D-Link DSA-3200 Technical Information Page 211
- Page / 321
- Table of contents
- BOOKMARKS
Rated. / 5. Based on customer reviews
xStack
®
DGS-3200 Series Layer 2 Managed Gigabit Ethernet Switch Web UI Reference Guide
197
Clicking the Apply button will enter the combination of transmitting port(s) and allowed receiving ports into the Switch’s Traffic
Segmentation table.
Safeguard Engine Settings
Periodically, malicious hosts on the network will attack the Switch by utilizing packet flooding (ARP Storm) or other methods.
These attacks may increase the switch load beyond its capability. To alleviate this problem, the Safeguard Engine function was
added to the Switch’s software.
The Safeguard Engine can help the overall operability of the Switch by minimizing the workload of the Switch while the attack is
ongoing, thus making it capable to forward essential packets over its network in a limited bandwidth. The Safeguard Engine has
two operating modes that can be configured by the user, Strict and Fuzzy. In Strict mode, when the Switch either (a) receives too
many packets to process or (b) exerts too much memory, it will enter the Exhausted mode. When in this mode, the Switch will
drop all ARP and IP broadcast packets and packets from untrusted IP addresses for a calculated time interval. Every five seconds,
the Safeguard Engine will check to see if there are too many packets flooding the Switch. If the threshold has been crossed, the
Switch will initially stop all ingress ARP and IP broadcast packets and packets from untrusted IP addresses for five seconds. After
another five-second checking interval arrives, the Switch will again check the ingress flow of packets. If the flooding has stopped,
the Switch will again begin accepting all packets. Yet, if the checking shows that there continues to be too many packets flooding
the Switch, it will stop accepting all ARP and IP broadcast packets and packets from untrusted IP addresses for double the time of
the previous stop period. This doubling of time for stopping these packets will continue until the maximum time has been reached,
which is 320 seconds and every stop from this point until a return to normal ingress flow would be 320 seconds. For a better
understanding, please examine the following example of the Safeguard Engine.
Figure 6 - 81. Safeguard Engine example
For every consecutive checking interval that reveals a packet flooding issue, the Switch will double the time it will discard ingress
ARP and IP broadcast packets and packets from untrusted IP addresses. In the example above, the Switch doubled the time for
dropping ARP and IP broadcast packets when consecutive flooding issues were detected at 5-second intervals. (First stop = 5
seconds, second stop = 10 seconds, third stop = 20 seconds) Once the flooding is no longer detected, the wait period for dropping
ARP and IP broadcast packets will return to 5 seconds and the process will resume.
In Fuzzy mode, once the Safeguard Engine has entered the Exhausted mode, the Safeguard Engine will decrease the packet flow
by half. After returning to Normal mode, the packet flow will be increased by 25%. The switch will then return to its interval
checking and dynamically adjust the packet flow to avoid overload of the Switch.
- Table of Contents 3
- Intended Readers 11
- Safety Cautions 12
- Lithium Battery Precaution 14
- Section 1 15
- Introduction 15
- Web-based User Interface 16
- Web Pages 17
- Configuration 18
- Device Information 19
- System Information 19
- Serial Port Settings 20
- IP Address 20
- Port Configuration 22
- Port Settings 23
- Port Description Settings 25
- Static ARP Settings 26
- Gratuitous ARP 27
- User Accounts 28
- Command Logging Settings 29
- System Log Configuration 30
- System Severity Settings 31
- MAC Address Aging Time 32
- Web Settings 32
- Telnet Settings 33
- Password Encryption 33
- CLI Paging Settings 33
- Firmware Information 34
- Dual Configuration Settings 35
- Power Saving 37
- Power Saving Settings 38
- Power Saving LED Settings 39
- Power Saving Port Settings 39
- MAC Notification Settings 40
- SNMP Settings 41
- SNMP Global State Settings 42
- SNMP View Table 43
- SNMP Group Table 44
- SNMP User Table 45
- SNMP Community Table 46
- SNMP Host Table 47
- SNMP v6Host Table 48
- SNMP Engine ID 48
- SNMP Trap Configuration 49
- Single IP Management 50
- Upgrade to v1.61 51
- Single IP Settings 52
- Topology 53
- Tool Tips 55
- Right-Click 56
- Group Icon 56
- Commander Switch Icon 57
- Member Switch Icon 58
- Candidate Switch Icon 58
- Firmware Upgrade 60
- Upload Log File 60
- SD Card Backup Settings 62
- SD Card Execute Settings 62
- L2 Features 64
- IEEE 802.1Q VLANs 65
- 802.1Q VLAN Tags 66
- Port VLAN ID 67
- Tagging and Untagging 67
- Ingress Filtering 68
- Default VLANs 68
- Port-based VLANs 68
- VLAN Segmentation 69
- VLAN and Trunk Groups 69
- 802.1v Protocol VLAN 72
- GVRP Settings 74
- MAC-based VLAN Settings 75
- Private VLAN Settings 75
- PVID Auto Assign Settings 78
- Voice VLAN 78
- Voice VLAN Port Settings 79
- Voice VLAN OUI Settings 80
- Voice VLAN Device 80
- VLAN Trunk Settings 81
- Browse VLAN 82
- Egress Filter Settings 83
- L2 Multicast Control 83
- IGMP Snooping 84
- IGMP Router Port 88
- IGMP Snooping Counter 89
- IGMP Host Table 90
- MLD Snooping 91
- MLD Router Port 95
- MLD Snooping Counter 97
- Multicast VLAN 98
- Multicast Filtering 101
- Multicast Filtering Mode 103
- Port Mirroring 104
- Spanning Tree 105
- Port Transition States 106
- Edge Port 106
- P2P Port 106
- STP Bridge Global Settings 107
- STP Port Settings 108
- STP Instance Settings 111
- MSTP Port Information 111
- Link Aggregation 112
- Forwarding & Filtering 115
- Multicast Forwarding 116
- LLDP Global Settings 117
- LLDP Port Settings 118
- LLDP Management Address List 119
- LLDP Basic TLVs Settings 119
- LLDP Dot1 TLVs Settings 120
- LLDP Dot3 TLVs Settings 121
- LLDP Statistics System 122
- LLDP Local Port Information 123
- LLDP Remote Port Information 124
- LLDP-MED 125
- NLB FDB Settings 127
- L3 Features 129
- IPv6 Interface Settings 130
- IPv6 Route Settings 131
- IPv6 Neighbor Settings 131
- Section 5 133
- Understanding QoS 134
- Bandwidth Control 135
- Traffic Control 136
- 802.1p Default Priority 139
- 802.1p User Priority 139
- QoS Scheduling Mechanism 140
- Security 141
- RADIUS Accounting Settings 142
- RADIUS Authentication 143
- RADIUS Account Client 144
- IP-MAC-Port Binding (IMPB) 145
- ARP Mode 146
- ACL Mode 146
- Strict and Loose State 146
- IMPB Global Settings 147
- IMPB Port Settings 148
- IMPB Entry Settings 149
- MAC Block List 150
- DHCP Snooping 151
- ND Snoop 152
- Port Security 153
- Port Lock Entries 154
- DHCP Server Screening 155
- DHCP Offer Filtering 156
- Authentication Server 158
- Authenticator 158
- Authentication Process 159
- 802.1X Global Settings 162
- 802.1X Port Settings 163
- 802.1X User Settings 165
- Guest VLAN Settings 165
- Authenticator State 166
- Authenticator Statistics 166
- Authenticator Diagnostics 168
- SSL Settings 171
- SSL Certification Settings 173
- SSH Settings 174
- SSH User Authentication List 176
- Enable Admin 178
- Authentication Server Group 179
- Login Method Lists Settings 182
- Enable Method Lists Settings 183
- WAC Global Settings 190
- WAC User Settings 191
- WAC Port Settings 192
- WAC Authenticating State 193
- WAC Customize Page 193
- JWAC Global Settings 194
- JWAC Port Settings 196
- JWAC User Settings 197
- JWAC Authentication State 198
- JWAC Customize Page Language 199
- JWAC Customize Page 199
- Compound Authentication 200
- 802.1X & IMPB Mode 201
- IMPB & WAC/JWAC Mode 202
- MAC & IMPB Mode 202
- IGMP Access Control Settings 206
- BPDU Attack Protection 208
- Loopback Detection Settings 209
- Traffic Segmentation 210
- Safeguard Engine Settings 211
- Trusted Host Settings 212
- Section 7 214
- ACL Configuration Wizard 214
- Access Profile List 215
- CPU Access Profile List 229
- Time Range Settings 242
- Network Application 244
- DHCPv6 Relay 247
- DHCP Server 248
- DHCP Server Global Settings 249
- DHCP Server Pool Settings 250
- DHCP Server Manual Binding 251
- DHCP Local Relay Settings 252
- DHCP Option 12 Settings 254
- DNS Resolver 254
- SMTP Settings 257
- SNTP Settings 258
- Ping Test 260
- Section 9 262
- Ethernet OAM 262
- Ethernet OAM Event Log 264
- Ethernet OAM Statistics 264
- DULD Settings 265
- Cable Diagnostics 266
- Cable Diagnostics Notes 267
- Monitoring 268
- DRAM & Flash Utilization 269
- Port Utilization 270
- Packet Size 270
- Packets 272
- UMB_Cast (RX) 274
- Transmitted (TX) 275
- Received (RX) 277
- Browse ARP Table 280
- Browse Router Port 280
- Browse MLD Router Port 281
- Browse Session Table 281
- IGMP Snooping Group 282
- MLD Snooping Group 282
- MAC Address Table 283
- System Log 284
- Save and Tools 285
- Save Configuration 286
- Save Log 286
- Save All 287
- Download Firmware to SD Card 288
- Reboot System 290
- Using Packet Content ACL 291
- Ethernet Header 294
- Example topology 295
- Appendix D – Trap Logs 318
Related products and manuals for Networking D-Link DSA-3200
Networking D-Link DSL-300 User Manual
(5 pages)
(5 pages)
Networking D-Link DHP-306AV User Manual
(56 pages)
(56 pages)
Networking D-Link DVG-2032S User Manual
(3 pages)
(3 pages)
Networking D-Link DSL-320T User's Guide
(66 pages)
(66 pages)
Networking D-Link DSL-320B User Manual
(40 pages)
(40 pages)
Networking D-Link DGE-550SX User's Guide
(25 pages)
(25 pages)
Networking D-Link DCM-301 User Manual
(20 pages)
(20 pages)
Networking D-Link DI-206 User Manual
(15 pages)
(15 pages)
Networking D-Link DAP-3220 User Manual
(84 pages)
(84 pages)
Networking D-Link DWR-510 User Manual
(62 pages)
(62 pages)
© 2020, manymanuals.com. All rights reserved. | 2.187 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals