Page 1 ADMINISTRATION GUIDE Cisco 350XG and 550XG Series 10G Stackable Managed Switches...
Page 2: Table Of Contents
Starting the Web-based Configuration Utility Out-Of-Band Port Basic or Advanced Display Mode Quick Start Device Configuration Interface Naming Conventions Window Navigation Chapter 2: Cisco 350XG & 550XG Series 10G Stackable Managed Switches Dashboard Overview Grid Management System Health Resource Utilization...
Page 3 Traceroute Chapter 6: Administration: File Management System Files Firmware Operations File Operations File Directory DHCP Auto Configuration/Image Update Chapter 7: Administration: Stack Management Overview Types of Units in Stack Cisco 350XG and 550XG Series 10G Stackable Managed Switches Administration Guide...
Page 4 Time Range Recurring Time Range Chapter 9: Administration: Discovery Bonjour LLDP and CDP Configuring LLDP Configuring CDP CDP Statistics Chapter 10: Port Management Workflow Port Settings Error Recovery Settings Cisco 350XG and 550XG Series 10G Stackable Managed Switches Administration Guide...
Page 5 GVRP Settings VLAN Groups Voice VLAN Access Port Multicast TV VLAN Customer Port Multicast TV VLAN Chapter 13: Spanning Tree STP Flavors STP Status and Global Settings STP Interface Settings Cisco 350XG and 550XG Series 10G Stackable Managed Switches Administration Guide...
Page 6 IPv6 Multicast Configuration IGMP/MLD Snooping IP Multicast Group Multicast Router Ports Forward All Unregistered Multicast Chapter 16: IP Configuration Overview IPv4 Management and Interfaces IPv6 Management and Interfaces Domain Name System Cisco 350XG and 550XG Series 10G Stackable Managed Switches Administration Guide...
Page 7 Management Access Method Management Access Authentication SSL Server TCP/UDP Services Storm Control Port Security IP Source Guard ARP Inspection Denial of Service Prevention Chapter 20: Security: 802.1X Authentication Overview Properties Cisco 350XG and 550XG Series 10G Stackable Managed Switches Administration Guide...
Page 8 Chapter 23: Security: SSH Client Overview SSH User Authentication SSH Server Authentication Change User Password on the SSH Server Chapter 24: Security: IPv6 First Hop Security IPv6 First Hop Security Overview Cisco 350XG and 550XG Series 10G Stackable Managed Switches Administration Guide...
Page 9 ACL Binding Chapter 26: Quality of Service QoS Features and Components General QoS Basic Mode QoS Advanced Mode Managing QoS Statistics Chapter 27: SNMP Overview SNMP Engine ID Views Cisco 350XG and 550XG Series 10G Stackable Managed Switches Administration Guide...
Page 10 Contents Groups Users Communities Trap Settings Notification Recipients Notification Filter Cisco 350XG and 550XG Series 10G Stackable Managed Switches Administration Guide...
Page 11: Chapter 1: Getting Started
Browser Restrictions If you are using IPv6 interfaces on your management station, use the IPv6 global address and not the IPv6 link local address to access the device from your browser. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 12: Launching The Configuration Utility
OOB port, make sure the OOB port is connected to your network or PC. Logging In The default username/password is cisco/cisco. The first time that you log in with the default username and password, you are required to enter a new password.
Page 13 Language Menu described in Application Header. If this is the first time that you logged on with the default user ID (cisco) and the STEP 3 default password (cisco) or your password has expired, the Change Password Page appears.
Page 14: Logging Out
Password Expiration The New Password page is displayed in the following cases: • The first time that you access the device with the default username cisco and password cisco. This page forces you to replace the factory default password. •...
Page 15: Out-Of-Band Port
This default IP address is used when no other address was assigned (dynamically or statically). This sub net is a reserved one and cannot be assigned on the in- band interfaces. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 16: Basic Or Advanced Display Mode
RAM Memory Quick Access Change Device Password User Accounts Upgrade Device Software Firmware Operations Backup Device Configuration File Operations Create MAC-Based ACL MAC-Based ACLs Creation Create IP-Based ACL IPv4-based ACL Creation Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 17: Interface Naming Conventions
Configure Port Mirroring Port and VLAN Mirroring There are two hot links on the Getting Started page that take you to Cisco web pages for more information. Clicking on the Support link takes you to the device product support page, and clicking on the Forums link takes you to the Support Community page.
Page 18: Window Navigation
Configuration and sets the device parameters according to the data in the Running Configuration. Username Displays the name of the user logged on to the device. The default username is cisco. (The default password is cisco). Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 19 SYSLOG Alert Status icon is no longer displayed. To display the page when there is not an active SYSLOG message, Click Status and Statistics > View Log > RAM Memory. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 20: Management Buttons
Click to clear the statistic counters for the selected Counters interface. Clear Logs Clears log files. Clear Table Clears table entries. Close Returns to main page. If any changes were not applied to the Running Configuration, a message appears. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 21 Enter the query filtering criteria and click Go. The results are displayed on the page. Refresh Click Refresh to refresh the counter values. Test Click Test to perform the related tests. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 22: Chapter 2: Cisco 350Xg & 550Xg Series 10G Stackable Managed Switches Dashboard
This section describes the device dashboard. The dashboard consists of the following sections: • Overview • System Health • Resource Utilization • Identification • Latest Logs • Suspended Interfaces • Stack Topology Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 23: Grid Management
Cisco 350XG & 550XG Series 10G Stackable Managed Switches Dashboard Overview Overview The dashboard is a collection of 8 squares, initially empty, that can be populated by various types of information., as shown below (only 4 of the 8 squares are...
Page 24 Cisco 350XG & 550XG Series 10G Stackable Managed Switches Dashboard Grid Management When opening the panel, the regular view of the modules in the screen is replaced by a wire frame view of the grid., as shown below (only 2 squares shown in the...
Page 25: System Health
Cisco 350XG & 550XG Series 10G Stackable Managed Switches Dashboard System Health When you click Done (in the right-hand corner), the modules are populated by the relevant information., as shown below: The title bar of each module in the dashboard displays the title of the module and...
Page 26: Resource Utilization
Cisco 350XG & 550XG Series 10G Stackable Managed Switches Dashboard Resource Utilization • Thermometer Icon Temperature is OK—Green with a nearly empty thermometer. Temperature generates a warning—Yellow with a half full thermometer. Temperature is critical—Red with a full thermometer. The following configuration options (right-hand corner) are available: •...
Page 27: Identification
Cisco 350XG & 550XG Series 10G Stackable Managed Switches Dashboard Identification • CPU—Percentage of CPU being used. Each bar becomes red if the resource utilization is higher than 80 percent. Hovering over a bar displays a tooltip displaying the numeric utilization information (used resources/max available).
Page 28: Latest Logs
Cisco 350XG & 550XG Series 10G Stackable Managed Switches Dashboard Latest Logs • Firmware Version—Current firmware version running on device. • MAC Address (master unit)—MAC address of the unit. • Serial Number (master unit)—Serial number of the unit. • System Location (if configured)—Entered in the Getting Started Wizard.
Page 29 Cisco 350XG & 550XG Series 10G Stackable Managed Switches Dashboard Suspended Interfaces • View Logs—Click to open Memory. Suspended Interfaces This module displays interfaces that have been suspended:. When units are connected in a stack, a drop-down selector enables the user to select the device to be viewed.
Page 30: Stack Topology
Cisco 350XG & 550XG Series 10G Stackable Managed Switches Dashboard Stack Topology Auto-recovery current status—Has auto recovery been enable for the feature that caused the suspension. • Refresh Time—Green if the fan is operational; Red if the fan is faulty.
Page 31: Chapter 3: Configuration Wizards
Host names cannot begin or end with a hyphen. No other symbols, punctuation characters, or blank spaces are permitted (as specified in RFC1033, 1034, 1035). Click Next. STEP 4 Cisco 350XG & 550XG Series 10G Stackable Managed Switches, Firmware Release 1.0.0.x...
Page 32 Clock Source—Select one of the following: Manual Settings—Select to enter the device system time. If this is selected, enter the Date and Time. Default SNTP Servers—Select to use the default SNTP servers. Cisco 350XG & 550XG Series 10G Stackable Managed Switches, Firmware Release 1.0.0.x...
Page 33: Vlan Configuration Wizard
VLAN (by clicking with mouse on the required ports in the graphical display). The trunk ports that are not selected in this step becomes tagged members of the VLAN. Cisco 350XG & 550XG Series 10G Stackable Managed Switches, Firmware Release 1.0.0.x...
Page 34 VLAN is untagged member of the VLAN. (by clicking with mouse on the required ports in the graphical display). Click Next to see the summary of the information that you entered. STEP 10 Click Apply. STEP 11 Cisco 350XG & 550XG Series 10G Stackable Managed Switches, Firmware Release 1.0.0.x...
Page 35: Chapter 4: Status And Statistics
System Summary • CPU Utilization • Interfaces • Etherlike • GVRP • 802.1X EAP • • TCAM Utilization • Health • Port and VLAN Mirroring • Diagnostics • RMON • View Logs Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 36: System Summary
Software Information: • Firmware Version (Active Image)—Firmware version number of the active image. In a stack, the Firmware Version number shown is based on the NOTE version of the master. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 37: Cpu Utilization
The device uses the Secure Core Technology (SCT) feature to ensure that the device receives and processes management and protocol traffic, no matter how much total traffic is received SCT is enabled by default on the device and cannot be disabled. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 38: Interfaces
The Receive Statistics area displays information about incoming packets. • Total Bytes (Octets)—Octets received, including bad packets and FCS octets, but excluding framing bits. • Unicast Packets—Good Unicast packets received. • Multicast Packets—Good Multicast packets received. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 39: Etherlike
Refresh Rate—Select the amount of time that passes before the Etherlike statistics are refreshed. The fields are displayed for the selected interface. • Frame Check Sequence (FCS) Errors—Received frames that failed the CRC (cyclic redundancy checks). Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 40: Gvrp
To view GVRP statistics and/or set the refresh rate: Click Status and Statistics > GVRP. STEP 1 Enter the parameters. STEP 2 • Interface—Select the specific interface for which GVRP statistics are to be displayed. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 41: 802.1X Eap
The 802.1x EAP page displays detailed information regarding the EAP (Extensible Authentication Protocol) frames that were sent or received. To configure the 802.1X feature, see the Properties page. To view the EAP Statistics and/or set the refresh rate: Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 42 EAPOL frame. To clear statistics counters: STEP 4 • Click Clear Interface Counters to clear the selected interfaces counters. • Click View All Interfaces Statistics to clear the counters of all interfaces. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 43: Acl
The TCAM Utilization page shows the following fields: • Unit No—Unit in stack for which TCAM utilization appears. This is not displayed when the device is in not part of a stack. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 44 In Use—Number of TCAM entries used for non-IP rules. Maximum—Number of available TCAM entries that can be used for non- IP rules. To view how the allocation among various processes can be changed, see the Routing Resources section. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 45: Health
Warning If FAN status is OK, the ports are enabled. threshold - 2 °C). (On devices that support PoE) the PoE circuitry is enabled. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 46 Warning—The temperature is between the warning threshold to the critical threshold. Critical—Temperature is above the critical threshold. N/A—Not relevant. • Power Supply Status—The options are: Main—Displays one of the following: Active—Power supply is being used. Failure—Main power has failed. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 47: Port And Vlan Mirroring
VLAN 23, VLAN 34, or both, and later on delete VLAN 34, the status in port mirroring is set to Not Ready, because the VLAN34 is no longer in the database and VLAN23 was not created manually. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 48 Rx Only—Port mirroring on incoming packets. Tx Only—Port mirroring on outgoing packets. Tx and Rx—Port mirroring on both incoming and outgoing packets. Click Apply. Port mirroring is added to the Running Configuration. STEP 4 Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 49: Diagnostics
After the test, the port returns to the Up state. It is not recommended that you run the copper port test on a port you are using to run the web-based switch configuration utility, because communications with that device are disrupted. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 50 Channel—Cable channel indicating whether the wires are straight or cross- over. • Polarity—Indicates if automatic polarity detection and correction has been activated for the wire pair. • Pair Skew—Difference in delay between wire pairs. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 51: Displaying Optical Module Status
Optical Module Status. This page displays the following fields: • Port—Port number on which the SFP is connected. • Description—Description of optical transceiver. • Serial Number—Serial number of optical transceiver. • PID—VLAN ID. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 52: Rmon
Define interesting changes in counter values, such as “reached a certain number of late collisions” (defines the alarm), and then specify what action to perform when this event occurs (log, trap, or log and trap). Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 53 Undersize Packets—Undersized packets (less than 64 octets) received. • Oversize Packets—Oversized packets (over 2000 octets) received. • Fragments—Fragments (packets with less than 64 octets, excluding framing bits, but including FCS octets) received. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 54: Rmon History
The History page defines the sampling frequency, amount of samples to store and the port from which to gather the data. After the data is sampled and stored, it appears in the History Table page that can be viewed by clicking History Table. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 55: Rmon History Table
The History page displays interface-specific statistical network samplings. The samples were configured in the History Control table described above. To view RMON history statistics: Click Status and Statistics > RMON > History. STEP 1 Click History Table. STEP 2 Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 56 (FCS Error) or a bad FCS with a non-integral octet (Alignment Error) number. • Collisions—Collisions received. • Utilization—Percentage of current interface traffic compared to maximum traffic that the interface can handle. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 57: Rmon Events Control
Log and Trap—Add a log entry to the Event Log table and send a trap to the remote log server when the alarm goes off. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 58: Rmon Alarms
One or more alarms are bound to an event, which indicates the action to be taken when the alarm occurs. Alarm counters can be monitored by either absolute values or changes (delta) in the counter values. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 59 Rising is defined by crossing the threshold from a low-value threshold to a higher-value threshold. Rising Alarm—A rising value triggers the rising threshold alarm. Falling Alarm—A falling value triggers the falling threshold alarm. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 60: View Logs
This can be changed by clicking Edit by the field’s name. This page contains the following fields for every log file: • Log Index—Log entry number. • Log Time—Time when message was generated. • Severity—Event severity. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 61: Flash Memory
Log Index—Log entry number. • Log Time—Time when message was generated. • Severity—Event severity. • Description—Message text describing the event. To clear the messages, click Clear Logs. The messages are cleared. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 62: Chapter 5: Administration
• Idle Session Timeout • Time Settings • System Log • File Management • Reboot • Discovery - Bonjour • Discovery - LLDP • Discovery - CDP • Ping • Traceroute Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 63: Device Models
SG350XG-24F 24-port SFP+ Ten Gigabit Stackable Switch (2 combo) SG350XG-24T 24-port 10GBase-T Stackable Switch (2 combo) SG350XG-48T 48-port 10GBase-T Stackable Switch (2 combo) SG350XG-2F10 12-port 10GBase-T Stackable Switch (2 SFP ports) Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 64: System Settings
STEP 3 Console Settings (Autobaud Rate Support) The console port speed can be set to one of the following speeds: 4800, 9600, 19200, 38400, 57600, and 115200 or to Auto Detection. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 65: User Accounts
After adding a level 15 user (as described below), the default user is removed from the system. It is not permitted to delete all users. If all users are selected, the Delete button is NOTE disabled. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 66 CLI commands that change the device configuration. See the CLI Reference Guide for more information. Read/Write Management Access (15)—User can access the GUI, and can configure the device. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 67: Idle Session Timeout
Time Settings Administration: Time Settings. System Log This section describes the system logging, which enables the device to generate multiple independent logs. Each log is a set of messages describing system events. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 68: Log Settings
• Debug—Detailed information about an event. You can select different severity levels for RAM and Flash logs. These logs are displayed in the RAM Memory page and Flash Memory page, respectively. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 69 RAM Memory Logging—Select the severity levels of the messages to be logged to the RAM. • Flash Memory Logging—Select the severity levels of the messages to be logged to the Flash memory. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 70 Only one link local address is supported. If a link local address exists on the interface, this entry replaces the address in the configuration. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 71: Reboot
You can back up the device configuration by using the File Operations page or clicking Save at the top of the window. You can also upload the configuration from a remote device in the same page. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 72 This option can only be used if the system time has either been set NOTE manually or by SNTP. In—Reboot within the specified number of hours and minutes. The maximum amount of time that can pass is 24 days. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 73: Routing Resources
If your router TCAM allocation is feasible, a message is displayed that an automatic reboot will be performed with the new settings. Routing resources can be modified incorrectly, in one of the following ways: Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 74 Multicast routes recorded on the device and TCAM Entries is the number of TCAM entries being used for the Multicast routes. • Maximum Entries—Select one of the following options: Use Default—Use default values. User Defined—Enter a value. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 75 The following fields are displayed for each unit: • Maximum TCAM Entries for Routing and Multicast Routing—Number of TCAM entries available for routing and Multicast routing. • IPv4 Routing In Use—Number of TCAM entries utilized for IPv4 routing. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 76 A summary of the TCAM entries actually in use and available is displayed at the NOTE bottom of this page. For an explanation of the fields, see TCAM Utilization. Discovery - Bonjour See Bonjour. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 77: Ping
IP addresses of the type specified in the IP Version field will be displayed. If the Auto option is selected, the system computes the source NOTE address based on the destination address. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 78 STEP 3 added to the list of messages, indicating the result of the ping operation. View the results of ping in the Ping Counters and Status section of the page. STEP 4 Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 79: Traceroute
Host—Displays a stop along the route to the destination. • Round Trip Time (1-3)—Displays the round trip Time in (ms) for the first through third frame and the Status of the first through third operation. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 80: Chapter 6: Administration: File Management
The configuration files are text files and can be edited in a text editor, such as Notepad after they are copied to an external device, such as a PC. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 81 Firmware—The program that controls the operations and functionality of the device. More commonly referred to as the image. • Language File—The dictionary that enables the web-based configuration utility windows to be displayed in the selected language. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 82: Firmware Operations
Click Administration > File Management > Firmware Operations. STEP 1 The following fields are displayed: • Active Firmware File—Displays the current, active firmware file. • Active Firmware Version—Displays the version of the current, active firmware file. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 83 Only one link local address is supported. If a link local address exists on the interface, this entry replaces the address in the configuration. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 84 Click System Credentials to go to the SSH User Authentication page where the user/password can be set once for all future use. • Use SSH Client One-Time Credentials—Enter the following: Username—Enter a username for this copy action. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 85 SCP server is trusted, the operation succeeds. If the SCP server is not trusted, the operation fails and an error is displayed. • If SSH server authentication is not enabled, the operation succeeds for any SCP server. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 86: File Operations
When restoring a configuration file to the Startup Configuration, the new file replaces the previous file. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 87 Destination File Type—Select one of the configuration file types to update. • Copy Method—Select HTTP/HTTPS, USB or Internal Flash. • File Name—Enter name of file to be updated from (source file). Click Apply to begin the operation. STEP 3 Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 88 Link Local Interface—Select the link local interface from the list. • Server IP Address/Name—Enter the IP address or name of the TFTP server. • Source File Name—Enter the update file name. Click Apply to begin the operation. STEP 3 Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 89 Only one link local address is supported. If a link local address exists on the interface, this entry replaces the address in the configuration. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 90 Click Administration > File Management > File Operations. STEP 1 Enter the following fields: STEP 2 • Operation Type—Select Backup. • Source File Type—Select one of the configuration file types to backup. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 91 Only one link local address is supported. If a link local address exists on the interface, this entry replaces the address in the configuration. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 92 SSH user authentication method (password or public/private key), set a username and password on the device, if the password method is selected, and generate an RSA or DSA key if required. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 93 Plaintext—Include sensitive data in the backup in its plaintext form. The available sensitive data options are determined by the current NOTE user SSD rules. For details, refer to Secure Sensitive Data Management > SSD Rules page. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 94: File Directory
USG—Display files on the USB drive. Click Go to display the following fields: STEP 4 • File Name—Type of system file or actual name of file depending on the file type. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 95: Dhcp Auto Configuration/Image Update
Auto-Update/Configuration enables quick installation of new devices on the network, since an out-of-the-box device is configured to retrieve its configuration file and software image from the network Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 96: Ssh Client Authentication
SSH client authentication parameters are required to access the SSH server by the client (which is the device). The default SSH client authentication parameters are: • SSH authentication method: by username/password • SSH username: anonymous Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 97 • When using the SCP protocol, a SYSLOG message is generated informing that reboot is about to start. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 98 The copy protocol (SCP/TFTP) is selected, as described in Download Protocols (TFTP or SCP). • When downloading using SCP, the device accepts any specified SCP/SSH server (without authentication) if either of the following is true: Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 99 When an IPv6-enabled interface is defined as a DHCPv6 stateless configuration client. When DHCPv6 messages are received from the server (for example, when you press the Restart button on IPv6 Interfaces page, When DHCPv6 information is refreshed by the device. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 100 The following defaults exist on the system: • Auto Configuration is enabled. • Auto Image Update is enabled. • The device is enabled as a DHCP client. • Remote SSH server authentication is disabled. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 101 (for example indirect-cisco.txt that contains cisco\cisco-version.ros). 3. Copy this indirect file to the TFTP/SCP server’s main directory DHCP Server Configure the DHCP server with the following options • DHCPv4—Option 125 (indirect file name) Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 102 • Image Auto Update Via DHCP—Select this field to enable update of the firmware image from the DHCP server. This feature is enabled by default, but can be disabled here. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 103 If a link local address exists on the interface, this entry replaces the address in the configuration. Global—The IPv6 address is a global Unicast IPV6 type that is visible and reachable from other networks. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 104 Backup Indirect Image File Name—Enter the indirect image file name to be a file that holds the path to the image. used. This is An example of an indirect image file name is: indirect-cisco.scp. This file contains the path and name of the firmware image. The following fields are displayed: •...
Page 105: Chapter 7: Administration: Stack Management
To stack two or more devices, reconfigure the desired network ports as stack ports in the devices and connect the devices with the resulting stack ports in a ring or chain topology. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 106 The stack system supports two types of topologies: chain and ring. In ring topology, if one of the stack ports fails, the stack continues to function in chain topology (see Stack Topology). Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 107: Types Of Units In Stack
IDs greater than 4, the LED display is changed in accordance to the below definition: • Units 1-4: LEDs 1-4 are lit, respectively. • Unit 5: LED 1 and 4 are lit. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 108: Stack Topology
• Ring Topology—Each unit is connected to the neighboring unit. The last unit is connected to the first unit. The following shows a ring topology of an eight-unit stack: Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 109: Topology Discovery
During topology discovery, each unit in a stack exchanges packets, which contain topology information. After the topology discovery process is completed, each unit contains the stack mapping information of all units in the stack. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 110: Unit Id Assignment
ID. Unit 1 does not join the stack and is shut down. It did not win the master selection process between the master-enabled units (1 or 2). Duplicate Unit Shut Down Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 111 Duplication Between Two Units With Auto Number Unit ID If a new stack has more than the maximum number of units, all extra units are shut NOTE down. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 112: Master Selection Process
• The stack changes between ring and chain formation. When units are added or removed to and from a stack, it triggers topology changes, master election process, and/or unit ID assignment. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 113 The best unit is the unit with the higher uptime in segments of 10 minutes. The other unit is made the backup. Auto-numbered Master-enabled Unit Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 114: Unit Failure In Stack
1. The newer Unit 1 does not join the stack and is shutdown. User-assigned Master-enabled Unit Unit Failure in Stack This section includes the following topics: • Failure of Master Unit • Master/Backup Switchover • Slave Unit Handling Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 115 When STP is used and the ports are in link up, the STP port’s state is temporarily NOTE Blocking, and it cannot forward traffic or learn MAC addresses. This is to prevent spanning tree loops between active units. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 116: Software Auto Synchronization In Stack
Each unit in a stack automatically downloads firmware and bootcode from the master unit if the firmware and/or boot code that the unit and the master are running is different. The unit automatically reboots itself to run the new version. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 117: Stack Ports
One unit is connected to more than two neighboring units. Physical Constraints for Stack LAGs The following factors constrain the use of stack LAGs: • A stack LAG must contain ports of the same speed. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 118 A SYSLOG message (informational level) is displayed when the cable type is not recognized. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 119: Stack Management
The operational status of a standalone device or a stack is displayed in the Stack Operational Status block. • Stack Topology—Displays whether the topology of the stack is chain or ring. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 120 When you hover over a port a tool tip displays the stacking port number, unit that it is connected to (if there is one), the port speed and its connection status. See an example of this in the following. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 121 Unit x Stack Connection Speed—Displays the speed of the stack connection. Click Apply and Reboot. The parameters are copied to the Running Configuration STEP 3 file and the stack is rebooted. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 122: Chapter 8: Administration: Time Settings
Daylight Savings Time (DST). It covers the following topics: • System Time Configuration • SNTP Modes • System Time • SNTP Unicast • SNTP Multicast/Anycast • SNTP Authentication • Time Range • Recurring Time Range Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 123: System Time Configuration
After the time has been set by any of the above sources, it is not set again by the browser. SNTP is the recommended method for time setting. NOTE Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 124: Sntp Modes
The device supports having all of the above modes active at the same time and selects the best system time received from an SNTP server, according to an algorithm based on the closest stratum (distance from the reference clock). Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 125: System Time
Manual Settings—Set the date and time manually. The local time is used when there is no alternate source of time, such as an SNTP server: Date—Enter the system date. Local Time—Enter the system time. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 126 DST: • From—Day and time that DST starts. • To—Day and time that DST ends. Recurring Selecting allows different customization of the start and stop of DST: STEP 3 Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 127: Sntp Unicast
Unicast clients with Unicast SNTP servers. • IPv4 Source Interface—Select the IPv4 interface whose IPv4 address will be used as the source IPv4 address in messages used for communication with the SNTP server. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 128 Source—How the SNTP server was defined, for example: manually or from DHCPv6 server. • Interface—Interface on which packets are received. To add a Unicast SNTP server, enable SNTP Client Unicast. STEP 3 Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 129 • Authentication—Select the check box to enable authentication. • Authentication Key ID—If authentication is enabled, select the value of the key ID. (Create the authentication keys using the SNTP Authentication page.) Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 130: Sntp Multicast/Anycast
Click Add to select the interface for SNTP reception/transmission. STEP 3 Select an interface and select the reception/transmission options. Click Apply to save the settings to the Running Configuration file. STEP 4 Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 131: Sntp Authentication
The SNTP server must send this key for the device to synchronize to it. • Trusted Key—Select to enable the device to receive synchronization information only from a SNTP server by using this authentication key. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 132: Time Range
(see Port Settings Link Aggregation) • Limit PoE operation to a specified period. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 133: Absolute Time Range
Click Administration > Time Settings > Recurring Range. STEP 1 The existing recurring time ranges are displayed (filtered per a specific, absolute time range.) Select the absolute time range to which to add the recurring range. STEP 2 Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 134 Recurring Ending Time—Enter the date and time that the Time Range ends on a recurring basis. Click Apply STEP 5 Click Time Range to access the Absolute Time Range page. STEP 6 Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 135: Chapter 9: Administration: Discovery
The Bonjour Discovery Interface Control Table shows interfaces with IP addresses that are associated with the Bonjour feature. Any Bonjour advertisement can only be broadcast to interfaces listed in this table. If a service is Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 136: Lldp And Cdp
Apply). LLDP and CDP LLDP (Link Layer Discovery Protocol) and CDP (Cisco Discovery Protocol) are link layer protocols for directly-connected LLDP and CDP-capable neighbors to advertise themselves and their capabilities. By default, the device sends an LLDP/ CDP advertisement periodically to all its interfaces and processes incoming LLDP and CDP packets as required by the protocols.
Page 137 VLAN-aware flooding, then CDP/LLDP-capable devices can hear each other only if they are in the same VLAN. A CDP/LLDP-capable device may receive advertisements from more than one device if the CDP/LLDP-incapable devices flood the CDP/LLDP packets. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 138: Configuring Lldp
The LLDP protocol has an extension called LLDP Media Endpoint Discovery (LLDP-MED) that provides and accepts information from media endpoint devices such as VoIP phones and video phones. For further information about LLDP-MED, LLDP MED Network Policy. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 139: Lldp Properties
Filtering —Delete the packet. Flooding —Forward the packet to all VLAN members. • TLV Advertise Interval—Enter the rate in seconds at which LLDP advertisement updates are sent, or use the default. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 140: Lldp Port Settings
TLVs that are sent in the LLDP PDU. The LLDP-MED TLVs to be advertised can be selected in the LLDP MED Port Settings page, and the management address TLV of the device may be configured. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 141 System Description—Description of the network entity (in alpha- numeric format). This includes the system's name and versions of the hardware, operating system, and networking software supported by the device. The value equals the sysDescr object. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 142 PVID—Select to advertise the PVID in the TLV. • Port & Protocol VLAN ID—Select to advertise the port and protocol VLAN ID. These are defined in the Protocol-based VLANs page. • VLAN ID—Select which VLANs will be advertised. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 143: Lldp Med Network Policy
It is the administrator's responsibility to manually create the VLANs and their port memberships according to the network policies and their associated interfaces. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 144 Click Apply. The network policy is defined. STEP 6 You must manually configure the interfaces to include the desired NOTE manually-defined network policies for the outgoing LLDP packets using the LLDP MED Port Settings. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 145: Lldp Med Port Settings
SNMP managing system, when there is a topology change. • Selected Optional TLVs—Select the TLVs that can be published by the device by moving them from the Available Optional TLVs list to the Selected Optional TLVs list. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 146 LLDP and LLDP-MED TLVs received from the port. • LLDP Port Status Global Information • LLDP Port Status Global Information Chassis ID Subtype—Type of chassis ID (for example, MAC address). Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 147: Lldp Local Information
To view the LLDP local port status advertised on a port: Click Administration > Discovery - LLDP > LLDP Local Information. STEP 1 Select the interface for which LLDP local information is to be displayed. STEP 2 Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 148 Interface Subtype—Numbering method used for defining the interface number. • Interface Number—Specific interface associated with this management address. MAC/PHY Details • Auto-Negotiation Supported—Port speed auto-negotiation support status. • Auto-Negotiation Enabled—Port speed auto-negotiation active status. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 149 Rx value. MED Details • Capabilities Supported—MED capabilities supported on the port. • Current Capabilities—MED capabilities enabled on the port. • Device Class—LLDP-MED endpoint device class. The possible device classes are: Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 150 VLAN ID—VLAN ID for which the network policy is defined. • VLAN Type—VLAN type for which the network policy is defined. The possible field values are: Tagged —Indicates the network policy is defined for tagged VLANs. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 151: Lldp Neighbor Information
System Name—Published name of the device. • Time to Live—Time interval (in seconds) after which the information for this neighbor is deleted. Select a local port, and click Details. STEP 3 Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 152 Address Subtype—Managed address subtype; for example, MAC or IPv4. • Address—Managed address. • Interface Subtype—Port subtype. • Interface Number—Port number. MAC/PHY Details • Auto-Negotiation Supported—Port speed auto-negotiation support status. The possible values are True and False. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 153 802.3 Energy Efficient Ethernet (EEE) • Remote Tx—Indicates the time (in micro seconds) that the transmitting link partner waits before it starts transmitting data after leaving Low Power Idle (LPI mode). Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 154 Hardware Revision –Hardware version. • Firmware Revision—Firmware version. • Software Revision—Software version. • Serial Number—Device serial number. • Manufacturer Name—Device manufacturer name. • Model Name—Device model name. • Asset ID—Asset ID. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 155 Application Type—Network policy application type, for example, Voice. • VLAN ID—VLAN ID for which the network policy is defined. • VLAN Type—VLAN type, Tagged or Untagged, for which the network policy is defined. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 156: Lldp Statistics
—Total number of received TLVs that were discarded. Unrecognized —Total number of received TLVs that were unrecognized. • Neighbor's Information Deletion Count—Number of neighbor ageouts on the interface. Click Refresh to view the latest statistics. STEP 2 Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 157: Lldp Overloading
Status—If the LLDP MED capabilities packets were sent, or if they were overloaded. • LLDP MED Location Size (Bytes) —Total LLDP MED location packets byte size. Status —If the LLDP MED locations packets were sent, or if they were overloaded. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 158 • Total Total (Bytes)—Total number of bytes of LLDP information in each packet Available Bytes Left—Total number of available bytes left to send for additional LLDP information in each packet. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 159: Configuring Cdp
• CDP Statistics CDP Properties Similar to LLDP, the Cisco Discovery Protocol (CDP) is a link layer protocol for directly-connected neighbors to advertise themselves and their capabilities to each other. Unlike LLDP, CDP is a Cisco proprietary protocol. CDP Configuration Workflow The followings is sample workflow for configuring CDP on the device.
Page 160 Serial Number—Use the serial number of the device as the device ID. Hostname—Use the host name of the device as the device ID. • Source Interface—IP address to be used in the TLV of the frames. The following options are possible: Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 161 Click Administration > Discovery - CDP > Interface Settings. STEP 1 This page displays the following CDP information for each interface including the OOB port. • CDP Status—CDP publishing option for the port. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 162 Enter the relevant information, and click Apply. The port settings are written to the STEP 3 Running Configuration. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 163 Version—Information about the software release on which the device is running. • Platform TLV Platform—Identifier of platform advertised in the platform TLV. • Native VLAN TLV Native VLAN—The native VLAN identifier advertised in the native VLAN TLV. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 164 A Power Requested TLV is received with a Request-ID field which is different from the last-received set (or when the first value is received) The interface transitions to Down Available Power—Amount of power consumed by port. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 165 • Capabilities—Capabilities advertised by neighbor. • Platform—Information from Platform TLV of neighbor. • Neighbor Interface—Outgoing interface of the neighbor. Select a device, and click Details. STEP 4 Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 166: Cdp Statistics
The CDP Statistics page displays information regarding CDP frames that were sent or received from a port. CDP packets are received from devices attached to the switches interfaces, and are used for the Smartport feature. See Configuring for more information. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 167 To clear all counters on all interfaces, click Clear All Interface Counters. To clear STEP 2 all counters on an interface, select it and click Clear Interface Counters. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 168: Chapter 10: Port Management
4. Configure the LACP parameters for the ports that are members or candidates of a dynamic LAG by using the LACP page. 5. Configure Green Ethernet and 802.3 Energy Efficient Ethernet by using the Properties page. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 169: Port Settings
Copper Ports—Regular, not Combo, support the following values: 10M, 100M, and 1000M (type: Copper). Combo Ports Copper—Combo port connected with copper CAT6a cable, supports the following values: 10M, 100M, and 1000M (type: ComboC). Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 170 Administrative Port Speed—Select the speed of the port. The port type determines which the available speeds. You can designate Administrative Speed only when port auto-negotiation is disabled. • Operational Port Speed—Displays the current port speed that is the result of negotiation. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 171 Back Pressure—Select the Back Pressure mode on the port (used with Half Duplex mode) to slow down the packet reception speed when the device is congested. It disables the remote port, preventing it from sending packets by jamming the signal. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 172 Member in LAG—If the port is a member of a LAG, the LAG number appears; otherwise this field is left blank. Click Apply. The Port Settings are written to the Running Configuration file. STEP 6 Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 173: Error Recovery Settings
Loopback Detection—Select to enable error recovery mechanism for ports shut down by loopback detection. Storm Control—Select to enable error recovery mechanism for ports shut down by storm control. Click Apply to update the global setting. STEP 3 Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 174: Loopback Detection Settings
LBD packets. The following conditions must be true for a port to be LBD active: • LBD is globally enabled. • LBD is enabled on the port. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 175 STEP 1 page (below). Enable Loopback Detection on access ports in the Loopback Detection Settings STEP 2 page (below). Enable Auto-Recovery for Loopback Detection in the Error Recovery Settings STEP 3 page. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 176: Link Aggregation
This section describes how to configure LAGs. It covers the following topics: • Link Aggregation Overview • Default Settings and Configuration • Static and Dynamic LAG Workflow • LAG Management • LAG Settings • LACP Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 177: Link Aggregation Overview
By MAC Addresses—Based on the destination and source MAC addresses of all packets. • By IP and MAC Addresses—Based on the destination and source IP addresses for IP packets, and destination and source MAC addresses for non-IP packets. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 178: Static And Dynamic Lag Workflow
Members list. Select the load balancing algorithm for the LAG. Perform these actions in the LAG Management page. 2. Configure various aspects of the LAG, such as speed and flow control by using LAG Settings page. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 179: Lag Management
The following fields are displayed for each LAG (only fields not on the Edit page are described): • Link State—Whether port is up or down. • Active Member—Active ports in the LAG. • Standby Member—Candidate ports for this LAG. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 180: Lag Settings
Operational Status—Displays whether the LAG is currently operating. • Link Status SNMP Traps—Select to enable generation of SNMP traps notifying of changes to the link status of the ports in the LAG. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 181 The possible values are those specified in the Administrative Advertisement field. • Administrative Flow Control—Set Flow Control to either Enable or Disable or enable the Auto-Negotiation of Flow Control on the LAG. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 182 Any link operating at a different speed from the highest-speed active member or operating at half-duplex is made standby. All the active ports in a dynamic LAG operate at the same baud rate. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 183 Click Port Management > Link Aggregation > LACP. STEP 1 Enter the LACP System Priority. STEP 2 Select a port, and click Edit. STEP 3 Enter the values for the following fields: STEP 4 Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 184: Udld
In this case, the status of the link is set to undetermined. The user can configure whether ports in the undetermined state are shut down or merely trigger notifications. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 185 UDLD is enabled on a port when one of the following occurs: • The port is a fiber port and UDLD is enabled globally. • The port is a copper port and you specifically enable UDLD on it. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 186 ULDL message to the neighbors informing them that the port is down. When the port is brought up, the UDLD state is changed to Detection. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 187 Usage Guidelines Cisco does not recommend enabling UDLD on ports that are connected to devices on which UDLD is not supported or disabled. Sending UDLD packets on a port connected to a device that does not support UDLD causes more traffic on the port without providing benefits.
Page 188 Default expiration time is 45 seconds (3 times the message time). • Default port UDLD state: Fiber interfaces are in the global UDLD state. Non-fiber interfaces are in the disable state. Before You Start No preliminary tasks are required. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 189 The UDLD feature can be configured for all fiber ports at one time (in the UDLD Global Settings page) or per port (in the UDLD Interface Settings page). UDLD Global Settings The Fiber Port UDLD Default State is only applicable to fiber ports. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 190 Information is displayed for all ports on which UDLD is enabled, or, if you have filtered only a certain group of ports, information is displayed for that group of ports. • Port—The port identifier. • UDLD State—The possible states are: Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 191 Click Apply to save the settings to the Running Configuration file. STEP 4 UDLD Neighbors To view all devices connected to the local device, click Port Management > UDLD > UDLD Neighbors. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 192 Neighbor Expiration Time (Sec.)—Displays the time that must pass before the device attempts to determine the port UDLD status. This is three times the Message Time. • Neighbor Message Time (Sec.)—Displays the time between UDLD messages. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 193: Green Ethernet
(available on GE models only). EEE is enabled globally by default. On a given port, if EEE is enabled, short reach mode be disabled. If Short Reach Mode is enabled, EEE be grayed out. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 194: Power Saving By Disabling Port Leds
This section describes the 802.3az Energy Efficient Ethernet (EEE) feature. It covers the following topics: • 802.3az EEE Overview • Advertise Capabilities Negotiation • Link Level Discovery for 802.3az EEE • Availability of 802.3az EEE Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 195 Negotiation provides a linked device with the capability to detect the abilities (modes of operation) supported by the device at the other end of the link, determine common abilities, and configure itself for joint operation. Auto- Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 196 • If the port speed on the GE port is changed to 10Mbit, 802.3az EEE is disabled. This is supported in GE models only. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 197 To enable Green Ethernet and EEE and view power savings: Click Port Management > Green Ethernet > Properties. STEP 1 Enter the values for the following fields: STEP 2 • Energy Detect Mode—Disabled by default. Click the checkbox to enable. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 198 EEE settings are only displayed for devices that have GE ports. EEE works only when ports are set to Auto negotiation. The exception is that EEE is still functional even when Auto Negotiation is disabled, but the port is at 1GB or higher. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 199 (advertisement of EEE capabilities through LLDP) if there are GE ports on the device. Click Apply. The Green Ethernet port settings are written to the Running STEP 5 Configuration file. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 200: Chapter 11: Smartport
How the Smartport Feature Works • Auto Smartport • Error Handling • Default Configuration • Relationships with Other Features • Common Smartport Tasks • Configuring Smartport Using The Web-based Interface • Built-in Smartport Macros Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 201: Overview
The network access and QoS requirements vary if the interface is connected to an IP phone, a printer, or a router and/or Access Point (AP). Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 202: Smartport Types
CDP capabilities, LLDP system capabilities, and/or LLDP-MED capabilities. The following describes the relationship of Smartport types and Auto Smartport Smartport Type Supported by Auto Supported by Auto Smartport Smartport by default Unknown Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 203: Special Smartport Types
Auto Smartport Persistent, then its Smartport type is re-initialized to Default in the following cases: A link down/up operation is performed on the interface. The device is restarted. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 204: Smartport Macros
Built-In—These are macros provided by the system. One macro applies the configuration profile and the other removes it. The macro names of the built- in Smartport macros and the Smartport type they are associated with as follows macro-name (for example: printer) Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 205: Applying A Smartport Type To An Interface
A Smartport macro might fail if there is a conflict between the existing configuration of the interface and a Smartport macro. When a Smartport macro fails, a SYSLOG message containing the following parameters is sent: Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 206: How The Smartport Feature Works
When a device is detected from an interface, the Smartport macro, if any, that corresponds to the Smartport type of the attaching device is automatically applied. Auto Smartport is enabled by default globally, and at the interface level. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 207: Auto Smartport
In addition to enabling Auto Smartport globally, you must enable Auto Smartport at NOTE the desired interface as well. By default, Auto Smartport is enabled at all the interfaces. Voice VLAN for more information on enabling Auto Voice VLAN Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 208: Identifying Smartport Type
SR Bridge 0x04 Ignore Switch 0x08 Switch Host 0x10 Host IGMP conditional filtering 0x20 Ignore Repeater 0x40 Ignore VoIP Phone 0x80 ip_phone Remotely-Managed Device 0x100 Ignore CAST Phone Port 0x200 Ignore Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 209: Multiple Devices Attached To The Port
If only the IP Phone and Host bits are set, then the Smartport type is NOTE ip_phone_desktop. Multiple Devices Attached to the Port The device derives the Smartport type of a connected device via the capabilities the device advertises in its CDP and/or LLDP packets. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 210: Persistent Auto Smartport Interface
The persistence of the Smartport types applied to the interfaces are effective NOTE between reboots only if the running configuration with the Smartport type applied at the interfaces is saved to the startup configuration file. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 211: Error Handling
Select whether the device is to process CDP and/or LLDP advertisements from STEP 2 connected devices. Select which type of devices are to be detected in the Auto Smartport Device STEP 3 Detection field. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 212 Restore the parameter defaults to the factory settings. • Bind a user-defined macro pair (a macro and its corresponding anti-macro) to a Smartport type. 1. Open the Type Settings page. 2. Select the Smartport Type. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 213 Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 214: Configuring Smartport Using The Web-Based Interface
CDP if Auto Smartport is to detect the Smartport type based on CDP advertisement. • Operational LLDP Status—Displays the operational status of LLDP. Enable LLDP if Auto Smartport is to detect the Smartport type based on LLDP/ LLDP-MED advertisement. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 215 Smartport type and click Edit. Enter the fields. STEP 4 • Port Type—Select a Smartport type. • Macro Name—Displays the name of the Smartport macro currently associated with the Smartport type. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 216 Statically apply a specific Smartport type to an interface with interface- specific values for the macro parameters. • Enable Auto Smartport on an interface. • Diagnose a Smartport macro that failed upon application, and caused the Smartport type to become Unknown. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 217 (it must be UP) and click Reapply to reapply the last macro that was applied to the interface. The Reapply action also adds the interface to all newly-created VLANs. Smartport Diagnostic. STEP 2 Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 218 Persistent is applicable only if the Smartport Application of the interface is Auto Smartport. Enabling Persistent at an interface eliminates the device detection delay that otherwise occurs. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 219: Built-In Smartport Macros
Macro code for the following Smartport types are provided: • desktop • printer • guest • server • host • ip_camera • ip_phone • ip_phone_desktop • switch • router • desktop [desktop] Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 220 Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 221 [guest] Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 222 [server] #macro description server #macro keywords $native_vlan $max_hosts Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 223 [host] #macro description host #macro keywords $native_vlan $max_hosts #macro key description: $native_vlan: The untag VLAN which will be configured on the port Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 224 [ip_camera] #macro description ip_camera #macro keywords $native_vlan #macro key description: $native_vlan: The untag VLAN which will be configured on the port Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 225 $native_vlan: The untag VLAN which will be configured on the port $voice_vlan: The voice VLAN ID $max_hosts: The maximum number of allowed devices on the port #Default Values are #$native_vlan = Default VLAN Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 226 [ip_phone_desktop] #macro description ip_phone_desktop #macro keywords $native_vlan $voice_vlan $max_hosts Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 227 Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 228 #macro description router #macro keywords $native_vlan $voice_vlan #macro key description: $native_vlan: The untag VLAN which will be configured on the port $voice_vlan: The voice VLAN ID #Default Values are #$native_vlan = Default VLAN Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 229 [ap] #macro description ap #macro keywords $native_vlan $voice_vlan #macro key description: $native_vlan: The untag VLAN which will be configured on the port Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 230: Chapter 12: Vlan Management
VLAN if all packets destined for that port into the VLAN have a VLAN tag. A port can be a member of only one untagged VLAN but can be a member of multiple tagged VLANs. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 231 VLANs can communicate with each other only through Layer 3 routers. An IP router, for example, is required to route IP traffic between VLANs if each VLAN represents an IP subnet. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 232 An additional benefit of QinQ is that there is no need to configure customers' edge devices. QinQ is enabled in the Interface Settings page. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 233: Private Vlan
Figure 1 Figure 2 for samples of how these VLANs are used. Host traffic is sent on isolated and community VLANs, while server and router traffic is sent on the primary VLAN. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 234 VLANs in the private VLAN. Inter-switch trunk ports send and receive tagged traffic of the private VLAN’s various VLANs (primary, isolated and the communities). The switch supports 16 primary VLANs and 256 secondary VLANs. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 235: Traffic Flow
The following describes traffic flow from hosts to servers/routers or other hosts. Figure 1 Traffic from Hosts to Servers/Routers Server Promiscous Promiscous Isolated vlan Community Vlan Isolated Isolated Community Community Community Isolated 1 Isolated 2 Community 1 Community 1 Community 1 Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 236 The following describes server/router traffic (reply to host). Figure 2 Server/Router Traffic to Hosts Server Promiscous Promiscous Primary VLAN Isolated Isolated Community Community Community Isolated 1 Isolated 2 Community 1 Community 1 Community 1 Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 237 IP connectivity. IP connectivity requires traffic to pass on a primary VLAN. Features Not Supported on Private VLAN Port Modes The following features are not supported on private VLAN port modes: • GVRP Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 238 MSTP—All VLANs in a private VLAN must be assigned to the same MSTP instance. • IP Source Guard—Binding an ACL on IP source guard ports with private VLAN is not recommended due to the amount of TCAM resources needed. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 239: Regular Vlans
5. If required, configure VLAN groups as described in the MAC-based Groups Protocol-based VLANs sections. 6. If required, configure TV VLAN as described in the Access Port Multicast TV VLAN Customer Port Multicast TV VLAN sections. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 240 Information is displayed for all defined VLANs. The fields are defined below under the Add page. The following field is not on the Add page. • Originators—How the VLAN was created Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 241 Select an interface type (Port or LAG), and click Go. Ports or LAGs and their VLAN STEP 2 parameters are displayed. To configure a Port or LAG, select it and click Edit. STEP 3 Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 242 Admit All—The interface accepts all types of frames: untagged frames, tagged frames, and priority tagged frames. Admit Tagged Only—The interface accepts only tagged frames. Admit Untagged Only—The interface accepts only untagged and priority frames. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 243 PVID on the ports between the two devices must be the same if the ports are to send and receive untagged packets to and from the VLAN. Otherwise, traffic might leak from one VLAN to another. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 244 MTV VLAN—The interface used for Digital TV using Multicast IP. The port joins the VLAN with a VLAN tag of Multicast TV VLAN. See Access Port Multicast TV VLAN for more information. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 245 Administrative VLANs—Drop-down list that displays all VLANs of which the interface might be a member. • Operational VLANs—Drop-down list that displays all VLANs of which the interface is currently a member. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 246 VLAN, enabling this option on the port makes the port part of internal VLAN 4095 (a reserved VID) General PVID—When the port is in General mode, it will be a member of these VLANs. • Customer Mode Membership Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 247: Private Vlan Settings
VLANs are used to allow Layer 2 connectivity from community ports to promiscuous ports and to community ports of the same community. Click Apply. The settings are modified and written to the Running Configuration STEP 4 file. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 248: Gvrp Settings
• Interface—Select the interface (Port or LAG) to be edited. • GVRP State—Select to enable GVRP on this interface. • Dynamic VLAN Creation—Select to enable Dynamic VLAN Creation on this interface. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 249: Vlan Groups
MAC-based VLAN classification enable packets to be classified according to their source MAC address. You can then define MAC-to-VLAN mapping per interface. You can define several MAC-based VLAN groups, which each group containing different MAC addresses. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 250 Group ID—Enter a user-created VLAN group ID number. Click Apply. The MAC address is assigned to a VLAN group. STEP 4 MAC-Based Groups to VLAN Table 1 for a description of the availability of this feature. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 251 2. For each required interface, assign the protocol group to a VLAN (using Protocol-Based Groups to VLAN Mapping page). The interfaces must be in General mode and cannot have a Dynamic VLAN (DVA) assigned to it. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 252 Several groups can be bound to a single port, with each port being associated to its own VLAN. It is possible to map several groups to a single VLAN as well. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 253: Voice Vlan
Voice VLAN Overview • Voice VLAN Configuration • Telephony OUI Voice VLAN Overview This section covers the following topics: • Dynamic Voice VLAN Modes • Auto Voice VLAN, Auto Smartports, CDP, and LLDP Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 254 The following are typical voice deployment scenarios with appropriate configurations: • UC3xx/UC5xx hosted: All Cisco phones and VoIP endpoints support this deployment model. For this model, the UC3xx/UC5xx, Cisco phones and VoIP endpoints reside in the same voice VLAN. The voice VLAN of UC3xx/ UC5xx defaults to VLAN 100.
Page 255 VLAN, manually configured, or learned from external devices such as UC3xx/5xx and from switches that advertise voice VLAN in CDP or VSDP. VSDP is a Cisco defined protocol for voice service discovery. Unlike Telephony OUI mode that detects voice devices based on telephony OUI, Auto Voice VLAN mode depends on Auto Smartport to dynamically add the ports to the voice VLAN.
Page 256 Voice VLAN Voice End-Points To have a voice VLAN work properly, the voice devices, such as Cisco phones and VoIP endpoints, must be assigned to the voice VLAN where it sends and receives its voice traffic. Some of the possible scenarios are as follows: •...
Page 257 Communication (UC) devices, are advertising their voice VLAN, the voice VLAN from the device with the lowest MAC address is used. If connecting the device to a Cisco UC device, you may need to NOTE configure the port on the UC device using the switchport voice vlan command to ensure the UC device advertises its voice VLAN in CDP at the port.
Page 258 802.1p values and using the remarking option under Telephony OUI. Voice VLAN Constraints The following constraints exist: • Only one Voice VLAN is supported. • A VLAN that is defined as a Voice VLAN cannot be removed Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 259 If the device is currently in Telephony OUI mode, you must disable it NOTE before you can configure Auto Voice Vlan Click Apply. STEP 5 Configure Smartports as described in the Common Smartport Tasks section. STEP 6 Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 260: Voice Vlan Configuration
View how voice VLAN is currently configured. • Configure the VLAN ID of the Voice VLAN. • Configure voice VLAN QoS settings. • Configure the voice VLAN mode (Telephony OUI or Auto Voice VLAN). Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 261 Dynamic Voice VLAN—Select this field to disable or enable voice VLAN feature in one of the following ways: Enable Auto Voice VLAN —Enable Dynamic Voice VLAN in Auto Voice VLAN mode. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 262 The Operation Status block on this page shows the information about the current voice VLAN and its source: • Auto Voice VLAN Status—Displays whether Auto Voice VLAN is enabled. • Voice VLAN ID—The identifier of the current voice VLAN Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 263 Static—User-defined voice VLAN configuration defined on the device. CDP—UC that advertised voice VLAN configuration is running CDP. LLDP—UC that advertised voice VLAN configuration is running LLDP. Voice VLAN ID—The identifier of the advertised or configured voice VLAN Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 264 Auto Membership Aging time can be configured. If the specified time period passes with no telephony activity, the port is removed from the Voice VLAN. Use the Telephony OUI page to view existing OUIs, and add new OUIs. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 265 Enter the values for the following fields: STEP 5 • Telephony OUI—Enter a new OUI. • Description—Enter an OUI name. Click Apply. The OUI is added to the Telephony OUI Table. STEP 6 Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 266 All—QoS attributes are applied on all packets that are classified to the Voice VLAN. Telephony Source MAC Address—QoS attributes are applied only on packets from IP phones. Click Apply. The OUI is added. STEP 4 Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 267: Access Port Multicast Tv Vlan
(see Interface Settings). The Multicast TV VLAN configuration is defined per port. Customer ports are configured to be member of Multicast TV VLANs using the Customer Port Multicast TV VLAN pages. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 268 VLAN. data VLAN. Group registration All Multicast group Groups must be associated registration is dynamic. to Multicast VLAN statically, but actual registration of station is dynamic. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 269 Click Add to associate a Multicast group to a VLAN. Any VLAN can be selected. STEP 2 When a VLAN is selected, it becomes a Multicast TV VLAN. Click Apply. Multicast TV VLAN settings are modified, and written to the Running STEP 3 Configuration file. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 270: Customer Port Multicast Tv Vlan
Packets from subscribers to the service provider network are forwarded as VLAN tagged frames, in order to distinguish between the service types, which mean that for each service type there is a unique VLAN ID in the CPE box. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 271 VLAN. CPE (internal) Multicast VLANs must be mapped to the Multicast provider (external) VLANs. After a CPE VLAN is mapped to a Multicast VLAN, it can participate in IGMP snooping. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 272 The Candidate Customer Ports list contains all access ports configured on the STEP 4 device. Move the required ports to the Member Customer Ports field. Click Apply. The new settings are modified, and written to the Running Configuration file. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 273: Chapter 13: Spanning Tree
Broadcast/Multicast storms and reduced network efficiency. STP provides a tree topology for any arrangement of switches and interconnecting links, by creating a unique path between end stations on a network, and thereby eliminating loops. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 274: Stp Status And Global Settings
Click Spanning Tree > STP Status & Global Settings. STEP 1 Enter the parameters. STEP 2 Global Settings: • Spanning Tree State—Select to enable on the device. • STP Loopback Guard—Select to enable Loopback Guard on the device. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 275 Root Bridge. • Root Port—The port that offers the lowest cost path from this bridge to the Root Bridge. (This is significant when the bridge is not the root.) Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 276: Stp Interface Settings
Fast Link optimizes the STP protocol convergence. The options are: Enable—Enables Fast Link immediately. Auto—Enables Fast Link a few seconds after the interface becomes active. This allows STP to resolve loops before enabling Fast Link. Disable—Disables Fast Link. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 277 Port Role—Displays the port or LAG role, per port or LAG per instance, assigned by the MSTP algorithm to provide STP paths: Root—Forwarding packets through this interface provides the lowest cost path for forwarding packets to the root device. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 278 MAC addresses. • Designated Bridge ID—Displays the bridge priority and the MAC address of the designated bridge. • Designated Port ID—Displays the priority and interface of the selected port. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 279: Rstp Interface Settings
STP link, the device continues to communicate with it by using STP. Otherwise, if it has been migrated to RSTP or MSTP, the device communicates with it using RSTP or MSTP, respectively. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 280 Mode—Displays the current Spanning Tree mode: Classic STP or RSTP. • Fast Link Operational Status—Displays whether the Fast Link (Edge Port) is enabled, disabled, or automatic for the interface. The values are: Enabled —Fast Link is enabled. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 281: Multiple Spanning Tree Overview
VLANs to a MSTP Instance section. Decide which MSTP instance be active in what VLAN, and associate these MSTP STEP 3 instances to VLAN(s) accordingly. Configure the MSTP attributes by: STEP 4 • MSTP Properties Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 282: Mstp Properties
STEP 4 • Region Name—Define an MSTP region name. • Revision—Define an unsigned 16-bit number that identifies the revision of the current MST configuration. The field range is from 0 to 65535. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 283: Vlans To A Mstp Instance
To add a VLAN to an MSTP instance, select the MST instance, and click Edit. STEP 2 Enter the parameters: STEP 3 • MSTP Instance ID—Select the MST instance. • VLANs—Define the VLANs being mapped to this MST instance. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 284: Mstp Instance Settings
• Remaining Hops—Displays the number of hops remaining to the next destination. Click Apply. The MST Instance configuration is defined, and the Running STEP 3 Configuration file is updated. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 285: Mstp Interface Settings
Listening—The port on this instance is in Listening mode. The port cannot forward traffic, and cannot learn MAC addresses. Learning—The port on this instance is in Learning mode. The port cannot forward traffic, but it can learn new MAC addresses. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 286 RSTP or STP mode. Internal—The port is an internal port. • Designated Bridge ID—Displays the ID number of the bridge that connects the link or shared LAN to the root. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 287 Remain Hops—Displays the hops remaining to the next destination. • Forward Transitions—Displays the number of times the port has changed from the Forwarding state to the Blocking state. Click Apply. The Running Configuration file is updated. STEP 6 Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 288: Chapter 14: Managing Mac Address Tables
MAC address that is not found in the tables, they are transmitted/broadcasted to all the ports on the relevant VLAN. Such frames are referred to as unknown Unicast frames. The device supports a maximum of 8K static and dynamic MAC addresses. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 289: Static Addresses
Delete on timeout—The MAC address is deleted when aging occurs. Secure—The MAC address is secure when the interface is in classic locked mode (see Port Security). Click Apply. A new entry appears in the table. STEP 4 Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 290: Dynamic Addresses
MAC Address—Enter the MAC address for which the table is queried. • Interface—Select the interface for which the table is queried. The query can search for specific unit/slot, ports, or LAGs. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 291: Reserved Mac Addresses
Action—Select one of the following actions to be taken upon receiving a packet that matches the selected criteria: Bridge —Forward the packet to all VLAN members. Discard —Delete the packet. Click Apply. A new MAC address is reserved. STEP 4 Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 292: Chapter 15: Multicast
The data is sent only to relevant ports. Forwarding the data only to the relevant ports conserves bandwidth and host resources on links. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 293 (*.G), which is just the group ID. The device supports a maximum of 256 static and dynamic Multicast group addresses. Only one of filtering options can be configured per VLAN. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 294: Typical Multicast Setup
When a device learns that a host is using IGMP/MLD messages to register to receive a Multicast stream, optionally from a specific source, the device adds the registration to the MFDB. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 295: Igmp Snooping Querier
IGMP traffic (queries) detected from a Multicast router. In the presence of other IGMP Queriers, the device might (or might not) stop sending queries, based on the results of the standard querier selection process. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 296: Multicast Address Properties
For IPv6, this is mapped by taking the 32 low-order bits of the Multicast address, and adding the prefix of 33:33. For example, the IPv6 Multicast address FF00:1122:3344 is mapped to Layer 2 Multicast 33:33:11:22:33:44. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 297 • A proxy device drops Multicast packets received on a downstream interface if it is not the querier on the interface. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 298: Multicast Properties
The MAC Group Address page has the following functions: • Query and view information from the Multicast Forwarding Data Base (MFDB), relating to a specific VLAN ID or a specific MAC address group. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 299 • VLAN ID—The VLAN ID of the Multicast group. • MAC Group Address—The MAC address of the group. Select either port or LAG from the Filter: Interface Type menu. STEP 7 Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 300: Ip Multicast Group Addresses
IP Version equals to—Select IPv6 or IPv4. • IP Multicast Group Address equals to—Define the IP address of the Multicast group to be displayed. This is only relevant when the Forwarding mode is (S,G). Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 301 Forbidden—Specifies that this port is forbidden from joining this group on this VLAN. • None—Indicates that the port is not currently a member of this Multicast group on this VLAN. This is selected by default until Static or Forbidden is selected. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 302: Ipv4 Multicast Configuration
(Administrative) and whether it is actually running on the VLAN (Operational). • IGMP Querier Status—Displays whether IGMP Querier was enabled (Administrative) and whether it is actually running on the VLAN (Operational). Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 303 The IGMP Snooping Querier resumes sending General Query messages if it does hear another querier for a Query Passive interval that equals: Robustness * (Query Interval) + 0.5 * Query Response Interval. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 304: Igmp Interface Settings
Response Code inserted into the periodic General Queries. • Last Member Query Interval (msec)—Maximum Response Delay to be used if the device cannot read Max Response Time value from group- specific queries sent by the elected querier. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 305 • Last Member Query Interval (msec)—Enter the Maximum Response Delay to be used if the device cannot read Max Response Time value from group- specific queries sent by the elected querier. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 306: Igmp Proxy
SSM range. These access lists are defined in Access Lists. Click Apply. The Running Configuration file is updated. STEP 3 To add protection to a VLAN, click Add and enter the following fields: STEP 4 Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 307 Uptime—Length of time in hours, minutes, and seconds that the entry has been in the IP Multicast routing table. • Expiry Time—Length of time in hours, minutes, and seconds until the entry is removed from the IP Multicast routing table. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 308: Ipv6 Multicast Configuration
Enable or disable the following features: STEP 2 • MLD Snooping Status—Select to enable MLD snooping globally on all interfaces. • MLD Querier Status—Select to enable MLD querier globally on all interfaces. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 309 The MLD Snooping Querier resumes sending General Query messages if it does hear another querier for a Query Passive interval that equals: Robustness * (Query Interval) + 0.5 * Query Response Interval. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 310 • Multicast TTL Threshold—Enter the Time-to-Live (TTL) threshold of packets being forwarded on an interface. Multicast packets with a TTL value less than the threshold are not forwarded on the interface. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 311 • Multicast TTL Threshold—Enter the Time-to-Live (TTL) threshold of packets being forwarded on an interface. Multicast packets with a TTL value less than the threshold are not forwarded on the interface. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 312: Mld Proxy
To add protection to a VLAN, click Add and enter the following fields: STEP 4 • Upstream Interface—Select the outgoing interface. • Downstream Interface—Select the incoming interface. • Downstream Protection—Select one of the following options: Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 313 Uptime—Length of time in hours, minutes, and seconds that the entry has been in the IP Multicast routing table. • Expiry Time—Length of time in hours, minutes, and seconds until the entry is removed from the IP Multicast routing table. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 314: Igmp/Mld Snooping Ip Multicast Group
Included Ports—The list of destination ports for the Multicast stream. • Excluded Ports—The list of ports not included in the group. • Compatibility Mode—The oldest IGMP/MLD version of registration from the hosts the device receives on the IP group address. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 315: Multicast Router Ports
Mrouter is not learned on this port (i.e. MRouter Ports Auto-Learn is not enabled on this port). • None—The port is not currently a Multicast router port. Click Apply to update the device. STEP 5 Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 316: Forward All
Forbidden—Ports cannot receive any Multicast streams, even if IGMP/MLD snooping designated the port to join a Multicast group. • None—The port is not currently a Forward All port. Click Apply. The Running Configuration file is updated. STEP 5 Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 317: Unregistered Multicast
Forwarding—Enables forwarding of unregistered Multicast frames to the selected interface. Filtering—Enables filtering (rejecting) of unregistered Multicast frames to the selected interface. Click Apply. The settings are saved, and the Running Configuration file is updated. STEP 5 Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 318: Chapter 16: Ip Configuration
IP address collisions occur when the same IP address is used in the same IP subnet by more than one device. Address collisions require administrative actions on the DHCP server and/or the devices that collide with the device. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 319: Loopback Interface
A loopback interface does not support bridging; it cannot be a member of any VLAN, and no layer 2 protocol can be enabled on it. The IPv6 link-local interface identifier is 1. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 320: Ipv4 Management And Interfaces
DHCP Server IPv4 Interface The IPv4 Interface page is used to configure IP addresses for device management. This IP address can be configured on a port, a LAG, VLAN or loopback interface. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 321 Valid—The IP address collision check was completed, and no IP address collision was detected. Valid-Duplicated—The IP address duplication check was completed, and a duplicate IP address was detected. Duplicated—A duplicated IP address was detected for the default IP address. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 322 When the system is in one of the stacking modes with a Backup Master present, CAUTION Cisco recommends configuring the IP address as a static address to prevent disconnecting from the network during a Stacking Master switchover. This is because when the backup master takes control of the stack, when using DHCP, it might receive a different IP address than the one that was received by the stack’s...
Page 323: Ipv4 Routes
This is not relevant for static routes. • Outgoing Interface—Outgoing interface for this route. Click Add. STEP 2 Enter values for the following fields: STEP 3 • Destination IP Prefix—Enter the destination IP address prefix. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 324 Metric—Enter the administrative distance to the next hop. The range is 1– 255. Click Apply. The IP Static route is saved to the Running Configuration file. STEP 4 RIPv2 IP Configuration: RIPv2. Access Lists Access Lists VRRP IP Configuration: VRRP Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 325 IP device resides. • IP Address—The IP address of the IP device. • MAC Address—The MAC address of the IP device. • Status—Whether the entry was manually entered or dynamically learned. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 326: Arp Proxy
Select ARP Proxy to enable the device to respond to ARP requests for remotely- STEP 2 located nodes with the device MAC address. Click Apply. The ARP proxy is enabled, and the Running Configuration file is STEP 3 updated. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 327 Click Apply. The UDP relay settings are written to the Running Configuration file. STEP 6 DHCPv4 Snooping/Relay This section covers the following topics: • Overview • Properties • Interface Settings • DHCP Snooping Trusted Interfaces • DHCP Snooping Binding Database Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 328 No need to enable Option 82 insertion. Option 82 Option 82 (DHCP Relay Agent Information Option) passes port and agent information to a central DHCP server, indicating where an assigned IP address physically connects to the network. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 329 Snooping is not enabled and DHCP Relay is enabled. DHCP Relay DHCP Relay VLAN with IP Address VLAN without IP Address Packet arrives Packet arrives Packet arrives Packet arrives without Option with Option without with Option Option 82 Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 330 Option sent with the Option 82 discards the Disabled original packet Bridge – no Option 82 Option 82 is Bridge – Packet is sent inserted with the original Option 82 Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 331 Snooping is disabled: DHCP Relay DHCP Relay VLAN with IP Address VLAN without IP Address Packet arrives Packet arrives Packet arrives Packet arrives without with Option without with Option Option 82 Option 82 Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 332 Option 82 Option 82 Bridge – Packet is sent Bridge – Bridge – Packet is sent Packet is sent without with the Option 82 with the Option 82 Option 82 Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 333 DHCP packets entering the device through trusted ports. The DHCP Snooping Binding database contains the following data: input port, input VLAN, MAC address of the client and IP address of the client if it exists. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 334 DHCPNAK to deny the address request. Device snoops packet. If an entry exists in the DHCP Snooping Binding table that STEP 5 matches the packet, the device replaces it with IP-MAC binding on receipt of DHCPACK. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 335 Otherwise the packet is forwarded to trusted interfaces only, and the entry is removed from database. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 336 To configure DHCP Relay and DHCP Snooping: Enable DHCP Snooping and/or DHCP Relay in the Properties page. STEP 1 Define the interfaces on which DHCP Snooping is enabled in the Interface STEP 2 Settings page. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 337 Interface Settings DHCP Relay and Snooping can be enabled on any interface with an IP address and on VLANs with or without an IP address. To enable DHCP Snooping/Relay on specific interfaces: Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 338 If a port is down, the entries for that port are not deleted. • When DHCP Snooping is disabled for a VLAN, the binding entries that were collected for that VLAN are removed. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 339 MAC Address—MAC address of packet. • IP Address—IP address of packet. • Interface—Unit/Slot/Interface on which packet is expected. • Type—The possible field values are: Dynamic —Entry has limited lease time. Static— Entry was statically configured. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 340: Dhcp Server
(that can be infinite). If the DHCP client does not renew the allocated IP Address, the IP address is revoked at the end of this period, and the client must request another IP address. This is done in the Network Pool page. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 341 IP address from the configured pool. Do this in the IPv4 Interface page. View the allocated IP addresses using the Address Binding page. IP addresses STEP 7 can be deleted in this page. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 342 If the message arrived via DHCP relay, the address used belongs to the IP subnet specified by minimum IP address and IP mask of the pool and the pool is a remote pool. Up to eight network pools can be defined. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 343 Minutes—The number of minutes in the lease. A days value and an hours value must be added before a minutes value can be added. • Default Router IP Address (Option 3)— Enter the default router for the DHCP client. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 344 File Server Host Name (sname/Option 66)—Enter the name of the TFTP/SCP server. • Configuration File Name (file/Option 67)—Enter the name of the file that is used as a configuration file. Click Apply. The Running Configuration file is updated. STEP 4 Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 345 Host Name—Enter the host name, which can be a string of symbols and an integer. • Mask—Enter the static host’s network mask. Network Mask—Check and enter the static host’s network mask. Prefix Length—Check and enter the number of bits that comprise the address prefix. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 346 (if already configured) or select Other and enter the IP address of the time server for the DHCP client. • File Server IP Address (siaddr)—Enter the IP address of the TFTP/SCP server from which the configuration file is downloaded. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 347 DHCP option. A hex value can be provided in place of any other type of value. For instance, you can provide a hex value of an IP address instead of the IP address itself. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 348 MAC Address or in hexadecimal notation, e.g., 01b60819681172. • Lease Expiration—The lease expiration date and time of the host’s IP address or Infinite is such was the lease duration defined. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 349: Ipv6 Management And Interfaces
This section covers the following topics: • Overview • IPv6 Global Configuration • IPv6 Interfaces • IPv6 Tunnel • IPv6 Addresses • IPv6 Router Configuration • IPv6 Default Router List • IPv6 Neighbors Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 350 (essentially) unchanged L3 packet received, with the next-hop device’s MAC address as the destination MAC address. The system uses Static Routing and Neighbor Discovery messages (similar to IPv4 ARP messages) to build the appropriate forwarding tables and next-hop addresses. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 351: Ipv6 Global Configuration
Each time a packet is forwarded to another router, the hop limit is reduced. When the hop limit becomes zero, the packet is discarded. This prevents packets from being transferred endlessly. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 352 This can be a previously-defined tunnel or other interface. Click Apply to configure default zone. STEP 3 Click Add to add a new interface on which interface IPv6 is enabled. STEP 4 Enter the field: STEP 5 Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 353 Entering 1 in this field indicates a single transmission without follow-up transmissions. • Send ICMPv6 Messages—Enable generating unreachable destination messages. • MLD Version—IPv6 MLD version. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 354 Stateless Service—Is the client defined as stateless (receives configuration information from a DHCP server) or not. • DHCP Server Address—Address of DHCPv6 server. • DHCP Server DUID—Unique identifier of the DHCPv6 server. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 355: Ipv6 Tunnel
When configuring an ISATAP tunnel, the destination IPv4 address is provided by the router. Note the following: • An IPv6 link local address is assigned to the ISATAP interface. The initial IP address is assigned to the interface, which is then activated. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 356 6to4 is an automatic tunneling mechanism that uses the underlying IPv4 network as a non-Broadcast multiple-access link layer for IPv6. Only one 6to4 tunnel is supported on a device. The 6to4 tunnel is supported only when IPv6 Forwarding is supported. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 357 Interfaces page) in the IPv6 Tunnel Table and click Add. Enter the following fields: STEP 5 • Tunnel Name—Select a tunnel number. • Tunnel Type—Select a tunnel type: Manual, ISATAP and 6 to 4. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 358 ISATAP Router Name— (For ISATAP tunnels only) Select one of the following options to configure a global string that represents a specific automatic tunnel router domain name. Use Default—This is always ISATAP. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 359: Ipv6 Addresses
If a link local address exists on the interface, this entry replaces the address in the configuration. Global—An IPv6 address that is a global Unicast IPV6 type that is visible and reachable from other networks. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 360 Click Apply. The Running Configuration file is updated. STEP 5 IPv6 Router Configuration The following sections describe how to configure IPv6 routers. It covers the following topics: • Router Advertisement • IPv6 Prefixes Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 361 If the Managed Address Configuration flag is set, an attached host can NOTE use stateful auto configuration to obtain the other (non address) information regardless of the setting of this flag. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 362 If required, enable the Filter field and click Go. The group of interfaces matching STEP 2 the filter are displayed. To add an interface, click Add. STEP 3 Select the required IPv6 Interface on which a prefix is to be added. STEP 4 Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 363 An onlink prefix is inserted into the routing table as a connected prefix (L-bit set). Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 364: Ipv6 Default Router List
Default Router IPv6 Address—Link local IP address of the default router. • Type—The default router configuration that includes the following options: Static—The default router was manually added to this table through the Add button. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 365: Ipv6 Neighbors
This page displays the neighbors that were automatically detected or manually configured entries. Each entry displays to which interface the neighbor is connected, the neighbor’s IPv6 and MAC addresses, the entry type (static or dynamic), and the state of the neighbor. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 366 Router—Specifies whether the neighbor is a router (Yes or No). To add a neighbor to the table, click Add. STEP 2 Enter values for the following fields: STEP 3 • Interface—The neighboring IPv6 interface to be added. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 367 Lower Than arguments are entered, the range is between the values used for Greater Than and Greater Than. To create a prefix list: Click IP Configuration > IPv6 Management Interfaces > IPv6 Prefix List. STEP 1 Click Add. STEP 2 Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 368 No Limit—No maximum prefix length to be used for matching. User Defined—Maximum prefix length to be matched. • Description—Enter a description of the prefix list. Click Apply to save the configuration to the Running Configuration file. STEP 4 Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 369: Ipv6 Routes
IPv6 routers by using ICMP redirect messages. This could happen when the default router the device uses is not the router for traffic to which the IPv6 subnets that the device wants to communicate. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 370: Dhcpv6 Relay
—The destination is an indirectly-attached (remote) IPv6 subnet address. The entry was obtained dynamically via the ND or ICMP protocol. Static —The entry was manually configured by a user. DHCPv6 Relay This section covers the following topics: Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 371 The address type can be Link Local, Global or Multicast (All_DHCP_Relay_Agents_and_Servers). • DHCPv6 Server IP Address—Enter the address of the DHCPv6 server to which packets are forwarded. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 372: Domain Name System
Click Apply. The Running Configuration file is updated. STEP 3 Domain Name System The Domain Name System (DNS) translates domain names into IP addresses for the purpose of locating and addressing hosts. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 373: Dns Settings
DNS server does not exist. • Polling Timeout—Enter the number of seconds that the device will wait for a response to a DNS query. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 374 Only one link local address is supported. If a link local address exists on the interface, this entry replaces the address in the configuration. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 375: Search List
This cache can contain the following type of entries: • Static Entries—These are mapping pairs that were manually added to the cache. There can be up to 64 static entries. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 376 TTL (Sec)— If this is a dynamic entry, how long will it remain in the cache. • Remaining TTL (Sec)— If this is a dynamic entry, how much longer will it remain in the cache. To add a host mapping, click Add. STEP 3 Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 377 • IP Address—Enter a single address or up to eight associated IP addresses (IPv4 or IPv6). Click Apply. The settings are saved to the Running Configuration file. STEP 5 Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 378: Chapter 17: Ip Configuration: Ripv2
The device supports RIP version 2, which is based on the following standards: • RFC2453 RIP Version 2, November 1998 • RFC2082 RIP-2 MD5 Authentication, January 1997 • RFC1724 RIP Version 2 MIB Extension Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 379: How Rip Operates On The Device
In this way, the relative cost of the interfaces can be adjusted as desired. It is your responsibility to set the offset for each interface (1 by default). Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 380: Passive Mode
In this case, the router is passive, and only receives the updated RIP information on this interface. By default, transmission of routing updates on an IP interface is enabled. RIPv2 Settings for more information. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 381 These feature are disabled by default and can be enabled globally. If these features are enabled, rejected routes are advertised by routes with a metric of 16. The route configurations can be propagated using one of the following options: Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 382 Static route configuration and connected interfaces must be taken into account when using RIP. This is shown in the following, which illustrates a network where some routers support RIP and others do not. A Network with RIP and non-RIP Routers Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 383 MD5 digest. RIP Statistical Counters You can monitor the RIP operation by checking statistical counters per IP interface. Displaying RIPv2 Statistic Counters for a description of these counters. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 384: Configuring Rip
IP address list on the IP interface (see Access Lists). Advertise default route entries on the IP interface, using the RIPv2 Settings page. Enable RIP authentication on an IP Interface, using the RIPv2 Settings page. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 385 If the metric value of a static route is greater than 15, the static route is not advertised to other routers using RIP. • User Defined Metric—Enter the value of the metric. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 386 IP interface. If this field is not enabled, RIP updates are not sent (passive). • Offset—Specifies the metric number of the specified IP interface. This reflects the additional cost of using this interface, based on the speed of the interface. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 387 • Key Chain—If MD5 was selected as the authentication mode, enter the key chain to be digested. This key chain is created as described in the Management section. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 388 0 or greater than 16 • Update Sent—Specifies the number of packets sent by RIP on the IP interface. To clear all interface counters, click Clear All Interface Counters. STEP 2 Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 389: Access Lists
To create access lists, do the following: 1. Create an access list with a single IP address, using the Access Lists pages. 2. Add additional IP addresses if required, using the Source IPv4 Access List page. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 390 Click IP Configuration > > IPv4 Management and Interfaces > Access List > STEP 1 Source IPv4 Address List. To modify the parameters of an access list, click Add and modify any of the STEP 2 following fields: Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 391 Action—Action for the access list. The following options are available: Permit—Permit entry of packets from the IP address(es) in the access list. Deny—Reject entry of packets from the IP address(es) in the access list. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 392: Chapter 18: Ip Configuration: Vrrp
VRRP also enables load sharing of traffic. Traffic can be shared equitably among available routers by configuring VRRP in such a way that traffic to and from LAN clients are shared by multiple routers. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 393: Vrrp Topology
Router B and C function as a virtual router backups. If the virtual router master fails, the router configured with the higher priority becomes the virtual router master and provides service to the LAN hosts with minimal interruption. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 394 1 through 4 and Routers A and B act as virtual router backups to each other if either router fails. Load Sharing VRRP Topology Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 395: Configurable Elements Of Vrrp
VRRP supports up to 255 virtual routers (VRRP groups). VRRP Versions The device supports the following VRRP version types: • IPv4 VRRPv3 based on RFC5798. VRRPv3 messages are sent. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 396 One of the VRRP routers supporting the virtual router must be the owner of all the IP addresses of the virtual router. A VRRP router is the owner of the IP Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 397: Vrrp Router Priority And Preemption
VRRP router would perform as a backup to a virtual router defined in the VRRP router. If there are multiple backup VRRP routers for the virtual router, the priority determines which backup VRRP router is assigned as master if the current master fails. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 398: Vrrp Advertisements
In VRRP version 2, the operational advertise interval is rounded down to the nearest second. The minimum operational value is 1 sec. Configuring VRRP This feature can be configured in the following pages. • Virtual Routers Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 399: Virtual Routers
100 is the default for a non-owner device. • Preempt Mode—Select true/false to enable/disable preempt mode, as described in VRRP Router Priority and Preemption. • Advertisement Interval—Enter time interval, as described in VRRP Advertisements. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 400 Advertisement Interval—Time interval, as described in VRRP Advertisements. Source IP Address—IP address to be used in VRRP messages. Master Parameters of master device: Priority—255 Advertisement Interval—Time interval, as described in VRRP Advertisements. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 401: Vrrp Statistics
Select an interface. STEP 2 Click Clear Interface Counter to clear the counters for that interface. STEP 3 Click Clear All Interface Counters to clear all the counters. STEP 4 Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 402: Chapter 19: Security
SSL Server • SSH Server • SSH Client Protection from attacks directed at the device CPU is described in the following sections: • TCP/UDP Services • Storm Control • Access Control Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 403: Configuring Tacacs
The device can act as a TACACS+ client that uses the TACACS+ server for the following services: • Authentication—Provides authentication of users logging onto the device by using usernames and user-defined passwords. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 404 The user can enable accounting of login sessions using either a RADIUS or TACACS+ server. The user-configurable, TCP port used for TACACS+ server accounting is the same TCP port that is used for TACACS+ server authentication and authorization. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 405 Select TACACS+ in the Management Access Authentication page, so that when a STEP 3 user logs onto the device, authentication is performed on the TACACS+ server instead of in the local database. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 406 Add TACACS+ Server page for a specific server, the value is taken from this field. • Source IPv4 Interface—Select the device IPv4 source interface to be used in messages sent for communication with the TACACS+ server. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 407 Priority—Enter the order in which this TACACS+ server is used. Zero is the highest priority TACACS+ server and is the first server used. If it cannot establish a session with the high priority server, the device tries the next highest priority server. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 408: Configuring Radius
In this way, authentication and authorization can be handled on a single server for all devices in the organization. The device can act as a RADIUS client that uses the RADIUS server for the following services: Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 409: Accounting Using A Radius Server
If more than one RADIUS server has been configured, the device uses the NOTE configured priorities of the available RADIUS servers to select the RADIUS server to be used by the device. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 410 Source IPv4 Interface—Select the device IPv4 source interface to be used in messages for communication with the RADIUS server. • Source IPv6 Interface—Select the device IPv6 source interface to be used in messages for communication with the RADIUS server. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 411 RADIUS server. It can be entered in Encrypted or Plaintext format. If Use Default is selected, the device attempts to authenticate to the RADIUS server by using the default Key String. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 412 Click Apply. The RADIUS server definition is added to the Running Configuration STEP 6 file of the device. To display sensitive data in plaintext form on the page, click Display Sensitive STEP 7 Data As Plaintext. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 413: Password Strength
Password Strength Password Strength The default username/password is cisco/cisco. The first time that you log in with the default username and password, you are required to enter a new password. Password complexity is enabled by default. If the password that you choose is not complex enough (Password Complexity Settings are enabled in the Password Strength page), you are prompted to create another password.
Page 414: Key Management
This section describes how to configure key chains for applications and protocols, such as RIP. See IP Configuration: RIPv2 for a description of how RIP uses key chain for authentication. It covers the following topics: • Key Chain • Key Settings Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 415: Key Chain
Start Time—Enter the earliest time that the key-identifier is valid on the Start Date. • End Time—Specifies the last date that the key-identifier is valid. Select one of the following options. Infinite—No limit to the life of the key-identifier. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 416 Time. The Send Life Time has the same fields. • Accept Life Time—Specifies when packets with this key are accepted. Select one of the following options. Always Valid—No limit to the life of the key-identifier. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 417: Management Access Method
• Access Profile • Profile Rules Access profiles determine how to authenticate and authorize users accessing the device through various access methods. Access Profiles can limit management access from specific sources. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 418: Access Profile
If no match is found, access is denied. When an attempt to access the device is in violation of the active access profile, the device generates a SYSLOG message to alert the system administrator of the attempt. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 419 One is the highest priority. • Management Method—Select the management method for which the rule is defined. The options are: All—Assigns all management methods to the rule. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 420 IP Version—Enter the version of the source IP address: Version 6 or Version • IP Address—Enter the source IP address. • Mask—Select the format for the subnet mask for the source IP address, and enter a value in one of the fields: Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 421 • Management Method—Select the management method for which the rule is defined. The options are: Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 422 Mask—Select the format for the subnet mask for the source IP address, and enter a value in one of the field: Network Mask—Select the subnet to which the source IP address belongs and enter the subnet mask in dotted decimal format. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 423: Management Access Authentication
If the field is not selected, only authentication is performed. If Authorization is enabled, the read/write privileges of users are checked. This privilege level is set in the User Accounts page. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 424: Secure Sensitive Data Management
Secure Sensitive Data Management Security: Secure Sensitive Data Management. SSL Server This section describes the Secure Socket Layer (SSL) feature. It covers the following topics: • SSL Overview • SSL Server Authentication Settings Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 425: Ssl Overview
Valid To—Specifies the date up to which the certificate is valid. • Certificate Source—Specifies whether the certificate was generated by the system (Auto Generated) or the user (User Defined). Select an active certificate. STEP 2 Click Generate Certificate Request. STEP 3 Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 426 Private Key (Encrypted)—Select and copy in the RSA private key in encrypted form. • Private Key (Plaintext)—Select and copy in the RSA private key in plain text form. Click Apply to apply the changes to the Running Configuration. STEP 4 Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 427: Tcp/Udp Services
HTTP—Enabled by factory default • HTTPS—Enabled by factory default • SNMP—Disabled by factory default • Telnet—Disabled by factory default • SSH—Disabled by factory default The active TCP connections are also displayed in this window. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 428 Service Name—Access method through which the device is offering the UDP service. • Type—IP protocol the service uses. • Local IP Address—Local IP address through which the device is offering the service. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 429: Storm Control
Storm Control State—Select to enable Storm Control for Unicast packets. Rate Threshold—Enter the maximum rate at which unknown packets can be forwarded. This value can be entered by kbits/sec or by percentage of the total available bandwidth. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 430 Shutdown on Storm—Select to shutdown a port when a storm occurs on the port. If this is not selected extra traffic is discarded. Click Apply. Storm control is modified, and the Running Configuration file is STEP 4 updated. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 431: Port Security
MAC addresses. The MAC addresses can be either dynamically learned or statically configured. Port security monitors received and learned packets. Access to locked ports is limited to users with specific MAC addresses. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 432 To configure port security: Click Security > Port Security. STEP 1 Select an interface to be modified, and click Edit. STEP 2 Enter the parameters. STEP 3 • Interface—Select the interface name. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 433 This is relevant for lock violations. For Classic Lock, this is any new address received. For Limited Dynamic Lock, this is any new address that exceeds the number of allowed addresses. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 434: Ip Source Guard
Interactions with Other Features • Filtering • IP Source Guard Work Flow • Properties • Interface Settings • Binding Database Interactions with Other Features The following points are relevant to IP Source Guard: Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 435 If source IP address filtering is enabled: IPv4 traffic: Only traffic with a source IP address that is associated with the port is permitted. Non IPv4 traffic: Permitted (Including ARP packets). Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 436 IPv4 traffic — Only IPv4 traffic with a source IP address that is associated with the specific port is permitted. • Non IPv4 traffic — All non-IPv4 traffic is permitted. Interactions with Other Features for more information about enabling IP Source Guard on interfaces. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 437: Binding Database
Retry Frequency—The frequency with which the TCAM resources are checked. • Never-Never try to reactivate inactive addresses. Click Apply to save the above changes to the Running Configuration and/or Retry STEP 3 Now to check TCAM resources. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 438: Arp Inspection
ARP allows a gratuitous reply from a host even if an ARP request was not received. After the attack, all traffic from the device under attack flows through the attacker's computer and then to the router, switch, or host. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 439 This section describes ARP Inspection and covers the following topics: • How ARP Prevents Cache Poisoning • Interaction Between ARP Inspection and DHCP Snooping • ARP Defaults • ARP Inspection Work Flow Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 440: How Arp Prevents Cache Poisoning
If a packet is valid, it is forwarded and the ARP cache is updated. If the ARP Packet Validation option is selected (Properties page), the following additional validation checks are performed: Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 441: Interaction Between Arp Inspection And Dhcp Snooping
Dynamic ARP Inspection Not enabled. ARP Packet Validation Not enabled ARP Inspection Enabled on Not enabled VLAN Log Buffer Interval SYSLOG message generation for dropped packets is enabled at 5 seconds interval Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 442: Arp Inspection Work Flow
• Log Buffer Interval—Select one of the following options: Retry Frequency—Enable sending SYSLOG messages for dropped packets. Entered the frequency with which the messages are sent. Never—Disabled SYSLOG dropped packet messages. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 443 ARP Access Control Name—Enter a user-created name. • IP Address—IP address of packet. • MAC Address—MAC address of packet. Click Apply. The settings are defined, and the Running Configuration file is STEP 4 updated. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 444 VLAN number and select a previously-defined ARP Access Control Name. Click Apply. The settings are defined, and the Running Configuration file is STEP 4 updated. First Hop Security Security: IPv6 First Hop Security Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 445: Denial Of Service Prevention
One method of resisting DoS attacks employed by the device is the use of SCT. SCT is enabled by default on the device and cannot be disabled. The Cisco device is an advanced device that handles management traffic, protocol traffic and snooping traffic, in addition to end-user (TCP) traffic.
Page 446: Types Of Dos Attacks
Invasor Trojan—A trojan enables the attacker to download a zombie agent (or the trojan may contain one). Attackers can also break into systems using automated tools that exploit flaws in programs that listen for connections Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 447: Defense Against Dos Attacks
ACL is defined on the interface or if you attempt to define an ACL on an interface on which DoS Prevention is enabled. A SYN attack cannot be blocked if there is an ACL active on an interface. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 448: Security Suite Settings
If System-Level Prevention or System-Level and Interface-Level Prevention is STEP 5 selected, enable one or more of the following DoS Prevention options: • Stacheldraht Distribution—Discards TCP packets with source TCP port equal to 16660. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 449: Syn Protection
Click Security > Denial of Service Prevention > SYN Protection. STEP 1 Enter the parameters. STEP 2 • Block SYN-FIN Packets—Select to enable the feature. All TCP packets with both SYN and FIN flags are dropped on all ports. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 450: Martian Addresses
Addresses defined to be illegal in the Martian Addresses page. • Addresses that are illegal from the point of view of the protocol, such as loopback addresses, including addresses within the following ranges: Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 451 —Enter the prefix of the IP address to define the range of IP addresses for which Denial of Service prevention is enabled. Click Apply. The Martian addresses are written to the Running Configuration file. STEP 5 Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 452: Syn Filtering
To define SYN rate protection: Click Security > Denial of Service Prevention > SYN Rate Protection. STEP 1 This page appears the SYN rate protection currently defined per interface. Click Add. STEP 2 Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 453: Icmp Filtering
If you enter the IP address, enter either the mask or prefix length. • Network Mask—Select the format for the subnet mask for the source IP address, and enter a value in one of the field: Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 454: Ip Fragmented Filtering
Prefix Length—Select the Prefix Length and enter the number of bits that comprise the source IP address prefix. Click Apply. The IP fragmentation is defined, and the Running Configuration file is STEP 4 updated. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 455 802.1x authentication restricts unauthorized clients from connecting to a LAN through publicity-accessible ports. 802.1x authentication is a client-server model. In this model, network devices have the following specific roles. • Client or supplicant • Authenticator • Authentication server Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 456: Chapter 20: Security: 802.1X Authentication
WEB-based—Supported only in multi-sessions modes. In 802.1x-based authentication, the authenticator extracts the EAP messages from the 802.1x messages (EAPOL packets) and passes them to the authentication server, using the RADIUS protocol. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 457: Authentication Server
All of this is accomplished with no impact on end users or on network-attached hosts. Open Access can be activated in the Port Authentication page. Port Authentication States The port authentication state determines whether the client is granted access to the network. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 458 VLANs is bridged. When a port is authorized, untagged and tagged traffic from the authorized host is bridged based on the static VLAN membership port configuration. Traffic from other hosts is dropped. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 459 Tagged traffic is dropped unless it belongs to the RADIUS-assigned VLAN or to the unauthenticated VLANs. Radius VLAN assignment on a port is set in the Port Authentication page. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 460: Multiple Authentication Methods
802.1x supplicants and authentication servers. The EAP messages between supplicants and the authenticator are encapsulated into the 802.1x messages, and the EAP messages between the authenticator and authentication servers are encapsulated into the RADIUS messages. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 461 Figure 2 MAC-Based Authentication RADIUS Protocol User Data EAP Protocol Client Authenticaticator Username = MAC address Authentication Server Password = MAC address . The method does not have any specific configuration. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 462 Figure 3 WEB-Based Authentication RADIUS Protocol HTTP EAP Protocol Client Authenticaticator Authentication Server Web-based authentication cannot be configured on a port that has the guest VLAN or RADIUS-Assigned VLAN feature enabled. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 463 The guest VLAN cannot be used as the Voice VLAN or an unauthenticated VLAN. RADIUS VLAN Assignment Support to see a summary of the modes in which guest VLAN is supported. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 464 The RADIUS server must authenticate the device and dynamically assign a VLAN to the device. You can set the RADIUS VLAN Assignment field to static in the Port Authentication page. This enables the host to be bridged according to static configuration. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 465 In single-host mode you can configure the action to be taken when an unauthorized host on authorized port attempts to access the interface. This is done in the Host and Session Authentication page. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 466 A value of 0 specifies the unlimited number of login attempts. The duration of the quiet period and the maximum number of login attempts can be set in the Port Authentication page. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 467 †—The port mode also supports the guest VLAN and RADIUS-VLAN assignment. N/S—The authentication method does not support the port mode. You can simulate the single-host mode by setting Max Hosts parameter to 1 in the NOTE Port Authentication page. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 468 Frames are Frames Frames are Frames dropped bridged based multi- dropped on the static bridged sessions unless VLAN based on they configuration the static belongs VLAN to the configurat unauthent icated VLANs Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 469 Select a port, and click Edit. STEP 10 Set the Administrative Port Control field to Auto. STEP 11 Define the authentication methods. STEP 12 Click Apply, and the Running Configuration file is updated. STEP 13 Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 470 Configure the Guest VLAN Timeout to be either Immediate or enter a value in the STEP 4 User defined field. Click Apply, and the Running Configuration file is updated. STEP 5 Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 471: Properties
RADIUS—Authenticate the user on the RADIUS server. If no authentication is performed, the session is not permitted. None—Do not authenticate the user. Permit the session. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 472 To change Enable or Disable authentication on a VLAN, select it, click Edit and select either Enable or Disable. Click Apply. The 802.1X properties are written to the Running Configuration file. STEP 3 Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 473: Port Authentication
Force Authorized—Authorizes the interface without authentication. • RADIUS VLAN Assignment—Select to enable Dynamic VLAN assignment on the selected port. Disable—Feature is not enabled. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 474 Reauthentication Period—Enter the number of seconds after which the selected port is reauthenticated. • Reauthenticate Now—Select to enable immediate port re-authentication. • Authenticator State—Displays the defined port authorization state. The options are: Initialize—In process of coming up. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 475 Supplicant Timeout—Enter the number of seconds that lapses before EAP requests are resent to the supplicant. • Server Timeout—Enter the number of seconds that lapses before the device resends a request to the authentication server. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 476: Host And Session Authentication
Action on Violation—Select the action to be applied to packets arriving in Single Session/Single Host mode, from a host whose MAC address is not the supplicant MAC address. The options are: Protect (Discard)—Discards the packets. Restrict (Forward)—Forwards the packets. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 477: Authenticated Hosts
• Authentication Method—Method by which the last session was authenticated. • Authentication Server—RADIUS server. • MAC Address—Displays the supplicant MAC address. • VLAN ID—Port’s VLAN. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 478: Locked Clients
To add a language for web-based authentication: Click Security > 802.1X/MAC/Web Authentication > Web Authentication STEP 1 Customization. Click Add. STEP 2 Select a language from the Language drop-down list. STEP 3 Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 479: Web Authentication Customization
If the Custom color scheme is selected, the following options are available: Page Background Color—Enter the ASCII code of the background color. The selected color is shown in the Text field. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 480 • RADIUS Authentication—Displays whether RADIUS authentication is enabled. If so, the username and password must be included in the login page. • Username Textbox—Select for a username textbox to be displayed. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 481 Copyright Text—Enter the copyright text. Click Apply and the settings are saved to the Running Configuration file. STEP 12 Click Edit Success Page. STEP 13 Figure 5 The following page is displayed Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 482 To preview the login or success message, click Preview. To set the default language of the GUI interface as the default language for Web- based authentication, click Set Default Display Language. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 483: Chapter 21: Security: Secure Sensitive Data Management
SSD provides users with the flexibility to configure the desired level of protection on their sensitive data; from no protection with sensitive data in plaintext, minimum protection with encryption based on the default passphrase, and better protection with encryption based on user-defined passphrase. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 484: Ssd Management
A device grants a user the SSD read permission of the SSD rule that best matches the user identity/credential and the type of management channel from which the user is/will access the sensitive data. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 485: Elements Of An Ssd Rule
User Type will be applied). Specific—The rule applies to a specific user. Default User (cisco)—The rule applies to the default user (cisco). Level 15—The rule applies to users with privilege level 15. All—The rule applies to all users.
Page 486 Exclude—Do not allow reading sensitive data. Encrypted—Sensitive data is presented in encrypted form. Plaintext—Sensitive data is presented in plaintext form. Each management channel allows specific read presumptions. The following summarizes these. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 487 Changes in the default read mode and read permissions of a rule will become effective, and will be applied to the affected user(s) and channel of all active management sessions immediately, excluding the session making Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 488: Ssd Rules And User Authentication
Default SSD Rules The device has the following factory default rules: Table 1 Rule Key Rule Action User Channel Read Default Read Mode Permission Level Secure XML Plaintext Only Plaintext SNMP Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 489: Ssd Default Read Mode Session Override
In this case, the session read mode returns to the default read mode of the SSD rule. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 490: Ssd Properties
A user-defined passphrase can be configured manually in plain text. It can also be derived from a configuration file. (See Sensitive Data Zero-Touch Auto Configuration). A device always displays user-defined passphrases encrypted. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 491: Local Passphrase
This remains until the device is manually reconfigured with the user-defined passphrase, or learns the user-defined passphrase from a configuration file. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 492: Configuration File Integrity Control
The configuration in a Startup Configuration file becomes the Running Configuration after reboot. Running and Startup Configuration files are formatted in internal format. Mirror, Backup, and the remote configuration files are text-based Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 493: File Ssd Indicator
A user can retrieve the sensitive data encrypted or in plaintext from a startup configuration file, subject to the SSD read permission and the current SSD read mode of the management session. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 494 If there is an SSD control block in the source configuration file and the file contains plaintext, sensitive data excluding the SSD configurations in the SSD control block, the file is accepted. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 495: Running Configuration File
A user can display, copy, and upload the complete mirror and backup configuration files, subject to SSD read permission, the current read mode in the session, and the file SSD indicator in the source file as follows: Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 496 The device must be configured and instructed to: • Encrypt the sensitive data in the file Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 497: Ssd Management Channels
If it is insecure, the table indicates the parallel secure channel. Management Channel SSD Management Parallel Secured Channel Type Management Channel Console Secure Telnet Insecure Secure GUI/HTTP Insecure GUI/HTTPS GUI/HTTPS Secure Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 498: Menu Cli And Password Recovery
Configuring SSD The SSD feature is configured in the following pages: • SSD properties are set in the SSD Properties page. • SSD rules are defined in the SSD Rules page. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 499 Click Apply. The settings are saved to the Running Configuration file. STEP 2 SSD Rules Configuration Only users with SSD read permission of Plaintext-only or Both are allowed to set SSD rules. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 500 Specific User—Select and enter the specific user name to which this rule applies (this user does not necessarily have to be defined). Default User (cisco)—Indicates that this rule applies to the default user. Level 15—Indicates that this rule applies to all users with privilege level All—Indicates that this rule applies to all users.
Page 501 The following actions can be performed on selected rules: STEP 4 • Add, Edit or Delete rules • Restore All Rules to Default—Restore a user-modified default rule to the default rule. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 502: Chapter 22: Security: Ssh Server
SSH server application, such as PuTTY. The public keys are entered in the device. The users can then open an SSH session on the device through the external SSH server application. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 503: Common Tasks
Enable Automatic Login by passing management authentication if required in the STEP 3 SSH User Authentication page. Add the users and their public key into to SSH User Authentication Table in the STEP 4 SSH User Authentication page. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 504: Ssh User Authentication
Management Access Authentication page. This page is optional. You do not have to work with user authentication in SSH. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 505 SSH User Name—User name of the active user. • SSH Version—Version of SSH used by the active user. • Cipher—Cipher of the active user. • Authentication Code—Authentication code of the active user. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 506: Ssh Server Authentication
If the key is already being displayed as plaintext, you can click Display Sensitive Data as Encrypted. to display the text in encrypted form. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 507: Chapter 23: Security: Ssh Client
Secure Shell or SSH is a network protocol that enables data to be exchanged on a secure channel between an SSH client (in this case, the device) and an SSH server. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 508 Authentication information must be entered by the user, both on the device and on the SSH server, although this guide does not describe server operations. The following illustrates a typical network configuration in which the SCP feature might be used. Typical Network Configuration Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 509 SSH User Authentication When a device (SSH client) attempts to establish a SSH session to a SSH server, the SSH server uses various methods for client authentication. These are described below. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 510 In the key method, individual public/private keys must be created for each individual device, and these private keys cannot be copied directly from one device to another because of security considerations. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 511: Supported Algorithms
SSH transport layer. The following algorithms are supported on the client side: • Key Exchange Algorithm-diffie-hellman • Encryption Algorithms aes128-cbc 3des-cbc arcfour aes192-cbc aes256-cbc • Message Authentication Code Algorithms hmac-sha1 Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 512: Before You Begin
SSH User Authentication page can be used. Set up a username/password or modify the password on the remote SSH server. STEP 3 This activity depends on the server and is not described here. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 513 STEP 1 Click Add to add a new server and enter its identifying information. STEP 2 Click Apply to add the server to the Trusted SSH Servers table. STEP 3 Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 514: Ssh User Authentication
The SSH User Key Table contains the following fields for each key: • Key Type—RSA or DSA. • Key Source—Auto Generated or User Defined. • Fingerprint—Fingerprint generated from the key. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 515: Ssh Server Authentication
By name—If this is selected enter the name of the server in the Server IP Address/Name field. • IP Version—If you selected to specify the SSH server by IP address, select whether that IP address is an IPv4 or IPv6 address. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 516: Change User Password On The Ssh Server
IP address is an IPv4 or IPv6 address. • IPv6 Address Type—If the SSH server IP address is an IPv6 address, select the IPv6 address type. The options are: Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 517 Old Password—This must match the password on the server. • New Password—Enter the new password and confirm it in the Confirm Password field. Click Apply. The password on the SSH server is modified. STEP 3 Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 518: Chapter 24: Security: Ipv6 First Hop Security
• Attack Protection • Policies, Global Parameters and System Defaults • Common Tasks • Default Settings and Configuration • Before You Start • Configuring IPv6 First Hop Security through Web GUI Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 519: Ipv6 First Hop Security Overview
A separate and independent instance of IPv6 First Hop Security runs on each VLAN on which the feature is enabled. Abbreviations Name Description CPA message Certification Path Advertisement message CPS message Certification Path Solicitation message DAD-NS message Duplicate Address Detection Neighbor Solicitation message Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 520 VLAN that is not attached to a user-defined policy. These policies cannot be attached explicitly by the user. See Policies, Global Parameters and System Defaults. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 521 Trapped RS,CPS NS and NA messages are also passed to the ND Inspection feature. ND Inspection validates these messages, drops illegal messages, and passes legal messages to the IPv6 Source Guard feature. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 522 Security, and hosts and routers inside this perimeter are trusted devices. For example, in Figure 2 Switch B and Switch C are inner links inside the protected area. Figure 2 IPv6 First Hop Security Perimeter Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 523: Router Advertisement Guard
FHS common component is enabled, a rate limited SYSLOG message is sent. Neighbor Discovery Inspection Neighbor Discovery (ND) Inspection supports the following functions: • Validation of received Neighbor Discovery protocol messages. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 524: Dhcpv6 Guard
If a message does not pass verification, it is dropped. If the logging packet drop configuration on the FHS common component is enabled, a rate limited SYSLOG message is sent. Neighbor Binding Integrity Neighbor Binding (NB) Integrity establishes binding of neighbors. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 525 An IPv6 First Hop Security switch can discover and record binding information by using the following methods: • NBI-NDP Method: Learning IPv6 addresses from the snooped Neighbor Discovery Protocol messages • NBI-DHCP method: By learning IPv6 addresses from the snooped DHCPv6 messages Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 526 NBI-NDP assumes that the new anchor is valid and changes the binding anchor. If the host is still reachable using the previously recorded binding anchor, the binding interface is not changed. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 527: Ipv6 Source Guard
IPv6 addresses of NDP and DHCPv6 messages, regardless of whether IPv6 Source Guard is enabled. If IPv6 Source Guard is enabled together with NB Integrity, IPv6 Source Guard configures the TCAM to specify which IPv6 data Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 528: Attack Protection
Attack Protection The section describes attack protection provided by IPv6 First Hop Security Protection against IPv6 Router Spoofing An IPv6 host can use the received RA messages for: • IPv6 router discovery Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 529 If the given IPv6 address is known, the DAD_NS message is forwarded only on the interface where the IPv6 address is bound. • An NA message is dropped if the target IPv6 address is bound with another interface. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 530: Policies, Global Parameters And System Defaults
Policies contain the rules of verification that are performed on input packets. They can be attached to VLANs and also to ports and LAGs. If the feature is not enabled on a VLAN, the policies have no effect. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 531 The final set of rules that is applied to an input packet on an interface is built in the following way: • The rules configured in policies attached to the interface (port or LAG) on which the packet arrived are added to the set. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 532: Common Tasks
If required, either configure a user-defined policy or add rules to the default STEP 3 policies for the feature. Attach the policy to a VLAN, port or LAG using either the Policy Attachment STEP 4 (VLAN) Policy Attachment (Port) pages. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 533 In this same page, set the global configuration values that are used if no values are STEP 2 set in a policy. If required, either configure a user-defined policy or add rules to the default STEP 3 policies for the feature. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 534: Default Settings And Configuration
Policy Attachment (Port) pages. Default Settings and Configuration If IPv6 First Hop Security is enabled on a VLAN, the switch traps the following messages by default: • Router Advertisement (RA) messages Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 535: Before You Start
ND Inspection Settings • Neighbor Binding Settings • IPv6 Source Guard Settings • Policy Attachment (VLAN) • Policy Attachment (Port) • Neighbor Binding Table • Neighbor Prefix Table • FHS Status Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 536 First Hop Security. To attach this policy to an interface: STEP 5 • Attach Policy to VLAN—Click to jump to Policy Attachment (VLAN) page where you can attach this policy to a VLAN. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 537 Managed Address Configuration flag within an IPv6 RA Guard policy. Inherited—Feature is inherited from either the VLAN or system default (client). No Verification—Disables verification of the advertised Managed Address Configuration flag. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 538 User Defined—Verifies that the hop-count limit is greater than or equal to this value. • Maximal Hop Limit—Indicates if the RA Guard policy checks the maximum hop limit of the packet received. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 539 No Verification—Disables verification of the high boundary of Advertised Default Router Preference. Low—Specifies the maximum allowed Advertised Default Router Preference value. The following values are acceptable: low, medium and high (see RFC4191). Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 540 Minimal Preference—This field indicates whether the DHCPv6 Guard policy will check the minimum advertised preference value of the packet received. No Verification—Disables verification of the minimum advertised preference value of the packet received. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 541 IPv6 address in received DHCP reply messages within a DHCPv6 Guard policy. Inherited—Value is inherited from either the VLAN or system default (no verification). No Verification—Disables verification of the DHCP server's and relay’s IPv6 address. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 542 Inspection feature on a specified group of VLANs and to set the global configuration values for this feature. If required, a policy can be added or the system-defined default ND Inspection policies can be configured in this page. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 543 Enable—Enable dropping messages with no CGA or RSA Signature option within an IPv6 ND Inspection policy. Disable—Disable dropping messages with no CGA or RSA Signature option within an IPv6 ND Inspection policy. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 544 VLANs and to set the global configuration values for this feature. If required, a policy can be added or the system-defined default Neighbor Binding policies can be configured in this page. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 545 Entries Per MAC Address—Specifies the neighbor binding limit per MAC address. Select either No Limit or enter a User Defined value. If required, click Add to create a Neighbor Binding policy. STEP 3 Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 546 Any—Any configuration methods (stateless and manual) are allowed for global IPv6 bound from NDP messages Stateless—Only stateless auto configuration is allowed for global IPv6 bound from NDP messages. Disable—Binding from NDP messages is disabled. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 547 • Port Trust—Displays that by default the policies are for untrusted ports. This can be changed per policy. If required, click Add to create a First Hop Security policy. STEP 3 Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 548 VLAN List—Select the VLANs to which the policy is attached. Select All VLANs or enter a range of VLANs. Click Apply to add the settings to the Running Configuration file. STEP 3 Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 549 The following fields are displayed for each policy (only fields not on Add page are displayed: • Origin—Protocol that added the IPv6 address (only available for dynamic entries): Static—Added manually. NDP—Learnt from Neighbor Discovery Protocol messages. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 550 Dynamic Only—Clear only dynamic entries. • All Dynamic & Static—Clear static and dynamic entries. The following fields are displayed for the exiting entries: STEP 3 • VLAN ID—VLAN on which the prefixes are relevant. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 551 Device Role:—RA device role. Managed Configuration Flag—Is verification of the managed configuration flag enabled. Other Configuration Flag—Is verification of the other configuration flag enabled. RA Address List—RA address list to be matched. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 552 • Neighbor Binding Status Neighbor Binding State on Current VLAN—Is Neighbor Binding enabled on the current VLAN. Device Role—Neighbor Binding device role. Logging Binding—Is logging of Neighbor Binding table events enabled. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 553 Select an interface and display the following fields are displayed: STEP 4 • NDP (Neighbor Discovery Protocol) Messages—The number of received and dropped messages are displayed for the following types of messages: Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 554 Feature— Type of message dropped (DHCPv6 Guard, RA Guard and so on). • Count—Number of messages dropped. • Reason—Reason that the messages were dropped. Click Clear Global Counters to clear the global overflow counters. STEP 5 Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 555: Chapter 25: Access Control
Either a DENY or PERMIT action is applied to frames whose contents match the filter. The device supports a maximum of 512 ACLs, and a maximum of 512 ACEs. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 556 If a frame matches the filter in an ACL, it is defined as a flow with the name of that ACL. In advanced QoS, these frames can be referred to using this Flow name, and QoS can be applied to these frames. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 557: Acl Logging
IP, destination IP address, protocol, DSCP value, ICMP type, ICMP code, and IGMP type. • For layer 4 packets the SYSLOG includes the information (if applicable): source port, destination port, and TCP flag. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 558: Configuring Acls
IPv4-Based ACE page c. IPv6-based ACL by using the IPv6-Based ACL page and the IPv6-Based page 2. Associate the ACL with interfaces by using the ACL Binding (VLAN) Binding (Port) page. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 559: Mac-Based Acls Creation
This page contains a list of all currently-defined MAC-based ACLs. Click Add. STEP 2 Enter the name of the new ACL in the ACL Name field. ACL names are STEP 3 case-sensitive. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 560 Time ranges are defined in the System Time Configuration section. • Destination MAC Address—Select Any if all destination addresses are acceptable or User defined to enter a destination address or a range of destination addresses. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 561: Ipv4-Based Acl Creation
IPv4-based ACLs are used to check IPv4 packets, while other types of frames, such as ARPs, are not checked. The following fields can be matched: • IP protocol (by name for well-known protocols, or directly by value) • Source/destination ports for TCP/UDP traffic Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 562 To add rules (ACEs) to an IPv4-based ACL: Click Access Control > IPv4-Based ACE. STEP 1 Select an ACL, and click Go. All currently-defined IP ACEs for the selected ACL are STEP 2 displayed. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 563 —Internet Group Management Protocol IP in IP —IP in IP encapsulation —Transmission Control Protocol —Exterior Gateway Protocol —Interior Gateway Protocol —User Datagram Protocol —Host Mapping Protocol —Reliable Datagram Protocol. IDPR —Inter-Domain Policy Routing Protocol Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 564 1's). You need to translate the 1's to a decimal integer and you write 0 for each four zeros. In this example since 1111 1111 = 255, the mask would be written: as 0.0.0.255. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 565 QoS commitments. This model uses the 3 most significant bits of the service type byte in the IP header, as described in RFC 791 and RFC 1349. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 566: Ipv6-Based Acl Creation
IPv6 ACLs, which check pure IPv6-based traffic. IPv6 ACLs do not check IPv6-over-IPv4 or ARP packets. ACLs are also used as the building elements of flow definitions for per-flow QoS NOTE handling. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 567 Shutdown—Drop packets that meet the ACE criteria, and disable the port to which the packets were addressed. Ports are reactivated from the Error Recovery Settings page. • Logging—Select to enable logging ACL flows that match the ACL rule. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 568 Any—Match to all source ports. Single from list—Select a single TCP/UDP source port to which packets are matched. This field is active only if 800/6-TCP or 800/17-UDP is selected in the IP Protocol drop-down menu. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 569 ICMP Code—The ICMP messages may have a code field that indicates how to handle the message. Select one of the following options, to configure whether to filter on this code: Any—Accept all codes. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 570: Acl Binding
Select MAC-Based ACL—Select a MAC-based ACL to be bound to the interface. • Select IPv4-Based ACL—Select an IPv4-based ACL to be bound to the interface. • Select IPv6-Based ACL—Select an IPv6-based ACL to be bound to the interface. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 571 To unbind all ACLs from an interface, select the interface, and click NOTE Clear. Select an interface, and click Edit. STEP 4 Select one of the following: STEP 5 • Select MAC-Based ACL—Select a MAC-based ACL to be bound to the interface. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 572 Click Apply. The ACL binding is modified, and the Running Configuration file is STEP 6 updated. If no ACL is selected, the ACL(s) that is previously bound to the interface are NOTE unbound. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 573: Chapter 26: Quality Of Service
This section covers the following topics: • QoS Features and Components • General • QoS Basic Mode • QoS Advanced Mode • Managing QoS Statistics Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 574: Qos Features And Components
CoS/802.1p to a Queue page or the DSCP to Queue page (depending on whether the trust mode is CoS/802.1p or DSCP, respectively). Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 575: Qos Modes
ACLs bonded directly to interfaces remain bonded. • When changing from QoS Basic mode to Advanced mode, the QoS Trust mode configuration in Basic mode is not retained. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 576: Qos Workflow
Configure the selected mode by performing one of the following: STEP 8 a. Configure Basic mode, as described in Workflow to Configure Basic QoS Mode b. Configure Advanced mode, as described in Workflow to Configure Advanced Mode. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 577: General
Advanced—QoS is enabled on the device in Advanced mode. Select Port/LAG and click GO to display/modify all ports/LAGs on the device and STEP 3 their CoS information. The following fields are displayed for all ports/LAGs: • Interface—Type of interface. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 578 (the higher the weight the more frames are sent). For example, if there are a maximum of four queues possible and all four queues are WRR and the default weights Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 579 —Displays the amount of bandwidth assigned to the queue. These values represent the percent of the WRR weight. Click Apply. The queues are configured, and the Running Configuration file is STEP 3 updated. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 580 Values (8 queues 1- (8 is the highest (0-7, 7 being 8, 8 is the priority used for the highest) highest stack control priority) traffic) Stack Background Best Effort Excellent Effort Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 581 Either four or eight egress queues are supported, where Queue 4 or Queue 8 is the highest priority egress queue and Queue1 is the lowest priority. For each 802.1p priority, select the Output Queue to which it is mapped. STEP 3 Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 582: Dscp To Queue
The device is in QoS Basic mode and DSCP is the trusted mode, or • The device is in QoS Advanced mode and the packets belongs to flows that is DSCP trusted Non-IP packets are always classified to the best-effort queue. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 583 The following tables describe the default DSCP to queue mapping for a 8-queue system where 7 is highest and 8 is used for stack control purposes. DSCP Queue DSCP Queue DSCP Queue Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 584 Quality of Service General DSCP Queue DSCP Queue DSCP Queue DSCP Queue DSCP Queue Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 585 Select the Output Queue (traffic forwarding queue) to which the DSCP value is STEP 2 mapped. Select Restore Defaults to restore the factory CoS default setting for this STEP 3 interface. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 586 • Ingress Rate Limit—Enter the maximum amount of bandwidth allowed on the interface. The two Ingress Rate Limit fields do not appear when the interface NOTE type is LAG. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 587 Select an interface type (Port or LAG), and click Go. STEP 2 Select a Port/LAG, and click Edit. STEP 3 This page enables shaping the egress for up to eight queues on each interface. Select the Interface. STEP 4 Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 588 To define the VLAN ingress rate limit: Click Quality of Service > General > VLAN Ingress Rate Limit. STEP 1 This page displays the VLAN Ingress Rate Limit Table. Click Add. STEP 2 Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 589: Tcp Congestion Avoidance
STEP 1 Click Enable to enable TCP congestion avoidance, and click Apply. STEP 2 QoS Basic Mode This section covers the following topics: • Overview • Global Settings • Interface Settings Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 590 Select the Trust Mode while the device is in Basic mode. If a packet CoS level and STEP 2 DSCP tag are mapped to separate queues, the Trust mode determines the queue to which the packet is assigned: Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 591 QoS State of the Port is Enabled—Port prioritize traffic on ingress is based on the system wide configured trusted mode, which is either CoS/ 802.1p trusted mode or DSCP trusted mode. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 592: Qos Advanced Mode
In QoS advanced mode, the device uses policies to support per flow QoS. A policy and its components have the following characteristics and relationships: Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 593 • Definition of the actions to be applied to frames in each flow that match the rules. • Binding the combinations of rules and action to one or more interfaces. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 594: Workflow To Configure Advanced Qos Mode
Select the Trust Mode while the device is in Advanced mode. If a packet CoS STEP 2 level and DSCP tag are mapped to separate queues, the Trust mode determines the queue to which the packet is assigned: Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 595 QoS-specified limits. The portion of the traffic that causes the flow to exceed its QoS limit is referred to as out-of-profile packets. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 596 Click Apply. The Running Configuration file is updated with the new DSCP STEP 3 Mapping table. Select Restore Defaults to restore the factory CoS default setting for this STEP 4 interface. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 597: Class Mapping
—A packet must match either the IP based ACL or the MAC based ACL in the class map. • IP—Select the IPv4 based ACL or the IPv6 based ACL for the class map. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 598: Aggregate Policer
An amount of traffic, measured in bytes, called a Committed Burst Size (CBS). This is traffic that is allowed to pass as a temporary burst even if it is above the defined maximum rate. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 599 Out of Profile DSCP—The DSCP values of packets exceeding the defined CIR value are remapped to a value based on the Out Of Profile DSCP Mapping Table. Click Apply. The Running Configuration file is updated. STEP 4 Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 600: Policy Class Maps
STEP 1 Select a policy in the Filter, and click Go. All class maps in that policy are STEP 2 displayed. To add a new class map, click Add. STEP 3 Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 601 Aggregate—The policer for the policy is an aggregate policer. If Police Type is Aggregate, select the Aggregate Policer. STEP 5 If Police Type is Single, enter the following QoS parameters: STEP 6 Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 602: Policy Binding
Select a Policy Name and Interface Type if required. STEP 2 Click Go. The policy is selected. STEP 3 Select the following for the policy/interface: STEP 4 • Binding—Select to bind the policy to the interface. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 603: Managing Qos Statistics
This page is not displayed when the device is in Layer 3 mode. NOTE Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 604: Viewing Aggregated Policer Statistics
• Out-of-Profile Bytes—Number of out-of-profile packets that were received. Click Add. STEP 2 Select an Aggregate Policer Name, one of the previously-created Aggregate STEP 3 Policers for which statistics are displayed. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 605: Viewing Queues Statistics
Drop Precedence—Lowest drop precedence has the lowest probability of being dropped. • Total Packets—Number of packets forwarded or tail dropped. • Tail Drop Packets—Percentage of packets that were tail dropped. Click Add. STEP 2 Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 606 Queue—Select the queue for which statistics are displayed. • Drop Precedence—Enter drop precedence that indicates the probability of being dropped. Click Apply. The Queue Statistics counter is added, and the Running Configuration STEP 4 file is updated. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 607: Chapter 27: Snmp
Notification Filter Overview This section includes the following topics: • SNMP Versions and Workflow • SNMP Workflow • Supported MIBs • Model OIDs • SNMPv1,2 Notification Recipients • SNMPv3 Notification Recipients Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 608: Snmp Versions And Workflow
SNMP Workflow For security reasons, SNMP is disabled by default. Before you can manage the NOTE device via SNMP, you must enable SNMP on the TCP/UDP Services page. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 609 Define users by using the Users page where they can be associated with a group. STEP 4 If the SNMP Engine ID is not set, then users may not be created. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 610: Supported Mibs
2 combo ports For the 550 family: Model Name Description Object ID SG550XG- 24-port SFP+ Ten Gigabit Stackable Switch 9.6.1.90.16.9 8F8T (2 combo) SG550XG-24T 24-port 10GBase-T Stackable Switch (2 9.6.1.90.24.9 combo) Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 611: Snmp Engine Id
ID is based on the device MAC address, and is defined per standard First 4 octets—First bit = 1, the rest is the IANA enterprise number. Fifth octet—Set to 3 to indicate the MAC address that follows. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 612 Link Local is selected) from the list. • Server IP Address/Name—Enter the IP address or domain name of the log server. • Engine ID—Enter the Engine ID. Click Apply. The Running Configuration file is updated. STEP 5 Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 613: Views
In order to verify your view configuration, select the user-defined views from the STEP 6 Filter: View Name list. The following views exist by default: • Default—Default SNMP view for read and read/write views. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 614: Groups
Click SNMP > Groups. STEP 1 This page contains the existing SNMP groups and their security levels. Click Add. STEP 2 Enter the parameters. STEP 3 • Group Name—Enter a new group name. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 615 Otherwise, there is no restriction on the contents of the traps. This can only be selected for SNMPv3. Click Apply. The SNMP group is saved to the Running Configuration file. STEP 4 Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 616: Users
Remote IP Address—User is connected to a different SNMP entity besides the local device. If the remote Engine ID is defined, remote devices receive inform messages, but cannot make requests for Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 617 Privacy Password—16 bytes are required (DES encryption key) if the DES privacy method was selected. This field must be exactly 32 hexadecimal characters. The Encrypted or Plaintext mode can be selected. Click Apply to save the settings. STEP 4 Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 618: Communities
IP device can access the SNMP community. • IP Version—Select either IPv4 or IPv6. • IPv6 Address Type—Select the supported IPv6 address type if IPv6 is used. The options are: Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 619 Advanced—Select this mode for a selected community. Group Name—Select an SNMP group that determines the access rights. Click Apply. The SNMP Community is defined, and the Running Configuration is STEP 4 updated. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 620: Trap Settings
(traps or informs). The Add/Edit pop-ups enable configuring the attributes of the notifications. An SNMP notification is a message sent from the device to the SNMP management station indicating that a certain event has occurred, such as a link up/ down. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 621 • Server Definition—Select whether to specify the remote log server by IP address or name. • IP Version—Select either IPv4 or IPv6. • IPv6 Address Type—Select either Link Local or Global. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 622 Filter Name—Select the SNMP filter that defines the information contained in traps (defined in the Notification Filterpage). Click Apply. The SNMP Notification Recipient settings are written to the Running STEP 5 Configuration file. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 623 Global—The IPv6 address is a global Unicast IPV6 type that is visible and reachable from other networks. • Link Local Interface—Select the link local interface (if IPv6 Address Type Link Local is selected) from the pull-down list. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 624 Filter Name—Select the SNMP filter that defines the information contained in traps (defined in the Notification Filter page). Click Apply. The SNMP Notification Recipient settings are written to the Running STEP 4 Configuration file. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...
Page 625: Notification Filter
Select or deselect Include in filter. If this is selected, the selected MIBs are STEP 4 included in the filter, otherwise they are excluded. Click Apply. The SNMP views are defined and the running configuration is STEP 5 updated. Cisco 350XG & 550XG Series 10G Stackable Managed Switches...

This manual is also suitable for:

550xg series

Cisco 350XG series Administration Manual

Chapter 1: Getting Started

Chapter 2: Cisco 350XG & 550XG Series 10G Stackable Managed Switches Dashboard

Chapter 3: Configuration Wizards

Chapter 4: Status and Statistics

Chapter 5: Administration

Chapter 6: Administration: File Management

Chapter 7: Administration: Stack Management

Chapter 8: Administration: Time Settings

Chapter 9: Administration: Discovery

Chapter 10: Port Management

Chapter 11: Smartport

Chapter 12: VLAN Management

Chapter 13: Spanning Tree

Chapter 14: Managing MAC Address Tables

Chapter 15: Multicast

Chapter 16: IP Configuration

Chapter 17: IP Configuration: Ripv2

Chapter 18: IP Configuration: VRRP

Chapter 19: Security

Chapter 20: Security: 802.1X Authentication

Chapter 21: Security: Secure Sensitive Data Management

Chapter 22: Security: SSH Server

Chapter 23: Security: SSH Client

Chapter 24: Security: Ipv6 First Hop Security

Quick Links

Related Manuals for Cisco 350XG series

Summary of Contents for Cisco 350XG series