Page 1: User Manual
User Manual DGS-3700 Series Product Model: Layer 2 Managed Gigabit Ethernet Switch Release 2.00...
Page 2 © 2010 D-Link Corporation. All rights reserved. Reproduction in any manner whatsoever without the written permission of D-Link Corporation is strictly forbidden. Trademarks used in this text: D-Link and the D-LINK logo are trademarks of D-Link Corporation; Microsoft and Windows are registered trademarks of Microsoft Corporation.
Page 3 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Table of Contents Intended Readers ............................... 11 Typographical Conventions..............................11 Notes, Notices, and Cautions ............................. 11 Web-based Switch Configuration ....................12 Introduction ................................. 12 Login to Web Manager ................................12 Web-based User Interface ............................... 13 Areas of the User Interface ..............................
Page 4 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual ARP ..................................... 33 Static ARP Settings .................................. 33 ARP Table....................................34 IPv6 Neighbor Settings ............................... 34 IP Interface.................................. 35 System IP Address Settings..............................35 Setting the Switch’s IP Address using the Console Interface ....................37 Interface Settings ..................................
Page 5 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual L2 Features ........................... 60 VLAN ................................... 60 Understanding IEEE 802.1p Priority ............................60 VLAN Description ..................................60 Notes About VLANs ................................. 61 IEEE 802.1Q VLANs ................................61 802.1Q VLAN Tags .................................. 62 Port VLAN ID ...................................
Page 6 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual STP Port Settings ..................................89 MST Configuration Identification .............................. 91 STP Instance Settings ................................92 MSTP Port Information ................................93 Link Aggregation ................................. 94 Port Trunking Settings ................................94 LACP Port Settings .................................. 96 FDB .....................................
Page 7 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual IPv4 Max Multicast Group Settings ............................122 IPv6 Multicast Filtering ................................122 IPv6 Multicast Profile Settings ..............................122 IPv6 Limited Multicast Range Settings ........................... 123 IPv6 Max Multicast Group Settings ............................124 Multicast Filtering Mode .................................
Page 8 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual DSCP Trust Settings ................................157 DSCP Map Settings ................................158 HOL Blocking Prevention ............................158 Scheduling Settings ..............................159 QoS Scheduling Settings ............................... 159 QoS Scheduling Mechanism ..............................160 Management Packet Priority Settings ........................160 SRED ..................................
Page 9 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual DHCP Snooping Entry ................................213 ND Snoop ....................................213 ND Snoop Maximum Entry Settings ............................213 ND Snoop Entry ..................................214 MAC-based Access Control............................214 Notes about MAC-based Access Control ..........................214 MAC-based Access Control Settings .............................
Page 10 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual SSH ................................... 243 SSH Settings ..................................243 SSH Authentication Method and Algorithm Settings ......................244 SSH User Authentication List ..............................245 Trusted Host Settings ............................... 246 Safeguard Engine Settings ............................247 Network Application ........................250 DHCP ..................................
Page 11 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Ethernet OAM Settings ................................278 Ethernet OAM Configuration Settings ............................ 279 Ethernet OAM Event Log ............................... 280 Ethernet OAM Statistics ................................. 280 DULD Settings ................................281 Cable Diagnostics ..............................281 Monitoring ..........................282 Utilization ..................................
Page 12 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Configuration File Backup & Restore ........................305 Upload Log File ................................. 306 Reset ..................................306 Download Firmware ..............................307 Reboot System ................................. 307 Mitigating ARP Spoofing Attacks Using Packet Content ACL ..........308 System Log Entries ........................
Page 13: Intended Readers
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Intended Readers The DGS-3700 Series User Manual contains information for setup and management of the Switch. This manual is intended for network managers familiar with network management concepts and terminology. Typographical Conventions...
Page 14: Web-Based Switch Configuration
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Section 1 Web-based Switch Configuration Introduction Login to Web Manager Web-based User Interface Web Pages Introduction All software functions of the Switch can be managed, configured and monitored via the embedded Web-based (HTML) interface.
Page 15: Web-Based User Interface
Switch's ports and expansion modules, showing port activity, duplex mode, or flow control, depending on the specified mode. Click the D-Link logo in the upper left corner to go to the D-Link Website for updates and information. Various areas of the graphic can be selected for performing management functions, including port configuration.
Page 16: Web Pages
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual NOTICE: Any changes made to the Switch configuration during the current session must be saved in the Save Changes window (explained below) or use the command line interface (CLI) command save. Web Pages When you connect to the management mode of the Switch with a web browser, a login window is displayed.
Page 17: System Configuration
This window contains the main settings for all major functions on the Switch and appears automatically when you log on. To return to the Device Information window, click the DGS-3700-12/DGS-3700-12G Web Management Tool folder. This window shows the Switch’s MAC Address (assigned by the factory and unchangeable), the Boot PROM Version, Firmware Version, Hardware Version and Serial Number as well as other information about different settings on the Switch.
Page 18: System Information Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual System Information Settings This window contains the System Information details. The user may enter a System Name, System Location and System Contact to aid in defining the Switch, to the user's preference. This window displays the MAC Address, Firmware Version and Hardware Version.
Page 19: Firmware Information Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual store two configuration files for use. ID 1 will be the default boot up configuration file for the Switch unless otherwise configured by the user. Version Displays the firmware version set in the Switch.
Page 20: Port Configuration
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual port RS232. T – If the IP address has this letter attached to it, it denotes a firmware upgrade through Telnet. S – If the IP address has this letter attached to it, it denotes a firmware upgrade through the Simple Network Management Protocol (SNMP).
Page 21: Ddm Temperature Threshold Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Specifies whether or not to send the trap and log, when the operating parameter exceeds the Trap Log alarm or warning threshold. Specifies a port or range of ports to be configured.
Page 22: Ddm Bias Current Threshold Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Figure 2- 7 DDM Voltage Threshold Settings window The following fields can be configured: Parameter Description From Port / To Port Specifies a port or range of ports to be configured. High Alarm This is the highest threshold for the alarm.
Page 23: Ddm Tx Power Threshold Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Click Apply to implement changes made. DDM Tx Power Threshold Settings This table is used to configure the threshold of Tx power for specific ports on the Switch. To view this window, click System Configuration > Port Configuration > DDM > DDM Tx Power Threshold...
Page 24: Ddm Status Table
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Specifies a port or range of ports to be configured. From Port /To Port This is the highest threshold for the alarm. When the operating parameter rises above this High Alarm value, action associated with the alarm will be taken.
Page 25 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Use the remaining pull-down menus to configure the parameters described below: Figure 2- 12 Port Settings window The following parameters can be configured: Parameter Description From Port /To Port Use the pull-down menus to select the port or range of ports to be configured.
Page 26: Port Description Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Flow Control Displays the flow control scheme used for the various port configurations. Ports configured for full-duplex use 802.3x flow control, half-duplex ports use backpressure flow control, and Auto ports use an automatic selection of the two. The default is Disabled.
Page 27: Jumbo Frame Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Parameter Description Port Displays the port that has been error disabled. Port State Describes the current running state of the port, whether Enabled or Disabled. Connection Status This field will read the uplink status of the individual ports, whether enabled or Disabled.
Page 28: Warning Temperature Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual NOTE: If a user configures the serial port’s baud rate, the baud rate will take effect and save immediately. Baud rate settings will not change even if the user resets or reboots the Switch.
Page 29: System Log Server Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Figure 2- 18 System Log Settings window The following parameters can be set: Parameter Description System Log To activate the System Log select Enabled or Disabled. Save Mode Use this drop-down menu to specify the method that will trigger a log entry. You can choose between On Demand, Time Interval and Log Trigger.
Page 30: System Log
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual (514 or 6000-65535) Severity This drop-down menu allows you to select the level of messages that will be sent. The options are Emergency, Alert, Critical, Error, Warning, Notice, Informational, and Debug. Facility Some of the operating system daemons and processes have been assigned Facility values.
Page 31: System Severity Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual The information in the table is categorized as: Parameter Description Log Type Choose the type of log to view. There are two choices: Severity – Choose Emergency, Alert, Critical, Error, Warning, Notice, Informational, and Debu to view only the selected log severity type.
Page 32: Time Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual here, the time range settings are to be applied to an access profile rule using the Access Profile table. The user may enter up to 64 time range entries on the Switch.
Page 33 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual To view this window, click System Configuration > User Accounts Settings, as shown below: Figure 2- 24 User Accounts Settings window The following fields can be set: Parameter Description User Name The name of the user, an alphanumeric string of up to 15 characters.
Page 34: Admin, Operator And User Privileges
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual NOTICE: In case of lost passwords or password corruption, please refer to the D-Link website and the White Paper entitled “Password Recovery Procedure”, which will guide you through the steps necessary to resolve this issue.
Page 35: Management
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Section 3 Management IPv6 Neighbor Settings IP Interface Management Settings Out of Band Management Settings Session Table Single IP Management SNMP Settings Telnet Settings Web Settings The ARP section includes Static ARP Settings and ARP Table.
Page 36: Arp Table
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual MAC Address The MAC address of the ARP entry. After entering the IP Address and MAC Address of the Static ARP entry, click Apply to implement the new entry. To completely clear the Static ARP Settings, click the Delete All button.
Page 37: Ip Interface
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual State To find or delete specific entries use the pull down menu to select All, Address, Static, or Dynamic. All – Select to view all configured neighbor devices which are IPv6 neighbors of the IP interface previously created.
Page 38 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual NOTE: The Switch's factory default IP address is 10.90.90.90 with a subnet mask of 255.0.0.0 and a default gateway of 0.0.0.0. To use the BOOTP or DHCP protocols to assign the Switch an IP address, subnet mask, and default gateway address: Select BOOTP or DHCP, this will determine how the Switch will be assigned an IP address.
Page 39: Setting The Switch's Ip Address Using The Console Interface
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Setting the Switch’s IP Address using the Console Interface Each Switch must be assigned its own IP Address, which is used for communication with an SNMP network manager or other TCP/IP application (for example BOOTP, TFTP). The Switch’s default IP address is 10.90.90.90. You can change the default Switch IP address to meet the specification of your networking address scheme.
Page 40 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Figure 3- 6 IPv4 Interface Settings (IPv4 Edit) window To manually assign the Switch's IP address, subnet mask, and default gateway address: 1. Click Static at the top of the window. 2. Enter the appropriate IPv4 Address and Subnet Mask.
Page 41 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual 255.255.255.0 for a Class C network, but custom subnet masks are allowed. VLAN Name This allows the entry of a VLAN Name from which a management station will be allowed to manage the Switch using TCP/IP (in-band via web manager or Telnet). Management stations that are on VLANs other than the one entered here will not be able to manage the Switch in-band unless their IP addresses are entered in the Security IP Management window.
Page 42: Management Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Local Address addressing information is available. Management Settings To view this window, click Management > Manangement Settings, as shown below: Figure 3- 8 Management Settings window CLI Paging Settings Clipaging Status can be enabled or disabled in this window, it is enabled by default. Clipaging settings are used when issuing a command which causes the console screen to rapidly scroll through several pages.
Page 43: Out Of Band Management Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Out of Band Management Settings This window is used to configure the RJ-45 Out-of-band (OOB) management port on the Switch. The OOB port is physically isolated from the data channels of the Switch. This port allows administrators manage the device remotely without the impact data channel congestion.
Page 44: Single Ip Management
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Single IP Management Simply put, D-Link Single IP Management is a concept that will stack switches together over Ethernet instead of using stacking ports or modules. There are some advantages in implementing the "Single IP Management" feature: 1.
Page 45: The Upgrade To V1.6
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual When a CS becomes a MS, it automatically becomes a member of the first SNMP community (including read/write and read only) to which the CS belongs. However, if a MS has its own IP address, it can belong to SNMP communities to which other switches in the group, including the CS, do not belong.
Page 46: Topology
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Figure 3- 12 Single IP Settings window (enabled) The following parameters can be set: Parameters Description SIM State Use the pull-down menu to either enable or disable the SIM state on the Switch. Disabled will render all SIM functions on the Switch inoperable.
Page 47 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Figure 3- 13 Single IP Management window – Tree View The Tree View window holds the following information under the Data tab: Parameter Description Device Name This field will display the Device Name of the switches in the SIM group configured by the user. If no Device Name is configured by the name, it will be given the name default and tagged with the last six digits of the MAC Address to identify it.
Page 48 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Figure 3- 14 Topology view This window will display how the devices within the Single IP Management Group are connected to other groups and devices. Possible icons in this screen are as follows:...
Page 49: Tool Tips
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Unknown device Non-SIM devices Tool Tips In the Topology view window, the mouse plays an important role in configuration and in viewing device information. Setting the mouse cursor over a specific device in the topology window (tool tip) will display the same information about a specific device as the Tree view does.
Page 50: Group Icon
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Group Icon Figure 3- 17 Right-Clicking a Group Icon The following options may appear for the user to configure: Collapse – To collapse the group that will be represented by a single icon.
Page 51: Commander Switch Icon
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Commander Switch Icon Figure 3- 19 Right-Clicking a Commander Icon The following options may appear for the user to configure: Collapse – To collapse the group that will be represented by a single icon.
Page 52: Menu Bar
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Figure 3- 22 Input password window Property – To pop up a window to display the device information, as shown below. Menu Bar The Single IP Management window contains a menu bar for device configurations, as seen below.
Page 53: Snmp Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Figure 3- 25 About window SNMP Settings Simple Network Management Protocol (SNMP) is an OSI Layer 7 (Application Layer) designed specifically for managing and monitoring network devices. SNMP enables network management stations to read and modify the settings of gateways, routers, switches, and other network devices.
Page 54: Mibs
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual generates traps and sends them to the trap recipient (or network manager). Typical traps include trap messages for Authentication Failure, Topology Change and Broadcast\Multicast Storm. MIBs The Switch in the Management Information Base (MIB) stores management and counter information. The Switch uses the standard MIB-II Management Information Base module.
Page 55: Snmp View Table Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Figure 3- 28 SNMP Linkchange Traps Settings window To enable or disable the linkchange traps State, use the pull-down menu and then click Apply. SNMP View Table Settings This window is used to assign views to community strings that define which MIB objects can be accessed by a remote SNMP manager.
Page 56: Snmp Community Table Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual SNMP Community Table Settings Use this table to view existing SNMP Community Table configurations and to create a SNMP community string to define the relationship between the SNMP manager and an agent. The community string acts like a password to permit access to the agent on the Switch.
Page 57: Snmp Engine Id Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Figure 3- 31 SNMP Group Table Settings window To delete an existing SNMP Group Table entry, click the corresponding Delete button. The following parameters can be set: Parameter Description Group Name Type an alphanumeric string of up to 32 characters. This is used to identify the new SNMP group of SNMP users.
Page 58: Snmp User Table Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Figure 3- 32 SNMP Engine ID Settings window To change the Engine ID, enter the new Engine ID in the space provided and click the Apply button. SNMP User Table Settings This window displays all of the SNMP User's currently configured on the Switch and also allows you to add new users.
Page 59: Snmp Host Table Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual To implement changes made, click Apply. To delete an existing SNMP User Table entry, click the corresponding Delete button. SNMP Host Table Settings This window is used to set up SNMP trap recipients.
Page 60: Rmon Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual The following parameters can be configured: Parameter Description Host Ipv6 Address Enter the IPv6 host IP address to which the trap packet will be sent. User-based Security Used the drop-down menu to select the user-based security model.
Page 61: Telnet Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Telnet Settings Telnet configuration is enabled by default. If you do not want to allow configuration of the system through Telnet choose Disabled. The TCP ports are numbered between 1 and 65535. The "well-known" TCP port for the Telnet protocol is 23.
Page 62: L2 Features
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Section 4 L2 Features VLAN QinQ Layer 2 Protocol Tunneling Settings Spanning Tree Link Aggregation L2 Multicast Control ERPS Settings Local Loopback Port Settings LLDP The following section will aid the user in configuring Layer 2 functions for the Switch. The Switch includes various functions all discussed in detail in the following section.
Page 63: Notes About Vlans
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual appears as a single LAN. VLANs also logically segment the network into different broadcast domains so that packets are forwarded only between ports within the VLAN. Typically, a VLAN corresponds to a particular subnet, although not necessarily.
Page 64: Q Vlan Tags
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual The main characteristics of IEEE 802.1Q are as follows: Assigns packets to VLANs by filtering. Assumes the presence of a single global spanning tree. Uses an explicit tagging scheme with one-level tagging.
Page 65 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Figure 4- 2 IEEE .Q Tag The EtherType and VLAN ID are inserted after the MAC source address, but before the original EtherType/Length or Logical Link Control. Because the packet is now a bit longer than it was originally, the Cyclic Redundancy Check (CRC) must be recalculated.
Page 66: Port Vlan Id
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Port VLAN ID Packets that are tagged (are carrying the 802.1Q VID information) can be transmitted from one 802.1Q compliant network device to another with the VLAN information intact. This allows 802.1Q VLANs to span network devices (and indeed, the entire network, if all network devices are 802.1Q compliant).
Page 67: Default Vlan
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual same VID) as the ingress port. If it does not, the packet is dropped. If it has the same VID, the packet is forwarded and the destination port transmits it on its attached network segment.
Page 68: Vlan And Trunk Groups
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual VLAN and Trunk Groups The members of a trunk group have the same VLAN setting. Any VLAN setting on the members of a trunk group will apply to the other member ports.
Page 69: Regulations For Double Vlans
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual In this example, the Service Provider Access Network switch (Provider edge switch) is the device creating and configuring Double VLANs with different SPVIDs for specific customers (say Customer A and Customer B). Both CEVLANs (Customer VLANs), CEVLAN 10 are tagged with the SPVID 100 (for Customer A) and SPVID 200 (for Customer B) on the Service Provider Access Network, thus being a member of two VLANs on the Service Provider’s...
Page 70: Q Vlan Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual 802.1Q VLAN Settings This window lists all previously configured VLANs by VLAN ID and VLAN Name. To view this window, click L2 Features > VLAN > 802.1Q VLAN Settings as shown below: Figure 4- 5 802.1Q VLAN Settings window...
Page 71 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Figure 4- 6 802.1Q VLAN Settings window – Add/Edit VLAN Tab To return to the 802.1Q VLAN Settings window, click the VLAN List tab at the top of the window. To change an existing 802.1Q VLAN entry, click the corresponding Edit button.
Page 72 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Figure 4- 7 802.1Q VLAN Settings window – Edit tab The following fields can then be set in either the Add/Edit VLAN or Edit 802.1Q VLAN windows: Parameter Description Allows the entry of a VLAN ID, or displays the VLAN ID of an existing VLAN in the Edit window.
Page 73 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Figure 4- 8 802.1Q VLAN Settings window – Find VLAN tab To create a VLAN Batch entry click the VLAN Batch Settings tab at the top of the window. The following window will open: Figure 4- 9 802.1Q VLAN Settings window –...
Page 74: V Protocol Vlan
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Forbidden Select this to specify the port as not being a member of the VLAN and that the port is forbidden from becoming a member of the VLAN dynamically. Click Apply to implement changes made.
Page 75: Gvrp
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Figure 4- 11 802.1v Protocol VLAN Settings window The following fields can be set: Parameter Description Group ID Click the corresponding radio button to select a previously configured Group ID from the drop- down menu.
Page 76: Gvrp Global Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual GVRP Global Settings The GVRP allows interoperability with other switches, so the values of the GVRP timers can be configured. This table is used to set the GVRP Global Settings. To view this window, click L2 Features > VLAN > GVRP Global Settings as shown below:...
Page 77: Mac-Based Vlan Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Figure 4- 13 GVRP Port Settings window The following fields can be set: Parameter Description From Port /To Port These two fields allow you to specify the range of ports that will be included in the Port-based VLAN that you are creating using the 802.1Q Port Settings window.
Page 78: Pvid Auto Assign Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Figure 4- 14 MAC-based VLAN Settings menu The following fields can be set Parameter Description MAC Address Specify the MAC address to be reauthenticated by entering it into the MAC Address field.
Page 79: Vlan Precedence Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Figure 4- 16 Subnet VLAN Settings window The following parameters can be configured: Parameter Description The VLAN Name to be associated with the subnet. VLAN Name The VLAN ID to be associated with the subnet.
Page 80: Vlan Counter Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Figure 4- 17 VLAN Precedence Settings window The following parameters can be configured: Parameter Description Specify the port or range of ports you wish to configure. From Port/To Port Use the drop-down menu to select the VLAN precedence, choose either MAC Based VLAN or VLAN Precedence Subnet VLAN.
Page 81: Voice Vlan
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Click the radio button to identify the VLAN by its VLAN ID. Enter the VID or VID list you wish to VID List configure. Click the radio button to identify the VLANs by their VLAN name.
Page 82: Voice Vlan Port Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual the voice VLAN after expiration of the voice VLAN aging timer. If voice traffic resumes during the aging time, the aging timer will be reset and stop. The range is 1 to 65535 minutes. The default value is 720 minutes.
Page 83: Voice Vlan Device
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Figure 4- 21 Voice VLAN OUI Settings window The fields that can be configured are described below: Parameter Description OUI Address Enter the user-defined OUI MAC address. Mask Enter the user-defined OUI MAC address mask.
Page 84: Show Vlan Ports
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Figure 4- 23 Browse VLAN window Show VLAN Ports This window displays the relationship between Switch’s ports and VLANs. Select a port from the drop-down menu and click the Find button. The given port’s VLAN information will be shown.
Page 85: Vlan Translation Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual tables which may exceed the VLAN mapping limit. Q-in-Q uses a single service provider VLAN (SPVLAN) for customers who have multiple VLANs. Customer’s VLAN IDs are segregated within the service provider’s network even when they use the same customer specific VLAN ID.
Page 86: Q-In-Q And Vlan Translation Rules
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Figure 4- 26 VLAN Translation Settings window The following fields can be set: Parameter Description From Port/To Port A consecutive group of ports that are part of the VLAN configuration starting with the selected port.
Page 87: Layer 2 Protocol Tunneling Setttings
MSTP. 802.1D STP will be familiar to most networking professionals. However, since 802.1w RSTP and 802.1s MSTP has been recently introduced to D-Link managed Ethernet switches, a brief introduction to the technology is provided below followed by a description of how to set up 802.1D STP, 802.1w RSTP and 802.1s MSTP.
Page 88: W Rapid Spanning Tree
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual 1. A configuration name defined by an alphanumeric string of up to 32 characters (defined in the MST Configuration Identification window in the Configuration Name field). 2. A configuration revision number (named here as a Revision Level and found in the MST Configuration Identification window) and;...
Page 89: Stp Bridge Global Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Edge Port The edge port is a configurable designation used for a port that is directly connected to a segment where a loop cannot be created. An example would be a port connected directly to a single workstation. Ports that are designated as edge ports transition to a forwarding state immediately without going through the listening and learning states.
Page 90 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual STP Version Use the pull-down menu to choose the desired version of STP to be implemented on the Switch. There are three choices: STP – Select this parameter to set the Spanning Tree Protocol (STP) globally on the switch.
Page 91: Stp Port Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual STP Port Settings This window is used to configure the STP Port Settings on the Switch. STP can be set up on a port per port basis. To view this window, click L2 Features > Spanning Tree > STP Port Settings, as shown below:...
Page 92 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Migrate Setting this parameter as Yes will set the ports to send out BPDU packets to other bridges, requesting information on their STP setting If the Switch is configured for RSTP, the port will be capable to migrate from 802.1D STP to 802.1w RSTP. Migration should be set as yes on ports connected to network stations or segments that are capable of being upgraded to 802.1w RSTP on all or some portion of the segment.
Page 93: Mst Configuration Identification
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual MST Configuration Identification The following windows in the MST Configuration Identification section allow the user to configure a MSTI instance on the Switch. These settings will uniquely identify a multiple spanning tree instance set on the Switch. The Switch initially possesses one CIST or Common Internal Spanning Tree of which the user may modify the parameters for but cannot change the MSTI ID for, and cannot be deleted.
Page 94: Stp Instance Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual STP Instance Settings This table is used to create STP Instance Settings on the Switch. An STP instance may have multiple members with the same MSTP configuration. There is no limit to the number of STP regions in a network but each region only supports a maximum of 16 spanning tree instances (one unchangeable default entry).
Page 95: Mstp Port Information
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual MSTP Port Information This window displays the current MSTP Port Information and can be used to update the port configuration for an MSTI ID. If a loop occurs, the MSTP function will use the port priority to select an interface to put into the forwarding state.
Page 96: Link Aggregation
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Link Aggregation The Link Aggregation section includes Port Trunking Settings and LACP Port Settings. Port Trunking Settings Port trunk groups are used to combine a number of ports together to make a single high-bandwidth data pipeline.
Page 97 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Link aggregation is most commonly used to link a bandwidth intensive network device or devices, such as a server, to the backbone of a network. The Switch allows the creation of up to six link aggregation groups, each group consisting of 2 to 8 links (ports). The aggregated links must be contiguous (they must have sequential port numbers) except the four (optional) Gigabit ports, which can only belong to a single link aggregation group.
Page 98: Lacp Port Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual LACP Port Settings This window is used to create port trunking groups on the Switch. Using the following window, the user may set which ports will be active and passive in processing and sending LACP control frames.
Page 99: Static Fdb Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual The FDB section includes Static FDB Settings, MAC Notification Settings, MAC Address Aging Time Settings, MAC Address Table, and ARP & FDB Table. Static FDB Settings The Static FDB Settings section includes Unicast Static FDB Settings and Multicast FDB Settings.
Page 100: Multicast Static Fdb Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Multicast Static FDB Settings Users can set up multicast forwarding on the Switch. To view this window, click L2 Features > FDB > Static FDB Settings > Multicast Static FDB Settings, as shown...
Page 101: Mac Notification Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual MAC Notification Settings MAC Notification is used to monitor MAC addresses learned and entered into the forwarding database. This window allows you to globally set MAC notification on the Switch. Users can set MAC notification for individual ports on the Switch.
Page 102: Mac Address Aging Time Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual MAC Address Aging Time Settings Users can configure the MAC Address aging time on the Switch. To view this window, click L2 Features > FDB > MAC Address Aging Time Settings, as shown below:...
Page 103: Mac Address Table
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual MAC Address Table This allows the Switch's dynamic and static MAC address forwarding table to be viewed. When the Switch learns an association between a MAC address and a port number, or static MAC address, it makes an entry into its forwarding table.
Page 104: Arp And Fdb Table
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual ARP and FDB Table This window is used to display current ARP or FDB table entries on the Switch. To search a specific ARP entry, enter an Interface Name or an IP Address at the top of the window and click Find by Port or Find by MAC or Find by IP Address.
Page 105: L2 Multicast Control
IGMP messages passing through the Switch. In order to use IGMP Snooping it must first be enabled for the entire Switch (see the DGS-3700-12/DGS-3700-12G Switch Series Web Management Tool). You may then fine-tune the settings for each VLAN using the IGMP Snooping link in the L2 Features folder.
Page 106 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual VLAN Name This is the VLAN Name that, along with the VLAN ID, identifies the VLAN for which the user wishes to modify the IGMP Snooping Settings. Rate Limit Displays the rate limitation.
Page 107: Igmp Snooping Rate Limit Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Figure 4- 45 IGMP Snooping Router Port Settings window IGMP Snooping Rate Limit Settings This table allows the user to configure the rate of IGMP snooping control packets that are allowed per port or VLAN.
Page 108: Igmp Snooping Static Group Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual IGMP Snooping Static Group Settings This table is used to configure the current IGMP snooping static group information on the Switch. To view this window, click L2 Features > L2 Multicast Control > IGMP Snooping > IGMP Snooping Static Group...
Page 109: Igmp Snooping Group
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual IGMP Snooping Group Users can view the Switch’s IGMP Snooping Group Table. IGMP Snooping allows the Switch to read the Multicast Group IP address and the corresponding MAC address from IGMP packets that pass through the Switch.
Page 110: Igmp Snooping Forwarding Table
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual IGMP Snooping Forwarding Table This window allows users to configure the IGMP snooping forwarding table. To view this window, click L2 Features > L2 Multicast Control > IGMP Snooping > IGMP Snooping Forwarding...
Page 111: Igmp Host Table
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual IGMP Host Table This window allows users to configure the IGMP host table. To view this window, click L2 Features > L2 Multicast Control > IGMP Snooping > IGMP Host Table, as shown...
Page 112: Mld Snooping
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual MLD Snooping Multicast Listener Discovery (MLD) Snooping is an IPv6 function used similarly to IGMP snooping in IPv4. It is used to discover ports on a VLAN that are requesting multicast data. Instead of flooding all ports on a selected VLAN with multicast traffic, MLD snooping will only forward multicast data to ports that wish to receive this data through the use of queries and reports produced by the requesting ports and the source of the multicast traffic.
Page 113 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Figure 4- 54 MLD Snooping Parameters Settings window The following parameters may be viewed or modified: Parameter Description VLAN ID This is the VLAN ID that, along with the VLAN Name, identifies the VLAN for which to modify the MLD Snooping Settings.
Page 114: Mld Snooping Rate Limit Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Querier, which will not send out Multicast Listener Query Messages. Click Apply to implement any changes made and <<Back to return to the MLD Snooping Settings window. To modify the router port settings, click the hyperlinked...
Page 115: Mld Snooping Static Group Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Figure 4- 57 MLD Snooping Rate Limit Settings (Edit) window Enter the new rate limit and click Apply. MLD Snooping Static Group Settings This window is used to configure the MLD Snooping static group information on the Switch: To view this window, click L2 Features >...
Page 116: Mld Router Port
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual MLD Router Port Users can display which of the Switch’s ports are currently configured as router ports in IPv6. A router port configured by a user (using the console or Web-based management interfaces) is displayed as a static router port, designated by S.
Page 117: Mld Snooping Forwarding Table
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Group The multicast group. Member Port The port members of this group. Mode The mode in current use. MLD Snooping Forwarding Table This window allows users to configure the IGMP snooping forwarding table.
Page 118: Mld Host Table
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Port List The Port List of the multicast group. Click Apply to implement changes made. MLD Host Table This window allows users to display the current host of the VLAN, port or group on the Switch. The hosts only take effect when fast leave is enabled.
Page 119: Igmp Snooping Multicast Vlan Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Figure 4- 65 Multicast Group Profile Multicast Address Settings window Enter the Multicast Address List and click Add the new information will be displayed in the table. Click <<Back to return to the IGMP Multicast Group Profile Settings window and click Delete to remove an entry.
Page 120: Mld Multicast Group Profile Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Figure 4- 67 IGMP Snooping Multicast VLAN Settings (Edit) window The following fields can be set: Parameter Description State Toggle the State between Disabled and Enabled. Replace Source IP Enter the IP address to replace the source IP address.
Page 121: Mld Snooping Multicast Vlan Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Figure 4- 69 Multicast Group Profile Multicast Address Settings window Enter the Multicast Address List and click Add the new information will be displayed in the table. Click <<Back to return to the MLD Multicast Group Profile Settings window and click Delete to remove an entry.
Page 122: Multicast Filtering
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Figure 4- 71 MLD Snooping Multicast VLAN Settings (Edit) window The following fields can be set: Parameter Description State Toggle the State between Disabled and Enabled. Replace Source IP Enter the IP address to replace the source IP address.
Page 123: Ipv4 Limited Multicast Range Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Figure 4- 72 IPv4 Multicast Profile Settings window The following fields can be set Parameter Description Profile ID (1-60) Enter a Profile ID between 1 and 60. Profile Name Enter a name for the IPv4 Multicast Profile.
Page 124: Ipv4 Max Multicast Group Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Figure 4- 75 IPv4 Limited Multicast Range Settings window To add a new range enter the information and click Add, to delete an entry enter the information and click Delete. IPv4 Max Multicast Group Settings This window allows users to configure the ports on the switch that will be apart of the maximum number of multicast groups that can be learned by data driven.
Page 125: Ipv6 Limited Multicast Range Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Figure 4- 77 IPv6 Multicast Profile Settings window The following fields can be set: Parameter Description Profile ID (1-60) Use the drop-down menu to choose a Profile ID. Profile Name Enter a name for the IPv6 Multicast Profile.
Page 126: Ipv6 Max Multicast Group Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Figure 4- 80 IPv6 Limited Multicast Range Settings window To add a new range enter the information and click Add, to delete an entry enter the information and click Delete. IPv6 Max Multicast Group Settings This window allows users to configure the ports or VLANs on the Switch included in IPv6 multicast groups, and set a maximum for the number of multicast groups that can be learned.
Page 127: Multicast Filtering Mode
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Multicast Filtering Mode This window is used to configure the Multicast Filtering settings on the switch. It allows users to configure the switch to forward or filter the Unregistered Groups per VLAN. Use the Find function to display the existing Multicast Filter configuration.
Page 128: Erps Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual ERPS Settings Ethernet Ring Protection Switching (ERPS), is the first industry standard (ITU-T G.8032) for Ethernet ring protection switching. It is achieved by integrating mature Ethernet operations, administration, and maintenance (OAM) functions and a simple automatic protection switching (APS) protocol for Ethernet ring networks.
Page 129 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual NOTE: STP and LBD should be disabled on the ring ports before enabling ERPS. ERPS cannot be enabled before the R-APS VLAN is created, and ring ports, RPL port, and RPL owner are configured.
Page 130 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Figure 4- 84 ERPS Settings (Edit) window The following parameters may be configured after the Edit button has been clicked on the window above: Parameter Description Ring Status Tick the check box and toggle between Enabled and Disabled to enable or disable the ERPS State.
Page 131: Erps Sub-Ring Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual is to prevent the possibility a loop forming in the event that two or more R-APS signal fail messages are sent simultaneously from different ends of the ring. WTR Time (5-12) Tick the check box and enter the wait-to-restore (WTR) time of the R-APS function. The WTR time defines the amount of time mandated to pass after conditions clear.
Page 132: Local Loopback Ports Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Local Loopback Ports Settings The Local Loopback Ports Settings are used to start or stop the internal loopback test on selected ports, or to set or recover external loopback mode. When internal loopback is enabled, the device starts to send test packets to the port, and keeps monitoring the packets received.
Page 133: Lldp Global Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual LLDP Global Settings This window is used to configure the LLDP Global Settings on the Switch. When LLDP is enabled the Switch can start to transmit, receive and process LLDP packets. The specific function of each port will depend on the per port LLDP settings.
Page 134: Lldp Port Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual LLDP Port Settings This window is used to display the LLDP port settings on the Switch. The ports can be individually configured to send notifications to configured SNMP trap receivers. To view this window, click L2 Features > LLDP > LLDP > LLDP Port Settings, as shown below:...
Page 135: Lldp Management Address List
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual LLDP Management Address List This window is used to find the LLDP management address information on the Switch. To view this window, click L2 Features > LLDP > LLDP > LLDP Management Address List, as shown below:...
Page 136: Lldp Dot1 Tlvs Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual From Port /To Port Use the pull-down menu to select a range of ports to be configured. Port Description Use the drop-down menu to enable or disable port description. System Name Use the drop-down menu to enable or disable system name.
Page 137: Lldp Dot3 Tlvs Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Dot1 TLV Protocol Use the drop-down menu to enable or disable the advertised Protocol Identity. This TLV Identity optional data type indicates whether the corresponding Local System’s Protocol Identity instance will be transmitted on the port. The Protocol Identity TLV provides a way for stations to advertise protocols that are important to the operation of the network.
Page 138: Lldp Statistics System
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual LLDP Statistics System This window allows an overview of neighbor detection activity, LLDP Statistics and the settings for individual port on the Switch. Use the drop-down menu to check a specific port and click Find the information will be displayed in the lower half of the table.
Page 139 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Figure 4- 95 LLDP Local Port Information (Show Normal) window Use the drop-down menu to select a port and then click Find. The information will be displayed on the lower half of the window.
Page 140 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Protocol Identity Entries Count Figure 4- 99 LLDP Local Port Information (Protocol Identity Entries Count Detail) display To return to the LLDP Local Port Information window click the <<Back button. MAC/PHY Configuration/Status Figure 4- 100 LLDP Local Port Information (MAC/PHY Configuration/StatusDetail) display To return to the LLDP Local Port Information window click the <<Back button.
Page 141: Lldp Remote Port Information
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual LLDP Remote Port Information This window displays port information learned from the neighbor. The switch receives packets from a remote station and is able to store the information as local. To view this window, click L2 Features > LLDP > LLDP > LLDP Remote Port Information, as shown below: Figure 4- 102 LLDP Remote Port Information window Select the port to view by using the drop-down menu and then click Find.
Page 142: Lldp-Mep Port Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual LLDP-MEP Port Settings On this window the user can enable or disable transmit LLDP-MED TLVs. Setting non-supported capability shall have no functional effect and will result in an inconsistent value error returned to the management application. It effectively disables LLDP-MED on a per-port basis by disabling transmission of capabilities TLV.
Page 143: Lldp-Med Local Port Information
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual LLDP-MED Local Port Information On this window the LLDP-MED local port information will be displayed per port. To view this window, click L2 Features > LLDP > LLDP-MED > LLDP-MED Local Port Information, as shown...
Page 144: L3 Features
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Section 5 L3 Features IPv4 Static/Default Route Settings IPv4 Route Table IPv6 Static/Default Route Settings IPv6 Route Table IP Forwarding Table IPv4 Static/Default Route Settings The Switch supports static routing for IPv4 and IPv6 formatted addressing. Users can create up to 16 static route entries for IPv4 and IPv6 respectively.
Page 145 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Click Apply to implement changes made.
Page 146: Ipv4 Route Table
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual IPv4 Route Table On this window the user can view the Static IPv4 entries configured. To view this window, click L3 Features > IPv4 Route Table, as shown below: Figure 5- 2 IPv4 Route Table window IPv6 Static/Default Route Settings A static entry of an IPv6 address can be entered into the Switch’s routing table for IPv6 formatted addresses.
Page 147: Ipv6 Route Table
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual IPv6 Route Table On this window the user can view the Static IPv6 entries configured. To view this window, click L3 Features > IPv6 Route Table, as shown below: Figure 5- 4 IPv6 Route Table window IP Forwarding Table On this window the user can view the current IPv4 forwarding table.
Page 148 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual...
Page 149: Advantages Of Qos
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Section 6 802.1p Settings Bandwidth Control Traffic control Settings DSCP HOL Blocking Prevention Scheduling Settings Management Packet Priority Settings SRED The DGS-3700 Series supports 802.1p priority queuing Quality of Service. The following section discusses the implementation of QoS (Quality of Service) and benefits of using 802.1p priority queuing.
Page 150 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Figure 6- 1 Mapping QoS on the Switch The picture above shows the default priority setting for the Switch. Class-7 has the highest priority of the eight priority queues on the Switch. In order to implement QoS, the user is required to instruct the Switch to examine the header of a packet to see if it has the proper identifying tag tagged.
Page 151: Understanding Qos
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Understanding QoS The Switch has eight priority queues. These priority queues are labeled from 0-7, with 7 being the highest priority queue and 0 the lowest priority queue. The eight priority tags, specified in IEEE 802.1p are mapped to the Switch's priority queue as follows: Priority 0 is assigned to the Switch's Q2 queue.
Page 152: P Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual 802.1p Settings The 802.1p Settings section includes 802.1p Default Priority Settings, 802.1p User Priority Settings, and 802.1p Map Settings. 802.1p Default Priority Settings The Switch allows the assignment of a default 802.1p priority to each port on the Switch.
Page 153: P User Priority Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual 802.1p User Priority Settings This window is used to map the 802.1p user priority of an incoming packet to one of the eight hardware queues available on the Switch. To view this window, click QoS > 802.1p Settings > 802.1p User Priority, as shown below: Figure 6- 3 802.1p User Priority Settings window...
Page 154: P Map Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual 802.1p Map Settings This window is used to enable 802.1p Map Settings. To view this window, click QoS > 802.1p Settings > 802.1p Map Settings, as shown below: Figure 6- 4 802.1p Map Settings window...
Page 155: Bandwidth Control
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Bandwidth Control The Bandwidth Control section includes Bandwidth Control Settings and Queue Bandwidth Control Settings. Bandwidth Control Settings The bandwidth control settings are used to place a ceiling on the transmitting and receiving data rates for any selected port.
Page 156: Queue Bandwidth Control Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Queue Bandwidth Control Settings The queue bandwidth control settings are used to set a limit, either highest or lowest, on the transmitting data rates for the priority queue of the port. To view this window, click QoS > Bandwidth Control > Queue Bandwidth Control Settings:...
Page 157: Traffic Control Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Traffic Control Settings On a computer network, packets such as Multicast packets and Broadcast packets continually flood the network as normal procedure. At times, this traffic may increase due to a malicious end station on the network or a malfunctioning device, such as a faulty network card.
Page 158 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Action Select the method of traffic Control from the pull-down menu. The choices are: Drop – Utilizes the hardware Traffic Control mechanism, which means the Switch’s hardware will determine the Packet Storm based on the Threshold value stated and drop packets until the issue is resolved.
Page 159: Dscp
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual NOTE: Traffic Control cannot be implemented on ports that are set for Link Aggregation (Port Trunking). NOTE: Ports that are in the Shutdown forever mode will be seen as Discarding in Spanning Tree windows and implementations though these ports will still be forwarding BPDUs to the Switch’s CPU.
Page 160: Dscp Map Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual DSCP Map Settings This window is used to enable DSCP Map Settings. To view this window, click QoS > DSCP > DSCP Map Settings, as shown below: Figure 6- 9 DSCP Map Settings window...
Page 161: Scheduling Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Scheduling Settings The Scheduling Settings section includes QoS Scheduling Settings and QoS Scheduling Mechanism. QoS Scheduling Settings This window allows the user to configure the way the Switch will set the specified class per port to strict or weighted round robin.
Page 162: Qos Scheduling Mechanism
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual QoS Scheduling Mechanism Changing the output scheduling used for the hardware queues in the Switch can customize QoS. As with any changes to QoS implementation, careful consideration should be given to how network traffic in lower priority queues are affected.
Page 163: Sred
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Parameter Description Management Packet Use the drop-down menu to set the Management Packet Priority between 7 (Default) and 0. Priority Click Apply to implement change made. SRED Simple random early detection (sRED) is a simplified RED mechanism based on ASIC capability. Random Early Detection (RED) is a congestion avoidance mechanism at the gateway in packet switched networks.
Page 164: Sred Drop Counter
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual parameters configured here for all CoS queues. Drop Green Enabled: Probabilistic drop yellow and red colored packets if the queue depth is above the lower threshold, and probabilistic drop green colored packets if the queue depth is above the upper threshold.
Page 165: Acl Configuration Wizard
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Section 7 ACL Configuration Wizard Access Profile List CPU Access Profile List ACL Finder ACL Flow Meter Access profiles allow you to establish criteria to determine whether or not the Switch will forward packets based on the information contained in each packet's header.
Page 166: Access Profile List
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Access ID (1-128) Type in a unique identifier number for this access. This value can be set from 1 to 128. From Use the drop-down menu to select from MAC Address, IPv4 Address, IPv6 Address, or Any.
Page 167 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Figure 7- 3 Add ACL Profile window If creating an Ethernet ACL, enter the Profile ID and Profile Name and click Select. The following window will appear: Figure 7- 4 Add ACL Profile window (Ethernet)
Page 168 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Click on the boxes at the top of the table, which will then turn red and reveal parameters for configuration. To create a new entry, enter the correct information and then click Create. To return to the Access Profile List window, click <<Back.
Page 169 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Figure 7- 6 Access Profile Detail Information window (Ethernet) To return to the Access Profile List window, click Show All Profiles. To add a rule to a previously configured entry, click on the corresponding Add/View Rules on the Access Profile List window. This will reveal the following window: Figure 7- 7 Access Rule List window To add an access rule, click the Add Rule button on the Access Rule List window above.
Page 170 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual 802.1p (0-7) Enter a value from 0 to 7 to specify that the access profile will apply only to packets with this 802.1p priority value. Action Select Permit to specify that the packets that match the access profile are forwarded by the Switch, according to any additional rule added (see below).
Page 171 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Figure 7- 10 Access Rule Detail Information (Ethernet) To create an IPv4 ACL, select IPv4, enter the Profile ID and Profile Name into the top half of the screen in the Add ACL Profile window, and click Select.
Page 172 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Destination IP Mask Enter an IP address mask for the destination IP address. icmp – Specifies that the Switch will examine the Internet Control Message Protocol ICMP Type (ICMP) field within each packet.
Page 173 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Figure 7- 12 Access Profile List window (IPv4) To view the configurations for previously configured entry, click on the corresponding Show Details button, which will display the following window: Figure 7- 13 Access Profile Detail Information window (IPv4) To return to the Access Profile List window, click Show All Profiles.
Page 174 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Switch, according to any additional rule added (see below). Select Deny to specify the packets that match the access profile to be filtered. Select Mirror to specify that packets that match the access profile are mirrored to a port defined in the config mirror port command.
Page 175 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Figure 7- 16 Access Rule Detail Information window (IPv4) To configure the IPv6 ACL, select IPv6 in the Add ACL Profile window, enter the Profile ID and Profile Name into the top half of the screen and then click Select. The following window will appear: Figure 7- 17 Add ACL Profile window (IPv6) Click on the boxes at the top of the table, which will then turn red and reveal parameters for configuration.
Page 176 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual The user can enter a specific UDP Source Port Mask or UDP Destination Port Mask. IPv6 Address IPv6 Source Address – Enter an IPv6 address to be used as the source address mask.
Page 177 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Figure 7- 20 Add Access Rule window (IPv6) The following parameters may be configured for the IPv6 filter. Parameter Description Access ID (1-128) Enter a unique identifier number for this access. This value can be set from 1 to 128.
Page 178 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual class field is a part of the packet header that is similar to the Type of Service (ToS) or Precedence bits field in IPv4. Time Range Name Tick the check box and enter the name of the Time Range settings that has been previously configured in the Time Range Settings window.
Page 179 With this advanced unique Packet Content Mask (also known as Packet Content Access Control List - ACL), the D-Link switch family can effectively mitigate some network attacks like the common ARP Spoofing attack that is wide spread today. This is why the Packet Content ACL is...
Page 180 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual able to inspect any specified content of a packet in different protocol layers. Click Apply to implement changes made. Click Create to view the new Access Profile List entry in the Access Profile List window shown below. To add another Access Profile, click Add ACL Profile.
Page 181 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Figure 7- 26 Add Access Rule window (Packet Content) The following parameters may be configured for the Packet Content filter. Parameter Description Access ID (1-128) Type in a unique identifier number for this access. This value can be set from 1 to 128.
Page 182: Cpu Access Profile List
(MAC Address). However, ARP is vulnerable as it can be easily spoofed and utilized to attack a LAN. For a more detailed explanation on how ARP works and how to employ D-Link’s advanced unique Packet Content ACL to prevent ARP spoofing attack, please see Appendix B, at the end of this manual.
Page 183 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Figure 7- 29 CPU Access Profile List window This window displays the CPU Access Profile List entries created on the Switch. To view the configurations for an entry, click the corresponding Show Details button.
Page 184 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Destination MAC Enter a MAC address mask for the destination MAC address. Mask 802.1Q VLAN Selecting this option instructs the Switch to examine the VLAN identifier of each packet header and use this as the full or partial criterion for forwarding.
Page 185 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual profile. Select Ethernet to instruct the Switch to examine the layer 2 part of each packet header. Select IPv4 to instruct the Switch to examine the IPv4 address in each frame's header.
Page 186 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Figure 7- 33 CPU Access Profile Detail Information window (IPv4) The window shown below is the Add CPU ACL Profile window for IPv6. Figure 7- 34 Add CPU ACL Profile window (IPv6) The following parameters may be configured for the IPv6 filter.
Page 187 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual IPv6 Address IPv6 Source Address – Enter an IPv6 address to be used as the source address mask. IPv6 Destination Address – Enter an IPv6 address that will be used as the destination address mask.
Page 188 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Type mask. This will change the window according to the requirements for the type of profile. Select Ethernet to instruct the Switch to examine the layer 2 part of each packet header.
Page 189 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Figure 7- 39 Add CPU Access Rule window (Ethernet) To set the Access Rule for Ethernet, adjust the following parameters and click Apply. Parameter Description Access ID (1-100) Type in a unique identifier number for this access. This value can be set from 1 to 100.
Page 190 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual To configure the Access Rules for IP, open the CPU Access Profile List window and click Add/View Rules for an IP entry. This will open the following window. Figure 7- 41 CPU Access Rule List window (IPv4) To remove a previously created rule, click the corresponding Delete Rules button.
Page 191 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Figure 7- 43 CPU Access Rule Detail Information window (IPv4) To establish the rule for a previously created CPU Access Profile: To configure the Access Rules for IP, open the CPU Access Profile List window and click Add/View Rules for an IPv6 entry.
Page 192 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Switch, according to any additional rule added (see below). Select Deny to specify the packets that match the access profile to be filtered. Class Enter an IPv6 Class. The class can be between 0 and 255.
Page 193 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Figure 7- 48 Add CPU Access Rule window (Packet Content) To set the Access Rule for Packet Content, adjust the following parameters and click Apply. Parameter Description Access ID (1-100) Type in a unique identifier number for this access. This value can be set from 1 to 100.
Page 194: Acl Finder
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Figure 7- 49 CPU Access Rule Detail Information window (Packet Content) ACL Finder This window is used to help find a previously configured ACL entry. To search for an entry, enter the profile ID from the drop-down menu, select a port that you wish to view, define the state and click Find, the table on the lower half of the screen will display the entries.
Page 195 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Figure 7- 52 ACL Flow Meter Configuration window The following fields may be configured: Parameter Description Profile ID Use the drop-down menu to select the pre-configured Profile ID that will be used to configure the Flow Metering parameters.
Page 196 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual srTCM – Single Rate Three Color Marker, marks packets green, yellow or red based on a rate and two burst sizes. This is useful when only burst size matters. • CIR (Kbps) – Specifies the Committed Information Rate of the packet. The range is 0 to 1000000.
Page 197: Security
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Section 8 Security 802.1X RADIUS IP-MAC-Port Binding (MPB) MAC-based Access Control Web-based Access Control (WAC) Compound Authentication Port Security BPDU Attack Protection Loopback Detection Settings Traffic Segmentation NetBIOS Filtering Settings DHCP Server Screening...
Page 198: X Port-Based And Host-Based Access Control
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual 802.1X 802.1X Port-Based and Host-Based Access Control The IEEE 802.1X standard is a security measure for authorizing and authenticating users to gain access to various wired or wireless devices on a specified Local Area Network by using a Client and Server based access control model.
Page 199: Authenticator
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Figure 8- 3 The Authentication Server Authenticator The Authenticator (the Switch) is an intermediary between the Authentication Server and the Client. The Authenticator serves two purposes when utilizing the 802.1X function. The first purpose is to request certification information from the Client through EAPOL packets, which is the only information allowed to pass through the Authenticator before access is granted to the Client.
Page 200: Client
Figure 8- 6 The 802.1X Authentication Process The D-Link implementation of 802.1X allows network administrators to choose between two types of Access Control used on the Switch, which are: Port-Based Access Control – This method requires only one user to be authenticated per port by a remote RADIUS server to allow the remaining users on the same port access to the network.
Page 201: Understanding 802.1X Port-Based And Host-Based Network Access Control
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Understanding 802.1X Port-based and Host-based Network Access Control The original intent behind the development of 802.1X was to leverage the characteristics of point-to-point in LANs. As any single LAN segment in such infrastructures has no more than two devices attached to it, one of which is a Bridge Port.
Page 202: Host-Based Network Access Control
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Host-Based Network Access Control Figure 8- 8 Example of Typical Host-Based Configuration In order to successfully make use of 802.1X in a shared media LAN segment, it would be necessary to create “logical”...
Page 203: X Port Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual This window allows you to set the following features: Parameter Description Authentication The Authentication Mode allows the user to choose among, Disabled, Port Based or MAC Mode Based Authentication Mode. When choosing MAC Based, Host-based Network Access Control will be enabled on the port.
Page 204: X User Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual SuppTimeout This value determines timeout conditions in the exchanges between the Authenticator and the (1-65535) client. The default setting is 30 seconds. ServerTimeout This value determines timeout conditions in the exchanges between the Authenticator and the (1-65535) authentication server.
Page 205: Guest Vlan Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual To view this window, click Security > 802.1X > 802.1X User, as shown below: Figure 8- 11 802.1X User window Guest VLAN Settings On 802.1X security enabled networks, there is a need for non 802.1X supported devices to gain limited access to...
Page 206: Radius
Click Apply to implement the 802.1X Guest VLAN. Once properly configured, the Guest VLAN Name and associated ports will be listed in the lower part of the window. NOTE: For more information and configuration examples for the 802.1X Guest VLAN function, please refer to the Guest VLAN Configuration Example located on the D-Link website. RADIUS The RADIUS section includes Authentication RADIUS Server Settings, RADIUS Accounting Settings, RADIUS Authentication, and RADIUS Account Client.
Page 207: Radius Accounting Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Parameter Description Index Choose the desired RADIUS server to configure: 1, 2 or 3. IPv4 Address/IPv6 Select either IPv4 Address or IPv6 Address to set the RADIUS Server IP. Address Authentication Port Set the RADIUS authentication server(s) UDP port.
Page 208: Radius Authentication
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Figure 8- 15 RADIUS Accounting Settings window RADIUS Authentication This table contains information concerning the activity of the RADIUS authentication client on the client side of the RADIUS authentication protocol. To view this window, click Security > RADIUS > RADIUS Authentication, as shown below: Figure 8- 16 RADIUS Authentication window The user may also select the desired time interval to update the statistics, between 1s and 60s, where “s”...
Page 209: Radius Account Client
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual authentication server. AccessAccepts The number of RADIUS Access-Accept packets (valid or invalid) received from this server. AccessRejects The number of RADIUS Access-Reject packets (valid or invalid) received from this server. AccessChallenges The number of RADIUS Access-Challenge packets (valid or invalid) received from this server.
Page 210: Ip-Mac-Port Binding (Impb)
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Identifier The NAS-Identifier of the RADIUS account. (This is not necessarily the same as sysName in MIB II.) ServerIndex The identification number assigned to each RADIUS Accounting server that it shares a secret with.
Page 211: Impb Port Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Trap/Log field will enable and disable the sending of trap log messages for IP-MAC binding. When enabled, the Switch will send a trap message to the SNMP agent and the Switch log when an ARP packet is received that doesn’t match the IP-MAC binding configuration set on the Switch.
Page 212 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Figure 8- 19 IMPB Port Settings window The following fields can be set or modified: Parameter Description From Port /To Port Select a port or range of ports to set for IP-MAC binding.
Page 213: Impb Entry Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual When the packet is found by the entry, the MAC address will be set to dynamic state. If the packet is not found by the entry, the MAC address will be set to block. Other packets will be bypassed.
Page 214: Mac Block List
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual MAC Block List This window is used to view unauthorized devices that have been blocked by IP-MAC binding restrictions. To find an unauthorized device that has been blocked by the IP-MAC binding restrictions, enter the VID and MAC Address in the appropriate fields and click Find.
Page 215: Dhcp Snooping Entry
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual DHCP Snooping Entry This window is used to configure DHCP snooping entry settings. To view this window, click Security > IP-MAC-Port Binding > DHCP Snooping > DHCP Snooping Entry, as shown below:...
Page 216: Nd Snoop Entry
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual From Port/To Port Select the port or range of ports to configure. Maximum Entry (1- Enter the maximum number of entries. The range is 1 to 10. Alternatively, tick the No Limit check box.
Page 217: Mac-Based Access Control Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual MAC-based Access Control Settings The following window is used to set the parameters for the MAC-based Access Control function on the Switch. Here the user can set the running state, method of authentication, RADIUS password and view the Guest VLAN configuration to be associated with the MAC-based Access Control function of the Switch.
Page 218: Mac-Based Access Control Local Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Password Enter the password for the RADIUS server which is to be used for packets being sent requesting authentication. The default password is “default”. RADIUS Authorization Toggle Enabled and Disabled. The user can enable or disable this option to enable RADIUS Authorization or not.
Page 219: Mac-Based Access Control Authentication
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Figure 8- 27 MAC-based Access Control Local MAC Settings To add a MAC address to the local authentication list, enter the MAC address and the target VLAN name into their appropriate fields and click Apply. To change a MAC address or a VLAN in the list, click the corresponding Edit button.
Page 220: Web-Based Access Control (Wac)
WAC by attempting to gain Web access. D-Link’s implementation of WAC uses a virtual IP that is exclusively used by the WAC function and is not known by any other modules of the Switch. In fact, to avoid affecting a Switch’s other features, WAC will only use a virtual IP address to communicate with hosts.
Page 221: Conditions And Limitations
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Figure 8- 29 Web-based Access Control Conditions and Limitations 1. Certain functions exist on the Switch that will filter HTTP packets, such as the Access Profile function. The user needs to be very careful when setting filter functions for the target VLAN, so that these HTTP packets are not denied by the Switch.
Page 222: Wac Global Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual WAC Global Settings Users can configure the Switch for Web authentication. To view this window, click Security > Web-based Access Control (WAC) > WAC Global Settings, as shown below: Figure 8- 30 WAC Global Settings...
Page 223: Wac Port Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Figure 8- 31 WAC User Settings window To set the Web-based Access Control for the Switch, complete the following fields: Parameter Description User Name Enter the user name of up to 15 alphanumeric characters of the guest wishing to access the Web through this process.
Page 224: Wac Authentication State
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual From Port Use this drop-down menu to select the beginning port of a range of ports to be enabled as WAC ports. To Port Use this drop-down menu to select the ending port of a range of ports to be enabled as WAC ports.
Page 225: Compound Authentication
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Original RX VID Display the VID from which the user being authenticated originated. State Display the state of WAC authentication. Display the assigned VLAN. Assigned Priority Display the assigned priority. Aging Time/Block...
Page 226: X & Impb Mode
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual 802.1X & IMPB Mode This mode adds an extra layer of security by checking the IP MAC-Binding Port Binding (IMPB) table before trying one of the supported authentication methods. The IMPB Table is used to create a ‘white list’ that checks if the IP streams being sent by authorized hosts have been granted or not.
Page 227: Compound Authentication Guest Vlan Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual 802.1X+IMPB, IMPB+WAC, and MAC+IMPB. None means all compound authentication methods are disabled. Any (MAC, 802.1X or WAC) means if any of the authentication methods pass, then access will be granted. In this mode, MBAC, 802.1X, and WAC can be enabled on a port at the same time.
Page 228: Port Security
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Port Security The Port Security section includes Port Security Settings, Port Security VLAN Settings, and Port Security Entries. Port Security Settings A given ports’ (or a range of ports') dynamic MAC address learning can be locked such that the current source MAC addresses entered into the MAC address forwarding table cannot be changed once the port lock is enabled.
Page 229: Port Security Vlan Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Port Security VLAN Settings This table is used to set the maximum port-security entries that can be learned on a specific VLAN. To view this window, click Security > Port Security > Port Security VLAN Settings, as shown below:...
Page 230: Bpdu Attack Protection Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Click Apply to implement changes. BPDU Attack Protection Settings This window is used to configure the BPDU protection function for the ports on the switch. In generally, there are two states in BPDU protection function. One is normal state, and another is under attack state. The under attack state have three modes: drop, block, and shutdown.
Page 231: Loopback Detection Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Click Apply to implement changes made. Loopback Detection Settings The Loopback Detection function is used to detect the loop created by a specific port. This feature is used to temporarily shut down a port on the Switch when a loop detecting packet has been looped back to the switch. When the Switch detects that these packets are received from a port or a VLAN, it signifies a loop on the network.
Page 232: Traffic Segmentation Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Click Apply to implement changes made. Traffic Segmentation Settings Traffic segmentation is used to limit traffic flow from a single port to a group of ports on either a single switch or a group of ports on another switch in a switch stack.
Page 233: Dhcp Server Screening
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual This window is used to configure the NetBIOS Filtering Setting. To view this window, click Security > NetBIOS Filtering Settings, as shown below: Figure 8- 42 NetBIOS Filtering Settings window Enter the ports you wish to configure to filter NetBIOS packets from specified ports and click Apply.
Page 234: Dhcp Offer Permit Entry Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Figure 8- 43 DHCP Screening Port Settings window The following parameters can be set: Parameter Description DHCP Server Enable or disable the DHCP server screening trap and log state. The default value is Screening Trap Log Disabled.
Page 235: Access Authentication Control
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual The user may set the following parameters: Parameter Description Server IP Address The IP address of the DHCP server. Client’s MAC Address The MAC address of the DHCP client. Ports (e.g: 1-3, 5) Choose the range of ports to use as the DHCP server, or tick the All Ports check box to use all the ports on the switch.
Page 236: Enable Admin
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Please note that when the user logins to the device successfully through TACACS/XTACACS/TACACS+server or none method, the “user” privilege level is the only level assigned. If the user wants to get the administration privilege level, the user must use the “enable admin”...
Page 237: Application Authentication Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Application Authentication Settings This window is used to configure switch configuration applications (console, Telnet, SSH, web) for login at the user level and at the administration level (Enable Admin) utilizing a previously configured method list.
Page 238 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Figure 8- 48 Authentication Server Group Settings window The Switch has four built-in Authentication Server Groups that cannot be removed but can be modified. To modify a particular group, click on its corresponding Edit button or click the Edit Server Group tab at the top of this window, the following screen will be displayed.
Page 239: Authentication Server Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual NOTE: The four built in server groups can only have server hosts running the same TACACS daemon. TACACS/XTACACS/TACACS+ protocols are separate entities and are not compatible with each other. Authentication Server Settings This window will set user-defined Authentication Server Hosts for the TACACS/XTACACS/TACACS+/RADIUS security protocols on the Switch.
Page 240: Login Method Lists Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual NOTE: More than one authentication protocol can be run on the same physical server host but, remember that TACACS/XTACACS/TACACS+ are separate entities and are not compatible with each other Login Method Lists Settings This command will configure a user-defined or default Login Method List of authentication techniques for users logging on to the Switch.
Page 241: Enable Method Lists Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual server_group – Adding this parameter will require the user to be authenticated using a user- defined server group previously configured on the Switch. local – Adding this parameter will require the user to be authenticated using the local user account database on the Switch.
Page 242: Local Enable Password Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Password must set the local enable password. none – Adding this parameter will require no authentication to access the Switch. radius – Adding this parameter will require the user to be authenticated using the RADIUS protocol from a remote RADIUS server.
Page 243: Download Certificate
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual process between client and host as they “exchange keys” in looking for a match and therefore authentication to be accepted to negotiate encryptions on the following level. Encryption: The second part of the ciphersuite that includes the encryption used for encrypting the messages sent between client and host.
Page 244 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Figure 8- 54 SSL Settings window To set up the SSL function on the Switch, configure the following parameters and click Apply. Parameter Description SSL Settings Enable or disable the SSL status on the switch. The default is disabled.
Page 245: Ssh Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual NOTE: Enabling the SSL command will disable the web-based switch management. To log on to the Switch again, the header of the URL must begin with https://. Entering anything else into the address field of the web browser will result in an error and no authentication will be granted.
Page 246: Ssh Authentication Method And Algorithm Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Timeout (120-600) seconds. The default setting is 120 seconds. Authfail Attempts Allows the Administrator to set the maximum number of attempts that a user may try to log on (2-20) to the SSH Server utilizing the SSH authentication. After the maximum number of attempts has been exceeded, the Switch will be disconnected and the user must reconnect to the Switch to attempt another login.
Page 247: Ssh User Authentication List
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual AES128-CBC Tick the check box to enable the Advanced Encryption Standard AES128 encryption algorithm with Cipher Block Chaining. The default is enabled. AES192-CBC Tick the check box to enable the Advanced Encryption Standard AES192 encryption algorithm with Cipher Block Chaining.
Page 248: Trusted Host Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual User Name Enter a User Name of no more than 15 characters to identify the SSH user. This User Name must be a previously configured user account on the Switch. Auth. Mode The administrator may choose one of the following to set the authorization for users attempting to access the Switch.
Page 249: Safeguard Engine Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Figure 8- 59 Trusted Host window To delete an entry click the corresponding Delete button. Safeguard Engine Settings Periodically, malicious hosts on the network will attack the Switch by utilizing packet flooding (ARP Storm) or other methods.
Page 250 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Figure 8- 60 Mapping QoS on the Switch For every consecutive checking interval that reveals a packet flooding issue, the Switch will double the time it will accept a few ingress ARP and IP broadcast packets. In the example above, the Switch doubled the time for dropping ARP and IP broadcast packets when consecutive flooding issues were detected at 5-second intervals.
Page 251 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual To configure the Switch’s Safeguard Engine, change the State to Enabled when the Safeguard Engine is enabled a green light will show on the gray bar at the top of this window, next to Safeguard. To set the Safeguard Engine for the...
Page 252: Network Application
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Section 9 Network Application DHCP Relay DHCP Server DHCPv6 SNTP DHCP The DHCP section includes DHCP Relay, DHCP Server, DHCP Local Relay Settings, and DHCPv6 Relay. DHCP Relay The DHCP Relay section inlcudes DHCP Relay Global Settings, DHCP Relay Interface Settings, DHCP Relay Option 60 Server Settings, DHCP Relay Option 60 Settings, and DHCP Relay Option 61 Settings.
Page 253 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual (0-65535) of the DHCP packet. If a non-zero value is entered, the Switch will use that value, along with the hop count to determine whether to forward a given DHCP packet. DHCP Relay This field can be toggled between Enabled and Disabled using the pull-down menu.
Page 254: The Implementation Of Dhcp Information Option 82 On The Switch
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual NOTE: If the Switch receives a packet that contains the option-82 field from a DHCP client and the information-checking feature is enabled, the switch drops the packet because it is invalid. However, in some instances, you might configure a client with the option-82 field.
Page 255: Dhcp Relay Interface Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual DHCP Relay Interface Settings This window allows the user to set up a server, by IP address, for relaying DHCP information to the Switch. The user may enter a previously configured IP interface on the Switch that will be connected directly to the DHCP/BOOTP server using the following window.
Page 256: Dhcp Relay Option 60 Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual DHCP Relay Option 60 Settings This window is used to configure option 60 relay rules on the Switch. Different strings can be specified for the same relay server, and the same string can be specified with multiple relay servers. The system will relay the packet to all the matching servers.
Page 257: Dhcp Server
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual The following parameters may be configured: Parameter Description DHCP Relay Option Select the DHCP Relay Option 61 default action. 61 Default Drop – Specify to drop the packet. Relay – Specify to relay the packet to an IP address.
Page 258 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual server will discard the current IP address and try another IP address. Ping Timeout Choose the amount of time the DHCP server must waits before timing out a ping packet. The default value is 100.
Page 259: Dhcp Server Exclude Address Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual DHCP Server Exclude Address Settings The DHCP server assumes that all IP addresses in a DHCP pool subnet are available for assigning to DHCP clients. You must use this page to specify the IP address that the DHCP server should not assign to clients. This command can be used multiple times in order to define multiple groups of excluded addresses.
Page 260 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Figure 9- 10 DHCP Server Pool Settings (Edit) window The fields that can be configured are described below: Parameter Description IP Address Enter the IP address. Netmask Enter the Netmask. NetBIOS Node Type NetBIOS node type for a Microsoft DHCP client.
Page 261: Dhcp Server Manual Binding
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual DHCP Server Manual Binding An address binding is a mapping between the IP address and MAC address of a client. The IP address of a client can be assigned manually by an administrator or assigned automatically from a pool by a DHCP server. The dynamic binding entry will be created when an IP address is assigned to the client from the pool network’s address.
Page 262: Dhcp Conflict Ip
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual DHCP Conflict IP The DHCP server will use PING packet to determine whether an IP address is conflict with other host before binding this IP. The IP address which has been identified conflict will be moved to the conflict IP database. The system will not attempt to bind the IP address in the conflict IP database unless the user clears it from the conflict IP database.
Page 263: Dhcpv6 Relay Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Parameter Description DHCPv6 Relay State Enable DHCPv6 relay or disable DHCPv6 relay globally on the Switch. Click Apply to change the DHCPv6 relay status. DHCPv6 Relay Hop Set the number of hops allowed for DHCPv6 relay. The default value is 4.
Page 264: Dns Relay
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual DNS Relay Computer users usually prefer to use text names for computers for which they may want to open a connection. Computers themselves, require 32 bit IP addresses. Somewhere, a database of network devices’ text names and their corresponding IP addresses must be maintained.
Page 265: Dns Relay Static Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Parameter Description DNS Relay State Enable or disable the DNS relay state. Primary Name Server Enter the primary DNS server IP address. Secondary Name Enter the secondary DNS server IP address. Server DNS Relay Cache Enable or disable the DNS relay cache state.
Page 266 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Figure 9- 19 SNTP Settings window The fields that can be configured are described below: Parameter Description SNTP State Use this radio button to enable or disable SNTP. Current Time Displays the Current Time.
Page 267: Time Zone Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Time Zone Settings Users can configure time zones and Daylight Savings Time settings for SNTP. To view this window, click Network Application > SNTP > Time Zone Settings, as shown below: Figure 9- 20 Time Zone Settings window...
Page 268 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual To: Which Week Of Enter the week of the month the DST will end. The Month To: Day Of Week Enter the day of the week that DST will end. To: Month Enter the month that DST will end.
Page 269 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Section 10 Ethernet OAM DULD Settings Cable Diagnostics Connectivity Fault Management (CFM) is defined by IEEE 802.1ag, which is a standard for detecting, isolating and reporting connectivity faults in a network. CFM is an end-to-end per-service-instance Ethernet layer operation, administration, and management (OAM) function.
Page 270 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Maintenance Point A maintenance point in CFM is a point of demarcation on a port within a maintenance domain. Maintenance points filter CFM frames within the boundries of an MD by dropping frames that do not belong to the correct maintenance level.
Page 271: Cfm Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual CFM Settings This window is used to configure Connectivity Fault Management (CFM) settings. To view this window, click OAM > CFM > CFM Settings, as shown below: Figure 10- 1 CFM Settings window...
Page 272 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Figure 10- 2 CFM MA Settings (Add) window The fields that can be configured are described below: Parameter Description Enter the maintenance association name. The VLAN Identifier. Each different MA must be associated with a different VLAN.
Page 273 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Figure 10- 3 CFM MIP Table window To add a MEP, click on the Add MEP button next to a configured MA at the bottom of the CFM Settings window. The following window opens:...
Page 274 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Figure 10- 5 CFM MEP Information window To re-configure the MEP entry, click on the Edit button. Figure 10- 6 CFM MEP Information (Edit) window The fields that can be configured are described below:...
Page 275 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Xcon CCM - Only the fault alarms whose priority is equal to or higher than “Cross-connect CCM Received” are sent. None - No fault alarm is sent. This is the default value.
Page 276: Cfm Port Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual The fields that can be configured are described below: Parameter Description State Tick the check box to toggle between Enabled and Disabled. Enabled – The CFM Extension LCK setting state is Enabled.
Page 277: Cfm Loopback Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual CFM Loopback Settings This window is used to configure the CFM Loopback settings on the Switch. To view this window, click OAM > CFM > CFM Loopback Settings, as shown below: Figure 10- 10 CFM Loopback Settings window...
Page 278: Cfm Linktrace Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual CFM Linktrace Settings This window is used to configure the CFM linktrace settings on the Switch. To view this window, click OAM > CFM > CFM Linktrace Settings, as shown below: Figure 10- 11 CFM Linktrace Settings window...
Page 279: Cfm Packet Counter
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual CFM Packet Counter This window displays the CFM packet Rx/Tx counters on the Switch. Enter the ports to view and click Find. To view this window, click OAM > CFM > CFM Packet Counter, as shown below:...
Page 280: Ethernet Oam
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Ethernet OAM The Ethernet OAM section includes Ethernet OAM Settings, Ethernet OAM Configuraion Settings, Ethernet OAM Event Log, and Ethernet OAM Statistics. Ethernet OAM Settings This window is used to configure the ports Ethernet OAM mode. In Active mode the ports can initiate OAM discovery and start or stop remote loopback.
Page 281: Ethernet Oam Configuration Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Ethernet OAM Configuration Settings This window is used to configure and display the primary controls and status information for Ethernet OAM on the Switch. To view this window, click OAM > Ethernet OAM > Ethernet OAM Configuration Settings, as shown below:...
Page 282: Ethernet Oam Event Log
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Ethernet OAM Event Log This window allows the user to view the Ethernet OAM event log information. The Switch can buffer up to 1000 event logs. The event log will provide and record detailed information about each OAM event. Specify the port number you wish to view and click Find.
Page 283: Duld Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual DULD Settings The Switch features a D-Link Unidirectional Link Detection (DULD) module. The unidirectional link detection provides a mechanism that can be used to detect unidirectional link for Ethernet switches whose PHYs do not support unidirectional OAM operation.
Page 284: Monitoring
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Section 11 Monitoring Utilization Statistics Mirror sFlow Ping Test Trace Route Peripheral Utilization The Utilization windows include CPU Utilization, DRAM & Flash Utilization, and Port Utilization. CPU Utilization This window displays the percentage of the CPU being used, expressed as an integer percentage and calculated as a simple average by time interval.
Page 285: Dram & Flash Utilization
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Show/Hide Check whether or not to display Five Secs, One Min, and Five Mins. DRAM & Flash Utilization On this window the user can view information regarding DRAM and Flash utilization. To view this window, click Monitoring > DRAM & Flash Utilization, as shown below: Figure 11- 2 DRAM &...
Page 286: Statistics
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual is 200. Show/Hide Check whether or not to display Port Util. Statistics The Statistics section includes Port Statistics, Packet Size, VLAN Counter Statistics, and Historical Counter & Utilization. Port Statistics The Port Statistics section includes Packets and Errors.
Page 287: Umb_Cast (Rx)
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Figure 11- 5 Received (RX) Table window (for Bytes and Packets) The following fields may be set or viewed: Parameter Description Port Use the drop-down menu to choose the port that will display statistics.
Page 288 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Figure 11- 6 UMB_cast (RX) window (for Unicast, Multicast, and Broadcast Packets) To view the UMB_cast (RX) Table window, click the View Table link. Figure 11- 7 UMB_cast (RX) Table window (for Unicast, Multicast, and Broadcast Packets)
Page 289: Transmitted (Tx)
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Multicast Count the total number of good packets that were received by a multicast address. Broadcast Count the total number of good packets that were received by a broadcast address. Show/Hide Check whether or not to display Multicast, Broadcast, and Unicast Packets.
Page 290 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Figure 11- 9 Transmitted (TX) Table window (for Bytes and Packets) The following fields may be set or viewed: Parameter Description Port Use the drop-down menu to choose the port that will display statistics.
Page 291: Errors
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Errors The Web Manager allows port error statistics compiled by the Switch's management agent to be viewed as either a line graph or a table. Four windows are offered. Received (RX) To select a port to view these statistics or, select the port by using the Port pull-down menu. The user may also use the real-time graphic of the Switch at the top of the web page by simply clicking on a port.
Page 292 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Parameter Description Port Use the drop-down menu to choose the port that will display statistics. Time Interval Select the desired setting between 1s and 60s, where "s" stands for seconds. The default value is one second.
Page 293: Transmitted (Tx)
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Transmitted (TX) To select a port to view these statistics or, select the port by using the Port pull-down menu. The user may also use the real-time graphic of the Switch at the top of the web page by simply clicking on a port.
Page 294 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual value is one second. Record Number Select number of times the Switch will be polled between 20 and 200. The default value is 200. ExDefer Count the number of packets for which the first transmission attempt on a particular interface was delayed because the medium was busy.
Page 295: Packet Size
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Packet Size The Web Manager allows packets received by the Switch, arranged in six groups and classed by size, to be viewed as either a line graph or a table. Two windows are offered. To select a port to view these statistics for, select the port by using the Port pull-down menu.
Page 296: Vlan Counter Statistics
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Port Use the drop-down menu to choose the port that will display statistics. Time Interval Select the desired setting between 1s and 60s, where "s" stands for seconds. The default value is one second.
Page 297: Historical Counter & Utilization
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual VLAN Name Specifies the VLAN Name. VID (1-4094) Specifies the VLAN ID. Port List Specifies the ports that are attached to the VLAN. Enter the appropriate information and click Find, the informationwill be displayed in the VLAN Counter Statistics Table.
Page 298: Historical Utilization
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Historical Utilization This window displays information regarding the historical utilization of the CPU and memory. The counters are set up in 15-minute and one-day intervals. There is a maximum of five 15-minute historical utilization entries supported for each port, with one being the most recent 15 minutes of data.
Page 299: Rspan Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Figure 11- 19 Port Mirror window To configure a mirror port: 1. Change the status to Enabled. 2. Select the Source Port from where you want to the frames to come from.
Page 300: Sflow
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Figure 11- 21 RSPAN Settings window (Modify) Enter the Source Ports or Redirect Ports you wish to Add or Delete and click Apply. To return to the RSPAN Settings window click <<Back.
Page 301: Sflow Flow Sampler Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Analyzer Server ID (1-4) Up to four sFlow Analyzer Servers can be configured. Owner Name The entity making use of this sflow analyzer server. Timeout (1-2000000) The length of time before the server is timed out. When the analyzer server times out, all of the flow samplers and counter pollers associated with this analyzer server will be deleted.
Page 302: Sflow Counter Poller Settings
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual sFlow Counter Poller Settings This window is used to create the sflow counter poller settings on the Switch. Within the sflow counter poller function, the port statistics counter information will be forwarded to the server at the configured interval. These counters are RFC 2233 counters.
Page 303: Trace Route
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual The following parameters may be configured: Parameter Description IPv4 Ping Test Target IP Address Enter the Target IPv4 Address of the host. Repeat Pinging for Click the Infinite times radio button, which will tell the ping program to keep sending ICMP Echo packets to the specified IP address until the program is stopped.
Page 304: Peripheral
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual trace route packet can pass. The trace route option will cross while seeking the network path between two devices. The range for the TTL is 1 to 60 hops. Port The port number. The value range is from 30000 to 64900.
Page 305: Save And Tools
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Section 12 Save and Tools Save Configuration ID 1 Save Configuration ID 2 Save Log Save All Configuration File Backup & Restore Upload Log File Reset Download Firmware Reboot System Save Configuration ID 1 This window is used to save the configuration file indexed as Image file 1.
Page 306: Save Log
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Save Log This window is used to save the configuration log only. To view this window, click Save > Save Log, as shown below: Figure 12- 3 Save Log window Save All This window is used to save the current configuration settings to the current Boot Up Configuration file and save the current log.
Page 307: Configuration File Backup & Restore
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Configuration File Backup & Restore The Switch supports dual image storage for configuration file backup and restoration. The firmware and configuration images are indexed by ID number 1 or 2. To change the boot firmware image, use the Configuration ID drop-down menu to select the desired configuration file to backup or restore.
Page 308: Upload Log File
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Upload Log File The following window is used to upload a log file for the Switch. To view this window, click Tools > Upload Log File, as shown below: Figure 12- 6 Upload Log File window To upload a history or attack log from the Switch to a TFTP server, enter a Server IP address, and file/path name and then click Upload or Upload Attack Log.
Page 309: Download Firmware
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Download Firmware The following window is used to download firmware for the Switch. To view this window, click Tools > Download Firmware, as shown below: Figure 12- 8 Download Firmware window To download firmware from a TFTP server, enter the TFTP Server IP address, the path/File name and select the desired Image ID.
Page 310: Mitigating Arp Spoofing Attacks Using Packet Content Acl
IP address is known. This protocol is vulnerable because it can spoof the IP and MAC information in the ARP packets to attack a LAN (known as ARP spoofing). This document is intended to introduce ARP protocol, ARP spoofing attacks, and the counter measure brought by D-Link's switches to counter the ARP spoofing attack. •...
Page 311 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Destination Source address Ether-type address FF-FF-FF-FF-FF-FF 00-20-5C-01-11-11 Table- (Ethernet frame format) When the switch receives the frame, it will check the “Source Address” in the Ethernet frame’s header. If the address is not in its Forwarding Table, the switch will learn PC A’s MAC and the associated port into its Forwarding Table.
Page 312 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Figure-3 When PC B replies to the ARP request, its MAC address will be written into “Target H/W Address” in the ARP payload shown in Table-3. The ARP reply will be then encapsulated into the Ethernet frame again and sent back to the sender.
Page 313 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual How ARP spoofing attacks a network ARP spoofing, also known as ARP poisoning, is a method to attack an Ethernet network which may allow an attacker to sniff data frames on a LAN, modify the traffic, or stop the traffic altogether (known as a Denial of Service - DoS attack).
Page 314 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Gratuitous ARP Ethernet Destination Source Ethernet H/W type Protocol Protocol Operation Sender H/W Sender Target H/W Target address address type type address address address protocol address protocol length length address address (6-byte)
Page 315 • Prevent ARP spoofing via packet content ACL Concerning the common DoS attack today caused by the ARP spoofing, D-Link managed switch can effectively mitigate it via its unique Packet Content ACL. For that reason the basic ACL can only filter ARP packets based on packet type, VLAN ID, Source and Destination MAC information, there is a need for further inspections of ARP packets.
Page 316 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Offset Offset Offset Offset Offset Offset Offset Offset Offset Offset Offset Offset Offset Offset Offset Offset Offset Chunk Chunk0 Chunk1 Chunk2 Chunk3 Chunk4 Chunk5 Chunk6 Chunk7 Chunk8 Chunk9 Chunk10 Chunk11 Chunk12 Chunk13...
Page 317 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual...
Page 318: System Log Entries
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Appendix B System Log Entries The following table lists all possible entries and their corresponding meanings that will appear in the System Log of this Switch. Category Event Description Log Information Severity...
Page 319 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Log message upload was Log message upload by <console | telnet | WEB | SSH Warning unsuccessful | SNMP | SIM> was unsuccessful! (Username: <username>) Interface Port link up Port <portNum> link up, <link state>...
Page 320 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Spanning Tree Protocol is Spanning Tree Protocol is disabled Informational disabled Successful login through SSH Successful login through SSH (Username: Informational <username>, IP: <ipaddr>, MAC: <macaddr>) Login failed through SSH Login failed through SSH (Username: <username>, IP: Warning <ipaddr>, MAC: <macaddr>)
Page 321 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Login failed through Telnet Login failed through Telnet from <userIP> Warning authenticated by AAA local authenticated by AAA local method (Username: method <username>, MAC: <macaddr>) Successful login through SSH Successful login through SSH from <userIP>...
Page 322 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual server <username>, MAC: <macaddr>) Login failed through Telnet Login failed through Telnet from <userIP> Warning authenticated by AAA server authenticated by AAA server <serverIP> (Username: <username>, MAC: <macaddr>) Successful login through SSH Successful login through SSH from <userIP>...
Page 323 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Successful Enable Admin Successful Enable Admin through SSH from <userIP> Informational through SSH authenticated by authenticated by AAA none method (Username: AAA none method <username>, MAC: <macaddr>) Successful Enable Admin Successful Enable Admin through Console...
Page 324 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Web(SSL) from <userIP> due due to AAA server timeout or improper configuration to AAA server timeout or (Username: <username>,MAC: <mac>) improper configuration. Login failed through Telnet Login failed through Telnet from <userIP> due to AAA...
Page 325 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Unauthenticated IP address Unauthenticated IP-MAC address and discarded by Warning encountered and discarded by IP-MAC port binding (IP: <ipaddr>, MAC: <macaddr>, IP-MAC port binding Port: <portNum>) Loop-back LBD loop occurred Port <portNum> LBD loop occurred. Port blocked...
Page 326 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Password change activity Password was changed by (Username: <username>) Informational Dual Excution error encountered Configuration had <int> syntax error and <int> execute Warning Configuration druring system boot-up error 802.1X VID assigned from RADIUS...
Page 327 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual DGS-3700 Series Trap List Trap Name/OID Variable Bind Format MIB Name Severity coldStart None RFC1907 Critical 1.3.6.1.6.3.1.1.5.1 (SNMPv2-MIB) WarmStart None RFC1907 Critical 1.3.6.1.6.3.1.1.5.2 (SNMPv2-MIB) authenticationFailure None RFC1907 Informational 1.3.6.1.6.3.1.1.5.5 (SNMPv2-MIB) linkDown ifIndex,...
Page 328 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual swMacBasedAuthLoggedSuccess swMacBasedAuthLoggedSucc MBA-MIB Warning 1.3.6.1.4.1.171.12.35.11.1.0.1 SwMacBasedAuthLoggedFail SwMacBasedAuthLoggedFail MBA-MIB Warning 1.3.6.1.4.1.171.12.35.11.1.0.2 SwMacBasedAuthAgesOut SwMacBasedAuthAgesOut MBA-MIB Warning 1.3.6.1.4.1.171.12.35.11.1.0.3 SwExternalAlarm swExternalAlarm EQUIPMENT- Warning 1.3.6.1.4.1.171.12.11.2.2.5.0.1 SwDdmAlarmTrap swDdmAlarmTrap DDM-MIB Warning 1.3.6.1.4.1.171.12.72.4.0.1 SwDdmWarningTrap swDdmWarningTrap DDM-MIB Warning 1.3.6.1.4.1.171.12.72.4.0.2 swL2PortLoopOccurred swL2PortLoopOccurred...
Page 329: Glossary
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual Appendix C Glossary 1000BASE-SX: A short laser wavelength on multimode fiber optic cable for a maximum length of 500 meters 1000BASE-LX: A long wavelength for a "long haul" fiber optic cable for a maximum length of 10 kilometers 1000BASE-T: 1000Mbps Ethernet implementation over Category 5E cable.
Page 330 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual LAN - Local Area Network: A network of connected computing resources (such as PCs, printers, servers) covering a relatively small geographic area (usually not larger than a floor or building). Characterized by high data rates and low error rates.
Page 331: Password Recovery Procedure
This section will explain how the Password Recovery feature can help network administrators reach this goal. The following steps explain how to use the Password Recovery feature on D-Link devices to easily recover passwords. Complete these steps to reset the password: For security reasons, the Password Recovery feature requires the user to physically access the device.
Page 332 DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual In the “Password Recovery Mode” only the following commands can be used. Command Parameters reset config This command resets the whole configuration back to the default values. reboot This command exits the Reset Password Recovery Mode and restarts the switch.

This manual is also suitable for:

Dgs-3700-12g

D-Link DGS-3700-12 User Manual

Quick Links

User Manual

Related Manuals for D-Link DGS-3700-12

Summary of Contents for D-Link DGS-3700-12