGS-3100 Series

No matter what basis is used to uniquely identify end nodes and assign these nodes VLAN membership, packets cannot
cross VLANs without a network device performing a routing function between the VLANs.
The DGS-3100 series supports IEEE 802.1Q VLANs. The port untagging function can be used to remove the 802.1Q tag
from packet headers to maintain compatibility with devices that are tag-unaware.
The switch's default is to assign all ports to a single 802.1Q VLAN named ‘default.’
The ‘default’ VLAN has a VID = 1.
IEEE 802.1Q VLANs

Some relevant terms:
Term Description
Tagging The act of putting 802.1Q VLAN information into the header of a packet.
Untagging The act of stripping 802.1Q VLAN information out of the packet header.
48
Term Description
Ingress port A port on a switch where packets are flowing into the switch and VLAN decisions must be
made.
Egress port A port on a switch where packets are flowing out of the switch, either to another switch or to
an end station, and tagging decisions must be made.
IEEE 802.1Q (tagged) VLANs are implemented on the switch. 802.1Q VLANs require tagging, which enables them to span
the entire network (assuming all switches on the network are IEEE 802.1Q-compliant).
VLANs allow a network to be segmented in order to reduce the size of broadcast domains. All packets entering a VLAN are
only forwarded to the stations (over IEEE 802.1Q enabled switches) that are members of that VLAN, and this includes
broadcast, multicast and unicast packets from unknown sources.
VLANs can also provide a level of security to a network. IEEE 802.1Q VLANs only deliver packets between stations that
are members of the VLAN.
Any port can be configured as either tagged or untagged. The untagging feature of IEEE 802.1Q VLANs allows VLANs to
work with legacy switches that don't recognize VLAN tags in packet headers. The tagging feature allows VLANs to span
multiple 802.1Q-compliant switches through a single physical connection and allows Spanning Tree to be enabled on all
ports and work normally.
The IEEE 802.1Q standard restricts the forwarding of untagged packets to the VLAN in which the receiving port is a
member.
The main characteristics of IEEE 802.1Q are as follows:
• Assigns packets to VLANs by filtering.
• Assumes the presence of a single global spanning tree.
• Uses an explicit tagging scheme with one-level tagging.
• 802.1Q VLAN Packet Forwarding
Packet forwarding decisions are made based upon the following three types of rules:
• Ingress rules - rules relevant to the classification of received packets belonging to a VLAN.
• Forwarding rules between ports - decides whether to filter or forward the packet.
• Egress rules - determines if the packet must be sent tagged or untagged.
Figure 3–2. IEEE 802.1Q Packet Forwarding
49
802.1Q VLAN Tags

The figure below shows the 802.1Q VLAN tag. There are four additional octets inserted after the source MAC address.
Their presence is indicated by a value of 0x8100 in the EtherType field. When a packet's EtherType field is equal to 0x8100,
the packet carries the IEEE 802.1Q/802.1p tag. The tag is contained in the following two octets and consists of 3 bits of user
priority, 1 bit of Canonical Format Identifier (CFI - used for encapsulating token ring packets so they can be carried across
Ethernet backbones), and 12 bits of VLAN ID (VID). The 3 bits of user priority are used by 802.1p. The VID is the VLAN
identifier and is used by the 802.1Q standard. Because the VID is 12 bits long, 4094 unique VLANs can be identified.
The tag is inserted into the packet header making the entire packet longer by 4 octets. All of the information originally
contained in the packet is retained.
Figure 3–3. IEEE 802.1Q Tag

The EtherType and VLAN ID are inserted after the MAC source address, but before the original EtherType/Length or
Logical Link Control. Due to the packet now being a bit longer than it was originally, the Cyclic Redundancy Check (CRC)
must be recalculated.
Figure 3–4. Adding an IEEE 802.1Q Tag
50
Port VLAN ID
Tagged packets (carrying the 802.1Q VID information) can be transmitted from one 802.1Q compliant network device to
another with the VLAN information intact. This allows 802.1Q VLANs to span network devices (and the entire network,
providing all network devices are 802.1Q compliant).
Not all network devices are 802.1Q compliant. Such devices are referred to as tag-unaware. 802.1Q devices are referred to
as tag-aware.
Prior to the adoption of 802.1Q VLANs, port-based and MAC-based VLANs were in common use. These VLANs relied
upon a Port VLAN ID (PVID) to forward packets. A packet received on a given port would be assigned that port's PVID
and then be forwarded to the port that corresponds to the packet's destination address (found in the switch's forwarding
table). If the PVID of the port receiving the packet is different from the PVID of the port that is to transmit the packet, the
switch drops the packet.
Within the switch, different PVIDs mean different VLANs (remember that two VLANs cannot communicate without an
external router). So, VLAN identification based upon the PVIDs cannot create VLANs that extend outside a given switch
(or switch stack).
Every physical port on a switch has a PVID. 802.1Q ports are also assigned a PVID, for use within the switch. If no VLANs
are defined on the switch, all ports are then assigned to a default VLAN with a PVID equal to 1. Untagged packets are
assigned the PVID of the port on which they were received. Forwarding decisions are based upon this PVID, in so far as
VLANs are concerned. Tagged packets are forwarded according to the VID contained within the tag. Tagged packets are
also assigned a PVID, but the PVID is not used to make packet forwarding decisions, the VID is.
Tag-aware switches must keep a table to relate PVIDs within the switch to VIDs on the network. The switch compares the
VID of a packet to be transmitted to the VID of the port that is to transmit the packet. If the two VIDs are different, the
switch drops the packet. As a result of the existence of the PVID for untagged packets, and the VID for tagged packets, tag-
aware and tag-unaware network devices can coexist on the same network.
A switch port can only have one PVID, but it can have as many VIDs that the switch’s memory storage capacity has in its
VLAN table, to store them.
As some devices on a network may be tag-unaware, a decision must be made at each port on a tag-aware device before
packets are transmitted; Should the packet to be transmitted have a tag or not? If the transmitting port is connected to a tag-
unaware device, the packet should be untagged. If the transmitting port is connected to a tag-aware device, the packet
should be tagged.
Tagging and Untagging

Every port on an 802.1Q compliant switch can be configured as tagged or untagged.
Tagging enabled ports put the VID number, priority, and other VLAN information into the header of all packets that flow
into and out of it. If a packet has previously been tagged, the port does not alter the packet, thus keeping the VLAN
information intact. The VLAN information in the tag is then used by other 802.1Q compliant devices on the network to
make packet-forwarding decisions.
Ports with untagging enabled strip the 802.1Q tag from all packets flowing into and out of those ports. If the packet doesn't
have an 802.1Q VLAN tag, the port does not alter the packet. As a result, all packets received by and forwarded by an
untagging port have no 802.1Q VLAN information (as the PVID is only used internally within the switch). Untagging is
used to send packets from an 802.1Q-compliant network device to a non-compliant network device.
Ingress Filtering
A port on a switch where packets are flowing into the switch, and VLAN decisions must be made, is referred to as an
ingress port. If ingress filtering is enabled for a port, the switch examines the VLAN information in the packet header (if
present) and decides whether or not to forward the packet.
If the packet is tagged with VLAN information, the ingress port first determines if the ingress port itself is a member of the
tagged VLAN. If it is not, the packet is dropped. If the ingress port is a member of the 802.1Q VLAN, the switch determines
if the destination port is a member of the 802.1Q VLAN. If it is not, the packet is dropped. If the destination port is a
member of the 802.1Q VLAN, the packet is forwarded and the destination port transmits it to its attached network segment.
If the packet is not tagged with VLAN information, the ingress port tags the packet with its own PVID as a VID (if the port
is a tagging port). The switch then determines if the destination port is a member of the same VLAN (has the same VID) as
51
the ingress port. If it does not, the packet is dropped. If it has the same VID, the packet is forwarded and the destination port
transmits it on its attached network segment.
This process is referred to as ingress filtering, and is used to conserve bandwidth within the switch, by dropping packets that
are not on the same VLAN as the ingress port at the point of reception. This eliminates the subsequent processing of packets
that is just dropped by the destination port.
Default VLANs
The switch initially configures one VLAN, VID = 1, called ‘default.’ The factory default setting assigns all ports on the
switch to the ‘default.’
Packets cannot cross VLANs. If a member of one VLAN wants to connect to another VLAN, the link must be through an
external router.
NOTE: If no VLANs are configured on the switch, then all packets are forwarded to any destination
port. Packets with unknown source addresses are flooded to all ports. Broadcast and multicast packets
are also flooded to all ports.
An example is presented in this table:

VLAN Name VID Switch Ports
System (default) 1 5, 6, 7, 8, 21, 22, 23, 24
Engineering 2 9, 10, 11, 12
Marketing 3 13, 14, 15, 16
Finance 4 17, 18, 19, 20
Sales 5 1, 2, 3, 4
Table 3-1. VLAN Example - Assigned Ports
VLAN and Trunk Groups

The members of a trunk group have the same VLAN setting. Any VLAN setting on trunk group members applies to the
other member ports.
NOTE: In order to use VLAN segmentation in conjunction with port trunk groups, the port trunk
group(s) can first be set, and then the VLAN settings may be configured. Changing the port trunk
grouping with VLANs already in place doesn’t require reconfiguration of the VLAN settings after
changing the port trunk group settings. VLAN settings automatically change in conjunction with the
change of the port trunk group settings.
VLAN Status
The VLAN List displays VLANs, VLAN membership and membershiop type. This window displays the ports on the switch
that are currently Egress or Tag ports. To view the following table, open the L2 features->VLAN folder and click the
VLAN Status Link.
This section contains the following topics:
52
Defining VLAN Properties

The VLAN Configuration Page provides information and global parameters for configuring and working with VLANs.
1. Click L2 Features > 802.1Q VLAN. The VLAN Configuration Page opens:
Figure 3–5. VLAN Configuration Page

The VLAN Configuration Page contains the following fields:
Field Description
VID Defines the VLAN ID.
VLAN Name Defines the user-defined VLAN name. The field ranges is 1-29 characters.
Untag VLAN Ports Defines the interface is an untagged VLAN member. Packets forwarded by the interface are
untagged.
Tag VLAN Ports Defines the interface is a tagged member of a VLAN. All packets forwarded by the
interface are tagged. The packets contain VLAN information.
Forbidden VLAN Ports Defines the interface VLAN membership, even if GARP indicates the port is to be added.
Not Member Defined the interface is not a member of the VLAN.
53
2. Click the Add/Edit VLAN tab. The Add/Edit VLAN Information Page opens:
Figure 3–6. Add/Edit VLAN Information Page

The Add/Edit VLAN Information Page contains the following fields:
Field Description
VLAN Name Defines the user-defined VLAN name. The field ranges up to 32 characters.
Unit Defines the stacking member for which the VLAN parameters are displayed.
Untag Port Defines the interface is an untagged VLAN member. Packets forwarded by the interface are
untagged.
Tag Port Defines the interface is a tagged member of a VLAN. All packets forwarded by the
Forbidden Port Defines the interface VLAN membership, even if GARP indicates the port is to be added.
Not Member Indicates that the interface is not a member of the VLAN.
Port Select All Selects all ports and either untags, tags, excludes, or removes the VLAN membership.
3. Define the VID, VLAN Name, and port-related fields.
4. Select the Tagged, Untagged, and Forbidden ports.
5. Click . The VLAN is saved, and the device is updated.
To modify a VLAN:
2. Select a VLAN in the VLAN Table.
3. Click . The configured VLAN parameters are displayed in the Add/Edit VLAN Information section.
4. Modify the VLAN parameters.
5. Click . The VLAN information is modified, and the device is updated.
54
Configuring GVRP
Generic Attribute Registration Protocol (GARP) is a general-purpose protocol that registers any network connectivity or
membership-style information. GARP defines a set of devices interested in a given network attribute, such as VLAN or
multicast address. When configuring GARP, ensure the following:
• The leave time must be greater than or equal to three times the join time.
• The leave-all time must be greater than the leave time.
Set the same GARP timer values on all Layer 2-connected devices. If the GARP timers are set differently on the Layer 2-
connected devices, the GARP application does not operate successfully.
GARP VLAN Registration Protocol (GVRP) is specifically provided for automatic distribution of VLAN membership
information between VLAN-aware bridges. GVRP allows VLAN-aware bridges to automatically learn VLANs to bridge
port mapping without requiring the individual configuration of each bridge and register VLAN membership. To define
GVRP on the device:
1. Click L2 Features > GVRP Settings. The GVRP Setting Page opens:
Figure 3–7. GVRP Setting Page
55
The GVRP Setting Page contains the following fields:

Field Description
GRVP Global Setting Defines whether GRVP is enabled on the device. The possible field values are:
Enabled — Enables GRVP on the device.
Disabled — Disables GRVP on the device. This is the default value.
Unit Defines the stacking member’s Unit ID for which GVRP parameters are displayed.
From Port Defines the first port number that is displayed to which GVRP are assigned.
To Port Defines the last port number that is displayed to which GVRP are assigned.
PVID Defines the PVID assigned to the port.
GVRP Defines whether GVRP is enabled on the port. The possible field values are:
Enabled — Enables GVRP on the selected port.
Disabled — Disables GVRP on the selected port.
Ingress Defines whether Ingress checking is enabled on the device. The possible field values are:
Enabled — Enables Ingress filtering on the device. Ingress checking compares an
incoming VID tag packet with the PVID number assigned to the port. If the PVIDs vary,
the port drops the packet. This is the default value.
Disabled — Disables Ingress checking on the device.
Acceptable Frame Defines the packet type accepted on the port. The possible field values are:
Type Admit Tagged Only —Only tagged packets are accepted on the port.
Admit All — Both tagged and untagged packets are accepted on the port.
2. Select a stacking member in the Unit field.
3. Select the ports to and from which the GVRP parameters are displayed in the From/To Port fields.
4. Define the PVID, GVRP, Ingress, and Acceptable Frame Type fields.
5. Click . The GVRP is enabled, and the device is updated.
56
Defining Trunking
The Trunking Configuration Page contains information for assigning ports to LAGs and defining LAG parameters. To
assign ports to LAGs:
1. Click L2 Features > Trunking. The Trunking Configuration Page opens:
Figure 3–8. Trunking Configuration Page

The Trunking Configuration Page contains the following fields:
Field Description
Unit Defines the stacking member’s Unit ID for which LAG parameters are displayed.
Group ID Displays the LAG number.
Type Defines the LAG type. The possible field values are:
Static — The LAG is static; LACP is disabled on the LAG.
LACP — LACP is enabled on the device. This is the default value.
Ports Displays the ports which are included in the LAG.
2. Select a stacking unit in the Unit field.
3. Define the Group ID and Type fields.
4. Check the ports to be added to the LAG. The port numbers are displayed in the Ports field.
5. Click . The LAG settings are saved, and the device is updated.
57
Traffic Segmentation
The Traffic Segmentation Page enables administrators to force traffic from source ports to bypass the Forwarding Database
(FDB), and forward all Unicast, Multicast and Broadcast traffic to a forwarding port, or uplink. Forwarding decisions by the
forwarding port overwrite those of the protected source port. To define Traffic Segmentation:
1. Click L2 Features > Traffic Segmentation. The Traffic Segmentation Page opens:
Figure 3–9. Traffic Segmentation Page

The Traffic Segmentation Page contains the following fields:
Field Description
Source Ports The port protected by the forwarding port, or uplink.
Unit — The stacking member’s Unit ID on which the source port is located.
Port — The source port number.
Forwarding Ports The uplink that protects the specified source port. This port’s forwarding decisions overwrite
the source port’s forwarding settings.
Unit — The stacking member’s Unit ID on which the forwarding port is located.
Port — The forwarding port number.
2. Define the Source and Forwarding Ports.
3. Click . The new traffic forwarding definition appears in the Traffic Segmentation table, and the
device is updated.
To delete a Traffic Segmentation entry:
1. Select the entry in the table.
58
Configuring LACP
LAG ports can contain different media types if the ports are operating at the same speed. Aggregated links can be set up
manually or automatically established by enabling LACP on the relevant links. Aggregate ports can be linked into link-
aggregation port-groups. Each group is comprised of ports with the same speed. The LACP Port Settings Page contains
fields for configuring LACP LAGs.
1. Click L2 features > LACP Port Settings. The LACP Port Settings Page opens:
Figure 3–10. LACP Port Settings Page

The LACP Port Settings Page contains the following fields:
Unit Defines the stacking member’s Unit ID for which LACP parameters are displayed.
From Port Defines the first port number that is displayed to which timeout and priority values are
assigned.
To Port Defines the last port number that is displayed to which timeout and priority values are
assigned.
Port-Priority (0-65535) Displays the LACP priority value for the port. The field range is 0-65535.
Timeout Defines the administrative LACP timeout. The possible field values are:
Short (3 Sec) — Defines the LACP timeout as 3 seconds. This is the default value.
Long (90 Sec) — Defines the LACP timeout as 90 seconds.
3. Select the ports to and from which the LACP parameters are displayed in the From/To Port fields.
4. Define the Port-Priority and LACP Timeout fields.
5. Click . The LACP parameters are defined, and the device is updated.
59
Defining IGMP Snooping

When IGMP Snooping is enabled globally, all IGMP packets are forwarded to the CPU. The CPU analyzes the incoming
packets and determines the following information:
– Which ports want to join which Multicast groups.
– Which ports have Multicast routers generating IGMP queries.
– Which routing protocols are forwarding packets and Multicast traffic.
Ports requesting to join a specific Multicast group issue an IGMP report, specifying that that Multicast group is accepting
members. This results in the creation of the Multicast filtering database.
1. Click L2 Features > IGMP Snooping. The IGMP Snooping Page opens:
Figure 3–11. IGMP Snooping Page

The IGMP Snooping Page contains the following fields:
Field Description
IGMP Snooping Enables or disables IGMP Snooping. Bridge Multicast Filtering must first
be enabled in order to enable IGMP Snooping. The possible field values are:
Enabled — Enables IGMP Snooping on the device. This is the default
value.
Disabled — Disables IGMP Snooping on the device.
VLAN ID Specifies the VLAN ID.
VLAN Name Displays the user-defined VLAN name.
Leave Timer Defines the time a host waits to receive a Join message from another station
after requesting to leave the IGMP group, prior to timing out. If a Leave
Timeout occurs, the switch notifies the Multicast device to stop sending
traffic The Leave Timeout value is either user-defined, or an immediate
leave value. The default timeout is 10 seconds. The field range is 0-
60
Field Description
16711450 seconds.
Host Timeout Defines the time the host waits to receive a message before timing out. The
default time is 260 seconds. The field range is 60-16711450 seconds.
Router Timeout Defines the time the Multicast router waits to receive a message before it
times out. The default value is 300 seconds. The field range is 1-16711450
seconds.
State Indicates if IGMP snooping is enabled on the VLAN. The possible field
values are:
Enable — Enables IGMP Snooping on the VLAN.
Disable — Disables IGMP Snooping on the VLAN.
Static Router Port Setting (Edit button) Displays the Static Router Ports Settings Page.
Multicast Entry Table (View Button) Displays the Multicast Entry Table.
2. Click . The Static Router Ports Settings Page opens:
Figure 3–12. Static Router Ports Settings Page

The Static Router Ports Settings Page contains the following fields:
Field Description
VLAN ID Specifies the VLAN ID

VLAN Name Displays the user-defined VLAN name.
Leave Timer Defines the time a host waits to receive a Join message from another station after
requesting to leave the IGMP group, prior to timing out. If a Leave Timeout occurs,
the switch notifies the Multicast device to stop sending traffic The Leave Timeout
value is either user-defined, or an immediate leave value. The default timeout is 10
seconds. The field range is 0-16711450 seconds.
61
Field Description
Host Timeout Defines the time the host waits to receive a message before timing out. The default
time is 260 seconds. The field range is 60-16711450 seconds.
Router Timeout Defines the time the Multicast router waits to receive a message before it times out.
The default value is 300 seconds. The field range is 1-16711450 seconds.
State Indicates if IGMP snooping is enabled on the VLAN. The possible field values are:
Enable — Enables IGMP Snooping on the VLAN.
Disable — Disables IGMP Snooping on the VLAN
Unit Defines the unit number.
Static Router Ports Defines the port numbers which can be added as static router ports.
Ports Indicates the units and allocated ports as static router ports.
Dynamic Router Ports Defines the port numbers which can be added as dynamic router ports.
3. Define the Leave Timer, Host Timeout, Router Timeout, State, Static and Dynamic Router Ports fields.
4. Click . Static Router Port Settings are defined, and the device is updated.
62
Configuring Port Mirroring

Switches inherently forward frames to relevant ports only. This creates difficulty when traffic needs to be monitored, either
for information gathering (such as statistical analysis, security traces, etc.) or for troubleshooting higher-layer protocol
operation. The device supports up to 8 source ports.
To enable the use of traffic analysis and monitoring devices, it is recommended enabling the user to specify that a desired
‘target’ port receives a copy of all traffic passing through a designated ‘source’ port.
1. Click L2 Features > Port Mirroring. The Port Mirroring Page opens:
Figure 3–13. Port Mirroring Page

The Port Mirroring Page contains the following fields:
Field Description
Status Enables or disables target port setting. The default is Disabled.
Target Port Defines the target port.
Source Port Displays the Sniffer Mode and the source port.
Source Port Setting
Field Description
Unit Selects the Unit to be displayed.
Tx Indicates the transmit stream of data on the port.
Rx Indicates the receive stream of data on the port.
Both Defines the port mirroring on both receiving and transmitting ports.
None Defines that port mirroring is not applied to the ports.
63
2. Define the Status, Unit, and Target fields.

3. Click to activate the Port Mirroring function.
4. Define the Unit, Tx, and Rx. fields under Source Port Setting.
5. Click to capture the configured Source Ports in order to display them in the Source Port Setting
table.
64
Configuring Spanning Tree

Spanning Tree Protocol (STP) provides tree topography for any arrangement of bridges, as well as providing a single path
between end stations on a network, thus eliminating loops.
Loops occur when alternate routes exist between hosts. Loops in an extended network can cause bridges to forward traffic
indefinitely, resulting in increased traffic and reducing network efficiency.
The device supports the following STP versions:
Version Description
Classic STP Provides a single path between end stations, preventing loops from occurring.
Rapid STP Detects and uses network topologies that provide faster convergence of the spanning tree,
without creating forwarding loops.
Multiple STP Provides various load balancing scenarios. For example, if port A is blocked in one STP
instance, the same port can be placed in Forwarding State in another STP instance.
The STP Bridge Global Settings Page contains parameters for enabling STP on the device. This section contains the
following topics:
• Defining Spanning Tree Global Parameters
• Defining STP Port Settings
• Defining Multiple Spanning Tree Configuration
• Defining MSTP Port Information
65
Defining Spanning Tree Global Parameters

While Classic STP prevents Layer 2 forwarding loops in a general network topology, convergence can take between 30-60
seconds. This time may delay detecting possible loops and propagating status topology changes. Rapid Spanning Tree
Protocol (RSTP) detects and uses network topologies that allow a faster STP convergence without creating forwarding loops.
When STP is enabled, Loopback Detection is also enabled. Loopback Detection identifies any Loopback BPDUs that the
Spanning Tree application receives on a port. In this case, the device sends a Loopback Detection trap for the port. When
the condition is resolved, the device sends a Loopback Detection Resolved trap and the port learns the STP configuration
again.
The STP Bridge Global Settings Page contains parameters for enabling STP on the device.
1. Click L2 Features > Spanning Tree > STP Bridge Global Settings. The STP Bridge Global Settings Page opens:
Figure 3–14. STP Bridge Global Settings Page

The STP Bridge Global Settings Page contains the following fields:
Field Description
STP Status Enable or disables STP globally on the switch. The default is Disabled.
STP Version Defines the desired version of STP to be implemented on the switch. There are three
choices:
STP — Sets the Spanning Tree Protocol (STP) globally on the switch.
RSTP — Sets the Rapid Spanning Tree Protocol (RSTP) globally on the switch.
MSTP — Sets the Multiple Spanning Tree Protocol (MSTP) globally on the switch.
Forwarding BPDU Bridges use Bridge Protocol Data Units (BPDU) to provide spanning tree information.
STP BPDUs filtering is useful when a bridge interconnects two regions; each region
needing a separate spanning tree. BPDU filtering functions only when STP is disabled
either globally or on a single interface. The possible values are:
Enabled – Allows the forwarding of STP BPDU packets from other network
devices. This is the default value.
66
Field Description
Disabled – BPDU filtering is disabled on the device.
Bridge Priority (0 – 61440) Specifies the selected spanning tree instance device priority. The field range is 0-61440.
The default value is 32768.
Bridge Max Age (6- 40) Set to ensure old information is not circulated endlessly through redundant paths in the
network, preventing the effective propagation of the new information. Set by the Root
Bridge, this value aids in determining that the switch has spanning tree configuration
values consistent with other devices on the bridged LAN. If the value ages out and a
BPDU has still not been received from the Root Bridge, the switch will start sending its
own BPDU to all other switches for permission to become the Root Bridge. If your
switch has the lowest Bridge Identifier, it will become the Root Bridge. The user can
choose between 6 and 40 seconds. The default value is 20.
Bridge Hello Time (1 – 10) The interval between two transmissions of BPDU packets sent by the Root Bridge to
indicate to all other switches that it is indeed the Root Bridge. The default value is 2.
Bridge Forward Delay Defines the time any port on the switch is in the listening state while moving from the
(4 – 30) blocking state to the forwarding state. The default value is 15.
Max Hops (1 – 20) Specifies the total number of hops that occur before the BPDU is discarded. Once the
BPDU is discarded, the port information is aged out. The possible field range is 1-20.
The field default is 20 hops.
2. Select Enable/Disable in the STP Status field.
3. Define the STP Version, Forwarding BPDU, Bridge Priority, Bridge Max Age, Bridge Hello Time, Bridge
Forward Delay, and Max Hops fields.
4. Click . The Spanning Tree Global Parameters are defined, and the device is updated.
67
Defining STP Port Settings

STP can be set up on a port per port basis. In addition to setting Spanning Tree parameters for use at the switch level, the
switch enables configuring groups of ports, in which case each port-group has its own spanning tree and requires some of its
own configuration settings. An STP group uses the switch level parameters entered above, with the addition of Port Priority
and Port Cost.
An STP group spanning tree works in the same way as the switch level spanning tree, however the root bridge concept is
replaced with a root port concept. A root port is a group port designated as the connection to the network for the group,
based on port priority and port cost. Redundant links are blocked, just as redundant links are blocked at the switch level.
The switch level STP blocks redundant links between switches (and similar network devices). The port level STP blocks
redundant links within an STP Group.
It is advisable to define an STP Group to correspond to a VLAN group of ports.
1. Click L2 Features > Spanning Tree .> STP Port Settings. The STP Port Settings Page opens:
Figure 3–15. STP Port Settings Page

The STP Port Settings Page contains the following fields:
Field Description
Unit Indicates the stacking member for which the STP port settings are displayed.
From Port Defines the first port in a consecutive sequence of ports.
To Port Defines last port in a consecutive sequence of ports.
Cost (0=Auto) Defines a metric that indicates the relative cost of forwarding packets to the specified port list.
Port cost can be set automatically or as a metric value. The default value is 0 (auto).
0 (auto) — Setting 0 for the external cost automatically sets the speed for forwarding
packets to the specified port(s) in the list (for optimal efficiency). Default port cost:
100Mbps port = 200000. Gigabit port = 20000.
Value 1-20000 — Define a value between 1 and 20000 to determine the external cost. The
lower the number, the greater the probability the port will be chosen to forward packets.
68
Field Description
Edge Indicates whether the selected port is an edge port. The possible field values are:
True — Defines the port as an edge port. Edge ports cannot create loops; however, they
can lose edge port status if a topology change creates a potential for a loop. An edge port
normally should not receive BPDU packets. If a BPDU packet is received, it automatically
loses edge port status.
False — Indicates that the port does not have edge port status.
Forwarding BPDU Bridges use Bridge Protocol Data Units (BPDU) to provide spanning tree information. STP
BPDUs filtering is useful when a bridge interconnects two regions; each region needing a
separate spanning tree. BPDU filtering functions only when STP is disabled either globally or
on a single interface. The possible field values are:
Disabled – BPDU filtering is disabled on the port.
Enabled – BPDU filtering is enabled on the port (if STP is disabled).
Global – BPDU filtering functions according to the device-wide setting (see STP Bridge
Global Settings Page).
P2P Indicates whether the selected port is P2P is enabled. The possible field values are:
True — Indicates a point-to-point (P2P) shared link. P2P ports are similar to edge ports,
however they are restricted in that a P2P port must operate in full duplex. Like edge ports,
P2P ports transition to a forwarding state rapidly thus benefiting from RSTP.
False — Indicates that the port cannot have P2P status.
Auto — Allows the port to have P2P status whenever possible and operate as if the P2P
status were true. If the port cannot maintain this status, (for example if the port is forced to
half-duplex operation) the P2P status changes to operate as if the P2P value were False.
The default setting is True.
State Set to enable or disable STP for the selected group of ports. The default is Enabled. The port
STP State overrides the STP Global State
2. Define the Unit, From Port, To Port, Cost, Edge, P2P, and State fields.
3. Click . The STP Port Settings are defined, and the device is updated.
69
Defining Multiple Spanning Tree Configuration Identification

Multiple Spanning Tree (MSTP) provides various load balancing scenarios by allowing multiple VLANs to be mapped to a
single spanning tree instance, providing multiple pathways across the network. For example, while port A is blocked in one
STP instance, the same port can be placed in the Forwarding state in another STP instance. MSTP also tags BDPU packets,
enabling devices to distinguish between spanning tree instances, spanning tree regions and the VLANs associated with the
instances.
The MST Configuration Identification Page contains information for defining global MSTP settings, including region
names, MSTP revisions, and maximum hops. To define MSTP:
1. Click L2 Features > Spanning Tree > MST Configuration Identification. The MST Configuration
Identification Page opens:
Figure 3–16. MST Configuration Identification Page

The MST Configuration Identification Page contains the following fields:
Field Description
Configuration Name A previously configured name set on the switch to uniquely identify the MSTI (multiple
spanning tree instance). If a configuration name is not set, this field shows the MAC
address of the device running MSTP.
Revision Level (0-65535) This value, together with the configuration name, identifies the MST region configured
on the switch.
MSTI ID Displays the MSTI ID associated with the VID List.
Type Defines the type of edit. The possible values are:
Add — Indicates that edit type is add
Remove — Indicates that edit type is remove.
VID List (1-4094) Displays the VID List.
2. Define the configuration name and revision level.
70
3. Click .
4. Click to an ID row to edit the ID value.
5. Define the new value.
6. Click . The Multiple Spanning Tree Configuration Identification is defined, and the device is
updated.
Defining MSTP Port Information

Network Administrators can assign MSTP Interface settings in the MSTI Config Information Page. To define MSTP
interface settings:
1. Click L2 Features > Spanning Tree > MSTP Port Information. The MSTI Config Information Page opens:
Figure 3–17. MSTI Config Information Page

The MSTI Config Information Page contains the following fields:
Field Description
Unit Defines the unit to find.

Port Defines the Port to find.
Instance ID Lists the MSTP instances configured on the device. Possible field range is 0-7.
Internal Path Cost Indicates the port contribution to the Spanning Tree instance. The range should
always be 1-200,000,000. The default value is 4.
Priority Defines the interface priority for the specified instance. The default value is 128.
Status Indicates whether the port is enabled for the specific instance. The possible field values are:
Enabled — Enables the port for the specific instance.
Disabled — Disables the port for the specific instance.
Role Indicates the port role assigned by the STP algorithm to provide to STP paths. The possible
field values are:
71
Field Description
Enabled — Enables the port for the specific instance.
Root — Provides the lowest cost path to forward packets to the root device.
Designated — Indicates the port or LAG through which the designated device is attached
to the LAN.
Alternate — Provides an alternate path to the root device from the root interface.
Backup — Provides a backup path to the designated port path toward the Spanning Tree
leaves. Backup ports occur only when two ports are connected in a loop by a point-to-point
link or when a LAN has two or more connections connected to a shared segment.
Disabled — Indicates the port is not participating in the Spanning Tree.
2. Define the values in the Unit and Port fields.

3. Click .
4. Define the Internal Path Cost and Priority fields.
5. Click .
6. Click adjacent to an MSTI ID row to edit the values for Internal Path Cost and Priority.
72
Defining Forwarding and Filtering

This section contains information for configuring both Unicast and Multicast filtering, and contains the following topics:
• Defining Unicast Forwarding
• Defining Multicast Forwarding
Defining Unicast Forwarding

The Unicast Forwarding Page contains parameters for determining how Unicast packets are forwarded in the system.
1. Click L2 Features > Forward & Filtering > Unicast Forwarding. The Unicast Forwarding Page opens:
Figure 3–18. Unicast Forwarding Page

The Unicast Forwarding Page contains the following fields:
Field Description
Aging Time Defines the allowed delay time for a Unicast packet. If the packet is not forwarded after this
interval, it is discarded. Aging time is a global (FDB) database setting.
MAC Address Defines the Unicast MAC address to which packets are forwarded.
Port Defines the port number.
2. Define the VID, MAC Address, Unit, and Port fields.
3. Click . The Unicast are defined, and the device is updated.

To edit a VID table entry:
73

2. Click .
3. Define the values.
4. Click . The entry is updated, and the device is updated.

To delete a VID table entry:
Defining Multicast Forwarding

The Multicast Forwarding Page displays the ports and LAGs attached to the Multicast service group in the Ports and LAGs
tables. Ports can be added either to existing groups or to new Multicast service groups. The Multicast Forwarding Page
permits new Multicast service groups to be created. The Multicast Forwarding Page also assigns ports to a specific
Multicast service address group.
1. Click L2 Features > Forward & Filtering > Multicast Forwarding. The Multicast Forwarding Page opens:
Figure 3–19. Multicast Forwarding Page

The Multicast Forwarding Page contains the following fields:
Field Description
VID Defines the VLAN ID
Multicast MAC Address Defines the Multicast MAC address to which packets are forwarded.
Egress Defines the Egress ports per multicast group.
2. Define the VID, Multicast MAC Address, Unit, and Egress fields.
74
3. Select either all, or individual ports:
– Click to select all ports as None or Egress;

– Alternatively, click to select the ports individually. The default is 1-48 None.
4. Click .The Multicast forwarding settings are applied to the port, and the device is updated.
To restore the default settings:
1. Click The default settings are restored.
2. To edit a VID entry:

4. Click .

To delete a VID entry:
2. Click .
75
4
CONFIGURING QUALITY OF SERVICE
QoS is an implementation of the IEEE 802.1p standard that allows network administrators a method of reserving bandwidth
for important functions that require a large bandwidth or have a high priority, such as VoIP (voice-over Internet Protocol),
Web browsing applications, file server applications or video conferencing. Not only can a larger bandwidth be created, but
other less critical traffic can be limited, so excessive bandwidth can be saved. The Switch has separate hardware queues on
every physical port to which packets from various applications can be mapped to, and, in turn prioritized. View the
following map to see how the DGS-3100 series implements 802.1P priority queuing.
Figure 4-1. Mapping QoS on the Switch

The picture above shows the default priority setting for the Switch. Class-3 has the highest priority of the four priority
queues on the Switch. In order to implement QoS, the user is required to instruct the Switch to examine the header of a
packet to see if it has the proper identifying tag tagged. Then the user may forward these tagged packets to designated
queues on the Switch where they will be emptied, based on priority.
For example, let us say a user wishes to have a video conference between two remotely set computers. The administrator
can add priority tags to the video packets being sent out, utilizing the Access Profile commands. Then, on the receiving end,
the administrator instructs the Switch to examine packets for this tag, acquires the tagged packets and maps them to a class
queue on the Switch. Then in turn, the administrator will set a priority for this queue so that it will be emptied before any
other packet is forwarded. This process results in the end user receiving all packets sent as quickly as possible, thus
prioritizing the queue and allowing for an uninterrupted stream of packets, which optimizes the use of bandwidth available
for the video conference.
Understanding QoS
The Switch has four priority queues. These priority queues are labeled as 3 (the highest queue) to 0 (the lowest queue). The
four priority tags, specified in IEEE 802.1p are mapped to the Switch's priority tags as follows:
• Priority 0 is assigned to the Switch's Q0 queue.
76
For strict priority-based scheduling, any packets residing in the higher priority queues are transmitted first. Multiple strict
priority queues empty based on their priority tags. Only when these queues are empty, are packets of lower priority
transmitted.
For weighted round-robin queuing, the number of packets sent from each priority queue depends upon the assigned weight.
For a configuration of eight CoS queues, A~H with their respective weight value: 8~1, the packets are sent in the following
sequence: A1, B1, C1, D1, E1, F1, G1, H1, A2, B2, C2, D2, E2, F2, G2, A3, B3, C3, D3, E3, F3, A4, B4, C4, D4, E4, A5,
B5, C5, D5, A6, B6, C6, A7, B7, A8, A1, B1, C1, D1, E1, F1, G1, H1.
For weighted round-robin queuing, if each CoS queue has the same weight value, then each CoS queue has an equal
opportunity to send packets just like round-robin queuing.
For weighted round-robin queuing, if the weight for a CoS is set to 0, then it will continue processing the packets from this
CoS until there are no more packets for this CoS. The other CoS queues that have been given a nonzero value, and
depending upon the weight, will follow a common weighted round-robin scheme.
Remember that the DGS-3100 series has four priority queues (and eight Classes of Service) for each port on the Switch.
• Configuring Storm Control
• Mapping Ports to Packet Priorities
• Mapping Priority to Classes (Queues)
• Configuring QoS Scheduling
• Defining Multi-Layer CoS Settings
77
Defining Bandwidth Settings

The Bandwidth Control Page allows network managers to define the bandwidth settings for a specified egress interface.
Modifying queue scheduling affects the queue settings globally.
Queue shaping can be based per queue and/or per interface. Shaping is determined by the lower specified value. The queue
shaping type is selected in the Bandwidth Control Page.
1. Click QoS > Bandwidth Control. The Bandwidth Control Page opens:
Figure 4-2. Bandwidth Control Page

The Bandwidth Control Page contains the following fields:
Field Description
Unit Defines the stacking member for which the bandwidth parameters are displayed
From Port Defines from which port number bandwidth settings are displayed.
To Port Defines to which port number bandwidth settings are displayed.
No Limit Defines if bandwidth limitation is assigned to the port. The field value options
are:
Enabled — Ensures no bandwidth limitations on the port.
Disabled — Disables no bandwidth limitations on the port. This is the default
value. When disabled, user can enter a limit value in the ingress Rate field.
Ingress Rate (3500-1000000) The possible field range is 3500 – 1000000.
2. Define the Unit, From Port, To Port, No Limit and Ingress Rate fields.
3. Click . The bandwidth settings are defined, and the device is updated.
78
Configuring Storm Control

Storm control limits the amount of Multicast and Broadcast frames accepted and forwarded by the device. When Layer 2
frames are forwarded, Broadcast, Multicast and Unknown Unicast frames are flooded to all ports on the relevant VLAN.
This occupies bandwidth, and loads all nodes on all ports.
A Broadcast Storm is a result of an excessive amount of broadcast messages simultaneously transmitted across a network by
a single port. Forwarded message responses are heaped onto the network, straining network resources or causing the
network to time out.
1. Click Qos > Traffic Control. The Traffic Control Settings Page opens:
Figure 4-3. Traffic Control Settings Page

The Traffic Control Settings Page contains the following fields:
Field Description
Unit Defines the stacking member for which the storm control parameters are displayed.
From Port Defines from which port storm control is displayed.
To Port Defines to which port storm control is displayed.
Storm Control Type Specifies the Broadcast mode currently enabled on the device. The possible field values are:
Multicast Storm, Broadcast Storm, DLF (Destination Look Up Failure ) — Counts
Unicast, Multicast, and Broadcast traffic. This is the default value.
Multicast Storm & Broadcast Storm — Counts Broadcast and Multicast traffic together.
Broadcast Storm — Counts only Broadcast traffic.
State Indicates which storm control is enabled on the port. The possible field values are:
Enable — Enables storm control on the selected port.
Disable — Disables storm control on the selected port.
Threshold (3500- Indicates the maximum rate (kilobits per second) at which unknown packets are forwarded.
1000000) The range is 3500 -1,000,000. The default value is zero. All values are rounded to the nearest
64 Kbps. If the field value is less than 64 Kbps, the value is rounded up to 64 Kbps, with the
79
Field Description
exception of the value zero.
2. Define the Unit, From Port, To Port, Storm Control Type, State, and Threshold fields.
3. Click . The storm control settings are configured, and the device is updated.
Mapping Ports to Packet Priorities

The 802.1P Default Priority Page provides traffic classification and Dynamic Multicast Filtering . 802.1p operates at the
Media Access Control (MAC) framing layer of the OSI model. To be compliant with 802.1p, Layer 2 devices group ingress
packets into traffic classes.
1. Click Qos > 802.1p Default Priority. The 802.1P Default Priority Page opens:
Figure 4-4. 802.1P Default Priority Page

The 802.1P Default Priority Page contains the following fields:
Field Description
Unit Defines the stacking member for which the port packet priorities are displayed.
From Port Defines the starting port for which the port packet priorities are defined.
To Port Defines the ending port to which the port packet priorities are defined.
Priority Defines the priority assigned to the port. The field range is 00-07, where 00 is the lowest
priority and 07 is the highest priority.
2. Define the Unit, From Port, To Port, Prioirity fields.
3. Click . Ports are mapped to packet priorities, and the device is updated.
80
Mapping Priority to Classes (Queues)

The 802.1P User Priority Page allows network managers to assign priority tags to classes (queues). If a network manager
defines a priority of 01 to Class 3, all packets arriving with an assigned value of 01 are sent to class (queue) 4.
The default mapping is:
• Priority 0 is assigned to Q0. This is the lowest priority queue.
• Priority 1 is assigned to Q1.
• Priority 2 is assigned to Q2.
• Priority 3 is assigned to Q3. This is the highest priority queue.
To map priority to queues:
1. Click QoS > 802.1p User Priority. The 802.1P User Priority Page opens:
Figure 4-5. 802.1P User Priority Page

The 802.1P User Priority Page contains the following fields:
Field Description
Priority Indicates the packet priority that is assigned to the queue.

Class ID Defines the class (queue) that is assigned to the priority. Class 0 is the lowest priority queue,
whereas Class 4 is the highest.
2. Define the queuing priority for 00 – 07 in the Class ID fields.
3. Click . The User priority tags are assigned to classes, and the device is updated.
81
Configuring QoS Scheduling Mechanism

The QoS Scheduling Mechanism Page contains fields for defining the QoS scheduling forwarding scheme. To define the
QoS scheduling mechanism:
1. Click QoS > QoS Scheduling Mechanism. The QoS Scheduling Mechanism Page opens:
Figure 4-6. QoS Scheduling Mechanism Page

The QoS Scheduling Mechanism Page contains the following fields:
Field Description
Class ID Indicates the Class/queue for which the scheduling method is defined.
Mechanism Defines the QoS class/queue scheduling method. The possible field values are:
Strict — Specifies whether traffic scheduling is based strictly on the queue priority. Traffic
with the highest Class of Service is the first traffic. That is, the highest class of service will
finish before other queues empty.
Round Robin — Assigns WRR weights to queues. This field is enabled only for queues in
WRR queue mode. If a queue is set to 0 weight, the queue is not operational and is
effectively closed. Each queue has a weight range, queues 1-3 have the range 0-255, and
queue 4 has the range 1-255.
Weight Assigns the specific WRR value to the Queue. The weight value range is 0-15.
2. Select the Class IDs in the Mechanism field.
3. Click . The QoS Scheduling Mechanism is configured, and the device is updated.
82
Defining Multi-Layer CoS Settings

For network administrators wanting to configure Multi Layer CoS settings, implementation in the switch is done via the
Access Control List. Hence, the Multi-Layer CoS Setting Page has two hyperlinks; one to the Access Profile List, which
enables the utilization of existing ACL rules to perform traffic classification, and the other to the ACL Configuration
Wizard, which enables network administrators to create new ACL traffic classification rules. To define CoS/QoS settings:
1. Click QoS > Multi-Layer CoS Settings. The Multi-Layer CoS Setting Page opens:
Figure 4-7. Multi-Layer CoS Setting Page

The Multi-Layer CoS Setting Page contains the following links:
– Access Profile List
– ACL Configuration Wizard
2. Click the desired link. The relevant page opens (see Defining Access Profile Lists).
83
5
SECURITY FEATURES
This section contains information for enabling and configuring device security including user accounts.
• Configuring the Safeguard Engine
• Configuring VLANs
• Priority tagging is an IEEE 802.1p defined standard function designed to provide a means of managing traffic on
networks where many different types of data are transmitted simultaneously. It is intended to alleviate problems
associated with the delivery of time-critical data over congested networks. The quality of applications dependent on
such data, such as video conferencing, can be severely and adversely affected by even very small delays in transmission.
IEEE 802.1p standard-compliant network devices recognize the priority level of data packets and can assign priority labels
or tags to packets, as well as strip priority tags from packets. The priority tag determines the packet's degree of
expeditiousness and the queue to which it is assigned.
Priority tags are assigned values from 0 to 7, with 0 being assigned to the lowest priority data, and 7 to the highest.
Generally, tag 7 is used for data associated with video or audio applications, sensitive to even slight delays, or for data from
specified end users whose data transmissions warrant special consideration.
The switch enables increased definition for handling priority tagged data packets on the network. Using queues to manage
priority tagged data enables user-specification for the data’s relative priority to suit the needs of the network. Circumstances
can arise where it is advantageous to group two or more differently tagged packets into the same queue. Generally, however,
it is recommended that the highest priority queue, Queue 1, be reserved for data packets with a priority value of 7.
A weighted round robin system is employed on the switch to determine the rate at which the queues are emptied of packets.
The ratio used for clearing the queues is 4:1. This means that the highest priority queue, Queue 1, clears four packets for
every one packet cleared from Queue 0.
It is important that the priority queue settings on the switch are for all ports, and all devices connected to the switch are
affected. The priority queuing system is especially beneficial for networks that employ priority tag assignment capable
switches.
VLAN Description
A Virtual Local Area Network (VLAN) is a network topology configured according to a logical scheme rather than the
physical layout. VLANs can be used to combine any collection of LAN segments into an autonomous user group that
appears as a single LAN. VLANs also logically segment the network into different broadcast domains so that packets are
forwarded only between ports within the VLAN. Typically, a VLAN corresponds to a particular subnet, although not
necessarily.
VLANs can enhance performance by conserving bandwidth, and improve security by limiting traffic to specific domains.
A VLAN is a collection of end nodes grouped by logic instead of physical location. End nodes that frequently communicate
with each other are assigned to the same VLAN, regardless of where they are physically on the network. Logically, a VLAN
can be equated to a broadcast domain, because broadcast packets are forwarded to only members of the VLAN on which the
broadcast was initiated.
Notes about VLANs on the DGS-3100 Series

No matter what basis is used to uniquely identify end nodes and assign these nodes VLAN membership, packets cannot
cross VLANs without a network device performing a routing function between the VLANs.
The DGS-3100 series supports IEEE 802.1Q VLANs. The port untagging function can be used to remove the 802.1Q tag
from packet headers to maintain compatibility with devices that are tag-unaware.
The switch's default is to assign all ports to a single 802.1Q VLAN named ‘default.’
The ‘default’ VLAN has a VID = 1.
IEEE 802.1Q VLANs

84
Some relevant terms:

Term Description
Tagging The act of putting 802.1Q VLAN information into the header of a packet.
Untagging The act of stripping 802.1Q VLAN information out of the packet header.
Ingress port A port on a switch where packets are flowing into the switch and VLAN decisions must be
made.
Egress port A port on a switch where packets are flowing out of the switch, either to another switch or to
an end station, and tagging decisions must be made.
IEEE 802.1Q (tagged) VLANs are implemented on the switch. 802.1Q VLANs require tagging, which enables them to span
the entire network (assuming all switches on the network are IEEE 802.1Q-compliant).
VLANs allow a network to be segmented in order to reduce the size of broadcast domains. All packets entering a VLAN are
only forwarded to the stations (over IEEE 802.1Q enabled switches) that are members of that VLAN, and this includes
broadcast, multicast and unicast packets from unknown sources.
VLANs can also provide a level of security to a network. IEEE 802.1Q VLANs only deliver packets between stations that
are members of the VLAN.
Any port can be configured as either tagged or untagged. The untagging feature of IEEE 802.1Q VLANs allows VLANs to
work with legacy switches that don't recognize VLAN tags in packet headers. The tagging feature allows VLANs to span
multiple 802.1Q-compliant switches through a single physical connection and allows Spanning Tree to be enabled on all
ports and work normally.
The IEEE 802.1Q standard restricts the forwarding of untagged packets to the VLAN in which the receiving port is a
member.
The main characteristics of IEEE 802.1Q are as follows:
• Assigns packets to VLANs by filtering.
• Assumes the presence of a single global spanning tree.
• Uses an explicit tagging scheme with one-level tagging.
• 802.1Q VLAN Packet Forwarding
Packet forwarding decisions are made based upon the following three types of rules:
• Ingress rules - rules relevant to the classification of received packets belonging to a VLAN.
• Forwarding rules between ports - decides whether to filter or forward the packet.
• Egress rules - determines if the packet must be sent tagged or untagged.
85
Figure 3–2. IEEE 802.1Q Packet Forwarding
802.1Q VLAN Tags

The figure below shows the 802.1Q VLAN tag. There are four additional octets inserted after the source MAC address.
Their presence is indicated by a value of 0x8100 in the EtherType field. When a packet's EtherType field is equal to 0x8100,
the packet carries the IEEE 802.1Q/802.1p tag. The tag is contained in the following two octets and consists of 3 bits of user
priority, 1 bit of Canonical Format Identifier (CFI - used for encapsulating token ring packets so they can be carried across
Ethernet backbones), and 12 bits of VLAN ID (VID). The 3 bits of user priority are used by 802.1p. The VID is the VLAN
identifier and is used by the 802.1Q standard. Because the VID is 12 bits long, 4094 unique VLANs can be identified.
The tag is inserted into the packet header making the entire packet longer by 4 octets. All of the information originally
contained in the packet is retained.
Figure 3–3. IEEE 802.1Q Tag

The EtherType and VLAN ID are inserted after the MAC source address, but before the original EtherType/Length or
Logical Link Control. Due to the packet now being a bit longer than it was originally, the Cyclic Redundancy Check (CRC)
must be recalculated.
86
Figure 3–4. Adding an IEEE 802.1Q Tag
Port VLAN ID
Tagged packets (carrying the 802.1Q VID information) can be transmitted from one 802.1Q compliant network device to
another with the VLAN information intact. This allows 802.1Q VLANs to span network devices (and the entire network,
providing all network devices are 802.1Q compliant).
Not all network devices are 802.1Q compliant. Such devices are referred to as tag-unaware. 802.1Q devices are referred to
as tag-aware.
Prior to the adoption of 802.1Q VLANs, port-based and MAC-based VLANs were in common use. These VLANs relied
upon a Port VLAN ID (PVID) to forward packets. A packet received on a given port would be assigned that port's PVID
and then be forwarded to the port that corresponds to the packet's destination address (found in the switch's forwarding
table). If the PVID of the port receiving the packet is different from the PVID of the port that is to transmit the packet, the
switch drops the packet.
Within the switch, different PVIDs mean different VLANs (remember that two VLANs cannot communicate without an
external router). So, VLAN identification based upon the PVIDs cannot create VLANs that extend outside a given switch
(or switch stack).
Every physical port on a switch has a PVID. 802.1Q ports are also assigned a PVID, for use within the switch. If no VLANs
are defined on the switch, all ports are then assigned to a default VLAN with a PVID equal to 1. Untagged packets are
assigned the PVID of the port on which they were received. Forwarding decisions are based upon this PVID, in so far as
VLANs are concerned. Tagged packets are forwarded according to the VID contained within the tag. Tagged packets are
also assigned a PVID, but the PVID is not used to make packet forwarding decisions, the VID is.
Tag-aware switches must keep a table to relate PVIDs within the switch to VIDs on the network. The switch compares the
VID of a packet to be transmitted to the VID of the port that is to transmit the packet. If the two VIDs are different, the
switch drops the packet. As a result of the existence of the PVID for untagged packets, and the VID for tagged packets, tag-
aware and tag-unaware network devices can coexist on the same network.
A switch port can only have one PVID, but it can have as many VIDs that the switch’s memory storage capacity has in its
VLAN table, to store them.
As some devices on a network may be tag-unaware, a decision must be made at each port on a tag-aware device before
packets are transmitted; Should the packet to be transmitted have a tag or not? If the transmitting port is connected to a tag-
unaware device, the packet should be untagged. If the transmitting port is connected to a tag-aware device, the packet
should be tagged.
Tagging and Untagging

Every port on an 802.1Q compliant switch can be configured as tagged or untagged.
Tagging enabled ports put the VID number, priority, and other VLAN information into the header of all packets that flow
into and out of it. If a packet has previously been tagged, the port does not alter the packet, thus keeping the VLAN
information intact. The VLAN information in the tag is then used by other 802.1Q compliant devices on the network to
make packet-forwarding decisions.
Ports with untagging enabled strip the 802.1Q tag from all packets flowing into and out of those ports. If the packet doesn't
have an 802.1Q VLAN tag, the port does not alter the packet. As a result, all packets received by and forwarded by an
untagging port have no 802.1Q VLAN information (as the PVID is only used internally within the switch). Untagging is
used to send packets from an 802.1Q-compliant network device to a non-compliant network device.
Ingress Filtering
A port on a switch where packets are flowing into the switch, and VLAN decisions must be made, is referred to as an
ingress port. If ingress filtering is enabled for a port, the switch examines the VLAN information in the packet header (if
present) and decides whether or not to forward the packet.
If the packet is tagged with VLAN information, the ingress port first determines if the ingress port itself is a member of the
tagged VLAN. If it is not, the packet is dropped. If the ingress port is a member of the 802.1Q VLAN, the switch determines
87
if the destination port is a member of the 802.1Q VLAN. If it is not, the packet is dropped. If the destination port is a
member of the 802.1Q VLAN, the packet is forwarded and the destination port transmits it to its attached network segment.
If the packet is not tagged with VLAN information, the ingress port tags the packet with its own PVID as a VID (if the port
is a tagging port). The switch then determines if the destination port is a member of the same VLAN (has the same VID) as
the ingress port. If it does not, the packet is dropped. If it has the same VID, the packet is forwarded and the destination port
transmits it on its attached network segment.
This process is referred to as ingress filtering, and is used to conserve bandwidth within the switch, by dropping packets that
are not on the same VLAN as the ingress port at the point of reception. This eliminates the subsequent processing of packets
that is just dropped by the destination port.
Default VLANs
The switch initially configures one VLAN, VID = 1, called ‘default.’ The factory default setting assigns all ports on the
switch to the ‘default.’
Packets cannot cross VLANs. If a member of one VLAN wants to connect to another VLAN, the link must be through an
external router.
NOTE: If no VLANs are configured on the switch, then all packets are forwarded to any destination
port. Packets with unknown source addresses are flooded to all ports. Broadcast and multicast packets
are also flooded to all ports.
An example is presented in this table:

VLAN Name VID Switch Ports
System (default) 1 5, 6, 7, 8, 21, 22, 23, 24
Engineering 2 9, 10, 11, 12
Marketing 3 13, 14, 15, 16
Finance 4 17, 18, 19, 20
Sales 5 1, 2, 3, 4
Table 3-1. VLAN Example - Assigned Ports
VLAN and Trunk Groups

The members of a trunk group have the same VLAN setting. Any VLAN setting on trunk group members applies to the
other member ports.
NOTE: In order to use VLAN segmentation in conjunction with port trunk groups, the port trunk
group(s) can first be set, and then the VLAN settings may be configured. Changing the port trunk
grouping with VLANs already in place doesn’t require reconfiguration of the VLAN settings after
changing the port trunk group settings. VLAN settings automatically change in conjunction with the
change of the port trunk group settings.
VLAN Status
The VLAN List displays VLANs, VLAN membership and membershiop type. This window displays the ports on the switch
that are currently Egress or Tag ports. To view the following table, open the L2 features->VLAN folder and click the
VLAN Status Link.
88
Defining VLAN Properties

The VLAN Configuration Page provides information and global parameters for configuring and working with VLANs.
Figure 3–5. VLAN Configuration Page

The VLAN Configuration Page contains the following fields:
Field Description
VLAN Name Defines the user-defined VLAN name. The field ranges is 1-29 characters.
Untag VLAN Ports Defines the interface is an untagged VLAN member. Packets forwarded by the interface are
untagged.
Tag VLAN Ports Defines the interface is a tagged member of a VLAN. All packets forwarded by the
Forbidden VLAN Ports Defines the interface VLAN membership, even if GARP indicates the port is to be added.
Not Member Defined the interface is not a member of the VLAN.
89
4. Click the Add/Edit VLAN tab. The Add/Edit VLAN Information Page opens:
Figure 3–6. Add/Edit VLAN Information Page

The Add/Edit VLAN Information Page contains the following fields:
Field Description
VLAN Name Defines the user-defined VLAN name. The field ranges up to 32 characters.
Unit Defines the stacking member for which the VLAN parameters are displayed.
Untag Port Defines the interface is an untagged VLAN member. Packets forwarded by the interface are
untagged.
Tag Port Defines the interface is a tagged member of a VLAN. All packets forwarded by the
Forbidden Port Defines the interface VLAN membership, even if GARP indicates the port is to be added.
Not Member Indicates that the interface is not a member of the VLAN.
Port Select All Selects all ports and either untags, tags, excludes, or removes the VLAN membership.
5. Define the VID, VLAN Name, and port-related fields.
6. Select the Tagged, Untagged, and Forbidden ports.
7. Click . The VLAN is saved, and the device is updated.
To modify a VLAN:
9. Select a VLAN in the VLAN Table.
10. Click . The configured VLAN parameters are displayed in the Add/Edit VLAN Information section.
11. Modify the VLAN parameters.
12. Click . The VLAN information is modified, and the device is updated.
90
Configuring GVRP
Generic Attribute Registration Protocol (GARP) is a general-purpose protocol that registers any network connectivity or
membership-style information. GARP defines a set of devices interested in a given network attribute, such as VLAN or
multicast address. When configuring GARP, ensure the following:
• The leave time must be greater than or equal to three times the join time.
• The leave-all time must be greater than the leave time.
Set the same GARP timer values on all Layer 2-connected devices. If the GARP timers are set differently on the Layer 2-
connected devices, the GARP application does not operate successfully.
GARP VLAN Registration Protocol (GVRP) is specifically provided for automatic distribution of VLAN membership
information between VLAN-aware bridges. GVRP allows VLAN-aware bridges to automatically learn VLANs to bridge
port mapping without requiring the individual configuration of each bridge and register VLAN membership. To define
GVRP on the device:
13. Click L2 Features > GVRP Settings. The GVRP Setting Page opens:
Figure 3–7. GVRP Setting Page
91
The GVRP Setting Page contains the following fields:

Field Description
GRVP Global Setting Defines whether GRVP is enabled on the device. The possible field values are:
Enabled — Enables GRVP on the device.
Disabled — Disables GRVP on the device. This is the default value.
Unit Defines the stacking member’s Unit ID for which GVRP parameters are displayed.
From Port Defines the first port number that is displayed to which GVRP are assigned.
To Port Defines the last port number that is displayed to which GVRP are assigned.
PVID Defines the PVID assigned to the port.
GVRP Defines whether GVRP is enabled on the port. The possible field values are:
Enabled — Enables GVRP on the selected port.
Disabled — Disables GVRP on the selected port.
Ingress Defines whether Ingress checking is enabled on the device. The possible field values are:
Enabled — Enables Ingress filtering on the device. Ingress checking compares an
incoming VID tag packet with the PVID number assigned to the port. If the PVIDs vary,
the port drops the packet. This is the default value.
Disabled — Disables Ingress checking on the device.
Acceptable Frame Defines the packet type accepted on the port. The possible field values are:
Type Admit Tagged Only —Only tagged packets are accepted on the port.
Admit All — Both tagged and untagged packets are accepted on the port.
15. Select the ports to and from which the GVRP parameters are displayed in the From/To Port fields.
16. Define the PVID, GVRP, Ingress, and Acceptable Frame Type fields.
17. Click . The GVRP is enabled, and the device is updated.
•
• Configuring Port Security
• Configuring Guest VLANs
• Configuring Port Authentication 802.1X
• Defining RADIUS Settings
• Configuring Secure Shell Security
• Defining SSH Algorithm Settings
• Defining Application Authentication Settings
• Configuring the Authentication Server Hosts
•
• Defining the Login Methods
• Defining the Enable Methods
92
Configuring the Safeguard Engine

The Jumbo Frame Page allows network administrators to set network alarms to protect the CPU from attacks, based on
rising and falling threshold levels of Broadcasts and CPU Utilization. The Safeguard mechanism immediately implements
Broadcast Storm Control with a low threshold in order to hold the attack and release the CPU resources.. To enable the
safeguard engine:
1. Click Security > Safeguard Engine. The Jumbo Frame Page opens:
Figure 5-8. Safeguard Engine Page

The Jumbo Frame Page contains the following field:
Field Description
Safeguard Engine Indicates if the safeguard engine is enabled on the device. The possible field values are:
Enabled — Enables the safeguard engine on the device. This is the default value.
Disabled — Disables the safeguard engine on the device.
2. Set the safeguard engine status in the Safeguard Engine field,
3. Click . The Safeguard Engine is enabled, and the device is updated.
93
Configuring Trust Host

The Trusted Host Page permits network managers to manage the device from remote stations. Network managers can
configure up to three remote stations. Ensure that the remote stations are configured with the IP address from which the
device is currently being configured. To enable Trust Host:
1. Click Security > Trusted Host. The Trusted Host Page opens:
Figure 5-9.Trusted Host Page

The Trusted Host Page contains the following fields:
Field Description
IP1 Access to Switch Defines the first management station IP address from which the device can be managed.
IP2 Access to Switch Defines the second management station IP address from which the device can be managed
IP3 Access to Switch Defines the third management station IP address from which the device can be managed.
2. Define the IP1, IP2, and IP3 Address fields to define the remote management stations.
3. Click . The management stations are defined, and the device is updated.
94
Configuring Port Security

Network security can be increased by limiting access on a specific port only to users with specific MAC addresses. The
MAC addresses can be dynamically learned or statically configured. Locked port security monitors both received and
learned packets that are received on specific ports. Access to the locked port is limited to users with specific MAC addresses.
These addresses are either manually defined on the port, or learned on that port up to the point when it is locked. When a
packet is received on a locked port, and the packet source MAC address is not tied to that port (either it was learned on a
different port, or it is unknown to the system), the protection mechanism is invoked, and can provide various options.
Unauthorized packets arriving at a locked port are either:
• Discarded with no trap
• Discarded with a trap
Locked port security also enables storing a list of MAC addresses in the configuration file. The MAC address list can be
restored after the device has been reset. To define port security:
1. Click Security > Port Security. The Port Security Page opens:
Figure 5-10. Port Security Page

The Port Security Page contains the following fields:
Field Description
Unit Displays the stacking member’s ID for which the port security parameters are displayed.
From Port Indicates the port number from which the port security parameters are displayed.
To Port Indicates the port number to which the port security parameters are displayed.
Admin State Indicates if port security on the device. The possible field values are:
Enable — Indicates that port security is enabled on the device.
Disable — Indicates that port security is disabled on the device. This is the default value.
Max Address(0-64) 0 means classic lock. 1-64 defines the number of MAC addresses that can be learned on the
port. The field value is 0-64. The field default is 0.
Port Displays the specific port number.
95
Field Description
Max Learning Addr Indicates the number of MAC addresses that can be learned on the port.
2. Define the Unit, From Port, To Port, Max Address (0-64), and Admin State fields.
3. Click Port security is enabled, and the device is updated.
Configuring Guest VLANs

Guest VLANs provide limited network access to authorized ports. If a port is denied network access via port-based
authorization, but the Guest VLAN is enabled, the port receives limited network access. For example, a network
administrator can use Guest VLANs to deny network access via port-based authentication, but grant internet access to
unauthorized users. To define Guest VLANs:
1. Click Security > Guest Vlan. The Guest VLAN Page opens:
Figure 5-11 Guest VLAN Page

The Guest VLAN Page contains the following fields:
Field Description
VID Defines the VLAN ID on which the Guest VLAN is created.
VLAN Name Defines the user-defined VLAN name assigned to the guest VLAN.
Unit Defines the stacking member for which the Guest VLAN parameters are displayed.
Port Defines the ports included in the Guest VLAN.
2. Define the VLAN ID in the VID field.
3. Define the VLAN name in the VLAN Name field
4. Select the stacking member which the Guest VLAN parameters are displayed in the Unit field.
5. Select the ports to be included in the Guest VLAN in the Port checkbox field. The selected ports appear in the Port
field.
6. Click . The Guest VLAN is added, and the system is updated.
96
Configuring Port Authentication 802.1X

Port-based authentication authenticates users on a per-port basis via an external server. Only authenticated and approved
system users can transmit and receive data. Ports are authenticated via the RADIUS server using the Extensible
Authentication Protocol (EAP). The 802.1x Access Control protocol consists of the following vital components which
stabilize Access Control Security:
Component Description
Authenticators Specifies the device port which is authenticated before permitting system access. The
Authenticator is an intermediary between the Authentication Server and the Client. The
authenticator:
Requests certification information via the Client (EAPOL packets). The EAPOL packets
are the only information allowed to pass between supplicants and the authentication server
until the authenticator is granted system access.
Verifies the information gathered from the Client with the Authentication Server, and
relays the information to the Client.
Supplicants/Clients Specifies the host connected to the authenticated port requesting to access the system services.
Authentication Server Specifies the server that performs the authentication on behalf of the authenticator, and
indicates whether the supplicant is authorized to access system services. The Authentication
Server is a remote device connected to the Client network and Authenticator. The
Authentication Server must have RADIUS Server application enabled and configured. Clients
connected to a port on the Switch must be authenticated by the Authentication Server before
accessing any system services. The Authentication Server certifies the client’s identity
attempting to access the network by exchanging secure information between the RADIUS
server and the Client.
Port-based authentication creates two access states:
State Description
Controlled Access Permits communication between the supplicant and the system, if the supplicant is authorized.
Uncontrolled Access Permits uncontrolled communication regardless of the port state.
97
To enable the 802.1X:

1. Click Security > 802.1X Setting. The 802.1X Setting Page opens:
Figure 5-12. 802.1X Setting Page

The 802.1X Setting Page contains the following fields:
Field Description
802.1X Indicates if 802.1X is enabled on the device. The possible field values are:
Enabled — Enables 802.1X is enabled on the device.
Disabled —Disables 802.1X on the device. This is the default value.
QuietPeriod (0-65535) sec Indicates the number of seconds that the device remains in the quiet state
following a failed authentication exchange. The possible field range is 0-
65535. The field default is 60 seconds.
SuppTimeout (1-65535) sec Indicates the amount of time that lapses before EAP requests are resent to
the supplicant. The field value is in seconds. The field default is 30 seconds.
ServerTimeout (1-65535) sec Defines the amount of time that lapses before the device re-sends a request
to the authentication server. The field value is specified in seconds. The
field default is 30 seconds.
MaxReq (1-10) times Displays the total amount of EAP requests sent. If a response is not received
after the defined period, the authentication process is restarted. The field
default is 2 retries.
TxPeriod (1-65535) sec Defines the amount of time (in seconds) that lapses before EAP requests are
resent. The field default is 30 seconds.
ReAuthPeriod (300 - 4294967295) sec Displays the time span (in seconds) in which the selected port is re-
authenticated. The field default is 3600 seconds.
ReAuthEnabled Indicates if ports/MAC address can be re-authenticated after the port/MAC
address authentication has timed out. The possible field values are:
Enabled — Enables re-authenticating the port or MAC addresses after
the port or MAC address authentication has timed out. This is the default
98
Field Description
value.
Disabled — Disables re-authenticating the port or MAC addresses after
the port or MAC address authentication has timed out.
Control Indicates the host status. If there is an asterisk (*), the port is either not
linked or is down. The possible field values are:
ForceUnauthorized — Indicates that either the port control is Force
Unauthorized and the port link is down, or the port control is Auto but a
client has not been authenticated via the port.
ForceAuthorized — Indicates that the port control is Forced Authorized,
and clients have full port access.
Auto — Indicates that the port control is Auto and a single client has
been authenticated via the port.
Unit Indicate the stacking member for which the 802.1X parameters are
displayed.
From Port Indicates the first port for which the 802.1X parameters are defined.
To Port Indicates the last port for which the 802.1X parameters are defined.
Mode Indicates the 802.1X mode enabled on the device. The possible field values
are:
Port Base — Enables 802.1X on ports. This is the default value.
MAC Base — Enables 802.1xon MAC addresses.
2. Enable or disable the 802.1X status in the 802.1X field.
3. Define the Mode field.
4. In the 802.1X Port Access Control section, define the time fields.
5. Set the ReAuthEnabled field and the Control fields.
6. Set the values in the Unit, From Port, and To Port fields.
7. Click . The 802.1x Access Control is configured, and the device is updated.
99
Defining RADIUS Settings

Remote Authorization Dial-In User Service (RADIUS) servers provide additional security for networks. RADIUS servers
provide a centralized authentication method for web access.
The default parameters are user-defined, and are applied to newly defined RADIUS servers. If new default parameters are
not defined, the system default values are applied to newly defined RADIUS servers.
1. Click Security > 802.1X > Authentic RADIUS Server. The Authentic RADIUS Server Page opens:
Figure 5-13. Authentic RADIUS Server Page

The Authentic RADIUS Server Page contains the following fields:
Field Description
Succession Defines the desired RADIUS server to configure. Network managers use up to 3 RADIUS
servers for port authentication. The possible field values are:
First — Indicates the RADIUS parameters are defined for the first RADIUS server.
Second — Indicates the RADIUS parameters are defined for the second RADIUS server.
Third — Indicates the RADIUS parameters are defined for the third RADIUS server.
RADIUS Server Defines the RADIUS server IP addresses. The field format is X.X.X.X.
Authentic Port Identifies the authentication port. The authentication port is used to verify the RADIUS server
authentication. The authenticated port default is 1812.
Accounting Port Defines the port used to send Start and Stop authentication messages. Information received
through the RADIUS Accounting Port is recorded in the RADIUS Authentication Page. The
default port is 1813.
Key Defines the authentication and encryption key for communications between the device and the
server. This key must match the encryption used on the server.
Confirm Key Confirms the RADIUS key defined in the Key field.
2. Define the RADIUS server to configure in the Succession field.
100
3. Define the RADIUS server IP address in the RADIUS Server field.

4. Define the authentication port in the Authentic Port field.
5. Define the accounting port in the Accounting Port field.
6. Define the authentication and encryption key in the Key field.
7. Reenter the RADIUS Key in the Confirm Key field.
8. Click .
• To edit the Radius Server list, click adjacent to the required listed server. The upper fields display the
current values, which then can be edited.
• To delete a radius server from the list, click adjacent to the relative list entry. The radius servers are
defined, and the device is updated.
Configuring Secure Socket Layer Security

Secure Socket Layer (SSL) is a security feature that provides a secure communication path between a host and client
through the use of authentication, digital signatures, and encryption. These security functions are implemented using a
Ciphersuite, which is a security string that determines the exact cryptographic parameters, specific encryption algorithms
and key sizes used for authentication sessions, and that consists of:
• Key Exchange —Cyphersuite strings specify the public key algorithm used. This switch utilizes the Rivest Shamir
Adleman (RSA) public key algorithm and the Digital Signature Algorithm (DSA), specified here as the DHE DSS
Diffie-Hellman (DHE) public key algorithm. This is the first authentication process between client and host as they
“exchange keys” in looking for a match and therefore authentication to be accepted to negotiate encryptions on the
following level.
• Encryption: The second part of the ciphersuite that includes the encryption used for encrypting the messages sent
between client and host. The Switch supports two types of cryptology algorithms:
– Stream Ciphers – There are two types of stream ciphers on the Switch, RC4 with 40-bit keys and RC4 with 128-
bit keys. These keys are used to encrypt messages and need to be consistent between client and host for
optimal use.
– CBC Block Ciphers – Cipher Block Chaining (CBC) links encrypted text blocks. The Switch supports the 3DES
EDE encryption code defined by the Data Encryption Standard (DES) to create the encrypted text.
• Hash Algorithm — This part of the ciphersuite allows the user to choose a message digest function which will
determine a Message Authentication Code. This Message Authentication Code will be encrypted with a sent message to
provide integrity and prevent against replay attacks. The Switch supports two hash algorithms, Message Digest 5 (MD5)
and Secure Hash Algorithm (SHA).
The SSL Configuration Settings Page permits network managers to enable SSL and define the ciphersuites on the Switch.
Ciphersuites are security strings that determines the exact cryptographic parameters, specific encryption algorithms and key
sizes to be used for an authentication session. The Switch possesses four possible ciphersuites for the SSL function, which
are enabled by default. To utilize a particular ciphersuite, disable the unwanted ciphersuites, leaving the desired one for
authentication.
When the SSL function has been enabled, the Web is disabled.
To manage the device via an Embedded Web System while SSL is enabled, the web browser must support SSL encryption.
URL headers must begin with https://, for example https://10.90.90.90.
The system supports up-to four SSH sessions.
To enable SSL on the device:
1. Click Security > SSL. The SSL Configuration Settings Page opens:
101
Figure 5-14. SSL Configuration Settings Page

The SSL Configuration Settings Page contains the following fields:
Field Description
SSL Status Indicates if SSL is enable on the device. The possible field values are:
Enabled — Indicates SSL is enabled on the device.
Disabled — Indicates SSL is disabled on the device.
Ciphersuite Indicates the Ciphersuite. The possible field values are:
RSA with RC4 128 MD5 —Combines the RSA key exchange, stream cipher RC4
encryption with 128-bit keys and the MD5 Hash Algorithm.
RSA with 3DES EDE CBC SHA — This ciphersuite combines the RSA key exchange, CBC
Block Cipher 3DES_EDE encryption and the SHA Hash Algorithm.
RSA EXPORT with RC4 40 MD5 — This ciphersuite combines the RSA Export key
exchange and stream cipher RC4 encryption with 40-bit keys.
Status Indicates if the selected Ciphersuite is enable or disabled for SSL. The possible field values
are:
Enable — Enables the Ciphersuite for SSL. This is the default value.
Disable — Disables the Ciphersuite for SSL.
2. Enable or disable the SSL status in the SSL Status field.
3. Click . The SSL status is defined, and the device is updated.
Configuring Secure Shell Security

Secure Shell permits network users to securely login to the network from a remote location over an insecure network. SSH a
secure login to remote host computers, a safe method of executing commands on a remote end node, and will provide secure
encrypted and authenticated communication between two non-trusted hosts. SSH, with its array of unmatched security
features is an essential tool in today’s networking environment. It is a powerful guardian against numerous existing security
hazards that now threaten network communications.
102
Ensure the following steps are completed before configuring SSH:

• Create a user account with admin-level access using the User Accounts window in the Administration folder. This is
identical to creating any other admin-level User Account on the Switch, including specifying a password. This
password is used to logon to the Switch, once a secure communication path has been established using the SSH
protocol.
• Configure the User Account to use a specified authorization method to identify users that are allowed to establish SSH
connections with the Switch using the Current Accounts window (Security > Secure Shell (SSH) > SSH User
Authentication). There are three choices for the method SSH will use to authorize the user: HostBased, Password, and
Public Key. Otherwise choose the fourth option, None.
• Configure the encryption algorithm that SSH will use to encrypt and decrypt messages sent between the SSH client and
the SSH server, using the Encryption Algorithm window.
To define SSH on the device:
1. Click Security > SSH > SSH Configuration. The SSH Configuration Page opens:
Figure 5 -15. SSH Configuration Page

The SSH Configuration Page contains the following fields:
Field Description
SSH Server Status Indicates if SSH is enabled on the device. The possible field values are:
Enable — Enables SSH on the device.
Disable — Disables SSH on the device. This is the default value.
Port (1-65535) Displays the port number used to authenticate the SSH session. The possible field range is 1-
65535. The field default is 22.
2. Enable or disable the SSH server status in the SSH Server Status field.
3. Define the SSH global setting port number in the Port (1-65535) field.
4. Click . The SSH configuration is defined, and the device is updated.
103
Defining SSH Algorithm Settings

This SSH Algorithm Settings Page allows network administrators to enable a public key for SSH authentication encryption.
The following authentication keys are enabled for SSH:
• Public Key Algorithm — Encrypts a cryptographic key pair composed of a public key and a private key. The private
key is kept secret, while the public key can be distributed. The encryption keys are mathematically similar, but a private
key cannot be derived from the public key. Messages encrypted with a public key can be decrypted with the matching
private key. The following Public Key Algorithms are supported:
– HMAC-RSA — Supports the Hash for Message Authentication Code (HMAC) mechanism utilizing the RSA
encryption algorithm.
– HMAC-DSA —Supports the Hash for Message Authentication Code (HMAC) Digital Signature Algorithm (DSA)
encryption algorithm.
• Data Integrity Algorithm — Validates message authentication information transmitted between two parties which
share the same key. The following Data Integrity Algorithms are supported:
– HMAC-SHA — Supports the Hash for Message Authentication Code (HMAC) Secure Hash Algorithm (SHA)
mechanism.
– HMAC MD5 — Supports the Hash for Message Authentication Code (HMAC) MD5 Message Digest (MD5)
mechanism.
• Encryption Algorithm — Generates authentication keys used to authenticate communications between different
applications. The following Encryption Algorithms are supported
– DES — Supports the Data Encryption Standard (DES). DES is a block cipher with 64-bit block size that uses 56-
bit keys.
– 3DES — Supports Triple-DES (3DES). Triple-DES encrypts data three times and applies a unique key for one of
the three passes. The total key size of 112-168 bits.
– 3DES-CBC — Supports a block size of 8 bytes (64 bits); its key size is 192 bits long. The first 8 bytes cannot be
identical to the second 8 bytes, and the second 8 bytes cannot be identical to the third 8 bytes.
– AES128 —Provides a block cipher that encrypts and decrypts digital information. The AES128 algorithm is
capable of using cryptographic 128 keys.
– AES192 — Provides a block cipher that encrypts and decrypts digital information. The AES128 algorithm is
– AES256 — Provides a block cipher that encrypts and decrypts digital information. The AES128 algorithm is
– RC4 — Supports a cipher with an up to 2048 bits key size.
All algorithms are enabled by default. To enable SSH Algorithms:
1. Click Security > SSH > SSH Algorithm Settings. The SSH Algorithm Settings Page opens:
104
Figure 5-16. SSH Algorithm Settings Page

The SSH Algorithm Settings Page contains the following fields:
Field Description
Public key Indicates if Public Key Algorithms are currently enabled on the device. The possible field
values are:
Enabled — Enables SSH algorithms on the device.
Disable — Disables SSH algorithms on the device. This is the default value.
Public Key Algorithm Displays the currently enabled Public Key Algorithms.
Data Integrity Algorithm Displays the currently enabled Data Integrity Algorithms.
Encryption Algorithm Displays the currently enabled Encryption Algorithms.
2. Enable or disable the public key status in the Public key field.
3. Click . The SSH Algorithm setting is defined, and the device is updated.
105
Defining Application Authentication Settings

Application Authentication permits network administrators to assign authentication methods for user authentication. For
example, console users can be authenticated by Authentication List 1, while Telnet users are authenticated by
Authentication List 2.
1. Click Security > Access Authentication Control > Application Authentication Settings. The Application
Authentication Settings Page opens:
Figure 5-17. Application Authentication Settings Page

The Application Authentication Settings Page contains the following fields:
Field Description
Application Indicates the authentication application for which the Login Method or Enable Method lists
are defined. The possible field values are:
Console — Indicates that Authentication profiles are used to authenticate console users.
Telnet — Indicates that Authentication profiles are used to authenticate Telnet users.
Secure Telnet (SSH) — Indicates that Authentication profiles are used to authenticate
Secure Shell (SSH) users. SSH provides clients secure and encrypted remote connections
to a device.
Login Method List Defines the method used by the application to authenticate normal login (user level).
http_method_list and https_method_list are fixed method names for http and https
respectively.
Enable Method List Defines the method used by the application to enable a normal login (user level).
2. Select the login method for the Console, Telnet, and Secure Telnet (SSH ) from the list under Login Method List.
3. Select the enable method for the Console, Telnet, and Secure Telnet (SSH ) from the list under Enable Method List.
4. Click . The Application Authentication settings are defined, and the device is updated.
106
Configuring the Authentication Server Hosts

The Authentication Server is a remote device connected to the same network as the Client and Authenticator. Users are
authenticated using either RADIUS or TACACS+, and must be authenticated by the server before attaining network access.
To define the Authentication Server information:
1. Click Security > Access Authentication Control> Authentication Server Host. The Authentication Server Host
Page opens:
Figure 5-18. Authentication Server Host Page

The Authentication Server Host Page contains the following fields:
Field Description
IP Address Defines the IP address of the RADIUS or TACACS+ server authenticating network users.
Protocol Indicates the authentication protocol used to authenticate network users. The possible
field values are:
RADIUS — Indicates that network users are authenticated via a RADIUS server.
TACACS+ — Indicates that network users are authenticated via a TACACS+ server.
Key Defines the key used to authenticate network users. The key may contain up to 128
characters
Priority Defines the priority assigned to the port. The field range is First -Third, where Third is the
lowest priority and First is the highest priority.
Port (1-65535) The port number for authentication requests. The host is not used for authentication if set
to 0. If unspecified, the Radius port number defaults to 1812, TACACS+ port number
defaults to 49.
Timeout (1-30secs) Indicates the amount of time that passes, in which no authentication activity occurs, after
which the authentication session times out.
Retransmit (1-10 times) Indicates the number of times the port attempts to re- authenticate a timed out session.
2. Define the IP Address, Protocol, Key, Port, Timeout, and Retransmit fields.
107
3. Click .The Authentication Host properties are defined, and the device is updated.
• To edit an authentication, click adjacent to the relevant IP Address on the list. The upper fields display the
• To delete an authentication, click adjacent to the relevant IP Address on the list. The Authentication Server
settings are defined, and the device is updated.
Defining the Login Methods

Network users must first login to the device on the Login Method Lists Page. Access as non-administrative users is granted.
To configure the device as a Network Administrator, the user must also log on to the device on the Enable Method Lists
Page.
User authentication occurs in the order the methods are selected. If the first authentication method is not available, the next
selected method is used. For example, if the selected authentication method is RADIUS, Local, and the RADIUS server is
not available, the user is authenticated locally. To define the user only login method:
1. Click Security > Access Authentication Control > Login Method Lists. The Login Method Lists Page opens:
Figure 5-19. Login Method Lists Page

The Login Method Lists Page contains the following fields:
Field Description
Method List Name Displays the method list name. The field is user-defined besides the http_method_list and
https_method_list which cannot be deleted or renamed.
Method 1 Indicates the first method used to authenticate the network user. The possible field values are:
RADIUS — User authentication occurs at the RADIUS server.
TACACS+ — The user authentication occurs at the TACACS+ server.
None — No user authentication occurs.
Local — User authentication occurs at the device level. The device checks the user name
and password for authentication.
108
Field Description
Method 2 Indicates the second method used to authenticate the network user. The possible field values
are:
Method 3 Indicates the third method used to authenticate the network user. The possible field values are:
Method 4 Indicates the fourth method used to authenticate the network user. The possible field values
are:
2. Define the Method List Name in the Method List Name field.
3. Select the methods used to authenticate network users in the Method 1, Method 2, Method 3 and, Method 4 fields.
4. Click . The Login methods are defined, and the device is updated.
• To edit the Method List, click adjacent to a Method List Name on the list. The upper fields display the
• To delete a Method List Name, click . The Login Method Lists are defined, and the device is updated.
109
Defining the Enable Methods

Network users must first login to the device on the Enable Method Lists Page. Access as non-administrative users is granted.
The Enable Method Lists Page allows network mangers to assign user privileges using authentication methods on the device.
Once a user is assigned a normal user level privileges the network user is authenticated and granted network access and
configuration privileges. A maximum of four Enable Method Lists can be defined on the device. The Enable Method List
cannot be deleted but can be configured.
User authentication occurs in the order the methods are selected. If the first authentication method is not available, the next
selected method is used. For example, if the selected authentication method is RADIUS, Local, and the RADIUS server is
not available; the user is authenticated locally. To define authentication methods:
1. Click Security > Access Authentication Control > Enable Method Lists. The Enable Method Lists Page opens:
Figure 5-20. Enable Method Lists Page

The Enable Method Lists Page contains the following fields:
Field Description
Method List Name Defines the method list name. The field is user-defined besides the http_method_list and
https_method_list which cannot be deleted or renamed.
Method 1 Indicates the first method used to authenticate the network user. The possible field values are:
110
Field Description
Method 2 Indicates the second method used to authenticate the network user. The possible field values
are:
Method 3 Indicates the third method used to authenticate the network user. The possible field values are:
Method 4 Indicates the fourth method used to authenticate the network user. The possible field values
are:
2. Define the Method List Name in the Method List Name field.
3. Select the methods used to authenticate network users in the Method 1, Method 2, Method 3 and, Method 4 fields.
4. Click . The Enable method and passwords are defined, and the device is updated.
• To edit the Enable Method List, click adjacent to an Enable Method List Name on the list. The upper
fields display the current values, which then can be edited.
• To delete an Enable Method List Name, click . The Enable Method Lists are defined, and the device is
updated.
111
Configuring the Local Enable Password

The Configure Local Enable Password Page allows network administrators to configure the local enabled password. To
define the network Local Enable password:
1. Click Security > Access Authentication Control > Configure Local Enable Password. The Configure Local
Enable Password Page opens:
Figure 5-21. Configure Local Enable Password Page

The Configure Local Enable Password Page contains the following fields:
Field Description
Old Local Enable Password Provide the current network Enable password.
New Local Enable Password Defines the new network Enable password. The field range is 1-15 characters.
Confirm Local Enable Password Confirms the new network Enable password.
2. Enter the old local enable password In the Old Local Enable Password field.
3. Define the new local enable password in the New Local Enable Password field.
4. Re-enter the new password in the Confirm Local Enable Password field.
The new local enable password is configured, and the device is updated.
112
6
MONITORING THE DEVICE
This section contains information for view device and packet statistics as well as, viewing IGMP information and MAC
address information. This section includes the following topics:
• Viewing Stacking Information
• Viewing the CPU Utilization
• Viewing Port Utilization
• Viewing Packet Size Information
• Viewing Received Packet Statistics
• Viewing UMB_cast Packet Statistics
• Viewing Transmitted Packet Statistics
• Viewing RADIUS Authenticated Session Statistics
• Viewing the ARP Table
• Viewing Router Ports
• Viewing Session Table
• Viewing IGMP Group Information
• Defining Dynamic and Static MAC Addresses
• Viewing System Log
113
Viewing Stacking Information

The Stacking Information Page provides specific information for stacked devices. To show the Stacking Information Page:
1. Click , and from the menu select Show Stack Status.

2. Alternatively, click Monitoring > Stacking Information in the Tree View. The Stacking Information Page opens:
Figure 6-1 Stacking Information Page

The Stacking Information Page contains the following fields:
Field Description
Master ID Displays the Stacking Master Unit ID number. The Stacking Master Unit is always assigned the
unit ID 1.
Backup ID Displays the Backup Master Unit ID number. The Backup Master Unit is always assigned the
unit ID 2.
Box ID Displays the Unit ID numbers assigned to the stacking members.
Runtime version Indicates the software version running on the device.
H/W version Displays the stacking member’s hardware version.
114
115
Viewing the CPU Utilization

The CPU Utilization Page contains information about the system’s CPU utilization.
1. Click Monitoring > CPU Utilization. The CPU Utilization Page opens:
Figure 6-2. CPU Utilization Page

The CPU Utilization Page contains the following fields:
Field Description
Utilization Displays current CPU utilization by percentage.
Time Interval Defines the 1-60 second time intervals in which the usage samples are taken as follows:
1,2,3,4,5,10,20,30,40,50,60.
Record Number Defines the record number.
Show/Hide Displays the CPU utilization information. The possible fields are:
Utilization checked — Utilization information is enabled. This is the default value.
Utilization unchecked — Utilization information is disabled.
2. Define the Time Interval and Record Number fields.
3. Define the Show/Hide field.
4. Click . A sample record of CPU utilization is stored, and the device is updated.
116
Viewing Port Utilization

The Port Utilization Page contains port utilization information for specific ports. To view port statistics:
1. Click Monitoring > Port Utilization. The Port Utilization Page opens:
Figure 6-3. Port Utilization Page

The Port Utilization Page contains the following fields:
Field Description
Utilization Displays current CPU utilization by percentage.
Time Interval Defines the 1-60 second time intervals in which the usage samples are taken as follows:
1,2,3,4,5,10,20,30,40,50,60.
Record Number Defines the record number.
Show/Hide Displays the CPU utilization information. The possible fields are:
Utilization checked — Utilization information is enabled .This is the default value.
Utilization unchecked — Utilization information is disabled.
2. Define the Unit, Port, Time Interval, and Record Number fields.
4. Click . A sample record of CPU port utilization is stored, and the device is updated.
117
Viewing Packet Size Information

The Packet Size Page displays packets received by the switch, arranged in six groups and classed by size, to be viewed as
either a line graph or a table.
1. Click Monitoring > Packet Size. The Packet Size Page opens:
Figure 6-4. Packet Size Page

The Packet Size Page contains the following fields:
Field Description
Packet Size Analysis – Selected Port Displays current packet size for ports by percentage.
Number
Time Interval Displays the time intervals at which the packet samples are taken. The
possible field values are: 1s - 5s, 10s, 15s, 20s, 30s, 40s, 50s, and 60s.
Record Number Displays the packet size record number.
Show/Hide Displays or hides packets size. The following packet length ranges can be
displayed: 64, 65-127, 128-255, 256-511, 512-1023 and, 1024-1518 and
1519-10240.
2. Click . A sample record of packet size analysis is stored, and the device is updated.
4. To view the graph as a table, click View Table.
118
Viewing Received Packet Statistics

The Received(RX) Page contains information about packets transmitted through device ports. To view received packet
statistics:
1. Click Monitoring > Packets > Received(RX). The Received(RX) Page opens:
Figure 6-5. Received(RX) Page

The Received(RX) Page contains the following fields:
Field Description
Unit Displays the stacking member for which the transmitted packet statistics are displayed.
Port Indicates the port for which the received packets parameters are displayed.
Bytes Indicates the total number of bytes that were received on the port.
Packets Indicates the total number of packets that were received on the port.
Time Interval Indicates the time interval for which the received packets are displayed. The possible field
values are: 1s - 5s, 10s, 15s, 20s, 30s, 40s, 50s, and 60s.
Record Number Indicates the transmitted record number.
Show/Hide Displays the bytes/packets received information. The possible fields are:
Bytes checked — Checked displays the total amount of received bytes.
Packets checked — Checked displays the total amount of received packets.
2. Define the Unit and Port fields.
3. Click to load the defined parameters.

5. Click . The selected RX packet analysis is displayed.
119

Viewing UMB_cast Packet Statistics

The UMB_cast(RX) Page displays the number of UMB cast (Unicast, Multicast and Broadcast) packets received on the
device.
1. Click Monitoring > Packets > UMB_cast(RX). The UMB_cast(RX) Page opens:
Figure 6-6. UMB_cast(RX) Page

The UMB_cast(RX) Page contains the following fields:
Field Description
Unit Indicates the stacking member for which the UMB_cast packets are displayed.
Port Indicates the port for which the UMB_cast packets parameters are displayed.
Unicast Indicates the number of Unicast packets received and transmitted through the device.
Multicast Indicates the number of Multicast packets received and transmitted through the device.
Broadcast Indicates the number of Broadcast packets received and transmitted through the device.
Time Interval Indicates the time interval for which the UMB_cast packets are displayed. The possible field
Show/Hide Displays the packets received information. The possible field values are:
Unicast checked — Displays the total amount of transmitted Unicast packets.
Multicast checked — Displays the total amount of transmitted Multicast packets.
Broadcast checked — Displays the total amount of transmitted Broadcast packets.
120

To clear the Unit and Port fields:
1. Click . The fields are cleared.
3. Click . The selected UMB_Cast (RX) packet analysis is displayed
Viewing Transmitted Packet Statistics

The Transmitted(TX) Page contains information about packets transmitted through device ports. To view transmitted packet
statistics:
1. Click Monitoring > Packets >Transmitted(TX). The Transmitted(TX) Page opens:
Figure 6-7. Transmitted(TX) Page

The Transmitted(TX) Page contains the following fields:
Field Description
Unit Indicates the stacking member ID for which the transmitted packets parameters are displayed.
Port Indicates the port for which the transmitted packets parameters are displayed.
Bytes Indicates the total number of bytes that were transmitted through the port.
Packets Indicates the total number of packets that were transmitted through the port.
Time Interval Indicates the time interval for which the transmitted packets are displayed. The possible field
Show/Hide Displays the bytes/packets received information. The possible field values are:
Bytes checked — Displays the total amount of transmitted bytes.
121
Field Description
Packets checked — Displays the total amount of transmitted packets.

To clear the Unit and Port fields:
1. Click . The fields are cleared.
3. Click . The transmitted packet graph is updated.

122
Viewing RADIUS Authenticated Session Statistics

The Defining RADIUS Settingsprovides RADIUS authentication sessions, including how many sessions were initiated,
which ports intimated the authentication sessions, and whether or not the sessions were granted.
1. Click Monitoring > Port Access Control > RADIUS Authentication. The Defining RADIUS Settingsopens:
Figure 6-8. RADIUS Authentication Page

The Defining RADIUS Settingscontains the following fields:
Field Description
Time Interval Indicates the how often the RADIUS authentication session information is updated. The various
time intervals are: 15/30/60/no refresh.
Server Displays the RADIUS server IP address.
UDP Port Displays the UDP port through which the RADIUS session was initiated.
Timeouts Indicates the number of session timeouts that occurred during the authentication session.
Requests Indicates the amount of times the port requested an authentication session.
Challenges Indicates the amount of times the port was challenged during an authentication session.
Accepts Indicates the amount of authentication sessions initiated by the port which were accepted.
Rejects Indicates the amount of authentication sessions initiated by the port which were rejected.
123
Viewing the ARP Table

The Browse ARP Table Page provides information regarding ARP VLANs, including which IP address was mapped to what
MAC address. To view the ARP table:
1. Click Monitoring > Browse ARP Table. The Browse ARP Table Page opens:
Figure 6-9 Browse ARP Table Page

The Browse ARP Table Page contains the following fields:
Field Description
VLAN Name Defines the VLAN for which the ARP mappings are defined.
IP Address Defines the station IP address, which is associated with the MAC address.
Total Entries Displays current ARP table entries, detailing the user defined interface name, IP address, MAC
address and type (dynamic or static) of each entry.
MAC Address Displays the MAC address associated with the IP address..
Type Indicates how the MAC was assigned. The possible values are:
– Dynamic — Indicates that the MAC address is dynamically created.
– Static — Indicates the MAC address is a static IP address.
2. Click . The table updates and displays the values required.

3. Click to clear the Browse ARP Table Page.
124
Viewing Router Ports

The Browse Router Port Page displays which ports are connected to routers. Ports can be connected to routers either as a
static port or as a dynamic port.
1. Click Monitoring > Browse Router Port. The Browse Router Port Page opens:
Figure 6-10 Browse Router Port Page

The Browse Router Port Page contains the following fields:
Field Description
VID Indicates the VLAN identification.
Unit Indicates the stacking member for which the router ports information is displaying.
Port Indicates the port for which the router port settings are displayed. Ports have the following
settings:
S — Indicates a static port.
D — Indicates a dynamic port.
2. Define the VID field.
3. Click . The selected ports appear on the selected VLAN.
125
Viewing Session Table

The Browse Session Table Page displays information regarding device sessions which were initiated by system Users. To
view session table information:
1. Click Monitoring > Browse Session Table. The Browse Session Table Page opens:
Figure 6-11 Browse Session Table Page

The Browse Session Table Page contains the following fields:
Field Description
ID Displays the browse session table entry.
From Indicates the type of interface from which the system session was initiated.
User Privilege Indicates the user privileged assigned to the user who imitated the system session.
Name Displays the name of the user that initiated the system session.
126
Viewing IGMP Group Information

The IGMP Snooping Group Page contains vital IGMP group information, including the Multicast Group IP address and the
corresponding MAC address through which the IGMP packets passed.
1. Click Monitoring >IGMP Snooping Group. The IGMP Snooping Group Page opens:
Figure 6-12 IGMP Snooping Group Page

The IGMP Snooping Group Page contains the following fields:
Field Description
VID Defines the VLAN ID for the IGMP Snooping Group.
VLAN Name Defines the VLAN name.
VLAN Name Displays the currently selected user-defined VLAN name.
Multicast Group Displays the IP address assigned to the Multicast group.
MAC Address Displays the MAC address assigned to the Multicast group.
Port Displays the ports where the IGMP packets were snooped.
2. Define the VD and Vlan fields.
3. Click . The IGMP Snooping Group Page displays relevant information.
127
Defining Dynamic and Static MAC Addresses

Packets addressed to destinations stored in either the Static or Dynamic databases are immediately forwarded to the port.
The MAC Address Table Page can be sorted by interface, VLAN, or MAC Address, whereas MAC addresses are
dynamically learned as packets from sources that arrive at the device. Static addresses are configured manually.
An address becomes associated with a port by learning the port from the frame’s source address, however if a frame
addressed to a destination MAC address is not associated with a port, that frame is flooded to all relevant VLAN ports. To
prevent the Bridging table from overflowing, a dynamic MAC address, from which no traffic arrives for a set period, is
erased.
To prevent static MAC addresses from being deleted when the device is reset, ensure that the port attached to the MAC
address is locked.
1. Click Monitoring > MAC Address Table. The MAC Address Table Page opens:
Figure 6-13 MAC Address Table Page

The MAC Address Table Page contains the following fields:
Field Description
Unit Displays the Stacking member Unit 1 for which the MAC address parameters are displayed.
Port Defines the port for which the MAC address parameters are displayed.
VLAN Name Defines the VLAN for which the MAC address parameters are displayed.
MAC Address Displays the MAC address assigned to the port or VLAN.
VID Displays the VLAN ID to which the MAC address is assigned.
Type Indicates how the MAC was assigned. The possible values are:
– Dynamic — Indicates that the MAC address is dynamically created.
– Static — Indicates the MAC address is a static IP address.
2. Select the Stacking member in the Unit field.
3. Define the Port, VLAN Name, and MAC Address fields.
128
4. Click .
– To view all entries, click .
– To clear static entries, click .
– To clear dynamic entries, click .

– To clear all entries, click . The MAC Address Table updates and displays total entries.
– To scroll down the table, click .
– To scroll up the table, click .
129
Viewing System Log

The System Log Page provides information about system logs, including information when the device was booted, how the
ports are operating, when users logged in, when sessions timed out, as well as other system information. To view the System
Log Page:
1. Click Monitoring > System Log. The System Log Page opens:
Figure 6-14 System Log Page

The System Log Page contains the following fields:
Field Description
ID Displays the system log table entry.
Time Displays the time in days, hours, and minutes the log was entered in the Switch History Log
Table.
Log Description Displays a description event recorded in the System Log Page.
Severity The following are the available log severity levels:
– Warning — The lowest level of a device warning. The device is functioning, but an
operational problem has occurred.
– Informational — Provides device information.
To clear the log:
2. Click . The System Log Page is cleared.
130
7
MANAGING POWER OVER ETHERNET DEVICES
Power over Ethernet (PoE) provides power to devices over existing LAN cabling, without updating or modifying the
network infrastructure. Power over Ethernet removes the necessity of placing network devices next to power sources. Power
over Ethernet can be used with:
• IP Phones
• Wireless Access Points
• IP Gateways
• Audio and video remote monitoring
Powered Devices are devices which receive power from the DGS-3100 series device power supplies, for example IP phones.
Powered Devices are connected to the DGS-3100 series device via Ethernet ports.
PoE is enabled only on the DGS-3100-24P and DGS-3100-48P devices.
This section includes the following topics:
• Defining PoE System Information
• Displaying and Editing PoE System Information
131
Defining PoE System Information

The PoE Port Setting Page contains system PoE information for enabling PoE on the device, monitoring the current power
usage, and enabling PoE traps. To enable PoE on the device:
1. Click PoE > PoE Port Setting. The PoE Port Setting Page opens:
Figure 7-1 PoE Port Setting Page

The PoE Port Setting Page contains the following fields:
Fields Description
Unit Indicates the stacking member for which the PoE settings are displayed
From Port Indicates from which port the PoE settings are applied.
To Port Indicates to which port the PoE settings are applied.
PoE Enable Indicates if PoE is enabled on the interface. The possible field values are:
Enabled — Enables PoE on the interface.
Disabled — Disables PoE on the interface. This is the default value.
Power Limit Indicates the maximum amount of power available to the interface. The field value is displayed in
Watts.
If the Power Limit checkbox is left unchecked, the amount of power assigned is determined according
to the class which is read from the powered device. If checked, the user can enter the Power Limit
value thus overriding the value defined by the Powered device Class.
Power (W) Indicates the amount of power assigned to the powered device connected to the selected interface.
Voltage (W) Indicates the amount of voltage assigned to the powered device connected to the selected interface.
Current (mA) Indicates the amount of power assigned to the provided powered device.
Classification Indicates Power consumption classification of the powered device. The possible field values are:
Class 0 — Indicates the power consumption is 15.4W, which is the maximum output class.
Class 1— Indicates the power consumption is 4W.
132
Fields Description
Class 2 — Indicates the power consumption is 7W.
Class 3 — Indicates the power consumption is 15.4W.
Status Indicates the inline power source status. The possible field values are:
Normal — Indicates that the power supply unit is functioning.
Off — Indicates that the power supply unit is not functioning.
Faulty — Indicates that the power supply unit is functioning, but an error has occurred. For
example, a power overload or a short circuit.
2. Define the Unit, From Port, To Port, PoE Enable and Power Limit fields.
3. Click . The system PoE parameters are defined, and the device is updated.
133
Displaying and Editing PoE System Information

The PoE System Setting Page displays system PoE information on the device, monitoring the current power usage, and
enabling PoE traps. To display system PoE information on the device:
1. Click PoE > PoE System Setting. The PoE System Setting Page opens:
Figure 7-2 PoE System Setting Page

The PoE System Setting Page contains the following fields:
Fields Description
Unit Defines the unit.
System Power Threshold Indicates the power in Watts consumed before an alarm is generated. The possible field
values are:
50W — Indicates 50 watts.
Disconnect Method Indicates the method by which the powered device is disconnected from the interface.
The possible values are:
Deny next port — Indicates device disconnects by next port denial.
Deny Low priority port— Indicates device disconnects by next low priority port.
System Power Status Indicates the current system power status. The possible values are:
System Budget Power — Indicates the power that can be supplied by the system.
Support Total Power — Indicates the actual power which is consumed by the
devices.
Remainder Power — Indicates the remaining power that can be consumed by the
devices (budget-total).
The ratio of system power supply — total power/budget power.
134
8
DEFINING ACCESS PROFILE LISTS
Access Control Lists (ACL) allow network managers to define classification actions and rules for specific ingress ports.
Packets entering an ingress port with an active ACL are either admitted, denied or subject to Quality of Service action.
For example, a network administrator defines an ACL rule that states port number 20 can receive TCP packets, however, if
a UDP packet is received, the packet is dropped.
Access Profiles and Access Rules that are made of the filters determine traffic classifications.
This section cotains the following topics:
• Viewing the CPU Utilization
• Defining Access Profile Lists
• Defining Access Rules Lists
• ACL Finder Page
52
ACL Configuration Wizard

The Configuration Wizard Page provides information for configuring Access Control Lists. The Configuration Wizard
Page assists in configuring ACLs intuitively and quickly, and creates ACL profiles and rules automatically. To define
ACLs:
1. Click ACL > ACL Configuration Wizard. The Configuration Wizard Page opens:
Figure 8-1 ACL Configuration Wizard Page

The Configuration Wizard Page contains the following fields:
From Defines the origin of accessible packets. The possible values are:
Any — Indicates ACL action will be on packets from any source.
MAC Address — Indicates ACL action will be on packets from this MAC address.
IPv4 Addresses — Indicates ACL action will be on packets from this IPv4 source address.
To Defines the destination of accessible packets. The possible values are:
Any — Indicates ACL action will take placed for packets with any destination.
MAC Address — Indicates ACL action will take place for packets to this MAC address
only.
IPv4 Addresses — Indicates ACL action will take place on packets to this IPv4 address.
Service Type Defines the type of service. The possible values are:
Any — Indicates ACL action will take place for packets of all service types.
Ethertype — Specifies Ethertype packet filtering.
ICMP All — Specifies an ICMP type and code message or filtering ICMP packets.
IGMP — IGMP packets can be filtered by IGMP message type.
TCP ALL — Matches the packet to the TCP Port
TCP Source Port — Matches the packet to the TCP Source Port
TCP Destination Port — Matches the packet to the TCP Destination Port
53
UDPAll — Matches the packet to the UDP Port

UDP Source Port — Matches the packet to the UDP Source Port
UDP Destination Port — Matches the packet to the UDP Destination Port
Action Defines the ACL forwarding action matching the rule criteria. The possible values are:
Permit — Forwards packets if all other ACL criteria are met.
Deny — Drops packets if all other ACL criteria is met.
Rate Limiting — Rate limiting is activated if all other ACL criteria is met.
Change 1p Priority — VPT (CoS) value is changed if all other ACL criteria is met.
Replace DSCP — Reassigns a new DSCP value to the packet if all other ACL criteria are
met.
Ports Defines ports to be configured. An example of possible values is: 1:1, 1:4-6, and 2:6.
2. Define the From, To, Service Type, Action, and Ports fields.
3. Click . The ACLs are configured, and the device is updated.
For advanced ACL setting please see the section below.
54
Defining Access Profile Lists

• Adding ACL Profiles
• Defining Level 2 ACL
• Defining Level 3 ACL
Adding ACL Profiles

The ACL Profile List Page provides information for configuring ACL Profiles manually. ACL profiles are attached to
interfaces, and define how packets are forwarded if they match the ACL criteria.
1. Click ACL > Access Profile List. The ACL Profile List Page opens:
Figure 8-2 ACL Profile List Page

The ACL Profile List Page contains the following fields:
Field Description
Profile ID Displays the profile Identification number.
Profile Summary Displays the access rule.
• To display an ACL’s profile details, click . The ACL profile details are displayed below the
ACL table.
• To define or show an access rule, click . The Add Access Rule Page opens. (See ‘Defining
Access Rules Lists’ section, below.)
• To delete an ACL profile, click . The ACL profile is deleted.
2. To add an ACL profile Click . The Access Profile List Page opens:
55
Figure 8-3 Add ACL Profile Page

The Access Profile List Page contains the following fields:
Field Description
L2 ACL Defines the ACL profile Layer 2 protocols. The possible values are:
Tagged — Defines the profile Layer 2 as a tagged member of a VLAN. This is the default.
Untagged — Defines the profile Layer 2 as an untagged member of a VLAN.
L3 ACL Defines the ACL profile Layer 3 protocols. The possible fields are:
ICMP — Specifies an ICMP message type for Layer 3 protocols. This is the default.
IGMP — IGMP packets can be filtered by IGMP message type.
TCP — Matches the packet to the TCP Port.
UDP — Matches the packet to the UDP Port.
3. Define the L2 ACL or L3 ACL fields.
4. Click The Access Profile List Page updates accordingly, enabling selection of the packet field to create
filtering masks.
56
Defining Level 2 ACL

If L2 ACL Tagged is selected, the page updates as follows:
Figure 8-4 ACL Profile L2 ACL Tagged Page

To define L2 MAC Address ACL profile:
1. Click the MAC Address button. The ACL Profile L2 ACL Tagged Page updates to show the following:
Figure 8-5 ACL Profile L2 ACL Tagged MAC Address Page

The ACL Profile L2 ACL Tagged MAC Address Page contains the following fields:
57
Field Description
Source MAC Mask Defines the range of source addresses relative to the ACL rules (0=ignore, 1=check).
For example, to set 00:00:00:00:10:XX, use mask FF:FF:FF:FF:FF:00.
Destination MAC Mask Defines the range of destination addresses relative to the ACL rules (0=ignore,
1=check).
For example, to set 00:00:00:00:10:XX, use mask FF:FF:FF:FF:FF:00.
2. Select Source MAC Mask and/or Destination MAC Mask. The Mask Generate button is active.
3. Enter a MAC mask in the box adjacent to the Mask Generate button.
Alternatively, click . The Generate Mask by range fields appear.
Enter a MAC address range into the Generate Mask by range fields, and click . The mask is
generated.
4. Click . The ACL profile is added, and the device is updated.
To define L2 802.1Q VLAN ACL profile:
1. Click the 802.1Q VLAN button. The ACL Profile L2 ACL Tagged Page updates to show the following:
Figure 8-6 ACL Profile L2 ACL Tagged VLAN Page

The ACL Profile L2 ACL Tagged VLAN Page contains the following fields:
Field Description
802.1p Sets the 802.1p field as an essential field to match.
VLAN VID Sets the VLAN VID field as an essential field to match.
2. Define the 802.1p and VLAN VID fields.
To define L2 Ether Type ACL profile
This option defines whether or not the Ether Type field is checked for a match.
58
1. Click the Ether Type button. The ACL Profile L2 ACL Tagged Page updates to show the following:
Figure 8-7 ACL Profile L2 ACL Tagged Ether Type Page
NOTE: A combination of one or several filtering masks can be selected simultaneously. The page
updates with the relevant field(s).
59
If L2 ACL Untagged is selected, the page updates as follows (without the 802.1Q VLAN field):
Figure 8-8 ACL Profile L2 ACL Untagged Page

Defining Level 3 ACL
If L3 ACL ICMP is selected, the page updates as follows:
Figure 8-9 Add ACL Profile L3 Page

To define L3 IPv4 DSCP ACL profile:
60
This option defines whether or not the DSCP field is checked for a match.
1. Click the IPv4 DSCP button. The Add ACL Profile L3 Page updates to show the following:
Figure 8-10 ACL Profile L3 ACL ICMP IPv4 DSCP Page

To define L3 IPv4 Address ACL profile:
1. Click the IPv4 Address button. The Add ACL Profile L3 Page updates to show the following:
Figure 8-11 ACL Profile L3 ACL ICMP IPv4 Address Page

The ACL Profile L3 ACL ICMP IPv4 Address Page contains the following fields:
Field Description
61
Field Description
Source IP Mask Defines the range of source IP addresses, relevant to the ACL rules. (0=ignore,
1=check).
For example, to set 176.212.XX.XX, use mask 255.255.0.0
Destination IP Mask Defines the range of destination IP addresses, relevant to the ACL rules. (0=ignore,
1=check).
For example, to set 176.212.XX.XX, use mask 255.255.0.0
2. Select Source IP Mask and/or Destination IP Mask. The Mask Generate button is active.
3. Enter an IP mask in the box adjacent to the Mask Generate button.
Enter an IP address range into the Generate Mask by range fields, and click . The mask is generated.

To define L3 ICMP ACL profile:
1. Click the ICMP button. The Add ACL Profile L3 Page updates to show the following:
Figure 8-12 ACL Profile L3 ACL ICMP Page

The ACL Profile L3 ACL ICMP Page contains the following fields:
Field Description
ICMP Type Sets the ICMP Type field as an essential field to match.
ICMP Code Sets the ICMP code field as an essential field to match.
2. Select the ICMP Type and/or ICMP Code fields.
To define L3 IGMP ACL profile:
This option defines whether or not the IGMP field is checked for a match.
If L3 ACL IGMP is selected, the page updates as follows:
62
Figure 8-13 ACL Profile L3 IGMP Page

1. Click the IGMP button. The Add ACL Profile L3 Page updates to show the following:
Figure 8-14 ACL Profile L3 IGMP Selected Page

If L3 ACL TCP is selected, the page updates as follows:
63
Figure 8-15 ACL Profile L3 TCP Page

To define L3 TCP Port ACL profile:
1. Click the TCP Port button. The Add ACL Profile L3 Page updates to show the following:
Figure 8-16 ACL Profile L3 TCP Port Page

The ACL Profile L3 TCP Port PageACL Profile L3 TCP Port PageACL Profile L3 TCP Port Page contains the following
fields:
64
Field Description
Source Port Mask Defines the range of source Ports relevant to the ACL rules. (0=ignore, 1=check).
For example, to set 0 – 15, set mask of F.
Destination Port Mask Defines the range of destination IP addresses, relevant to the ACL rules. (0=ignore,
1=check).
2. Select Source Port Mask and/or Destination Port Mask. The Mask Generate button is active.
3. Enter a port ID in the box adjacent to the Mask Generate button.
Enter a port ID range into the Generate Mask by range fields, and click . The mask is generated.

To define L3 TCP Flag ACL Profile:
This option defines whether or not the TCP Flag field is checked for a match.
1. Click the TCP Flag button. The Add ACL Profile L3 Page updates to show the following:
Figure 8-17 ACL Profile L3 TCP Flag Page
If L3 ACL UDP is selected, the page updates as follows:
65
Figure 8-18 ACL Profile L3 UDP Page

1. Click the UDP Port button. The Add ACL Profile L3 Page updates to show the following:
Figure 8-19 ACL Profile L3 UDP Port Page
The ACL Profile L3 UDP Port Page contains the following fields:
Field Description
66
Field Description
Source Port Mask Defines the range of source Ports relevant to the ACL rules. (0=ignore, 1=check).
Destination Port Mask Defines the range of destination IP addresses, relevant to the ACL rules. (0=ignore,
1=check).
2. Select Source Port Mask and/or Destination Port Mask. The Mask Generate button is active.
3. Enter a port ID in the box adjacent to the Mask Generate button.
Enter a port ID range into the Generate Mask by range fields, and click . The mask is generated.
NOTE: A combination of one or several filtering masks can be selected simultaneously. The page
updates with the relevant field(s).
67
Defining Access Rules Lists

The following conditions can be defined as Access Rules:
Filter Description
Source Port IP Address and Wildcard Mask Filters the packets by the Source port IP address and wildcard
mask.
Destination Port IP Address and Wildcard Mask Filters the packets by the Source port IP address and wildcard
mask.
ACE Priority Filters the packets by the ACE priority.
Protocol Filters the packets by the IP protocol.
DSCP Filters the packets by the DiffServ Code Point (DSCP) value.
IP Precedence Filters the packets by the IP Precedence.
Action Indicates the action assigned to the packet matching the ACL
conditions. Packets are forwarded, dropped or going through
QoS action.
• Click ACL > Access Profile List: The Access Profile List Page opens.
Figure 8-20 Access Profile List Page

The Add Access Rule Page contains the following fields:
Field Description
Profile ID Displays the Access Profile of users with access to view the rule list.
Profile Summary Displays the Access Rule.
To change ACL rules:
1. Click . The Add Access Rule Page opens:
68
Figure 8-21 Add Access Rule Page (IP based ACL)

The Add Access Rule Page contains the following fields:
Field Description
Profile ID Displays the Profile ID to which the rule is being added to.
Source ID Displays the source IP address
TCP Source Port Displays The TCP Source Port
TCP Flag Mask Indicates if TCP flag mask is active.
Access ID Defines the Access ID
Type Displays the profile type (IP based).
Source IP Address Displays the source IP address.
TCP Flag Defines the indicated TCP flag that can be triggered.
Source Port Displays the TCP source port.
Ports Defines the source ports.
Action Defines the action to be taken The possible values are:
Rate Limiting — Rate limiting is activated if all other ACL criteria are met.
Change 1P priority — VPT (CoS) value is changed if all other ACL criteria is met.
Replace DSCP — Reassigns a new DSCP value to the packet if all other ACL
criteria are met.
2. Define the Rule Detail fields.
3. Click . The rule is changed, and the device is updated.
69
Finding ACL Rules

The ACL Finder Page identifies any rule which has been assigned to a specific port. To find ACL rules:
1. Click ACL > ACL Finder: The ACL Finder Page opens:
Figure 8-22 ACL Finder Page

The ACL Finder Page contains the following fields:
Field Description
Profile ID (list box) Defines the Profile ID for the search
Ports Indicates the ports for which rules are sought
Profile ID Indicates the Profile ID
Access ID Indicates the ACL rule ID number.
Profile Type Indicates if the profile is IP or Ethernet
Summary Displays the access rule.
Action Displays the action chosen for the profile.
2. Define the Profile ID and Ports fields.
3. Click . The ACL rule is displayed.
To delete an ACL Profile entry:
2. Click . A dialog box opens prompting a confirmation.
3. Click . The entry is deleted.

To view or define the rule details:
1. Click the Access ID (linked number). The Rule Detail Page opens:
70
Figure 8-23 Rule Detail Page

The Rule Detail Page contains the following fields:
Field Description
Profile ID Displays the profile ID range.
Source MAC Displays the Source MAC range.
Destination MAC Displays the destination MAC range.
Ether Type Displays if Ether Type is included.
Access ID Defines the Access ID
Type Displays the profile type (can be MAC based or IP based).
VLAN Name Defines the user-defined VLAN name.
Destination MAC Address Matches the destination MAC address to which packets will be subject to action.
Source MAC Address Matches the source MAC address to which packets will be subject to action.
Ether Type Defines the code type used.
Ports Indicates the ports for which rules are sought.
Action Defines the action for the profile. The possible fields are:
Rate Limiting — Rate limiting is activated if all other ACL criteria are met.
Change 1P priority — VPT (CoS) value is changed if all other ACL criteria is met.
Replace DSCP — Reassigns a new DSCP value to the packet if all other ACL
criteria are met.
2. Define the Rule Detail fields.
3. Click . The rule is defined, and the device is update
71
Subject to the terms and conditions set forth herein, D-Link Systems, Inc. (“D-Link”) provides this Limited Warranty:
•
Only to the person or entity that originally purchased the product from D-Link or its authorized reseller or distributor, and
•
Only for products purchased and delivered within the fifty states of the United States, the District of Columbia, U.S. Possessions or
Protectorates, U.S. Military Installations, or addresses with an APO or FPO.
Limited Warranty: D-Link warrants that the hardware portion of the D-Link product described below (“Hardware”) will be free from material
defects in workmanship and materials under normal use from the date of original retail purchase of the product, for the period set forth below
(“Warranty Period”), except as otherwise stated herein.
Limited Lifetime Warranty for the product is defined as follows:
•
Hardware: For as long as the original customer/end user owns the product, or five (5) years after product discontinuance, whichever occurs
first (excluding power supplies and fans)
•
Power supplies and fans: Three (3) Year
•
Spare parts and spare kits: Ninety (90) days
The customer's sole and exclusive remedy and the entire liability of D-Link and its suppliers under this Limited Warranty will be, at D-Link’s
option, to repair or replace the defective Hardware during the Warranty Period at no charge to the original owner or to refund the actual
purchase price paid. Any repair or replacement will be rendered by D-Link at an Authorized D-Link Service Office. The replacement
hardware need not be new or have an identical make, model or part. D-Link may, at its option, replace the defective Hardware or any part
thereof with any reconditioned product that D-Link reasonably determines is substantially equivalent (or superior) in all material respects to
the defective Hardware. Repaired or replacement hardware will be warranted for the remainder of the original Warranty Period or ninety (90)
days, whichever is longer, and is subject to the same limitations and exclusions. If a material defect is incapable of correction, or if D-Link
determines that it is not practical to repair or replace the defective Hardware, the actual price paid by the original purchaser for the defective
Hardware will be refunded by D-Link upon return to D-Link of the defective Hardware. All Hardware or part thereof that is replaced by D-Link,
or for which the purchase price is refunded, shall become the property of D-Link upon replacement or refund.
Limited Software Warranty: D-Link warrants that the software portion of the product (“Software”) will substantially conform to D-Link’s then
current functional specifications for the Software, as set forth in the applicable documentation, from the date of original retail purchase of the
Software for a period of ninety (90) days (“Software Warranty Period”), provided that the Software is properly installed on approved
hardware and operated as contemplated in its documentation. D-Link further warrants that, during the Software Warranty Period, the
magnetic media on which D-Link delivers the Software will be free of physical defects. The customer's sole and exclusive remedy and the
entire liability of D-Link and its suppliers under this Limited Warranty will be, at D-Link’s option, to replace the non-conforming Software (or
defective media) with software that substantially conforms to D-Link’s functional specifications for the Software or to refund the portion of the
actual purchase price paid that is attributable to the Software. Except as otherwise agreed by D-Link in writing, the replacement Software is
provided only to the original licensee, and is subject to the terms and conditions of the license granted by D-Link for the Software.
Replacement Software will be warranted for the remainder of the original Warranty Period and is subject to the same limitations and
exclusions. If a material non-conformance is incapable of correction, or if D-Link determines in its sole discretion that it is not practical to
replace the non-conforming Software, the price paid by the original licensee for the non-conforming Software will be refunded by D-Link;
provided that the non-conforming Software (and all copies thereof) is first returned to D-Link. The license granted respecting any Software
for which a refund is given automatically terminates.
Non-Applicability of Warranty: The Limited Warranty provided hereunder for Hardware and Software portions of D-Link's products will not
be applied to and does not cover any refurbished product and any product purchased through the inventory clearance or liquidation sale or
other sales in which D-Link, the sellers, or the liquidators expressly disclaim their warranty obligation pertaining to the product and in that
case, the product is being sold "As-Is" without any warranty whatsoever including, without limitation, the Limited Warranty as described
herein, notwithstanding anything stated herein to the contrary.
Submitting A Claim: The customer shall return the product to the original purchase point based on its return policy. In case the return policy
period has expired and the product is within warranty, the customer shall submit a claim to D-Link as outlined below:
• The customer must submit with the product as part of the claim a written description of the Hardware defect or Software
nonconformance in sufficient detail to allow D-Link to confirm the same, along with proof of purchase of the product (such as a copy of the
dated purchase invoice for the product) if the product is not registered.
• The customer must obtain a Case ID Number from D-Link Technical Support at 1-877-453-5465, who will attempt to assist the
customer in resolving any suspected defects with the product. If the product is considered defective, the customer must obtain a Return
Material Authorization (“RMA”) number by completing the RMA form and entering the assigned Case ID Number at https://rma.dlink.com/.
52
• After an RMA number is issued, the defective product must be packaged securely in the original or other suitable shipping package
to ensure that it will not be damaged in transit, and the RMA number must be prominently marked on the outside of the package. Do not
include any manuals or accessories in the shipping package. D-Link will only replace the defective portion of the product and will not ship
back any accessories.
• The customer is responsible for all in-bound shipping charges to D-Link. No Cash on Delivery (“COD”) is allowed. Products sent
COD will either be rejected by D-Link or become the property of D-Link. Products shall be fully insured by the customer and shipped to D-
Link Systems, Inc., 17595 Mt. Herrmann, Fountain Valley, CA 92708. D-Link will not be held responsible for any packages that are lost in
transit to D-Link. The repaired or replaced packages will be shipped to the customer via UPS Ground or any common carrier selected by D-
Link. Return shipping charges shall be prepaid by D-Link if you use an address in the United States, otherwise we will ship the product to you
freight collect. Expedited shipping is available upon request and provided shipping charges are prepaid by the customer.
D-Link may reject or return any product that is not packaged and shipped in strict compliance with the foregoing requirements, or for which
an RMA number is not visible from the outside of the package. The product owner agrees to pay D-Link’s reasonable handling and return
shipping charges for any product that is not packaged and shipped in accordance with the foregoing requirements, or that is determined by
D-Link not to be defective or non-conforming.
What Is Not Covered: The Limited Warranty provided herein by D-Link does not cover: Products that, in D-Link’s judgment, have been
subjected to abuse, accident, alteration, modification, tampering, negligence, misuse, faulty installation, lack of reasonable care, repair or
service in any way that is not contemplated in the documentation for the product, or if the model or serial number has been altered, tampered
with, defaced or removed; Initial installation, installation and removal of the product for repair, and shipping costs; Operational adjustments
covered in the operating manual for the product, and normal maintenance; Damage that occurs in shipment, due to act of God, failures due
to power surge, and cosmetic damage; Any hardware, software, firmware or other products or services provided by anyone other than D-Link;
and Products that have been purchased from inventory clearance or liquidation sales or other sales in which D-Link, the sellers, or the
liquidators expressly disclaim their warranty obligation pertaining to the product. While necessary maintenance or repairs on your Product
can be performed by any company, we recommend that you use only an Authorized D-Link Service Office. Improper or incorrectly performed
maintenance or repair voids this Limited Warranty.
Disclaimer of Other Warranties: EXCEPT FOR THE LIMITED WARRANTY SPECIFIED HEREIN, THE PRODUCT IS PROVIDED “AS-IS”
WITHOUT ANY WARRANTY OF ANY KIND WHATSOEVER INCLUDING, WITHOUT LIMITATION, ANY WARRANTY OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IF ANY IMPLIED WARRANTY CANNOT BE
DISCLAIMED IN ANY TERRITORY WHERE A PRODUCT IS SOLD, THE DURATION OF SUCH IMPLIED WARRANTY SHALL BE
LIMITED TO NINETY (90) DAYS. EXCEPT AS EXPRESSLY COVERED UNDER THE LIMITED WARRANTY PROVIDED HEREIN, THE
ENTIRE RISK AS TO THE QUALITY, SELECTION AND PERFORMANCE OF THE PRODUCT IS WITH THE PURCHASER OF THE
PRODUCT.
Limitation of Liability: TO THE MAXIMUM EXTENT PERMITTED BY LAW, D-LINK IS NOT LIABLE UNDER ANY CONTRACT,
NEGLIGENCE, STRICT LIABILITY OR OTHER LEGAL OR EQUITABLE THEORY FOR ANY LOSS OF USE OF THE PRODUCT,
INCONVENIENCE OR DAMAGES OF ANY CHARACTER, WHETHER DIRECT, SPECIAL, INCIDENTAL OR CONSEQUENTIAL
(INCLUDING, BUT NOT LIMITED TO, DAMAGES FOR LOSS OF GOODWILL, LOSS OF REVENUE OR PROFIT, WORK STOPPAGE,
COMPUTER FAILURE OR MALFUNCTION, FAILURE OF OTHER EQUIPMENT OR COMPUTER PROGRAMS TO WHICH D-LINK’S
PRODUCT IS CONNECTED WITH, LOSS OF INFORMATION OR DATA CONTAINED IN, STORED ON, OR INTEGRATED WITH ANY
PRODUCT RETURNED TO D-LINK FOR WARRANTY SERVICE) RESULTING FROM THE USE OF THE PRODUCT, RELATING TO
WARRANTY SERVICE, OR ARISING OUT OF ANY BREACH OF THIS LIMITED WARRANTY, EVEN IF D-LINK HAS BEEN ADVISED OF
THE POSSIBILITY OF SUCH DAMAGES. THE SOLE REMEDY FOR A BREACH OF THE FOREGOING LIMITED WARRANTY IS REPAIR,
REPLACEMENT OR REFUND OF THE DEFECTIVE OR NON-CONFORMING PRODUCT. THE MAXIMUM LIABILITY OF D-LINK UNDER
THIS WARRANTY IS LIMITED TO THE PURCHASE PRICE OF THE PRODUCT COVERED BY THE WARRANTY. THE FOREGOING
EXPRESS WRITTEN WARRANTIES AND REMEDIES ARE EXCLUSIVE AND ARE IN LIEU OF ANY OTHER WARRANTIES OR
REMEDIES, EXPRESS, IMPLIED OR STATUTORY.
Governing Law: This Limited Warranty shall be governed by the laws of the State of California. Some states do not allow exclusion or
limitation of incidental or consequential damages, or limitations on how long an implied warranty lasts, so the foregoing limitations and
exclusions may not apply. This Limited Warranty provides specific legal rights and you may also have other rights which vary from state to
state.
Trademarks: D-Link is a registered trademark of D-Link Systems, Inc. Other trademarks or registered trademarks are the property of their
respective owners.
Copyright Statement: No part of this publication or documentation accompanying this product may be
reproduced in any form or by any means or used to make any derivative such as translation,
transformation, or adaptation without permission from D-Link Corporation/D-Link Systems, Inc., as
stipulated by the United States Copyright Act of 1976 and any amendments thereto. Contents are subject
to change without prior notice. Copyright 2007 by D-Link Corporation/D-Link Systems, Inc. All rights
reserved.
CE Mark Warning: This is a Class A product. In a residential environment, this product may cause radio interference, in which case the user
may be required to take adequate measures.
Gover ning Law: This Limited Warranty shall be governed by the laws of the State of California. Some states do not allow exclusion or
limitation of incidental or consequential damages, or limitations on how long an implied warranty lasts, so the foregoing limitations and
exclusions may not apply. This limited warranty provides specific legal rights and the product owner may also have other rights which
vary from state to state.
Trademarks: D-Link is a registered trademark of D-Link Systems, Inc. Other trademarks or registered trademarks are the property of
their respective manufacturers or owners.
53
FCC Statement: This equipment has been tested and found to comply with the limits for a
Class A digital device, pursuant to part 15 of the FCC Rules. These limits are designed to
provide reasonable protection against harmful interference in a commercial installation. This
equipment generates, uses, and can radiate radio frequency energy and, if not installed and
used in accordance with the instructions, may cause harmful interference to radio
communication. However, there is no guarantee that interference will not occur in a particular
installation. Operation of this equipment in a residential environment is likely to cause harmful
interference to radio or television reception. If this equipment does cause harmful interference
to radio or television reception, which can be determined by turning the equipment off and on,
the user is encouraged to try to correct the interference by one or more of the following
measures:
• Reorient or relocate the receiving antenna.
• Increase the separation between the equipment and receiver.
• Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.
• Consult the dealer or an experienced radio/TV technician for help.
For detailed warranty information applicable to products purchased outside the United States, please contact the
corresponding local D-Link office.
54
Product Registration
Register your D-Link product online at http://support.dlink.com/register/

Product registration is entirely voluntary and failure to complete or return this form will not diminish
your warranty rights.
55
LIMITED WARRANTY
D-Link provides this limited warranty for its product only to the person or entity who originally
purchased the product from D-Link or its authorized reseller or distributor. D-Link would fulfill
the warranty obligation according to the local warranty policy in which you purchased our
products.
Limited Hardware Warranty: D-Link warrants that the hardware portion of the D-Link
products described below (“Hardware”) will be free from material defects in workmanship and
materials from the date of original retail purchase of the Hardware, for the period set forth
below applicable to the product type (“Warranty Period”) if the Hardware is used and serviced
in accordance with applicable documentation; provided that a completed Registration Card is
returned to an Authorized D-Link Service Office within ninety (90) days after the date of
original retail purchase of the Hardware. If a completed Registration Card is not received by an
authorized D-Link Service Office within such ninety (90) period, then the Warranty Period
shall be ninety (90) days from the date of purchase.
Product Type Warranty Period
Product (including Power Supplies and Fans) One (1) Year
Spare parts and pare kits Ninety (90) days
D-Link’s sole obligation shall be to repair or replace the defective Hardware at no charge to
the original owner. Such repair or replacement will be rendered by D-Link at an Authorized D-
Link Service Office. The replacement Hardware need not be new or of an identical make,
model or part; D-Link may in its discretion may replace the defective Hardware (or any part
thereof) with any reconditioned product that D-Link reasonably determines is substantially
equivalent (or superior) in all material respects to the defective Hardware. The Warranty
Period shall extend for an additional ninety (90) days after any repaired or replaced Hardware
is delivered. If a material defect is incapable of correction, or if D-Link determines in its sole
discretion that it is not practical to repair or replace the defective Hardware, the price paid by
the original purchaser for the defective Hardware will be refunded by D-Link upon return to D-
Link of the defective Hardware. All Hardware (or part thereof) that is replaced by D-Link, or for
which the purchase price is refunded, shall become the property of D-Link upon replacement
or refund.
Limited Software Warranty: D-Link warrants that the software portion of the product (“Software”)
will substantially conform to D-Link’s then current functional specifications for the Software, as set
forth in the applicable documentation, from the date of original delivery of the Software for a period of
ninety (90) days (“Warranty Period”), if the Software is properly installed on approved hardware and
operated as contemplated in its documentation. D-Link further warrants that, during the Warranty
Period, the magnetic media on which D-Link delivers the Software will be free of physical defects.
56
D-Link’s sole obligation shall be to replace the non-conforming Software (or defective media)
with software that substantially conforms to D-Link’s functional specifications for the Software.
Except as otherwise agreed by D-Link in writing, the replacement Software is provided only to
the original licensee, and is subject to the terms and conditions of the license granted by D-Link
for the Software. The Warranty Period shall extend for an additional ninety (90) days after any
replacement Software is delivered. If a material non-conformance is incapable of correction, or
if D-Link determines in its sole discretion that it is not practical to replace the non-conforming
Software, the price paid by the original licensee for the non-conforming Software will be
refunded by D-Link; provided that the non-conforming Software (and all copies thereof) is first
returned to D-Link. The license granted respecting any Software for which a refund is given
automatically terminates.
What You Must Do For Warranty Service:
Registration Card. The Registration Card provided at the back of this manual must be
completed and returned to an Authorized D-Link Service Office for each D-Link product
within ninety (90) days after the product is purchased and/or licensed. The
addresses/telephone/fax list of the nearest Authorized D-Link Service Office is provided in the
back of this manual. FAILURE TO PROPERLY COMPLETE AND TIMELY RETURN THE
REGISTRATION CARD MAY AFFECT THE WARRANTY FOR THIS PRODUCT.
Submitting A Claim. Any claim under this limited warranty must be submitted in writing
before the end of the Warranty Period to an Authorized D-Link Service Office. The claim must
include a written description of the Hardware defect or Software nonconformance in sufficient
detail to allow D-Link to confirm the same. The original product owner must obtain a Return
Material Authorization (RMA) number from the Authorized D-Link Service Office and, if
requested, provide written proof of purchase of the product (such as a copy of the dated
purchase invoice for the product) before the warranty service is provided. After an RMA
number is issued, the defective product must be packaged securely in the original or other
suitable shipping package to ensure that it will not be damaged in transit, and the RMA number
must be prominently marked on the outside of the package. The packaged product shall be
insured and shipped to Authorized D-Link Service Office with all shipping costs prepaid. D-
Link may reject or return any product that is not packaged and shipped in strict compliance
with the foregoing requirements, or for which an RMA number is not visible from the outside
of the package. The product owner agrees to pay D-Link’s reasonable handling and return
shipping charges for any product that is not packaged and shipped in accordance with the
foregoing requirements, or that is determined by D-Link not to be defective or non-conforming.
What Is Not Covered:
This limited warranty provided by D-Link does not cover:
57
Products that have been subjected to abuse, accident, alteration, modification, tampering,
negligence, misuse, faulty installation, lack of reasonable care, repair or service in any way that
is not contemplated in the documentation for the product, or if the model or serial number has
been altered, tampered with, defaced or removed;
Initial installation, installation and removal of the product for repair, and shipping costs;
Operational adjustments covered in the operating manual for the product, and normal
maintenance;
Damage that occurs in shipment, due to act of God, failures due to power surge, and cosmetic
damage;
and
Any hardware, software, firmware or other products or services provided by anyone other than
D-Link.
Disclaimer of Other Warranties: EXCEPT FOR THE LIMITED WARRANTY SPECIFIED

HEREIN, THE PRODUCT IS PROVIDED “AS-IS” WITHOUT ANY WARRANTY OF
ANY KIND INCLUDING, WITHOUT LIMITATION, ANY WARRANTY OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-
INFRINGEMENT. IF ANY IMPLIED WARRANTY CANNOT BE DISCLAIMED IN ANY
TERRITORY WHERE A PRODUCT IS SOLD, THE DURATION OF SUCH IMPLIED
WARRANTY SHALL BE LIMITED TO NINETY (90) DAYS. EXCEPT AS EXPRESSLY
COVERED UNDER THE LIMITED WARRANTY PROVIDED HEREIN, THE ENTIRE
RISK AS TO THE QUALITY, SELECTION AND PERFORMANCE OF THE PRODUCT IS
WITH THE PURCHASER OF THE PRODUCT.
Limitation of Liability: TO THE MAXIMUM EXTENT PERMITTED BY LAW, D-LINK IS

NOT LIABLE UNDER ANY CONTRACT, NEGLIGENCE, STRICT LIABILITY OR
OTHER LEGAL OR EQUITABLE THEORY FOR ANY LOSS OF USE OF THE PRODUCT,
INCONVENIENCE OR DAMAGES OF ANY CHARACTER, WHETHER DIRECT,
SPECIAL, INCIDENTAL OR CONSEQUENTIAL (INCLUDING, BUT NOT LIMITED TO,
DAMAGES FOR LOSS OF GOODWILL, WORK STOPPAGE, COMPUTER FAILURE OR
MALFUNCTION, LOSS OF INFORMATION OR DATA CONTAINED IN, STORED ON,
OR INTEGRATED WITH ANY PRODUCT RETURNED TO D-LINK FOR WARRANTY
SERVICE) RESULTING FROM THE USE OF THE PRODUCT, RELATING TO
WARRANTY SERVICE, OR ARISING OUT OF ANY BREACH OF THIS LIMITED
WARRANTY, EVEN IF D-LINK HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
DAMAGES. THE SOLE REMEDY FOR A BREACH OF THE FOREGOING LIMITED
WARRANTY IS REPAIR, REPLACEMENT OR REFUND OF THE DEFECTIVE OR NON-
CONFORMING PRODUCT.
GOVERNING LAW: This Limited Warranty shall be governed by the laws of the state of
California.
58
Some states do not allow exclusion or limitation of incidental or consequential damages, or
limitations on how long an implied warranty lasts, so the foregoing limitations and exclusions
may not apply. This limited warranty provides specific legal rights and the product owner may
also have other rights which vary from state to state.
Trademarks
Copyright 2007 D-Link Corporation. Contents subject to change without prior notice. D-Link is
a
registered trademark of D-Link Corporation/D-Link Systems, Inc. All other trademarks belong
to their
respective proprietors.
Copyright Statement
No part of this publication may be reproduced in any form or by any means or used to make
any derivative such as translation, transformation, or adaptation without permission from D-
Link Corporation/D-Link Systems Inc., as stipulated by the United States Copyright Act of
1976.
FCC Warning
This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the
FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is
operated in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy and, if not
installed and used in accordance with this manual, may cause harmful interference to radio communications. Operation of
this equipment in a residential area is likely to cause harmful interference in which case the user will be required to correct
the interference at his own expense.
59
Technical Support
Technical Support
You can find software updates and user documentation on the D-Link websites.
If you require product support, we encourage you to browse our FAQ section on
the Web Site before contacting the Support line. We have many FAQ’s which
we hope will provide you a speedy resolution for your problem.
For Customers within

The United Kingdom & Ireland:
D-Link UK & Ireland Technical Support over the Internet:
http://www.dlink.co.uk
ftp://ftp.dlink.co.uk
D-Link UK & Ireland Technical Support over the Telephone:
08456 12 0003 (United Kingdom)
+1890 886 899 (Ireland)
Lines Open
9:00 am - 06:00 pm Mon-Fri
10:00am - 02:00 pm Sat
Closed on Sun
For Customers within Canada:

D-Link Canada Technical Support over the Telephone:
1-800-361-5265 (Canada)
Mon. to Fri. 7:30AM to 9:00PM EST
D-Link Canada Technical Support over the Internet:

http://support.dlink.ca
email: support@dlink.ca
60
Technische Unterstützung
Aktualisierte Versionen von Software und Benutzerhandbuch finden

Sie auf der Website von D-Link.
D-Link bietet kostenfreie technische Unterstützung für Kunden

innerhalb Deutschlands, Österreichs, der Schweiz und Osteuropas.
Unsere Kunden können technische Unterstützung über unsere

Website, per E-Mail oder telefonisch anfordern.
Web: http://www.dlink.de
E-Mail: support@dlink.de
Telefon: +49 (1805)2787
0,12€/Min aus dem Festnetz der Deutschen Telekom.
Telefonische technische Unterstützung erhalten Sie Montags bis

Freitags von 09.00 bis 17.30 Uhr.
Unterstützung erhalten Sie auch bei der Premiumhotline für D-Link

Produkte unter der Rufnummer 09001-475767
Montag bis Freitag von 6-22 Uhr und am Wochenende von 11-18
Uhr.
1,75€/Min aus dem Festnetz der Deutschen Telekom.
Wenn Sie Kunde von D-Link außerhalb Deutschlands, Österreichs, der

Schweiz und Osteuropas sind, wenden Sie sich bitte an die zuständige
Niederlassung aus der Liste im Benutzerhandbuch.
61
Assistance technique
Vous trouverez la documentation et les logiciels les plus récents sur le site
web D-Link.
Vous pouvez contacter le service technique de

D-Link par notre site internet ou par téléphone.
Support technique destiné aux clients établis en France:

Assistance technique D-Link par téléphone :
0820 0803 03
N° INDIGO - 0,12€ TTC/min*
*Prix en France Métropolitaine au 3 mars 2005
Du lundi au samedi – de 9h00 à 19h00
Assistance technique D-Link sur internet :
http://www.dlink.fr
e-mail : support@dlink.fr
Support technique destiné aux clients établis au Canada :

Assistance technique D-Link par téléphone :
(800) 361-5265
Lun.-Ven. 7h30 à 21h00 HNE.
Assistance technique D-Link sur internet :
http ://support.dlink.ca
e-mail : support@dlink.ca
62
Asistencia Técnica
Puede encontrar las últimas versiones de software así como

documentación técnica en el sitio web de D-Link.
D-Link ofrece asistencia técnica gratuita para clientes

residentes en España durante el periodo de garantía del
producto.
Asistencia Técnica de D-Link por teléfono:

+34 902 30 45 45
Lunes a Viernes de 9:00 a 14:00 y de 15:00 a 18:00
Asistencia Técnica de D-Link a través de Internet:

http://www.dlink.es/support/
e-mail: soporte@dlink.es
63
Supporto tecnico
Gli ultimi aggiornamenti e la documentazione sono

disponibili sul sito D-Link.
Supporto tecnico per i clienti residenti in Italia

D-Link Mediterraneo S.r.L.
Via N. Bonnet 6/B 20154 Milano
Supporto Tecnico dal lunedì al venerdì dalle ore

9.00 alle ore 19.00 con orario continuato
Telefono: 199 400057
URL : http://www.dlink.it/supporto.html
Email: tech@dlink.it
64
Technical Support
You can find software updates and user documentation on the D-Link website.
D-Link provides free technical support for customers within Benelux for the
duration of the warranty period on this product.
Benelux customers can contact D-Link technical support through our website, or
by phone.
Tech Support for customers within the Netherlands:

D-Link Technical Support over the Telephone:
0900 501 2007
Monday to Friday 9:00 am to 10:00 pm
D-Link Technical Support over the Internet:
www.dlink.nl
Tech Support for customers within Belgium:

070 66 06 40
www.dlink.be
Tech Support for customers within

Luxemburg:
+32 70 66 06 40
www.dlink.be
65
Pomoc techniczna
Najnowsze wersje oprogramowania i dokumentacji użytkownika

można znaleźć w serwisie internetowym firmy D-Link.
D-Link zapewnia bezpłatną pomoc techniczną klientom w Polsce

w okresie gwarancyjnym produktu.
Klienci z Polski mogą się kontaktować z działem pomocy

technicznej firmy D-Link za pośrednictwem Internetu lub
telefonicznie.
Telefoniczna pomoc techniczna firmy D-Link:

0 801 022 021
Pomoc techniczna firmy D-Link świadczona przez Internet:

URL: http://www.dlink.pl
e-mail: dlink@fixit.pl
66
Technická podpora
Aktualizované verze software a uživatelských příruček najdete na

webové stránce firmy D-Link.
D-Link poskytuje svým zákazníkům bezplatnou technickou

podporu
Zákazníci mohou kontaktovat oddělení technické podpory přes

webové stránky, mailem nebo telefonicky
Web: http://www.dlink.cz/suppport/
E-mail: support@dlink.cz
Telefon: 224 247 503
Telefonická podpora je v provozu:

PO- PÁ od 09.00 do 17.00
67
Technikai Támogatás
Meghajtó programokat és frissítéseket a D-Link Magyarország

weblapjáról tölthet le.
Telefonon technikai segítséget munkanapokon hétfőtől-csütörtökig
9.00 – 16.00 óráig és pénteken 9.00 – 14.00 óráig kérhet
a (1) 461-3001 telefonszámon vagy a support@dlink.hu emailcímen.
Magyarországi technikai támogatás :
D-Link Magyarország
1074 Budapest, Alsóerdősor u. 6. – R70 Irodaház 1 em.
Tel. : 06 1 461-3001
Fax : 06 1 461-3004
email : support@dlink.hu
URL : http://www.dlink.hu
68
Teknisk Support
Du kan finne programvare oppdateringer og bruker
dokumentasjon på D-Links web sider.
D-Link tilbyr sine kunder gratis teknisk support under

produktets garantitid.
Kunder kan kontakte D-Links teknisk support via våre

hjemmesider, eller på tlf.
Teknisk Support:
D-Link Teknisk telefon Support:
800 10 610
(Hverdager 08:00-20:00)
D-Link Teknisk Support over Internett:

http://www.dlink.no
69
Teknisk Support
Du finder software opdateringer og bruger-
dokumentation på D-Link’s hjemmeside.
D-Link tilbyder gratis teknisk support til kunder

i Danmark i hele produktets garantiperiode.
Danske kunder kan kontakte D-Link’s tekniske

support via vores hjemmeside eller telefonisk.
D-Link teknisk support over telefonen:

Tlf. 7026 9040
Hverdager: kl. 08:00 – 20:00
D-Link teknisk support på Internettet:

http://www.dlink.dk
70
Teknistä tukea asiakkaille
Suomessa:
D-Link tarjoaa teknistä tukea asiakkailleen.
Tuotteen takuun voimassaoloajan.
Tekninen tuki palvelee seuraavasti:
Arkisin klo. 9 - 21
numerosta
0800-114 677
Internetin kautta
Ajurit ja lisätietoja tuotteista.
http://www.dlink.fi
Sähköpostin kautta
voit myös tehdä kyselyitä.
71
Teknisk Support
På vår hemsida kan du hitta mer information om
mjukvaru uppdateringar och annan användarinformation.
D-Link tillhandahåller teknisk support till kunder i

Sverige under hela garantitiden för denna produkt.
Teknisk Support för kunder i Sverige:

D-Link Teknisk Support via telefon:
0770-33 00 35
Vardagar 08.00-20.00
D-Link Teknisk Support via Internet:

http://www.dlink.se
72
Suporte Técnico
Você pode encontrar atualizações de software e documentação de
utilizador no site de D-Link Portugal http://www.dlink.pt.
A D-Link fornece suporte técnico gratuito para clientes no Portugal

durante o período de vigência de garantia deste produto.
Suporte Técnico para clientes no Portugal:
Assistência Técnica:
Email: soporte@dlink.es
http://www.dlink.pt/support/
ftp://ftp.dlink.es
73
Τεχνική Υποστήριξη
Μπορείτε να βρείτε software updates και πληροφορίες για τη χρήση των
προϊόντων στις ιστοσελίδες της D-Link
Η D-Link προσφέρει στους πελάτες της δωρεάν υποστήριξη

στον Ελλαδικό χώρο
Μπορείτε να επικοινωνείτε με το τμήμα τεχνικής υποστήριξης μέσω της

ιστοσελίδας ή μέσω τηλεφώνου
Για πελάτες εντός του Ελλαδικού χώρου:

Τηλεφωνική υποστήριξη D-Link :
Τηλ: 210 86 11 114

Φαξ: 210 86 53 172
(Δευτέρα-Παρασκευή 09:00-17:00)
e-mail: support@dlink.gr
Τεχνική υποστήριξη D-Link μέσω Internet:
http://www.dlink.gr
ftp://ftp.dlink.it
74
Technical Support
Tech Support for customers in
Australia:
Tel: 1300-766-868
Monday to Friday 8:00am to 8:00pm EST
Saturday 9:00am to 1:00pm EST
http://www.dlink.com.au
e-mail: support@dlink.com.au
India:
Tel: 1800-222-002
Monday to Friday 9:30AM to 7:00PM
http://www.dlink.co.in/support/productsupport.aspx
Indonesia, Malaysia, Singapore and Thailand:
Tel: +62-21-5731610 (Indonesia)
Tel: 1800-882-880 (Malaysia)
Tel: +65 66229355 (Singapore)
Tel: +66-2-719-8978/9 (Thailand)
Monday to Friday 9:00am to 6:00pm
http://www.dlink.com.sg/support/
e-mail: support@dlink.com.sg
Korea:
Tel: +82-2-890-5496
http://www.d-link.co.kr
e-mail: lee@d-link.co.kr
New Zealand:
Tel: 0800-900-900
Saturday 9:00am to 5:00pm
http://www.dlink.co.nz
e-mail: support@dlink.co.nz
75
Technical Support
Tech Support for customers in
Egypt:
Tel: +202-2919035 or +202-2919047
Sunday to Thursday 9:00am to 5:00pm
http://support.dlink-me.com
e-mail: amostafa@dlink-me.com
Iran:
Tel: +98-21-88822613
e-mail: support.ir@dlink-me.com
Israel:
Tel: +972-9-9715701
http://www.dlink.co.il/support/
e-mail: support@dlink.co.il
Pakistan:
Tel: +92-21-4548158 or +92-21-4548310
e-mail: support.pk@dlink-me.com
South Africa and Sub Sahara Region:
Tel: +27-12-665-2165
08600 DLINK (for South Africa only)
Monday to Friday 8:30am to 9:00pm South Africa Time
http://www.d-link.co.za
Turkey:
Tel: +90-212-2895659
http://www.dlink.com.tr
e-mail: turkiye@dlink-me.com
e-mail: support@d-link.co.za
U.A.E and North Africa:
Tel: +971-4-391-6480 (U.A.E)
Sunday to Wednesday 9:00am to 6:00pm GMT+4
Thursday 9:00am to 1:00pm GMT+4
e-mail: support@dlink-me.com
76
Техническая поддержка
Обновления программного обеспечения и документация
доступны на Интернет-сайте D-Link.
D-Link предоставляет бесплатную поддержку для клиентов

в течение гарантийного срока.
Клиенты могут обратиться в группу технической поддержки

D-Link по телефону или через Интернет.
Техническая поддержка D-Link:

+495-744-00-99
Техническая поддержка через Интернет

http://www.dlink.ru
e-mail: support@dlink.ru
77
Asistencia Técnica
D-Link Latin América pone a disposición de sus clientes, especificaciones,
documentación y software mas reciente a través de nuestro Sitio Web
www.dlinkla.com
El servicio de soporte técnico tiene presencia en numerosos países de la
Región Latino América, y presta asistencia gratuita a todos los clientes de
D-Link, en forma telefónica e internet, a través de la casilla
soporte@dlinkla.com
Soporte Técnico Help Desk Argentina:
TTeléfono: 0800-12235465 Lunes a Viernes 09:00 am a 22:00 pm
Soporte Técnico Help Desk Chile:
Teléfono: 800 8 35465 Lunes a Viernes 08:00 am a 21:00 pm
Soporte Técnico Help Desk Colombia:
Teléfono: 01800-9525465 Lunes a Viernes 07:00 am a 20:00 pm
Soporte Técnico Help Desk Ecuador:
Soporte Técnico Help Desk El Salvador:
Soporte Técnico Help Desk Guatemala:
Soporte Técnico Help Desk Panamá:
Teléfono: 00800 0525465 Lunes a Viernes 07:00 am a 20:00 pm
Soporte Técnico Help Desk Costa Rica:
Teléfono: 0800 0521478 Lunes a Viernes 06:00 am a 19:00 pm
Soporte Técnico Help Desk Perú:
Soporte Técnico Help Desk México:
Teléfono: 001 800 123-3201 Lunes a Viernes 06:00 am a 19:00
Soporte Técnico Help Desk Venezuela:
78
Suporte Técnico
Você pode encontrar atualizações de software e documentação

de usuário no site da D-Link Brasil www.dlinkbrasil.com.br.
A D-Link fornece suporte técnico gratuito para clientes no Brasil

durante o período de vigência da garantia deste produto.
Suporte Técnico para clientes no Brasil:

Telefone
São Paulo +11-2185-9301
Segunda à sexta
Das 8h30 às 18h30
Demais Regiões do Brasil 0800 70 24 104
E-mail:
e-mail: suporte@dlinkbrasil.com.br
79
D-Link 友訊科技台灣分公司
技術支援資訊
如果您還有任何本使用手冊無法協助您解決的產品相關問題，台灣
地區用戶可以透過我們的網站、電子郵件或電話等方式與D-Link台灣
地區技術支援工程師聯絡。
D-Link 免付費技術諮詢專線
0800-002-615
服務時間：週一至週五，早上8:30 到晚上9:00
(不含周六、日及國定假日)
網站：http://www.dlink.com.tw
電子郵件：dssqa_service@dlink.com.tw
如果您是台灣地區以外的用戶，請參考D-Link網站全球各地
分公司的聯絡資訊以取得相關支援服務。
產品保固期限、台灣區維修據點查詢，請參考以下網頁說明：
http://www.dlink.com.tw
產品維修：
使用者可直接送至全省聯強直營維修站或請洽您的原購買經銷商。
80
Dukungan Teknis
Update perangkat lunak dan dokumentasi pengguna dapat
diperoleh pada situs web D-Link.
Dukungan Teknis untuk pelanggan:
Dukungan Teknis D-Link melalui telepon:

Tel: +62-21-5731610
Dukungan Teknis D-Link melalui Internet:

Email : support@dlink.co.id
Website : http://support.dlink.co.id
81
技术支持
您可以在 D-Link 的官方網站找到產品的軟件升級和使用手冊
办公地址：北京市东城区北三环东路 36 号环球贸易中心 B 座 26F 02-

05 室邮编: 100013
技术支持中心电话：8008296688/ (028)66052968
技术支持中心传真：(028)85176948
维修中心地址：北京市东城区北三环东路 36 号环球贸易中心 B 座 26F

02-05 室邮编: 100013
维修中心电话：(010) 58257789
维修中心传真：(010) 58257790
网址：http://www.dlink.com.cn
办公时间：周一到周五，早09:00到晚18:00
82
International Offices
U.S.A Germany Spain Egypt

17595 Mt. Herrmann Street Schwalbacher Strasse 74 Avenida Diagonal, 593-95, 9th floor 47,El Merghany street,Heliopolis
Fountain Valley, CA 92708 D-65760 Eschborn, 08014 Barcelona, Cairo-Egypt
TEL: 1-800-326-1688 Germany Spain TEL: +202-2919035, +202-2919047
URL: www.dlink.com TEL: +49 (0)6196 77 99 0 TEL: +34 93 409 07 70 FAX: +202-2919051
FAX: +49 (0)6196 77 99 300 FAX: +34 93 491 07 95 URL: www.dlink-me.com
Canada URL: www.dlink.de URL: www.dlink.es
2180 Winston Park Drive Israel
Oakville, Ontario, L6H 5W1 Greece Sweden 11 Hamanofim Street
Canada 101, Panagoulis Str. 163-43 Gustavslundsvägen 151B Ackerstein Towers, Regus Business
TEL: 1-905-8295033 Heliopolis, Athens, S-167 51 Bromma Center
FAX: 1-905-8295223 Greece Sweden P.O.B 2148, Hertzelia-Pituach
URL: www.dlink.ca TEL: +30 210 9914512 TEL: +46 (0)8 564 619 00 46120
FAX:+30 210 9916902 FAX: +46 (0)8 564 619 01 Israel
Europe (U. K.) URL: www.dlink.gr URL: www.dlink.se TEL: +972-9-9715700
D-Link (Europe) Ltd FAX: +972-9-9715601
D-Link House, Abbey Road Hungary Switzerland URL: www.dlink.co.il
Park Royal, London NW10 7BX Rákóczi út 70-72 Glatt Tower, 2.OG
United Kingdom HU-1074 Budapest, Postfach LatinAmerica
TEL: +44 (0)20 8955 9000 Hungary CH-8301 Glattzentrum Av. Vitacura # 2939, floor 6th
FAX: +44 (0)20 8955 9001 TEL: +36 (0) 1 461 30 00 Switzerland Las Condes, Santiago.
URL: www.dlink.co.uk FAX: +36 (0) 1 461 30 04 TEL: +41 (0)1 832 11 00 RM Chile
URL: www.dlink.hu FAX: +41 (0)1 832 11 01 TEL: 56-2-5838-950
Austria URL: www.dlink.ch FAX: 56-2-5838-952
Building A, Level 3, 11 Talavera Rd Italy URL: www.dlinkla.com
North Ryde, NSW, 2113 Via Nino Bonnet n. 6/b Singapore
Tel: (+61 2 ) 8899 1800 20154 – Milano, 1 International Business Park Brazil
Fax: (+61 2 ) 8899 1868 Italy #03-12 The Synergy Av das Nacoes Unidas
URL: www.dlink.at TEL: +39 02 2900 0676 Singapore 609917 11857 – 14- andar - cj 141/142
FAX: +39 02 2900 1723 TEL: 65-6774-6233 Brooklin Novo
Belgium URL: www.dlink.it FAX: 65-6774-6322 Sao Paulo - SP - Brazil
Rue des Colonies 11 URL: www.dlink-intl.com CEP 04578-000 (Zip Code)
B-1000 Brussels, Luxembourg TEL: (55 11) 21859300
Belgium Rue des Colonies 11 Australia FAX: (55 11) 21859322
TEL: +32 (0)2 517 7111 B-1000 Brussels, 1 Giffnock Avenue URL: www.dlinkbrasil.com.br
FAX: +32 (0)2 517 6500 Belgium North Ryde, NSW 2113
URL: www.dlink.be Tel: +32 (0)2 517 7111 Australia South Africa
FAX: +32 (0)2 517 6500 TEL: 61-2-8899-1800 Einstein Park II
Bulgaria URL: www.dlink.be FAX: 61-2-8899-1868 Block B
60A Bulgaria Blvd., Office 1, URL: www.dlink.com.au 102-106 Witch-Hazel Avenue
Sofia 1680, Netherlands First Floor Block B
Bulgaria Weena 290 India Einstein Park II
TEL: +359 2 958 22 42 3012NJ Rotterdam, D-Link House, Plot No.5, Highveld Techno Park
FAX: +359 2 958 65 57 Netherlands Kurla-Bandra Complex Road, Off. Centurion
URL: www.dlink.eu TEL: +31 (0)10 282 1445 CST Road, Gauteng
FAX: +31 (0)10 282 1331 Santacruz (E), Mumbai - 400 098 Republic of South Africa
Czech Republic URL: www.dlink.nl India TEL: 27-12-665-2165
Vaclavske namesti 36 TEL: 91-22-26526696/ 30616666 FAX: 27-12-665-2186
110 00 Praha 1 Norway FAX: 91-22-26528914/ 8476 URL: www.d-link.co.za
Czech Republic Karihaugveien 89 URL: www.dlink.co.in
TEL: +420 224 247 500 N-1086 Oslo, Russia
FAX: +420 224 234 967 Norway Middle East (Dubai) Grafsky per., 14, floor 6
Hot line CZ: +420 225 281 553 TEL: +47 99 300 100 P.O.Box: 500376 Moscow
Hot line SK: +421 263 813 628 FAX: +47 22 30 90 85 Office: 103, Building:3 129626 Russia
URL: www.dlink.cz URL: www.dlink.no Dubai Internet City TEL: 7-495-744-0099
URL: www.dlink.sk Dubai, United Arab Emirates FAX: 7-495-744-0099 #350
Poland Tel: +971-4-3916480 URL: www.dlink.ru
Denmark Budynek Aurum Fax: +971-4-3908881
Naverland 2, ul. Waliców 11 URL: www.dlink-me.com Japan K.K.
DK-2600 Glostrup, Copenhagen, 00-851 Warszawa, Level 6 Konan YK Building, Konan
Denmark Poland Turkey 2-4-12
TEL: +45 43 96 9 040 TEL: +48 (0) 22 583 92 75 Cayazaya Maslak Yolu Minato-Ku Tokyo 108-0075, Japan
FAX: +45 43 42 43 47 FAX: +48 (0) 22 583 92 76 S/A Kat: 5, URL: www.dlink-jp.com
URL: www.dlink.dk URL: www.dlink.pl Istanbul, Turkey
TEL: 0212-289-5659 China
Finland Portugal FAX:0212-289-7606 Room02-05，Floor26，Building B,
Latokartanontie 7A Rua Fernando Palha, 50 Edificio URL: www.dlink.com.tr Global trade center,36 north third ring
FIN-00700 Helsinki, Simol road east , Dongcheng District,
Finland 1900 Lisbon, Iran Beijing
TEL : +358 10 309 8840 Portugal Unit 6, No. 39, 6th Alley, 100013 , China.
FAX: + 358 10 309 8841 TEL: +351 21 8688493 Sanaei St, Karimkhan Ave TEL: (8610) 5825 7789
URL: www.dlink.fi FAX: +351 21 8622492 Tehran-IRAN FAX: (8610) 5825 7792
URL: www.dlink.es Tel: 9821 8882 2613 URL: www.dlink.com.cn
France Fax: 9821 8883 5492
41 boulevard Vauban Romania Taiwan
78280 Guyancourt B-dul Unirii nr. 55, bl. E4A, sc.2, et. 4, Pakistan No. 289 , Sinhu 3rd Rd., Neihu
France ap. 39, Office#311, Business Avenue District ,
TEL: +33 (0)1 30 23 86 88 sector 3, Bucuresti, Main Shahrah-e-Faisal Taipei City 114 ,Taiwan
FAX: +33 (0)1 30 23 86 89 Romania Karachi-Pakistan TEL: 886-2-6600-0123
URL: www.dlink.fr Tel: +40(0)21 320 23 05 Tel: 92-21-4548158, 4548310 FAX: 886-2-6600-1188
Fax: +40(0)21 320 23 07 Fax: 92-21-4535103 URL: www.dlink.com.tw
URL: www.dlink.eu
83
Registration Card
All Countries and Regions Excluding USA
Print, type or use block letters.
Your name: Mr./Ms _____________________________________________________________________________

Organization: ________________________________________________ Dept. ____________________________
Your title at organization: ________________________________________________________________________
Telephone: _______________________________________ Fax:________________________________________
Organization's e-mail address: ___________________________________________________________________
Organization's full address: ______________________________________________________________________
____________________________________________________________________________________________
Country: _____________________________________________________________________________________
Date of purchase (Month/Day/Year): _______________________________________________________________
Product Model Product Serial No. * Product installed in type of * Product installed in
computer computer serial No.
(* Applies to adapters only)
Product was purchased from:
Reseller's name: ______________________________________________________________________________

Telephone: ___________________________________________________________________________________
Answers to the following questions help us to support your product:
1. Where and how will the product primarily be used?

Home Office Travel Company Business Home Business Personal Use
2. How many employees work at installation site?
1 employee 2-9 10-49 50-99 100-499 500-999 1000 or more
3. What network protocol(s) does your organization use?
XNS/IPX TCP/IP DECnet Others_____________________________
4. What network operating system(s) does your organization use?
D-Link LANsmart Novell NetWare NetWare Lite SCO Unix/Xenix PC NFS 3Com 3+Open Cisco Network
Banyan Vines Mac OSX Windows NT Windows 98 Windows 2000/ME Windows XP Windows Vista
Others__________________________________________
5. What network management program does your organization use?
D-View HP OpenView/Windows HP OpenView/Unix SunNet Manager Novell NMS
NetView 6000 Others________________________________________
6. What network medium/media does your organization use?
Fiber-optics Thick coax Ethernet Thin coax Ethernet 10BASE-T UTP/STP
100BASE-TX 1000BASE-T Wireless 802.11b and 802.11g wireless 802.11a Others_________________
7. What applications are used on your network?
Desktop publishing Spreadsheet Word processing CAD/CAM
Database management Accounting Others_____________________
8. What category best describes your company?
Aerospace Engineering Education Finance Hospital Legal Insurance/Real Estate Manufacturing
Retail/Chain store/Wholesale Government Transportation/Utilities/Communication VAR
System house/company Other________________________________
9. Would you recommend your D-Link product to a friend?
Yes No Don't know yet
10.Your comments on this product?
______________________________________________________________________________________________
______________________________________________________________________________________________

User Manual: D-Link™ DGS-3100 SERIES Gigabit Stackable Managed Switch

Uploaded by

Copyright:

Available Formats

User Manual: D-Link™ DGS-3100 SERIES Gigabit Stackable Managed Switch

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

User Manual: D-Link™ DGS-3100 SERIES Gigabit Stackable Managed Switch

Uploaded by

Copyright:

Available Formats

D-Link™ DGS-3100 SERIES

GIGABIT STACKABLE MANAGED SWITCH

December 2007 P/N

Viewing the Device

DGS-3100 Series Front Panel

Figure 1 DGS-3100 Series 48 Port Front Panel

DGS-3100-24TG Front Panel

Figure 2 DGS-3100-24TG Front Panel

Device Management Methods

User Guide Overview

Notes, Notices, and Cautions

General Precautions for Rack-Mountable Products

Protecting Against Electrostatic Discharge

NOTE: The Factory default IP address for the Switch is 10.90.90.90.

Using the Web-Based User Interface

Understanding the D-Link Embedded Web Interface

Table 1-1. Web Interface Views

Figure 1-1. Device Information Page

Table 1-2. Main Areas

Using the Tool Menu

Displaying the Stack Status

1. Click > Device Locator. The Device Locator Page opens.

Figure 1-2. Device Locator Page

2. Click . The LED locator is activated for 20 seconds.

Backing up and Restoring Configuration Files

Figure 1-3 Config Backup and Restore Page

To backup files, click .

Resetting the Device

1. Click > Reset. The Factory Reset Page opens:

Figure 1-4 Factory Reset Page

Downloading the Firmware

1. Click > Firmware Download. The Firmware Download Page opens:

Figure 1-5 Firmware Download Page

5. Click . The Firmware is downloaded, and the device is updated.

Rebooting the System

1. Click > System Reboot. The System Reboot Page opens:

Figure 1-6 System Reboot Page

01 - 06 Resets the specific stack member.

2. Define the Select Unit to Reboot field.

Using the Web System Components

Add Adds selected items

ALL Selects all

Backup Evokes backup

Cancel Cancels settings

Clear Clears selected settings and fields

Clear All Clears all settings and fields

Delete Deletes selected fields

Delete VID Deletes VLAN Identification

Edit Modifies configuration Information

Factory Reset Resets the factory defaults

Find Finds a table entry.

System Reboot Reboot the system

Restore Restores the factory defaults.

View All Entry Displays table entries.

Table 1-3. User Interface Buttons

Viewing Device Description

Figure 2-1 Device Information Page

Defining System Information

Figure 2-2 System Information Page