Support Store Sign In
Overview
System
Network
Services
Identities
Policies
Billing
Archives
Instruments
Installation
Lab Manual
Portal Customization
RESTful API
Miscellaneous
View as one page

D-Link DGS Managed Switches

D-Link DGS series switches are cost-effective managed switches suitable for SMB and enterprise edge deployments. The rXg integrates with DGS switches via SSH for configuration synchronization, 802.1X/MAB authentication, and VLAN management.

Supported Models

Model/Series Notes
DGS-1210 Series Smart Managed switches (8-52 ports)
DGS-1510 Series Stackable Smart Managed switches
DGS-3000 Series Layer 2 Managed switches
DGS-3120 Series Layer 2+ Managed switches with stacking
DGS-3130 Series Lite Layer 3 Stackable Managed switches
DGS-3630 Series Layer 3 Stackable Managed switches

Features Supported

Feature Supported Description
Config Sync Yes Automatic configuration synchronization from rXg
Auto Bootstrap Yes Zero-touch onboarding capability
SNMP Monitoring Yes CPU, memory, and port statistics collection
LLDP Neighbor Discovery Yes Automatic detection of connected devices
Switch Port Import Yes Automatic import and management of switch ports
802.1X Authentication Yes Port-based network access control
MAC Authentication Bypass Yes MAC-based authentication for non-802.1X devices
Dynamic VLAN Assignment Yes RADIUS-assigned VLAN based on authentication
Hybrid Port Mode Yes Combined trunk/access port configuration
DHCP Snooping No Not managed by rXg
Firmware Management No Manual firmware upgrades required
SPB-m Fabric No Not supported

Prerequisites

Firmware Requirements

Version Support Status Notes
DGS Firmware 4.x+ Supported SSH and RADIUS support required

Network Requirements

  • Management IP connectivity to rXg
  • SSH access (TCP port 22)
  • SNMP access (UDP port 161)
  • RADIUS connectivity (UDP ports 1812, 1813) for 802.1X/MAB

Onboarding Process

Auto Bootstrap

DGS switches support automatic bootstrap configuration from rXg. The bootstrap process configures:

  1. RSA key generation for SSH
  2. Terminal length settings
  3. Password encryption
  4. SSH server enable (Telnet disabled)
  5. LLDP
  6. SNMP community
  7. User credentials
  8. AAA and 802.1X global settings
  9. Management VLAN and IP
  10. NTP server

Bootstrap Configuration

enable
crypto key generate rsa modulus 2048
configure terminal

! Disable terminal paging
terminal length default 0

! Security best practices
service password-encryption 15
no ip telnet server

! Enable LLDP
lldp run

! Enable SSH
ip ssh server

! Enable password
enable password 0 <enable_password>

! SNMP configuration
snmp-server
snmp-server group <community> v1 read CommunityView notify CommunityView
snmp-server group <community> v2c read CommunityView notify CommunityView
snmp-server community <community> view CommunityView ro

! User account
username <username> password 0 <password>

! AAA configuration for 802.1X
aaa new-model
aaa authentication dot1x default group radius
dot1x system-auth-control

! Management VLAN configuration
vlan <mgmt_vlan>
exit
interface vlan <mgmt_vlan>
  ip address <ip> <subnet>
  no shutdown
  exit

! Default route
ip route 0.0.0.0 0.0.0.0 <gateway>

! Management port configuration (trunk)
interface <mgmt_port>
switchport mode trunk
exit

! NTP configuration
ntp server <rxg_ip>

exit
copy run start
y

Manual Onboarding

For manual configuration before adding to rXg:

  1. Configure management IP address
  2. Generate RSA keys and enable SSH
  3. Create user account
  4. Configure SNMP community
  5. Enable AAA and 802.1X globally
  6. Add device to rXg Infrastructure Devices

Configuration

Connection Settings

The rXg connects via SSH using RubyExpect for CLI automation. Legacy SSH algorithms are enabled for compatibility.

SSH algorithms enabled: - Key Exchange: diffie-hellman-group1-sha1, diffie-hellman-group14-sha1 - Ciphers: aes128-cbc, 3des-cbc, aes192-cbc, aes256-cbc - Host Key: ssh-rsa

CLI prompts recognized: - Password prompt: password: - Enabled prompt: # - Disabled prompt: > - Configure prompt: (config)# - Interface prompt: (config-if)# - Confirmation prompt: [y/n]:

Initial connection handling: - Paging is disabled with terminal length 0 command

Port Naming Convention

DGS uses an interface naming format:

Type Format Example
Ethernet ethernet/ ethernet0/1, ethernet0/48

Port Modes

DGS switches support three port modes:

Mode Description
ACCESS Single untagged VLAN
TRUNK Multiple tagged VLANs with optional native VLAN
HYBRID Combination of tagged and untagged VLANs on same port

VLAN Configuration

Creating VLANs

vlan <vlan_id>
exit

Access Port Configuration

interface <port>
switchport mode access
switchport access vlan <vlan_id>
exit

Trunk Port Configuration

interface <port>
switchport mode trunk
switchport trunk allowed vlan <vlan_list>
switchport trunk native vlan <native_vlan>
exit

VLAN list format: - Single VLAN: 100 - Range: 100-200 - Multiple: 100,200,300 - Combined: 100-200,300,400-500

Hybrid Port Configuration

Hybrid ports support both tagged and untagged VLANs:

interface <port>
switchport mode hybrid
switchport hybrid allowed vlan add tagged <tagged_vlan_list>
switchport hybrid allowed vlan add untagged <untagged_vlan_list>
switchport hybrid native vlan <native_vlan>
exit

802.1X / MAB Configuration

Global AAA Configuration

aaa new-model
aaa authentication dot1x default group radius
dot1x system-auth-control

RADIUS Server Configuration

radius-server host <rxg_ip> auth-port 1812 acct-port 1813 key <shared_secret>

Per-Port 802.1X

interface <port>
switchport mode access
dot1x port-control auto
dot1x pae authenticator
dot1x port-control force-unauthorized
authentication timer restart 30
exit

Per-Port MAB

interface <port>
switchport mode access
dot1x port-control auto
mac-auth enable
exit

SNMP Configuration

snmp-server
snmp-server group <community> v1 read CommunityView notify CommunityView
snmp-server group <community> v2c read CommunityView notify CommunityView
snmp-server community <community> view CommunityView ro

Port Enable/Disable

interface <port>
no shutdown
exit

interface <port>
shutdown
exit

Port Descriptions

interface <port>
description <description>
exit

Configuration Save

DGS switches require confirmation when saving configuration:

copy run start
y

Monitoring Capabilities

Metric Collection Method Notes
CPU Usage SNMP System health monitoring
Memory Usage SNMP System health monitoring
Port Statistics SNMP Packets in/out, errors
Port Status SNMP / CLI Up/down, speed, duplex
LLDP Neighbors CLI Connected device discovery
MAC Address Table CLI Client tracking

Data Gathered

The config sync process collects: - Interface list and status - VLAN configurations - Port VLAN memberships (access/trunk/hybrid modes) - 802.1X/MAB port configurations - RADIUS server configuration - Port descriptions

Troubleshooting

Common Issues

SSH Connection Failures

Symptom: Unable to establish SSH connection Resolution: - Verify SSH is enabled: show ip ssh - Check RSA keys are generated - Verify IP connectivity to switch management address - Verify user credentials are correct - Check for IP lockout after failed login attempts (60 second timeout) - Legacy SSH algorithms may be required for older firmware

802.1X Authentication Failures

Symptom: Clients failing to authenticate Resolution: - Verify AAA is configured: show running-config | include aaa - Verify RADIUS server is configured: show running-config | include radius - Check RADIUS shared secret matches rXg - Verify dot1x system-auth-control is enabled - Verify dot1x is enabled on port: show running-config interface <port> - Review rXg RADIUS logs for authentication attempts

VLAN Configuration Not Applied

Symptom: Traffic not passing on expected VLANs Resolution: - Verify VLAN exists: show vlan - Check port mode: show running-config interface <port> - Verify port VLAN membership matches expected configuration - For trunk ports, verify allowed VLAN list - For hybrid ports, verify tagged/untagged VLAN lists

Configuration Not Saving

Symptom: Changes lost after reboot Resolution: - Configuration must be saved with copy run start followed by y confirmation - Verify save completed successfully with "Done" message

Diagnostic Commands

System information: show version show unit show running-config

Interface status: show interfaces status show running-config interface <port> show interface <port>

VLAN information: show vlan show vlan interface <port>

802.1X status: show running-config | include dot1x show running-config | include mac-auth

RADIUS configuration: show running-config | include radius

IP configuration: show ip interface show ip route

LLDP neighbors: show lldp neighbor

Known Limitations

  • VLAN 1: Cannot be deleted; used as default VLAN
  • Hybrid Port Mode: Some older firmware versions may have limited hybrid port support
  • Firmware Upgrades: Manual firmware upgrades required; not managed by rXg
  • DHCP Snooping: Not synchronized from rXg configuration

Operational Caveats

  • Terminal Length: Issue terminal length 0 to disable output paging for automation
  • Configuration Save: Changes must be saved with copy run start and confirmed with y to persist across reboots
  • Password Encryption: service password-encryption 15 encrypts passwords in configuration
  • SSH vs Telnet: Bootstrap disables Telnet with no ip telnet server for security
  • Legacy SSH: Older firmware may require legacy SSH algorithms (group1-sha1, aes128-cbc, ssh-rsa)
  • Port Mode Transitions: When changing from trunk to access mode, trunk VLAN settings are automatically cleared
  • RSA Keys: Generate RSA keys with crypto key generate rsa modulus 2048 before enabling SSH

External References

About

RG Nets is the premium provider of gateways and centralized-authentication appliances designed to manage, provision, and protect revenue-generating networks. Our mission is to create tools that are so good, we would use our own money to buy them.

Company Links

Contact

316 California Ave.
Suite 331
Reno, NV 89509
+1 (408) 441 0100
[email protected]
Copyright 2026 RG Nets, Inc.
v2026.01-65-geeeac
Cookies help us deliver our services. By using our services, you agree to our use of cookies.