User manual D-LINK DES-3250TG

D-Link TM DES-3250TG Standalone Layer 2 Switch User's Guide ____________________ Information in this document is subject to change without notice. © 2003 D-Link Computer Corporation. All rights reserved. Reproduction in any manner whatsoever without the written permission of D-Link Computer Corporation is strictly forbidden. Trademarks used in this text: D-Link and the D-Link logo are trademarks of D-Link Computer Corporation; Microsoft and Windows are registered trademarks of Microsoft Corporation. Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products. D-Link Computer Corporation disclaims any proprietary interest in trademarks and trade names other than its own. FCC Warning This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with this user's guide, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference in which case the user will be required to correct the interference at his own expense. CE Mark Warning This is a Class A product. In a domestic environment, this product may cause radio interference in which case the user may be required to take adequate measures. Warnung! Dies ist ein Produkt der Klasse A. Im Wohnbereich kann dieses Produkt Funkstoerungen verursachen. In diesem Fall kann vom Benutzer verlangt werden, angemessene Massnahmen zu ergreifen. Precaución! Este es un producto de Clase A. En un entorno doméstico, puede causar interferencias de radio, en cuyo case, puede requerirse al usuario para que adopte las medidas adecuadas. Attention! Ceci est un produit de classe A. Dans un environnement domestique, ce produit pourrait causer des interférences radio, auquel cas l`utilisateur devrait prendre les mesures adéquates. Attenzione! Il presente prodotto appartiene alla classe A. Se utilizzato in ambiente domestico il prodotto può causare interferenze radio, nel cui caso è possibile che l`utente debba assumere provvedimenti adeguati. VCCI Warning BSMI Warning October 2003 P/N 651TG3250045 Table of Contents Introduction .......................................................................................................................................... 1 Features ............................................................................................................................................. 1 Ports ................................................................................................................................................ 1 Performance Features......................................................................................................................... 1 Traffic Classification and Prioritization ............................................................................................. 2 Management .................................................................................................................................... 2 Fast Ethernet Technology ................................................................................................................... 3 Gigabit Ethernet Technology............................................................................................................... 3 Unpacking and Setup............................................................................................................................ 4 Unpacking .......................................................................................................................................... 4 Installation ......................................................................................................................................... 4 Desktop or Shelf Installation ............................................................................................................ 4 Rack Installation .............................................................................................................................. 5 Power on............................................................................................................................................. 6 Power Failure ................................................................................................................................... 6 Identifying External Components .......................................................................................................... 7 Front Panel......................................................................................................................................... 7 Rear Panel .......................................................................................................................................... 7 Side Panels ......................................................................................................................................... 8 Gigabit Combo Ports........................................................................................................................... 8 LED Indicators ................................................................................................................................... 9 Connecting The Switch........................................................................................................................ 10 Switch to End Node .......................................................................................................................... 10 Switch to Hub or Switch ................................................................................................................... 10 10BASE-T Device ........................................................................................................................... 11 100BASE-TX Device ....................................................................................................................... 11 Switch Management and Operating Concepts ..................................................................................... 12 Local Console Management .............................................................................................................. 12 Diagnostic (console) port (RS-232 DCE).......................................................................................... 12 Switch IP Address............................................................................................................................. 13 SNMP ............................................................................................................................................... 14 MIBs................................................................................................................................................. 15 Packet Forwarding ............................................................................................................................ 16 802.1w Rapid Spanning Tree ............................................................................................................ 16 Link Aggregation............................................................................................................................... 17 VLANs .............................................................................................................................................. 18 IP Addresses ..................................................................................................................................... 23 Internet Protocols ............................................................................................................................. 26 Packet Headers................................................................................................................................. 30 Web-Based Switch Management.......................................................................................................... 35 Introduction ..................................................................................................................................... 35 Before You Start ............................................................................................................................... 35 Getting Started ................................................................................................................................. 35 Configuring the Switch ..................................................................................................................... 36 User Accounts Management ........................................................................................................... 36 Save Changes................................................................................................................................. 37 Using Web-Based Management......................................................................................................... 38 iii Configuration ................................................................................................................................... 40 IP Address...................................................................................................................................... 41 Switch Information......................................................................................................................... 43 Advanced Settings.......................................................................................................................... 44 Port Configuration.......................................................................................................................... 45 Port Mirroring ................................................................................................................................ 47 Link Aggregation ............................................................................................................................ 48 IGMP.............................................................................................................................................. 50 Spanning Tree................................................................................................................................ 53 Forwarding Filtering....................................................................................................................... 58 VLANs ............................................................................................................................................ 60 Port Bandwidth .............................................................................................................................. 65 SNTP Settings ................................................................................................................................ 66 Port Security .................................................................................................................................. 68 QOS (Quality of Service) ................................................................................................................. 70 LACP.............................................................................................................................................. 77 Access Profile Table........................................................................................................................ 79 System Log Servers ........................................................................................................................ 83 PAE Access Entity .......................................................................................................................... 84 Management..................................................................................................................................... 91 Security IP ..................................................................................................................................... 91 User Accounts................................................................................................................................ 91 SNMPV3......................................................................................................................................... 92 Monitoring ...................................................................................................................................... 100 Port Utilization ............................................................................................................................. 100 Packets ........................................................................................................................................ 101 Errors .......................................................................................................................................... 106 Size .............................................................................................................................................. 109 MAC Address ............................................................................................................................... 111 IGMP Snooping Group ................................................................................................................. 113 IGMP Snooping Forwarding.......................................................................................................... 113 VLAN Status ................................................................................................................................ 114 Router Port .................................................................................................................................. 114 Port Access Control ...................................................................................................................... 115 Maintenance................................................................................................................................... 115 TFTP Utilities ............................................................................................................................... 115 Switch History.............................................................................................................................. 117 Ping Test ...................................................................................................................................... 117 Save Changes............................................................................................................................... 118 Reboot Services............................................................................................................................ 118 Logout.......................................................................................................................................... 120 Warranty........................................................................................................................................... 121 All countries and regions except USA ........................................................................................... 121 USA Only ..................................................................................................................................... 122 Technical Specifications .................................................................................................................... 124 Understanding and Troubleshooting the Spanning Tree Protocol....................................................... 126 Index................................................................................................................................................. 135 iv D-Link DES-3250TG Standalone Layer 2 Switch Intended Readers The DES-3250 User's Guide contains information for setup and management and of the DES-3250TG switch. This guide is intended for network managers familiar with network management concepts and terminology. Notes, Notices, and Cautions NOTE: A NOTE indicates important information that helps you make better use of your device. NOTICE: A NOTICE indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. CAUTION: A CAUTION indicates a potential for property damage, personal injury, or death. v D-Link DES-3250TG Standalone Layer 2 Switch Safety Instructions Use the following safety guidelines to ensure your own personal safety and to help protect your system from potential damage. Throughout this safety section, the caution icon ( ) is used to indicate cautions and precautions that you need to review and follow. Safety Cautions To reduce the risk of bodily injury, electrical shock, fire, and damage to the equipment, observe the following precautions. Observe and follow service markings. Do not service any product except as explained in your system documentation. Opening or removing covers that are marked with the triangular symbol with a lightning bolt may expose you to electrical shock. Only a trained service technician should service components inside these compartments. If any of the following conditions occur, unplug the product from the electrical outlet and replace the part or contact your trained service provider: ­ The power cable, extension cable, or plug is damaged. ­ An object has fallen into the product. ­ The product has been exposed to water. ­ The product has been dropped or damaged. ­ The product does not operate correctly when you follow the operating instructions. · Keep your system away from radiators and heat sources. Also, do not block cooling vents. · Do not spill food or liquids on your system components, and never operate the product in a wet environment. If the system gets wet, see the appropriate section in your troubleshooting guide or contact your trained service provider. · Do not push any objects into the openings of your system. Doing so can cause fire or electric shock by shorting out interior components. · Use the product only with approved equipment. · Allow the product to cool before removing covers or touching internal components. · Operate the product only from the type of external power source indicated on the electrical ratings label. If you are not sure of the type of power source required, consult your service provider or local power company. · To help avoid damaging your system, be sure the voltage selection switch (if provided) on the power supply is set to match the power available at your location: ­ 115 volts (V)/60 hertz (Hz) in most of North and South America and some Far Eastern countries such as South Korea and Taiwan ­ 100 V/50 Hz in eastern Japan and 100 V/60 Hz in western Japan ­ 230 V/50 Hz in most of Europe, the Middle East, and the Far East · Also be sure that attached devices are electrically rated to operate with the power available in your location. · Use only approved power cable(s). If you have not been provided with a power cable for your system or for any ACpowered option intended for your system, purchase a power cable that is approved for use in your country. The power cable must be rated for the product and for the voltage and current marked on the product's electrical ratings label. The voltage and current rating of the cable should be greater than the ratings marked on the product. vi D-Link DES-3250TG Standalone Layer 2 Switch Safety Instructions (continued) · To help prevent electric shock, plug the system and peripheral power cables into properly grounded electrical outlets. These cables are equipped with three-prong plugs to help ensure proper grounding. Do not use adapter plugs or remove the grounding prong from a cable. If you must use an extension cable, use a 3-wire cable with properly grounded plugs. Observe extension cable and power strip ratings. Make sure that the total ampere rating of all products plugged into the extension cable or power strip does not exceed 80 percent of the ampere ratings limit for the extension cable or power strip. To help protect your system from sudden, transient increases and decreases in electrical power, use a surge suppressor, line conditioner, or uninterruptible power supply (UPS). Position system cables and power cables carefully; route cables so that they cannot be stepped on or tripped over. Be sure that nothing rests on any cables. Do not modify power cables or plugs. Consult a licensed electrician or your power company for site modifications. Always follow your local/national wiring rules. When connecting or disconnecting power to hot-pluggable power supplies, if offered with your system, observe the following guidelines: ­ Install the power supply before connecting the power cable to the power supply. ­ Unplug the power cable before removing the power supply. ­ If the system has multiple sources of power, disconnect power from the system by unplugging all power cables from the power supplies. Move products with care; ensure that all casters and/or stabilizers are firmly connected to the system. Avoid sudden stops and uneven surfaces. · · · · · · General Precautions for Rack-Mountable Products Observe the following precautions for rack stability and safety. Also refer to the rack installation documentation accompanying the system and the rack for specific caution statements and procedures. Systems are considered to be components in a rack. Thus, "component" refers to any system as well as to various peripherals or supporting hardware. CAUTION: Installing systems in a rack without the front and side stabilizers installed could cause the rack to tip over, potentially resulting in bodily injury under certain circumstances. Therefore, always install the stabilizers before installing components in the rack. After installing system/components in a rack, never pull more than one component out of the rack on its slide assemblies at one time. The weight of more than one extended component could cause the rack to tip over and may result in serious injury. · Before working on the rack, make sure that the stabilizers are secured to the rack, extended to the floor, and that the full weight of the rack rests on the floor. Install front and side stabilizers on a single rack or front stabilizers for joined multiple racks before working on the rack. vii D-Link DES-3250TG Standalone Layer 2 Switch Safety Instructions (continued) Always load the rack from the bottom up, and load the heaviest item in the rack first. Make sure that the rack is level and stable before extending a component from the rack. Use caution when pressing the component rail release latches and sliding a component into or out of a rack; the slide rails can pinch your fingers. After a component is inserted into the rack, carefully extend the rail into a locking position, and then slide the component into the rack. Do not overload the AC supply branch circuit that provides power to the rack. The total rack load should not exceed 80 percent of the branch circuit rating. Ensure that proper airflow is provided to components in the rack. Do not step on or stand on any component when servicing other components in a rack. NOTE: A qualified electrician must perform all connections to DC power and to safety grounds. All electrical wiring must comply with applicable local or national codes and practices. CAUTION: Never defeat the ground conductor or operate the equipment in the absence of a suitably installed ground conductor. Contact the appropriate electrical inspection authority or an electrician if you are uncertain that suitable grounding is available. CAUTION: The system chassis must be positively grounded to the rack cabinet frame. Do not attempt to connect power to the system until grounding cables are connected. Completed power and safety ground wiring must be inspected by a qualified electrical inspector. An energy hazard will exist if the safety ground cable is omitted or disconnected. Protecting Against Electrostatic Discharge Static electricity can harm delicate components inside your system. To prevent static damage, discharge static electricity from your body before you touch any of the electronic components, such as the microprocessor. You can do so by periodically touching an unpainted metal surface on the chassis. You can also take the following steps to prevent damage from electrostatic discharge (ESD): 1. When unpacking a static-sensitive component from its shipping carton, do not remove the component from the antistatic packing material until you are ready to install the component in your system. Just before unwrapping the antistatic packaging, be sure to discharge static electricity from your body. When transporting a sensitive component, first place it in an antistatic container or packaging. Handle all sensitive components in a static-safe area. If possible, use antistatic floor pads and workbench pads and an antistatic grounding strap. 2. 3. viii D-Link DES-3250TG Standalone Layer 2 Switch 1 INTRODUCTION This section describes the functionality features of the DES-3250TG. Features The DES-3250TG Switch was designed for easy installation and high performance in an environment where traffic on the network and the number of users increase continuously. Switch features include: Ports · · · Forty-eight high-performance NWay ports all operating at 10/100 Mbps for connecting to end stations, servers and hubs. All 48 10/100 UTP ports can auto-negotiate (NWay) between 10Mbps/100Mbps, half-duplex or full duplex. One front panel slide-in module interface for a 2-port 1000BASE-T module (provided) and one front panel slide-in module interface for a 2-port Mini GBIC Gigabit Ethernet module (optional). Please note that although these two front panel modules can be used simultaneously, the ports must be different. For example, if port 49x is used on the Mini GBIC module, port 49x is not available on the 1000BASE-T module, and vice versa. RS-232 DCE Diagnostic port (console port) for setting up and managing the Switch via a connection to a console terminal or PC using a terminal emulation program. · Performance Features · · Store and forward switching scheme. Full and half-duplex for both 10Mbps and 100Mbps connections. The front-port Gigabit Ethernet module operates at full duplex only. Full duplex allows the switch port to simultaneously transmit and receive data, and only works with connections to full-duplex capable end stations and switches. Connections to hubs must take place at half-duplex. Auto-polarity detection and correction of incorrect polarity on the transmit and receive twistedpair at each port. IEEE 802.3z compliant for Mini GBIC ports (optional module). · · 1 D-Link DES-3250TG Standalone Layer 2 Switch · · · · · · · · · · · · · · IEEE 802.3ab compliant for 1000BASE-T (Copper) Gigabit ports (optional module). Data forwarding rate 14,880 pps per port at 100% of wire-speed for 10Mbps speed. Data forwarding rate 148,800 pps per port at 100% of wire-speed for 100Mbps speed. Data filtering rate eliminates all error packets, runts, etc. at 14,880 pps per port at 100% of wirespeed for 10Mbps speed. Data filtering rate eliminates all error packets, runts, etc. at 148,800 pps per port at 100% of wire-speed for 100Mbps speed. 8K active MAC address entry table per device with automatic learning and aging (10 to 1,000,000 seconds). 64 MB packet buffer per device. Supports Port Mirroring. Supports Port Trunking. 802.1D Spanning Tree support. 802.1Q Tagged VLAN support ­ up to 255 VLANs per device (one VLAN is reserved for internal use). GVRP ­ (GARP VLAN Registration Protocol) support for dynamic VLAN registration. 802.1p Priority support with 4 priority queues. IGMP Snooping support. Traffic Classification and Prioritization · · Based on 802.1p priority bits. Four priority queues. Management · · · · · · RS-232 console port for out-of-band network management via a console terminal or PC. Fast Spanning Tree Algorithm Protocol for creation of alternative backup paths and prevention of network loops. SNMP V1, V2C, and V3 are supported. Fully configurable in-band control for SNMP based software. Flash memory for software upgrades. This can be done in-band via TFTP or out-of-band via the console. Built-in SNMP management: SNMP V2-MIB (RFC 1907). Bridge MIB (RFC 1493). 2 D-Link DES-3250TG Standalone Layer 2 Switch MIB-II (RFC 1213). IF MIB (RFC 2233). Entity MIB (RFC 2737). RMON MIB (RFC 1757) ­ 4 groups. The RMON specification defines the Counters for the Receive function only. However, the DES-3250TG implements counters for both receive and transmit functions. 802.1p MIB (RFC 2674). Ether-Like MIB (RFC 2358) ­ dot3StatsTable. · · · · · · Supports Web-based management. CLI management support. TFTP support. BOOTP support. DHCP Client support. Password enabled. Fast Ethernet Technology 100Mbps Fast Ethernet (or 100BASE-T) is a standard specified by the IEEE 802.3 LAN committee. It is an extension of the 10Mbps Ethernet standard with the ability to transmit and receive data at 100Mbps, while maintaining the Carrier Sense Multiple Access with Collision Detection (CSMA/CD) Ethernet protocol. Gigabit Ethernet Technology Gigabit Ethernet is an extension of IEEE 802.3 Ethernet utilizing the same packet structure, format, and support for full duplex and management objects, but with a tenfold increase in theoretical throughput over 100Mbps Fast Ethernet and a one hundred-fold increase over 10Mbps Ethernet. Since it is compatible with all 10Mbps and 100Mbps Ethernet environments, Gigabit Ethernet provides a straightforward upgrade without wasting a company's existing investment in hardware, software, and trained personnel. 3 D-Link DES-3250TG Standalone Layer 2 Switch 2 UNPACKING AND SETUP This chapter provides unpacking and setup information for the Switch. Unpacking Open the shipping carton of the Switch and carefully unpack its contents. The carton should contain the following items: · · · · · One DES-3250TG Standalone Layer 2 Switch Mounting kit: 2 mounting brackets and screws Four rubber feet with adhesive backing One AC power cord This User's Guide with Registration Card If any item is found missing or damaged, please contact your local D-Link reseller for replacement. Installation Use the following guidelines when choosing a place to install the Switch: · The surface must support at least 5 kg · The power outlet should be within 1.82 meters (6 feet) of the device · Visually inspect the power cord and see that it is secured to the AC power connector · Make sure that there is proper heat dissipation from and adequate ventilation around the switch. Do not place heavy objects on the switch Desktop or Shelf Installation When installing the Switch on a desktop or shelf, the rubber feet included with the device should first be attached. Attach these cushioning feet on the bottom at each corner of the device. Allow adequate space for ventilation between the device and the objects around it. 4 D-Link DES-3250TG Standalone Layer 2 Switch Figure 2-1. Installing rubber feet for desktop installation Rack Installation The DES-3250TG can be mounted in an EIA standard-sized, 19-inch rack, which can be placed in a wiring closet with other equipment. To install, attach the mounting brackets on the switch's side panels (one on each side) and secure them with the screws provided. Figure 2- 2. Attaching the mounting brackets to the switch Then, use the screws provided with the equipment rack to mount the switch on the rack. Figure 2-3. Installing the switch on an equipment rack 5 D-Link DES-3250TG Standalone Layer 2 Switch Power on The DES-3250TG switch can be used with AC power supply 100 - 240 VAC, 50 - 60 Hz. The power switch is located at the rear of the unit adjacent to the AC power connector and the system fan. The switch's power supply will adjust to the local power source automatically and may be turned on without having any or all LAN segment cables connected. After the power switch is turned on, the LED indicators should respond as follows: · All LED indicators will momentarily blink. This blinking of the LED indicators represents a reset of the system · The power LED indicator is always on after the power is turned ON · The console LED indicator will blink while the Switch loads onboard software and performs a self-test. It will remain ON if there is a connection at the RS-232 port, otherwise this LED indicator is OFF Power Failure As a precaution in the event of a power failure, unplug the switch. When the power supply is restored, plug the switch back in. 6 D-Link DES-3250TG Standalone Layer 2 Switch 3 IDENTIFYING EXTERNAL COMPONENTS This chapter describes the front panel, rear panel, side panels, and optional plug-in module, and LED indicators of the DES-3250TG. Front Panel The front panel of the Switch consists of LED indicators, an RS-232 communication port, 48 (10/100 Mbps) Ethernet/Fast Ethernet ports, and a pair of Gigabit Ethernet Combo ports for 1000BASE-T (plugin module provided) and Mini GBIC connections (optional plug-in module). Figure 3-1. Front panel view of the Switch Comprehensive LED indicators display the status of the switch and the network (see the LED Indicators section below). An RS-232 DCE console port for setting up and managing the switch via a connection to a console terminal or PC using a terminal emulation program. Forty-eight high-performance NWay Ethernet ports, all of which operate at 10/100 Mbps for connections to end stations, servers and hubs. All ports can auto-negotiate between 10Mbps or 100Mbps and full or half duplex. Two Gigabit Ethernet Combo ports for making 1000BASE-T and Mini GBIC connections. Rear Panel The rear panel of the switch consists of two fans and an AC power connector. Figure 3-2. Rear panel view of the Switch 7 D-Link DES-3250TG Standalone Layer 2 Switch The system fans are used to dissipate heat. The sides of the system also provide heat vents to serve the same purpose. Do not block these openings, and leave at least 6 inches of space at the rear and sides of the switch for proper ventilation. Be reminded that without proper heat dissipation and air circulation, system components might overheat, which could lead to system failure. The AC power connector is a standard three-pronged connector that supports the power cord. Plug-in the female connector of the provided power cord into this socket, and the male side of the cord into a power outlet. Supported input voltages range from 100 ~ 240 VAC at 50 ~ 60 Hz. Side Panels Each side panel contains heat vents to help to dissipate heat. Figure 3-3. Side panel views of the Switch The system fans are used to dissipate heat. The sides of the system also provide heat vents to serve the same purpose. Do not block these openings, and leave at least 6 inches of space at the rear and sides of the switch for proper ventilation. Be reminded that without proper heat dissipation and air circulation, system components might overheat, which could lead to system failure. Gigabit Combo Ports In addition to the 48 10/100 Mbps ports, the Switch features two Gigabit Ethernet Combo ports. These two ports are 1000BASE-T copper ports (provided) and Mini-GBIC ports (optional). See the diagram below to view the two Mini-GBIC port modules being plugged into the Switch. Please note that although these two front panel modules can be used simultaneously, the ports must be different. The GBIC port will always have the highest priority. Figure 3-4. Mini-GBIC modules plug-in to the Switch 8 D-Link DES-3250TG Standalone Layer 2 Switch LED Indicators The LED indicators of the Switch include Power, Console, and Link/Act. The following shows the LED indicators for the Switch along with an explanation of each indicator. Figure 3-5. The LED Indicators Power ­ This indicator on the front panel should be lit during the Power-On Self Test (POST). It will light green approximately 2 seconds after the switch is powered on to indicate the ready state of the device. Console ­ This indicator is lit green when the switch is being managed via local console management through the RS-232 console port. Link/Act ­ These indicators are located to the left and right of each port. They are lit when there is a secure connection (or link) to a device at any of the ports. The LEDs blink whenever there is reception or transmission (i.e. Activity--Act) of data occurring at a port. 9 D-Link DES-3250TG Standalone Layer 2 Switch 4 CONNECTING THE SWITCH This chapter describes how to connect the DES-3250TG to your Ethernet/Fast Ethernet/Gigabit Ethernet network. The Switch's auto-detection feature allows all 48 10/100 ports to support both MDIII and MDI-X connections. Switch to End Node End nodes include PCs outfitted with a 10, 100, or 10/100 Mbps RJ-45 Ethernet/Fast Ethernet Network Interface Card (NIC) and most routers. An end node can be connected to the Switch via a two-pair Category 3, 4, or 5 UTP/STP cable. The end node should be connected to any of the ports (1x - 48x) on the switch. Figure 4-1. Switch connected to an End Node · The Link/Act LEDs in the top row for each UTP port light green when the link is valid. A blinking LED in the top row indicates packet activity on that port. Switch to Hub or Switch These connections can be accomplished in a number of ways using a normal cable. A 10BASE-T hub or switch can be connected to the Switch via a two-pair Category 3, 4 or 5 UTP/STP cable. A 100BASE-TX hub or switch can be connected to the Switch via a two-pair Category 5 UTP/STP cable. 10 D-Link DES-3250TG Standalone Layer 2 Switch Figure 4-2. Switch connected to a port on a hub or switch using a straight or crossover cable 10BASE-T Device For a 10BASE-T device, the Switch's LED indicators should display the following: Link/Act indicator is ON. 100BASE-TX Device For a 100BASE-TX device, the Switch's LED indicators should display the following: Link/Act is ON. 11 D-Link DES-3250TG Standalone Layer 2 Switch 5 SWITCH MANAGEMENT AND OPERATING CONCEPTS This chapter discusses many of the concepts and features used to manage the switch, as well as the concepts necessary for the user to understand the functioning of the switch. Further, this chapter explains many important points regarding these features. Configuring the switch to implement these concepts and make use of its many features is discussed in detail in the next chapters. Local Console Management A local console is a terminal or a workstation running a terminal emulation program that is connected directly to the switch via the RS-232 serial console port on the front of the switch. A console connection is referred to as an `Out-of-Band' connection, meaning that console is connected to the switch using a different circuit than that used for normal network communications. So, the console can be used to set up and manage the switch even if the network is down. Local console management uses the terminal connection to operate the console program built-in to the switch. A network administrator can manage, control, and monitor the switch from the console program. The DES-3250TG contains a CPU, memory for data storage, flash memory for configuration data, operational programs, and SNMP agent firmware. These components allow the switch to be actively managed and monitored from either the console port or the network itself (out-of-band, or in-band). Diagnostic (console) port (RS-232 DCE) Out-of-band management requires connecting a terminal, such as a VT-100 or a PC running a terminal emulation program (such as HyperTerminal, which is automatically installed with Microsoft Windows) a to the RS-232 DCE console port of the Switch. Switch management using the RS-232 DCE console port is called Local Console Management to differentiate it from management performed via management platforms, such as D-View or HP OpenView. Web-based Management describes management of the switch performed over the network (in-band) using the switch's built-in Web-based management program. The operations to be performed and the facilities provided by these two built-in programs are identical. The console port is set at the factory for the following configuration: · · · · Baud rate: Data width: Parity: Stop bits: 9,600 8 bits none 1 12 D-Link DES-3250TG Standalone Layer 2 Switch · Flow Control None Make sure the terminal or PC you are using to make this connection is configured to match these settings. If you are having problems making this connection on a PC, make sure the emulation is set to VT100. If you still don't see anything, try hitting + r to refresh the screen. Switch IP Address Each Switch must be assigned its own IP Address, which is used for communication with an SNMP network manager or other TCP/IP application (for example BOOTP, TFTP). The switch's default IP address is 10.90.90.90. You can change the default Switch IP Address to meet the specification of your networking address scheme. The switch is also assigned a unique MAC address by the factory. This MAC address cannot be changed, and can be found from the initial boot console screen ­ shown below. Figure 5- 1. Console Boot Screen The switch's MAC address can also be found from the console program under the Switch Information menu item. Setting an IP Address The IP address for the switch must be set before it can be managed with the web-based manager. The switch IP address may be automatically set using BOOTP or DHCP protocols, in which case the actual address assigned to the switch must be known. The IP address may alternatively be set using the Command Line Interface (CLI) over the console serial port as follows: 1. Starting at the command line prompt local>, enter the commands config ipif System ipaddress xxx.xxx.xxx.xxx/yyy.yyy.yyy.yyy. Where the x's represent the IP address to be assigned to the IP interface named System and the y's represent the corresponding subnet mask. 2. Alternatively, you can enter the commands config ipif System ipaddress xxx.xxx.xxx.xxx/z. Where the x's represent the IP address to be assigned to the IP interface 13 D-Link DES-3250TG Standalone Layer 2 Switch named System and the z represents the corresponding number of subnets in CIDR notation. Using this method, the switch can be assigned an IP address and subnet mask that can then be used to connect a management station to the switch's Web-based management agent. SNMP The Simple Network Management Protocol (SNMP) is an OSI layer 7 (the application layer) protocol for remotely monitoring and configuring network devices. SNMP enables network management stations to read and modify the settings of gateways, routers, switches, and other network devices. SNMP can be used to perform many of the same functions as a directly connected console, or can be used within an integrated network management software package such as DView or HP OpenView. SNMP performs the following functions: · · · Sending and receiving SNMP packets through the IP protocol. Collecting information about the status and current configuration of network devices. Modifying the configuration of network devices. The DES-3250TG has a software program called an `agent' that processes SNMP requests, but the user program that makes the requests and collects the responses runs on a management station (a designated computer on the network). The SNMP agent and the user program both use the UDP/IP protocol to exchange packets. Authentication The authentication protocol ensures that both the router SNMP agent and the remote user SNMP application program discard packets from unauthorized users. Authentication is accomplished using `community strings', which function like passwords. The remote user SNMP application and the router SNMP must use the same community string. Traps Traps are messages that alert network personnel of events that occur on the Switch. The events can be as serious as a reboot (someone accidentally turned OFF the Switch), or less serious like a port status change. The Switch generates traps and sends them to the trap recipient (or network manager). Trap recipients are special users of the network who are given certain rights and access in overseeing the maintenance of the network. Trap recipients will receive traps sent from the Switch; they must immediately take certain actions to avoid future failure or breakdown of the network. You can also specify which network managers may receive traps from the Switch by entering a list of the IP addresses of authorized network managers. Up to ten trap recipient IP addresses, and ten corresponding SNMP community strings can be entered. SNMP community strings function like passwords in that the community string entered for a given IP address must be used in the management station software, or a trap will be sent. The following are trap types the switch can send to a trap recipient: · Cold Start ­ This trap signifies that the Switch has been powered up and initialized such that software settings are reconfigured and hardware systems are rebooted. A cold start is different 14 D-Link DES-3250TG Standalone Layer 2 Switch from a factory reset in that configuration settings saved to non-volatile RAM used to reconfigure the switch. · System Restart ­ This trap contains the reboot information. · Authentication Failure ­ This trap signifies that someone has tried to logon to the switch using an invalid SNMP community string. The switch automatically stores the source IP address of the unauthorized user. · Topology Change ­ A Topology Change trap is sent by the Switch when any of its configured ports transitions from the Learning state to the Forwarding state, or from the Forwarding state to the Blocking state. The trap is not sent if a new root trap is sent for the same transition. · New Root ­ This trap is sent by the switch whenever a new root port is elected within an STP group. · Link Change Event ­ This trap is sent whenever the link of a port changes from link up to link down or from link down to link up. · Save to NV-RAM ­ This trap is sent whenever "Save all configuration of device to NV-RAM" has been processed. · File Transfer Status Change ­ This trap is sent for file transfer status change notification. · Set to Factory Default ­ The trap is sent whenever the "Set to factory default setting" has been processed. MIBs Management and counter information are stored in the Switch in the Management Information Base (MIB). The Switch uses the standard MIB-II Management Information Base module. Consequently, values for MIB objects can be retrieved from any SNMP-based network management software. In addition to the standard MIB-II, the Switch also supports its own proprietary enterprise MIB as an extended Management Information Base. These MIBs may also be retrieved by specifying the MIB's Object-Identity (OID) at the network manager. MIB values can be either read-only or read-write. Read-only MIBs variables can be either constants that are programmed into the Switch, or variables that change while the Switch is in operation. Examples of read-only constants are the number of port and type of ports. Examples of read-only variables are the statistics counters such as the number of errors that have occurred, or how many kilobytes of data have been received and forwarded through a port. Read-write MIBs are variables usually related to user-customized configurations. Examples of these are the Switch's IP Address, Spanning Tree Algorithm parameters, and port status. If you use a third-party vendors' SNMP software to manage the Switch, a diskette listing the Switch's propriety enterprise MIBs can be obtained by request. If your software provides functions to browse or modify MIBs, you can also get the MIB values and change them (if the MIBs' attributes permit the write operation). This process however can be quite involved, since you must know the MIB OIDs and retrieve them one by one. 15 D-Link DES-3250TG Standalone Layer 2 Switch Packet Forwarding The Switch enters the relationship between destination MAC addresses and the Ethernet port the destination resides on into its forwarding table. This information is then used to forward packets. This reduces broadcast storms on the network, because packets, instead of being transmitted to all ports, are transmitted to the destination port only. Example: if Port 1 receives a packet destined for a station on Port 2, the Switch transmits that packet through Port 2 only, and transmits nothing through the other ports. This process is referred to as `learning' the network topology. MAC Address Aging Time The Aging Time affects the learning process of the Switch. Dynamic forwarding table entries, which are made up of the source MAC addresses and their associated port numbers, are deleted from the table if they are not accessed within the aging time. The aging time can be from 10 to 1,000,000 seconds with a default value of 300 seconds. A very long aging time can result in dynamic forwarding table entries that are out-of-date or no longer exist. This may cause incorrect packet forwarding decisions by the switch. If the Aging Time is too short however, many entries may be aged out too soon. This will result in a high percentage of received packets whose destination addresses cannot be found in the forwarding table, in which case the switch will broadcast the packet to all ports, negating many of the benefits of having a switch. Static forwarding entries are not affected by the aging time. 802.1w Rapid Spanning Tree The Switch implements two versions of the Spanning Tree Protocol, the Rapid Spanning Tree Protocol (RSTP) as defined by the IEEE 802.1w specification and a version compatible with the IEEE 802.1d STP. RSTP can operate with legacy equipment implementing IEEE 802.1d, however the advantages of using RSTP will be lost. The IEEE 802.1w Rapid Spanning Tree Protocol (RSTP) evolved from the 802.1d STP standard. RSTP was developed in order to overcome some limitations of STP that impede the function of some recent switching innovations, in particular, certain Layer 3 function that are increasingly handled by Ethernet switches. The basic function and much of the terminology is the same as STP. Most of the settings configured for STP are also used for RSTP. This section introduces some new Spanning Tree concepts and illustrates the main differences between the two protocols. Port Transition States An essential difference between the two protocols is in the way ports transition to a forwarding state and the in the way this transition relates to the role of the port (forwarding or not forwarding) in the topology. RSTP combines the transition states disabled, blocking, and listening used in 802.1d and creates a single state: discarding. In either case, ports do not forward packets; in the STP port transition states disabled, blocking, or listening, or in the RSTP port state discarding, there is no functional difference, the port is not active in the network topology. Table 5-1 below compares how the two protocols differ regarding the port state transition. 16 D-Link DES-3250TG Standalone Layer 2 Switch 802.1d STP 802.1w RSTP Forwarding Learning Disabled Blocking Listening Learning Forwarding Discarding Discarding Discarding Learning Forwarding No No No No Yes No No No Yes Yes Table 5- 1. Comparing Port States RSTP is capable of more rapid transition to a forwarding state ­ it no longer relies on timer configurations ­ RSTP-compliant bridges are sensitive to feedback from other RSTP-compliant bridge links. Ports do not need to wait for the topology to stabilize before transitioning to a forwarding state. In order to allow this rapid transition, the protocol introduces two new variables: the edge port and the point-to-point (P2P) port. Edge Port The edge port is a configurable designation used for a port that is directly connected to a segment where a loop cannot be created. An example would be a port connected directly to a single workstation. Ports that are designated as edge ports, transition to a forwarding state immediately without going through the listening and learning states. An edge port loses its status if it receives a BPDU packet, immediately becoming a normal spanning tree port. P2P Port A P2P port is also capable of rapid transition. P2P ports may be used to connect to other bridges. Under RSTP, all ports operating in full-duplex mode are considered to be P2P ports, unless manually overridden through configuration. 802.1d/802.1w Compatibility RSTP can interoperate with legacy equipment and is capable of automatically adjusting BPDU packets to 802.1d format when necessary. However, any segment using 802.1 STP will not benefit from the rapid transition and rapid topology change detection of RSTP. The protocol also provides for a variable used for migration in the event that legacy equipment on a segment is updated to use RSTP. Link Aggregation Link aggregation is used to combine a number of ports together to make a single high-bandwidth data pipeline. The participating parts are called members of a link aggregation group, with one port 17 D-Link DES-3250TG Standalone Layer 2 Switch designated as the master port of the group. Since all members of the link aggregation group must be configured to operate in the same manner, the configuration of the master port is applied to all members of the link aggregation group. Thus, when configuring the ports in a link aggregation group, you only need to configure the master port. The DES-3250TG supports link aggregation groups, which may include from two to eight switch ports each, except for a Gigabit link aggregation group which consists of the two (optional) Gigabit Ethernet ports of the front panel. Figure 5- 2. Link Aggregation Group Data transmitted to a specific host (destination address) will always be transmitted over the same port in a link aggregation group. This allows packets in a data stream to arrive in the same order they were sent. An aggregated link connection can be made with any other switch that maintains host-to-host data streams over a single link aggregate port. Switches that use a load-balancing scheme that sends the packets of a host-to-host data stream over multiple link aggregation ports cannot have an aggregated connection with the DES-3250TG switch. VLANs A VLAN is a collection of end nodes grouped by logic rather than physical location. End nodes that frequently communicate with each other are assigned to the same VLAN, regardless of where they are located physically on the network. Logically, a VLAN can be equated to a broadcast domain, because broadcast packets are forwarded only to members of the VLAN on which the broadcast was initiated. 18 D-Link DES-3250TG Standalone Layer 2 Switch Notes About VLANs on the DES-3250TG 1. The DES-3250TG supports IEEE 802.1Q VLANs. The port untagging function can be used to remove the 802.1Q tag from packet headers to maintain compatibility with devices that are tagunaware (that is, network devices that do not support IEEE 802.1Q VLANs or tagging). 2. The switch's default is to assign all ports to a single 802.1Q VLAN named "default." IEEE 802.1Q VLANs Some relevant terms: · · · · Tagging ­ The act of putting 802.1Q VLAN information into the header of a packet. Untagging ­ The act of stripping 802.1Q VLAN information out of the packet header. Ingress port ­ A port on a switch where packets are flowing into the switch and VLAN decisions must be made. Egress port ­ A port on a switch where packets are flowing out of the switch, either to another switch or to an end station, and tagging decisions must be made. IEEE 802.1Q (tagged) VLANs are implemented on the DES-3250TG Layer 2 switch. 802.1Q VLANs require tagging, which enables the VLANs to span an entire network (assuming all switches on the network are IEEE 802.1Q-compliant). Any port can be configured as either tagging or untagging. The untagging feature of IEEE 802.1Q VLANs allow VLANs to work with legacy switches that don't recognize VLAN tags in packet headers. The tagging feature allows VLANs to span multiple 802.1Q-compliant switches through a single physical connection and allows Spanning Tree to be enabled on all ports and work normally. 802.1Q VLAN Packet Forwarding Packet forwarding decisions are made based upon the following three types of rules: · · · Ingress rules ­ rules relevant to the classification of received frames belonging to a VLAN. Forwarding rules between ports ­ decides filter or forward the packet Egress rules ­ determines if the packet must be sent tagged or untagged. 19 D-Link DES-3250TG Standalone Layer 2 Switch Figure 5- 3. IEEE 802.1Q Packet Forwarding 802.1Q VLAN Tags The figure below shows the 802.1Q VLAN tag. There are four additional octets inserted after the source MAC address. Their presence is indicated by a value of 0x8100 in the EtherType field. When a packet's EtherType field is equal to 0x8100, the packet carries the IEEE 802.1Q/802.1p tag. The tag is contained in the following two octets and consists of 3 bits or user priority, 1 bit of Canonical Format Identifier (CFI ­ used for encapsulating Token Ring packets so they can be carried across Ethernet backbones) and 12 bits of VLAN ID (VID). The 3 bits of user priority are used by 802.1p. The VID is the VLAN identifier and is used by the 802.1Q standard. Because the VID is 12 bits long, 4094 unique VLANs can be identified. The tag is inserted into the packet header making the entire packet longer by four octets. All of the information contained in the packet originally is retained. Figure 5- 4. IEEE 802.1Q Tag 20 D-Link DES-3250TG Standalone Layer 2 Switch The EtherType and VLAN ID are inserted after the MAC source address, but before the original EtherType/Length or Logical Link Control. Because the packet is now a bit longer than it was originally, the Cyclic Redundancy Check (CRC) must be recalculated. Figure 5- 5. Adding an IEEE 802.1Q Tag Port VLAN ID Packets that are tagged (are carrying the 802.1Q VID information) can be transmitted from one 802.1Q compliant network device to another with the VLAN information intact. This allows 802.1Q VLANs to span network devices (and indeed, the entire network ­ if all network devices are 802.1Q compliant). Unfortunately, not all network devices are 802.1Q compliant. unaware. 802.1Q devices are referred to as tag-aware. These devices are referred to as tag- Prior to the adoption 802.1Q VLANs, port-based and MAC-based VLANs were in common use. These VLANs relied upon a Port VLAN ID (PVID) to forward packets. A packet received on a given port would be assigned that port's PVID and then be forwarded to the port that corresponded to the packet's destination address (found in the switch's forwarding table). If the PVID of the port that received the packet is different from the PVID of the port that is to transmit the packet, the switch will drop the packet. Within the switch, different PVIDs mean different VLANs. (remember that two VLANs cannot communicate without an external router). So, VLAN identification based upon the PVIDs cannot create VLANs that extend outside a given switch (or switch stack). Every physical port on a switch has a PVID. 802.1Q ports are also assigned a PVID, for use within the switch. If no VLANs are defined on the switch, all ports are then assigned to a default VLAN with a PVID equal to 1. Untagged packets are assigned the PVID of the port on which they were received. Forwarding decisions are based upon this PVID, insofar as VLANs are concerned. Tagged packets are forwarded according to the VID contained within the tag. Tagged packets are also assigned a PVID, but the PVID is not used to make packet forwarding decisions, the VID is. Tag-aware switches must keep a table to relate PVIDs within the switch to VIDs on the network. The switch will compare the VID of a packet to be transmitted to the VID of the port that is to transmit the packet. If the two VIDs are different, the switch will drop the packet. Because of the existence of the PVID for untagged packets and the VID for tagged packets, tag-aware and tag-unaware network devices can coexist on the same network. A switch port can have only one PVID, but can have as many VIDs as the switch has memory in its VLAN table to store them. Because some devices on a network may be tag-unaware, a decision must be made at each port on a tag-aware device before packets are transmitted ­ should the packet to be transmitted have a tag or 21 D-Link DES-3250TG Standalone Layer 2 Switch not? If the transmitting port is connected to a tag-unaware device, the packet should be untagged. If the transmitting port is connected to a tag-aware device, the packet should be tagged. Tagging and Untagging Every port on an 802.1Q compliant switch can be configured as tagging or untagging. Ports with tagging enabled will put the VID number, priority and other VLAN information into the header of all packets that flow into and out of it. If a packet has previously been tagged, the port will not alter the packet, thus keeping the VLAN information intact. The VLAN information in the tag can then be used by other 802.1Q compliant devices on the network to make packet forwarding decisions. Ports with untagging enabled will strip the 802.1Q tag from all packets that flow into and out of those ports. If the packet doesn't have an 802.1Q VLAN tag, the port will not alter the packet. Thus, all packets received by and forwarded by an untagging port will have no 802.1Q VLAN information. (Remember that the PVID is only used internally within the switch). Untagging is used to send packets from an 802.1Q-compliant network device to a non-compliant network device. Ingress Checking A port on a switch where packets are flowing into the switch and VLAN decisions must be made is referred to as an ingress port. If ingress filtering is enabled for a port, the switch will examine the VLAN information in the packet header (if present) and decide whether or not to forward the packet. If the packet is tagged with VLAN information, the ingress port will first determine if the ingress port itself is a member of the tagged VLAN. If it is not, the packet will be dropped. If the ingress port is a member of the 802.1Q VLAN, the switch then determines if the destination port is a member of the 802.1Q VLAN. If it is not, the packet is dropped. If the destination port is a member of the 802.1Q VLAN, the packet is forwarded and the destination port transmits it to its attached network segment. If the packet is not tagged with VLAN information, the ingress port will tag the packet with its own PVID as a VID (if the port is a tagging port). The switch then determines if the destination port is a member of the same VLAN (has the same VID) as the ingress port. If it does not, the packet is dropped. If it has the same VID, the packet is forwarded and the destination port transmits it on its attached network segment. This process is referred to as ingress filtering and is used to conserve bandwidth within the switch by dropping packets that are not on the same VLAN as the ingress port at the point of reception. This eliminates the subsequent processing of packets that will just be dropped by the destination port. The "Default" VLAN The switch initially configures one VLAN, VID = 1, called the "default" VLAN. The factory default setting assigns all ports on the switch to the "default" VLAN. Packets cannot cross VLANs. If a member of one VLAN wants to connect to another VLAN, the link must be through an external router. If no VLANs are configured on the switch, then all packets will be forwarded to any destination port. Packets with unknown destination addresses will be flooded to all ports. Broadcast and multicast packets will also be flooded to all ports. VLANs VLANs use network-layer addresses (subnet address for TCP/IP) to determine VLAN membership. These VLANs are based on layer 2 information, but this does not constitute a `routing' function. 22 D-Link DES-3250TG Standalone Layer 2 Switch IP Addresses The Internet Protocol (IP) was designed for routing data between network sites. Later, it was adapted for routing between networks (referred to as "subnets") within a site. The IP defines a way of generating a unique number that can be assigned each network in the Internet and each of the computers on each of those networks. This number is called the IP address. IP addresses use a "dotted decimal" notation. Here are some examples of IP addresses written in this format: 1. 2. 3. 210.202.204.205 189.21.241.56 125.87.0.1 This allows IP address to be written in a string of four decimal (base 10) numbers. Computers can only understand binary (base 2) numbers, and these binary numbers are usually grouped together in bytes, or eight bits. (A bit is a binary digit ­ either a "1" or a "0"). The dots (periods) simply make the IP address easier to read. A computer sees an IP address not as four decimal numbers, but as a long string of binary digits (32 binary digits or 32 bits, IP addresses are 32-bit addresses). The three IP addresses in the example above, written in binary form are: 1. 2. 3. 11010010.11001010.11001100.11001101 10111101.00010101.11110001.00111000 01111101.01010111.00000000.00000001 The dots are included to make the numbers easier to read. Eight binary bits are called a `byte' or an `octet'. An octet can represent any decimal value between `0' (00000000) and `255' (11111111). IP addresses, represented in decimal form, are four numbers whose value is between `0' to `255'. The total range of IP addresses are then: Lowest possible IP address Highest possible IP address 0.0.0.0 255.255.255.255 To convert decimal numbers to 8-bit binary numbers (and vice-versa), you can use the following chart: Binary Octet Digit Decimal Equivalent Binary Number 128+64+32+16+8+4+2+1= 255 2 7 2 6 2 5 2 4 2 3 2 2 2 1 2 0 128 1 64 1 32 1 16 1 8 1 4 1 2 1 1 1 Table 5- 2. Binary to Decimal Conversion Each digit in an 8-bit binary number (an octet) represents a power of two. The left-most digit represents 2 raised to the 7th power (2x2x2x2x2x2x2=128) while the right-most digit represents 2 raised to the 0th power (any number raised to the 0th power is equal to one, by definition). IP addresses actually consist of two parts, one identifying the network and one identifying the destination (node) within the network. The IP address discussed above is one part and a second number called the Subnet mask is the other part. To make this a bit more confusing, the subnet mask has the same numerical form as an IP address. 23 D-Link DES-3250TG Standalone Layer 2 Switch Address Classes Address classes refer to the range of numbers in the subnet mask. Grouping the subnet masks into classes makes the task of dividing a network into subnets a bit easier. There are five address classes. The first four bits in the IP address determine which class the IP address falls in. · · · · · Class Class Class Class Class A addresses begin with 0xxx, or 1 to 126 decimal. B addresses begin with 10xx, or 128 to 191 decimal. C addresses begin with 110x, or 192 to 223 decimal. D addresses begin with 1110, or 224 to 239 decimal. E addresses begin with 1111, or 240 to 254 decimal. Addresses beginning with 01111111, or 127 decimal, are reserved. They are used for internal testing on a local machine (called loopback). The address 127.0.0.1 can always be pinged from a local node because it forms a loopback and points back to the same node. Class D addresses are reserved for multicasting. Class E Addresses are reserved for future use. They are not used for node addresses. The part of the IP address that belongs to the network is the part that is `hidden' by the `1's in the subnet mask. This can be seen below: · · · Class A Class B Class C NETWORK.node.node.node NETWORK.NETWORK.node.node NETWORK.NETWORK.NETWORK.node For example, the IP address 10.42.73.210 is a Class A address, so the Network part of the address (called the Network Address) is the first octet (10.x.x.x). The node part of the address is the last three octets (x.42.73.210). To specify the network address for a given IP address, the node part is set to all "0"s. In our example, 10.0.0.0 specifies the network address for 10.42.73.210. When the node part is set to all "1"s, the address specifies a broadcast address. So, 10.255.255.255 is the broadcast address for the network 10.0.0.0. Subnet Masking A subnet mask can be applied to an IP address to identify the network and the node parts of the address. A bitwise logical AND operation between the IP address and the subnet mask results in the Network Address. For example: 00001010.00101010.01001001.11010010 11111111.00000000.00000000.00000000 00001010.00000000.00000000.00000000 10.42.73.210 Class A IP address 255.0.0.0 Class A Subnet Mask 10.0.0.0 Network Address The Default subnet masks are: · · · Class A ­ 11111111.00000000.00000000.00000000 Class B ­ 11111111.11111111.00000000.00000000 Class C ­ 1111111.11111111.11111111.00000000 255.0.0.0 255.255.0.0 255.255.255.0 Additional bits can be added to the default subnet mask for a given Class to further subnet a network. When a bitwise logical AND operation is performed between the subnet mask and the IP address, the result defines the Subnet Address. 24 D-Link DES-3250TG Standalone Layer 2 Switch Some restrictions apply to subnet addresses. Addresses of all "0"s and all "1"s are reserved for the local network (when a host does not know it's network address) and for all hosts on the network (the broadcast address). This also applies to subnets. A subnet address cannot be all "0"s or all "1"s. A 1-bit subnet mask is also not allowed. Calculating the Number of Subnets and Nodes To calculate the number of subnets and nodes, use the formula (2n ­ 2) where n = the number of bits in either the subnet mask or the node portion of the IP address. Multiplying the number of subnets by the number of nodes available per subnet gives the total number of nodes for the entire network. Example 00001010.00101010.01001001.11010010 11111111.11100000.00000000.00000000 00001010.00100000.00000000.00000000 00001010.00101010.11111111.11111111 10.42.73.210 255.224.0.0 10.32.0.0 10.32.255.255 Class A IP address Subnet Mask Network Address Broadcast Address This example uses an 11-bit subnet mask. (There are three additional bits added to the default Class A subnet mask). So the number of subnets is: 23 ­ 2 = 8 ­ 2 = 6 Subnets of all "0"s and all "1"s are not allowed, so two subnets are subtracted from the total. The number of bits used in the node part of the address is 24 ­ 3 = 21 bits, so the total number of nodes is: 221 ­ 2 = 2,097,152 ­ 2 = 2,097,150 Multiplying the number of subnets times the number of nodes gives 12,582,900 possible nodes. Note that this is less than the 16,777,214 possible nodes that an unsubnetted class A network would have. Subnetting reduces the number of possible nodes for a given network, but increases the segmentation of the network. Classless InterDomain Routing ­ CIDR Under CIDR, the subnet mask notation is reduced to simplified shorthand. Instead of specifying all of the bits of the subnet mask, it is simply listed as the number of contiguous "1"s (bits) in the network portion of the address. Look at the subnet mask of the above example in binary 11111111.11100000.00000000.00000000 ­ and you can see that there are 11 "1"s or 11 bits used to mask the network address from the node address. Written in CIDR notation this becomes: 10.32.0.0/11 # of Bits Subnet Mask CID R Nota tion /10 /11 /12 /13 /14 /15 /16 # of Subnets # of Hosts Total Hosts 2 3 4 5 6 7 8 255.192.0.0 255.224.0.0 255.240.0.0 255.248.0.0 255.252.0.0 255.254.0.0 255.255.0.0 2 6 14 30 62 126 254 419430 2 209715 0 104857 4 524286 262142 131070 65534 8388604 12582900 14680036 15728580 16252804 16514820 16645636 25 D-Link DES-3250TG Standalone Layer 2 Switch 9 10 11 12 13 14 15 16 17 18 19 20 21 22 255.255.128.0 255.255.192.0 255.255.224.0 255.255.240.0 255.255.248.0 255.255.252.0 255.255.254.0 255.255.255.0 255.255.255.1 28 255.255.255.1 92 255.255.255.2 24 255.255.255.2 40 255.255.255.2 48 255.255.255.2 52 /17 /18 /19 /20 /21 /22 /23 /24 /25 /26 /27 /28 /29 /30 510 1022 2046 4094 8190 16382 32766 65534 131070 262142 525286 104857 4 209715 0 419430 2 32766 16382 8190 4094 2046 1022 510 254 126 62 30 14 6 2 16710660 16742404 16756740 16760836 16756740 16742404 16710660 16645636 16514820 16252804 15728580 14680036 12582900 8388604 Table 5- 3. Class A Subnet Masks # of Bits 2 3 4 5 6 7 8 9 10 11 12 13 14 Subnet Mask 255.255.192 255.255.224.0 255.255.240.0 255.255.248.0 255.255.252.0 255.255.254.0 255.255.255.0 255.255.255.128 255.255.255.192 255.255.255.224 255.255.255.240 255.255.255.248 255.255.255.252 CIDR Notation /18 /19 /20 /21 /22 /23 /24 /25 /26 /27 /28 /29 /30 # of Subnets 2 6 14 30 62 126 254 510 1022 2046 4094 8190 16382 # of Hosts 16382 8190 4094 2046 1022 510 254 126 62 30 14 6 2 Total Hosts 32764 49140 57316 61380 63364 64260 64516 64260 63364 61380 57316 49140 32764 Table 5- 4. Class B Subnet Masks # of Bits 2 3 4 5 6 Subnet Mask 255.255.255.192 255.255.255.224 255.255.255.240 255.255.255.248 255.255.255.252 CIDR Notation /26 /27 /28 /29 /30 # of Subnets 2 6 14 30 62 # of Hosts 62 30 14 6 2 Total Hosts 124 180 196 180 124 Table 5- 5. Class C Subnet Masks Internet Protocols This is a brief introduction to the suite of Internet Protocols frequently referred to as TCP/IP. It is intended to give the reader a reasonable understanding of the available facilities and some familiarity with terminology. It is not intended to be a complete description. 26 D-Link DES-3250TG Standalone Layer 2 Switch Protocol Layering The Internet Protocol (IP) divides the tasks necessary to route and forward packets across networks by using a layered approach. Each layer has clearly defined tasks, protocol, and interfaces for communicating with adjacent layers, but the exact way these tasks are accomplished is left to individual software designers. The Open Systems Interconnect (OSI) seven-layer model has been adopted as the reference for the description of modern networking, including the Internet. A diagram of the OSI model is shown below (note that this is not a complete listing of the protocols contained within each layer of the model): Figure 5- 6. OSI Seven Layer Network Model Each layer is a distinct set of programs executing a distinct set of protocols designed to accomplish some necessary tasks. They are separated from the other layers within the same system or network, but must communicate and interoperate. This requires very well defined and well-known methods for transferring messages and data. This is accomplished through the protocol stack. Protocol layering as simply a tool for visualizing the organization of the necessary software and hardware in a network. In this view, Layer 2 represents switching and Layer 3 represents routing. Protocol layering is actually a set of guidelines used in writing programs and designing hardware that delegate network functions and allow the layers to communicate. How these layers communicate within a stack (for example, within a given computer) is left to the operating system programmers. 27 D-Link DES-3250TG Standalone Layer 2 Switch Figure 5- 7. The Protocol Stack Between two protocol stacks, members of the same layer are known as peers and communicate by wellknown (open and published) protocols. Within a protocol stack, adjacent layers communicate by an internal interface. This interface is usually not publicly documented and is frequently proprietary. It has some of the same characteristics of a protocol and two stacks from the same software vendor may communicate in the same way. Two stacks from different software vendors (or different products from the same vendor) may communicate in completely different ways. As long as peers can communicate and interoperate, this has no impact on the functioning of the network. The communication between layers within a given protocol stack can be both different from a second stack and proprietary, but communication between peers on the same OSI layer is open and consistent. A brief description of the most commonly used functional layers is helpful to understand the scope of how protocol layering works. Layer 1 This is referred to as the physical layer. It handles the electrical connections and signaling required to make a physical link from one point in the network to another. It is on this layer that the unique Media Access Control (MAC) address is defined. Layer 2 This layer, commonly called the switching layer, allows end station addressing and the establishment of connections between them. Layer 2 switching forwards packets based on the unique MAC address of each end station and offers high-performance, dedicated-bandwidth of Fast or Gigabit Ethernet within the network. Layer 2 does not ordinarily extend beyond the intranet. To connect to the Internet usually requires a router and a modem or other device to connect to an Internet Service Provider's WAN. These are Layer 3 functions. 28 D-Link DES-3250TG Standalone Layer 2 Switch Layer 3 Commonly referred to as the routing layer, this layer provides logical partitioning of networks (subnetting), scalability, security, and Quality of Service (QoS). The backbone of the Internet is built using Layer 3 functions. IP is the premier Layer 3 protocol. IP is itself, only one protocol in the IP protocol suite. More extensive capabilities are found in the other protocols of the IP suite. For example, the Domain Name System (DNS) associates IP addresses with text names, the Dynamic Host Configuration Protocol (DCHP) eases the administration of IP addresses, and routing protocols such as the Routing Information Protocol (RIP), the Open Shortest Path First (OSPF), and the Border Gateway Protocol (BGP) enable Layer 3 devices to direct data traffic to the intended destination. IP security allows for authentication and encryption. IP not only allows for user-to-user communication, but also for transmission from point-to-multipoint (known as IP multicasting). Layer 4 This layer, known as the transport layer, establishes the communication path between user applications and the network infrastructure and defines the method of communicating. TCP and UDP are wellknown protocols in the transport layer. TCP is a "connection-oriented" protocol, and requires the establishment of parameters for transmission prior to the exchange of data. Web technology is based on TCP. UDP is "connectionless" and requires no connection setup. This is important for multicast traffic, which cannot tolerate the overhead and latency of TCP. TCP and UDP also differ in the amount of error recovery provided and whether or not it is visible to the user application. Both TCP and UDP are layered on IP, which has minimal error recovery and detection. TCP forces retransmission of data that was lost by the lower layers, UDP does not. Layer 7 This layer, known as the application layer, provides access to either the end user application software such as a database. Users communicate with the application, which in turn delivers data to the transport layer. Applications do not usually communicate directly with lower layers. They are written to use a specific communication library, like the popular WinSock library. Software developers must decide what type of transport mechanism is necessary. For example, Web access requires reliable, error-free access, and would demand TCP. Multimedia, on the other hand, requires low overhead and latency and commonly uses UDP. TCP/IP The TCP/IP protocol suite is a set of protocols that allow computers to share resources across a network. TCP and IP are only two of the Internet suite of protocols, but they are the best known and it has become common to refer the entire family of Internet protocols as TCP/IP. TCP/IP is a layered set of protocols. An example, such as sending e-mail, can illustrate this. There is first a protocol for sending and receiving e-mail. This protocol defines a set of commands to identify the sender, the recipient, and the content of the e-mail. The e-mail protocol will not handle the actual communication between the two computers, this is done by TCP/IP. TCP/IP handles the actual sending and receiving of the packets that make up the e-mail exchange. TCP makes sure the e-mail commands and messages are received by the appropriate computers. It keeps track of what is sent and what is received, and retransmits any packets that are lost or dropped. TCP also handles the division of large messages into several Ethernet packets, and makes sure these packets are received and reassembled in the correct order. 29 D-Link DES-3250TG Standalone Layer 2 Switch Because these functions are required by a large number of applications, they are grouped into a single protocol, rather than being the part of the specifications for just sending e-mail. TCP is then a library of routines that application software can use when reliable network communications are required. IP is also a library of routines, but with a more general set of functions. IP handles the routing of packets from the source to the destination. This may require the packets to traverse many different networks. IP can route packets through the necessary gateways and provides the functions required for any user on one network to communicate with any user on another connected network. The communication interface between TCP and IP is relatively simple. When IP received a packet, it does not know how this packet is related to others it has sent (or received) or even which connection the packet is part of. IP only knows the address of the source and the destination of the packet, and it makes its best effort to deliver the packet to its destination. The information required for IP to do its job is contained in a series of octets added to the beginning of the packet called headers. A header contains a few octets of data added to the packet by the protocol in order to keep track of it. Other protocols on other network devices can add and extract their own headers to and from packets as they cross networks. This is analogous to putting data into an envelope and sending the envelope to a higher-level protocol, and having the higher-level protocol put the entire envelope into its own, larger envelope. This process is referred to as encapsulation. Many levels of encapsulation are required for a packet to cross the Internet. Packet Headers TCP Most data transmissions are much longer that a single packet. The data must then be divided up among a series of packets. These packets must be transmitted, received and then reassembled into the original data. TCP handles these functions. TCP must know how large a packet the network can process. To do this, the TCP protocols at each end of a connection state how large a packet they can handle and the smaller of the two is selected. The TCP header contains at least 20 octets. The source and destination TCP port numbers are the most important fields. These specify the connection between two TCP protocols on two network devices. The header also contains a sequence number that is used to ensure the packets are received in the correct order. The packets are not numbered, but rather the octets the packets contain are. If there are 100 octets of data in each packet, the first packet is numbered 0, the second 100, the third 200, etc. To insure that the data in a packet is received uncorrupted, TCP adds the binary value of all the octets in the packet and writes the sum in the checksum field. The receiving TCP recalculates the checksum and if the numbers are different, the packet is dropped. 30 D-Link DES-3250TG Standalone Layer 2 Switch Figure 5- 8. TCP Packet Header When packets have been successfully received, TCP sends an acknowledgement. This is simply a packet that has the acknowledgement number field filled in. An acknowledgement number of 1000 indicates that all of the data up to octet 1000 has been received. If the transmitting TCP does not receive an acknowledgement in a reasonable amount of time, the data is resent. The window field controls the amount of data being sent at any one time. It would require too much time and overhead to acknowledge each packet received. Each end of the TCP connection declares how much data it is able to receive at any one time by writing this number of octets in the window field. The transmitting TCP decrements the number in the window field and when it reaches zero, the transmitting TCP stops sending data. When the receiving TCP can accept more data, it increases the number in the window field. In practice, a single packet can acknowledge the receipt of data and give permission for more data to be sent. IP TCP sends its packets to IP with the source and destination IP addresses. IP is only concerned with these IP addresses. It is not concerned with the contents of the packet or the TCP header. IP finds a route for the packet to get to the other end of the TCP connection. IP adds its own header to the packet to accomplish this. The IP header contains the source and destination addresses, the protocol number, and another checksum. The protocol number tells the receiving IP which protocol to give the packet to. Although most IP traffic uses TCP, other protocols can be used (such as UDP). The checksum is used by the receiving IP in the same way as the TCP checksum. 31 D-Link DES-3250TG Standalone Layer 2 Switch Figure 5- 9. IP Packet Header The flags and fragment offset are used to keep track of packets that must be divided among several smaller packets to cross networks for which they are too large. The Time-to-Live (TTL) is the number of gateways the packet is allowed to cross between the source and destination. This number is decremented by one when the packet crosses a gateway and when the TTL reaches zero, the packet is dropped. This helps reduce network traffic if a loop develops. Ethernet Every active Ethernet device has its own Ethernet address (commonly called the MAC address) assigned to it by the manufacturer. Ethernet uses 48 bit addresses. The Ethernet header is 14 octets that include the source and destination MAC address and a type code. There is no relationship between the MAC address of a network node and its IP address. There must be a database of Ethernet addresses and their corresponding IP addresses. Different protocol families can be in use on the same network. The type code field allows each protocol family to have its own entry. A checksum is calculated and when the packet is received, the checksum is recalculated. If the two checksums are different, the packet is dropped. Figure 5- 10. Ethernet Packet Header 32 D-Link DES-3250TG Standalone Layer 2 Switch When a packet is received, the headers are removed. The Ethernet Network Interface Card (NIC) removes the Ethernet header and checks the checksum. It then looks at the type code. If the type code is for IP, the packet is given to IP. IP then removes the IP header and looks at its protocol field. If the protocol field is TCP, the packet is sent to TCP. TCP then looks at the sequence number and uses this number and other data from the headers to reassemble the data into the original file. TCP and UDP Well-Known Ports Application protocols run `on top of' TCP/IP. When an application wants to send data or a message, it gives the data to TCP. Because TCP and IP take care of the networking details, the application can look at the network connection as a simple data stream. To transfer a file across a network using the File Transfer Protocol (FTP), a connection must first be established. The computer requesting the file transfer must connect specifically to the FTP server on the computer that has the file. This is accomplished using sockets. A socket is a pair of TCP port numbers used to establish a connection from one computer to another. TCP uses these port numbers to keep track of connections. Specific port numbers are assigned to applications that wait for requests. These port numbers are referred to as `well-known' ports. TCP will open a connection to the FTP server using some random port number, 1234 for example, on the local computer. TCP will specify port 21 for the FTP server. Port 21 is the well-known port number for FTP servers. Note that there are two different FTP programs running in this example ­ an FTP client that requests the file to be transferred, and an FTP server that sends the file to the FTP client. The FTP server accepts commands from the client, so the FTP client must know how to connect to the server (must know the TCP port number) in order to send commands. The FTP Server can use any TCP port number to send the file, so long as it is sent as part of the connection setup. A TCP connection is then described by a set of four numbers ­ the IP address and TCP port number for the local computer, and the IP address and TCP port number for the remote computer. The IP address is in the IP header and the TCP port number is in the TCP header. No two TCP connection can have the same set of numbers, but only one number needs to be different. It is possible, for example, for two users to send files to the same destination at the same time. This could give the following connection numbers: Internet addresses Connection 1 Connection 2 10.42.73.23, 10.128.12.1 10.42.73.23, 10.128.12.1 TCP ports 1234, 21 1235, 21 The same computers are making the connections, so the IP addresses are the same. Both computers are using the same well-known TCP port for the FTP server. The local FTP clients are using different TCP port numbers. FTP transfers actually involve two different connections. The connection begins by the FTP sending commands to send a particular file. Once the commands are sent, a second connection is opened for the actual data transfer. Although it is possible to send data on the same connection, it is very convenient for the FTP client to be able to continue to send commands (such as `stop sending this file'). UDP and ICMP There are many applications that do not require long messages that cannot fit into a single packet. Looking up computer names is an example. Users wanting to make connections to other computers will usually use a name rather than the computer's IP or MAC address. The user's computer must be able to determine the remote computer's address before a connection can be made. A designated computer on 33 D-Link DES-3250TG Standalone Layer 2 Switch the network will contain a database of computer names and their corresponding IP and MAC addresses. The user's computer will send a query to the name database computer, and the database computer will send a response. Both the query and the response are very short. There is no need to divide the query or response between multiple packets, so the complexity of TCP is not required. If there is no response to the query after a period of time, the query can simply be resent. The User Datagram Protocol (UDP) is designed for communications that do not require division among multiple packets and subsequent reassembly. UDP does not keep track of what is sent. UDP uses port numbers in a way that is directly analogous to TCP. There are well-known UDP port numbers for servers that use UDP. Figure 5- 11. UDP Packet Header The UDP header is shorter than a TCP header. UDP also uses a checksum to verify that data is received uncorrupted. The Internet Control Message Protocol (ICMP) is also a simplified protocol used for error messages and messages used by TCP/IP. ICMP, like UDP, processes messages that will fit into a single packet. ICMP does not, however use ports because its messages are processed by the network software. Internet Group Management Protocol (IGMP) End users that want to receive multicast packets must be able to inform nearby routers that they want to become a multicast group member of the group these packets are being sent to. The Internet Group Management Protocol (IGMP) is used by multicast routers to maintain multicast group membership. IGMP is also used to coordinate between multiple multicast routers that may be present on a network by electing one of the multicast routers as the `querier'. This router then keep track of the membership of multicast groups that have active members on the network. IGMP is used to determine whether the router should forward multicast packets it receives to the subnetworks it is attached to or not. A multicast router that has received a multicast packet will check to determine if there is at least one member of a multicast group that has requested to receive multicast packets from this source. If there is one member, the packet is forwarded. If there are no members, the packet is dropped. 34 D-Link DES-3250TG Standalone Layer 2 Switch 6 WEB-BASED SWITCH MANAGEMENT Introduction The DES-3250TG offers an embedded Web-based (HTML) interface allowing users to manage the switch from anywhere on the network through a standard browser such as Netscape Navigator/Communicator or Microsoft Internet Explorer. The Web browser acts as a universal access tool and can communicate directly with the Switch using the HTTP protocol. The Web-based management module and the Console program (and Telnet) are different ways to access the same internal switching software and configure it. Thus, all settings encountered in web-based management are the same as those found in the console program. Note: This Web-based Management Module does not accept Chinese language input (or other languages requiring 2 bytes per character). Before You Start The DES-3250TG switch supports a wide array of functions and gives great flexibility and increased network performance by eliminating the routing bottleneck between the WAN or Internet and the Intranet. Its function in a network can be thought of as a new generation of router that performs routing functions in hardware, rather than software. It is a router that also has up to 48+2 independent Ethernet collision domains. This flexibility and rich feature set requires a bit of thought to arrive at a deployment strategy that will maximize the potential of the DES-3250TG. Getting Started The first step in getting started in using Web-based management for your Switch is to secure a browser. A Web browser is a program that allows a person to read hypertext, for example, Opera, Netscape Navigator, or Microsoft Internet Explorer. Follow the installation instructions for your browser. The second step is to give the switch an IP address. This can be done manually through the console or automatically using BOOTP/DHCP. 35 D-Link DES-3250TG Standalone Layer 2 Switch To begin managing your Switch simply run the browser you have installed on your computer and point it to the IP address you have defined for the device. The URL in the address bar should read something like: http://123.123.123.123, where the numbers 123 represent the IP address of the switch. Note: The Factory default IP address for the switch is 10.90.90.90. In the page that opens, click on the Login to make a setup button: Figure 6- 1. Login button This opens the management module's main page. The switch management features available in the Web-based manager are explained below. Configuring the Switch User Accounts Management From the Management menu, click User Accounts and then the User Account Management window appears. Figure 6- 2. User Account Management window Click Add to add a user. Figure 6- 3. User Account Modify Table window 1. Enter the new user name, assign an initial password, and then confirm the new password. Determine whether the new user should have Admin or User privileges. 2. Click Apply to make the user addition effective. 3. A listing of all user accounts and access levels is shown in the User Account Management window. This list is updated when Apply is executed. Click Show All User Account Entries to access this window. 36 D-Link DES-3250TG Standalone Layer 2 Switch 4. Please remember that Apply makes changes to the switch configuration for the current session only. All changes (including User additions or updates) must be entered into non-volatile ram using the Save Changes command on the Main Menu - if you want these changes to be permanent. Admin and User Privileges There are two levels of user privileges: Admin and User. Some menu selections available to users with Admin privileges may not be available to those with User privileges. The following table summarizes the Admin and User privileges: Switch Configuration Management Configuration Network Monitoring Community Stations Strings and Trap Privilege Admin Yes Yes Yes Yes Yes Yes Yes User Read Only Read Only Read Only Read Only Ping Only No No Update Firmware and Configuration Files System Utilities Factory Reset Reboot Switch User Account Management Add/Update/Delete User Accounts View User Accounts Yes Yes No No Table 6-1. Admin and User Privileges After establishing a User Account with Admin-level privileges, go to the Maintenance menu and click Save Changes. Next click Save Configuration. The switch will now save any changes to its non-volatile ram and reboot. You can logon again and are now ready to continue configuring the Switch. Save Changes The DES-3250TG has two levels of memory; normal RAM and non-volatile or NV-RAM. Configuration changes are made effective by clicking the Apply button. When this is done, the settings will be immediately applied to the switching software in RAM, and will immediately take effect. Some settings, though, require you to restart the switch before they will take effect. Restarting the switch erases all settings in RAM and reloads the stored settings from the NV-RAM. Thus, it is necessary to save all setting changes to NV-RAM before rebooting the switch. To retain any configuration changes permanently, click Save Changes from the Maintenance menu. The following window will appear: Figure 6- 4. Save Configuration window 37 D-Link DES-3250TG Standalone Layer 2 Switch Click the Save Configuration button to save the current switch configuration in NV-RAM. The following dialog box will confirm that the configuration has been saved: Figure 6- 5. Save Configuration Confirmation dialog box Click the OK button to continue. Once the switch configuration settings have been saved to NV-RAM, they become the default settings for the switch. These settings will be used every time the switch is rebooted. Using Web-Based Management Setting up Web Management Before running Web-based management, some basic configuration of the switch may need to be performed. The following at a minimum must be configured or known for the switch to be managed: · · · IP Address Subnet Mask Administrator password In addition, several other parameters may need to be configured or known to properly communicate with the switch or allow full management capability. These include: · · Default Gateway Trap Destination and Community Name Configuration of these items may be made from the User Interface, which is accessible via either the serial console or Telnet. Refer to the User's Guide that came with your system for more information about the subsection describing the required configuration. Setting an IP Address The IP address for the switch must be set before it can be managed with the Web-based manager. The switch IP address may be automatically set using BOOTP or DHCP protocols, in which case the actual address assigned to the switch must be known. The IP address may alternatively be set using the Command Line Interface (CLI) over the console serial port as follows: 1. Starting at the command line prompt, enter the commands config ipif System ipaddress xxx.xxx.xxx.xxx/yyy.yyy.yyy.yyy. Where the x's represent the IP address 38 D-Link DES-3250TG Standalone Layer 2 Switch to be assigned to the IP interface named System and the y's represent the corresponding subnet mask. 2. Alternatively, you can enter the commands config ipif System ipaddress xxx.xxx.xxx.xxx/z at the command line prompt. Where the x's represent the IP address to be assigned to the IP interface named System and the z represents the corresponding number of subnets in CIDR notation. Using this method, the switch can be assigned an IP address and subnet mask that can then be used to connect a management station to the switch's Web-based management agent. Starting and Stopping the Web-based Manager Do the following to use the Web-based manager: 1. Start a Java-enabled Web browser from any machine with network access to the switch. (Preferred browsers include Opera, Internet Explorer 4.0 or above, or Netscape Navigator 4.0 or above.) 2. Enter the IP address for the switch you want to manage in the URL field of the browser. 3. The screen below will appear, prompting you to enter the user name and password for management access. Figure 6- 6. Password dialog box 1. There is no default User Name or Password. Click the OK button to continue. The default user has Admin privileges. 2. The full application will now launch. A three-frame page will display with a switch graphic located in the upper right hand frame. 3. To stop the Web-based manager, simply close the Web browser application. Web-based Manager's User Interface The user interface provides access to various switch configuration and management screens, allows you to view performance statistics, and permits you to graphically monitor the system status. 39 D-Link DES-3250TG Standalone Layer 2 Switch Areas of the User Interface The figure below shows the user interface. The user interface is divided into 3 distinct areas as described in the table. Area 1 Area 2 Area 3 Figure 6- 7. Main Web-Manager window Area 1 Function Presents a graphical near real-time image of the front panel of the switch. This area displays the switch's ports and expansion modules, showing port activity, or duplex mode, depending on the specified mode. Various areas of the graphic can be selected for performing management functions, including the ports, expansion modules, management module, or the case. Allows the selection of commands. Presents switch information based on your selection and the entry of configuration data. 2 3 This section, arranged by topic, describes how to perform common monitoring and configuration tasks on the DES-3250TG switch using the Web-based Manager, you can perform any of the tasks described in the following sections. Configuration The Configuration menu consists of the following folders and screens: IP Address, Switch Information, Advanced Settings, Port Configuration, Port Mirroring, Link Aggregation, IGMP, Spanning Tree, Forwarding Filtering, VLANs, Port Bandwidth, QoS, LACP, Access Profile Table, System Log Servers, and PAE Access Entity. See below for further description. 40 D-Link DES-3250TG Standalone Layer 2 Switch IP Address The Switch needs to have an IP address assigned to it so that an In-Band network management system (for example, the Web Manager or Telnet) client can find it on the network. The IP Address Settings window allows you to change the settings for the Ethernet interface used for in-band communication. To set the switch's IP address: Click IP Address on the Configuration menu to open the following window: Figure 6- 8. IP Address Settings window Note: The switch's factory default IP address is 10.90.90.90 with a subnet mask of 255.0.0.0 and a default gateway of 0.0.0.0. To manually assign the switch's IP address, subnet mask, and default gateway address: Select Manual from the Get IP From drop-down menu. Enter the appropriate IP address and subnet mask. If you want to access the switch from a different subnet from the one it is installed on, enter the IP address of the gateway. If you will manage the switch from the subnet on which it is installed, you can leave the default address in this field. If no VLANs have been previously configured on the switch, you can use the default VLAN - named "default." The default VLAN contains all of the switch ports as members. If VLANs have been previously configured on the switch, you will need to enter the VLAN name of the VLAN that contains the port that the management station will access the switch on. To use the BOOTP or DHCP protocols to assign the switch an IP address, subnet mask, and default gateway address: Use the Get IP From pull-down menu to choose from Manual, BOOTP, or DHCP. This selects how the switch will be assigned an IP address on the next reboot (or startup). The following fields can be set: Parameter BOOTP Description The switch will send out a BOOTP broadcast request when it is powered up. The BOOTP protocol allows IP addresses, network masks, and default gateways to be assigned by a central 41 D-Link DES-3250TG Standalone Layer 2 Switch BOOTP server. If this option is set, the Switch will first look for a BOOTP server to provide it with this information before using the default or previously entered settings. DHCP The switch will send out a DHCP broadcast request when it is powered up. The DHCP protocol allows IP addresses, network masks, and default gateways to be assigned by a DHCP server. If this option is set, the switch will first look for a DHCP server to provide it with this information before using the default or previously entered settings. Allows the entry of an IP address, Subnet Mask, and a Default Gateway for the switch. These fields should be of the form xxx.xxx.xxx.xxx, where each xxx is a number (represented in decimal form) between 0 and 255. This address should be a unique address on the network assigned for use by the network administrator. The fields which require entries under this option are as follows: Determines the IP address used by the switch for receiving SNMP and Telnet communications. These fields should be of the form xxx.xxx.xxx.xxx, where each xxx is a number (represented in decimal) between 0 and 255. This address should be a unique address on a network assigned to you by the central Internet authorities. A Bitmask that determines the extent of the subnet that the Switch is on. Should be of the form xxx.xxx.xxx.xxx, where each xxx is a number (represented in decimal) between 0 and 255. The value should be 255.0.0.0 for a Class A network, 255.255.0.0 for a Class B network, and 255.255.255.0 for a Class C network, but custom subnet masks are allowed. IP address that determines where packets with a destination address outside the current subnet should be sent. This is usually the address of a router or a host acting as an IP gateway. If your network is not part of an intranet, or you do not want the Manual IP Address Subnet Mask Default Gateway 42