Page 1 ADMINISTRATION GUIDE Cisco Small Business SFE/SGE Managed Switches...
Page 3: Table Of Contents
Contents Contents Chapter 1: Getting Started Starting the Application Understanding the Interface Using the Cisco Management Buttons Using Screen and Table Options Adding Device Information Modifying Device Information Deleting Device Information Logging Off of the Device The About Page Chapter 2: Managing Device Information Defining System Information Managing Stacking Understanding Switch Operating Modes...
Page 4 Contents Defining SNTP Authentication Chapter 4: Configuring Device Security Passwords Management Modifying the Local User Settings Defining Authentication Defining Profiles Modifying an Authentication Profile Mapping Authentication Profiles Defining TACACS+ Defining RADIUS Defining Access Methods Defining Access Profiles Defining Profile Rules Defining Traffic Control Defining Storm Control Defining Port Security...
Page 5 Contents Defining DHCP Snooping Properties Defining DHCP Snooping on VLANs Defining Trusted Interfaces Binding Addresses to the DHCP Snooping Database Defining IP Source Guard Defining Dynamic ARP Inspection Defining ARP Inspection Properties Defining ARP Inspection Trusted Interfaces Defining ARP Inspection List Assigning ARP Inspection VLAN Settings Chapter 5: Configuring Ports Configuring Ports Settings for Layer 2 Enabled Devices...
Page 6 Contents Chapter 7: Configuring IP Information IP Addressing Managing IPv6 Viewing IPv6 Routes Table Layer 2 IP Addressing Layer 3 IP Addressing Defining IPv4 Interface (Layer 2) Defining IPv4 Interface (Layer 3) Enabling ARP Proxy (Layer 3) Defining UDP Relay (Layer 3) Defining DHCP Relay (Layer 2) Defining DHCP Relay Interfaces Defining DHCP Relay (Layer 3)
Page 7 Contents Modifying Multicast Forwarding Defining Unregistered Multicast Settings Chapter 10: Configuring Spanning Tree Defining Spanning Tree Defining STP Properties Defining Spanning Tree Interface Settings Modifying Interface Settings Defining Rapid Spanning Tree Modifying RTSP Defining Multiple Spanning Tree Defining MSTP Properties Defining MSTP Instance to VLAN Defining MSTP Instance Settings Defining MSTP Interface Settings...
Page 8 Contents Chapter 12: Configuring SNMP Configuring SNMP Security Defining the SNMP Engine ID Defining SNMP Views Defining SNMP Users Defining SNMP Groups Defining SNMP Communities Defining Trap Management Defining Trap Settings Configuring Station Management Defining SNMP Filter Settings Chapter 13: Managing System Files Firmware Upgrade Save Configuration Copy Files...
Page 9 Contents Clearing Message Logs Viewing the Flash Logs Clearing Flash Logs Viewing Remote Logs Modifying Syslog Server Settings Chapter 17: Viewing Statistics Viewing Ethernet Statistics Defining Ethernet Interface Viewing Etherlike Statistics Viewing GVRP Statistics Viewing EAP Statistics Managing RMON Statistics Viewing RMON Statistics Resetting RMON Statistics Counters Configuring RMON History...
Page 10: Chapter 1: Getting Started
Getting Started Starting the Application Getting Started This section provides an introduction to the user interface, and includes the following topics: • Starting the Application • Understanding the Interface • Using the Cisco Management Buttons • Using Screen and Table Options •...
Page 11: Cisco Small Business Sfe/Sge Managed Switches Administration Guide
Getting Started Starting the Application Enter Network Password Page Enter Network Password Page When the initially loads, both fields are empty. STEP 3 Enter a Username and Password and click Log In. The default user name is admin The default password is admin. Passwords are alpha-numeric and case-sensitive. While the system is verifying the login attempt, the Login Progress Indicator appears .
Page 12: Understanding The Interface
Getting Started Understanding the Interface System Information Page If the login attempt fails because the user typed an incorrect username or password, the following message appears: “Invalid Username or Password. Please try again.” If the login attempt fails due to another problem one of the following error messages appears: “Login failed since too many users are logged in.”...
Page 13: Cisco Small Business Sfe/Sge Managed Switches Administration Guide
Getting Started Understanding the Interface Interface Components Page The following table lists the interface components with their corresponding numbers: Interface Components Component Description 1 Tree View The Tree View provides easy navigation through the configurable device features. The main branches expand to provide the subfeatures.
Page 14: Using The Cisco Management Buttons
Getting Started Using the Cisco Management Buttons Using the Cisco Management Buttons Device Management buttons provide an easy method of configuring device information, and include the following: Device Management Buttons Button Name Description Apply Applies changes to the device Clear Counters Clears statistic counters Clear Logs Clears log files...
Page 15: Modifying Device Information
Getting Started Using Screen and Table Options Add SNTP Server Page Define the fields. STEP 3 Click Apply. The configuration information is saved, and the device is updated. STEP 4 Modifying Device Information Open the interface page. STEP 1 Select a table entry. STEP 2 Click the Edit Button.
Page 16: Deleting Device Information
Getting Started Logging Off of the Device Deleting Device Information Open the interface page. STEP 1 Select a table row. STEP 2 Check the Remove checkbox. STEP 3 Click the Delete button. The information is deleted, and the device is updated. STEP 4 Logging Off of the Device The application may automatically log out after ten minutes.
Page 17 Getting Started The About Page The About Page Cisco Small Business SFE/SGE Managed Switches Administration Guide...
Page 18: Chapter 2: Managing Device Information
Managing Device Information Defining System Information Managing Device Information This section provides information for defining both basic and advanced system information. This section contains the following topics: • Defining System Information • Managing Stacks • Viewing Device Health • Resetting the Device •...
Page 19 Managing Device Information Defining System Information System Click System > System Management > System Information. The STEP 1 Information Page opens: System Information Page System Information Page contains the following fields: • Model Name — Displays the model name and number of ports supported by the system.
Page 20: Managing Stacking
Managing Device Information Managing Stacking • Hardware Version — Displays the hardware version number. • Software Version — Displays the software version number. If the system is in stack mode, the version of the master unit is displayed. • Boot Version — Indicates the system boot version currently running on the device.
Page 21: Configuring A Stack
Managing Device Information Managing Stacking Stand-alone Mode Devices operating in stand-alone mode run as a independent -single unit. All ports of a stand-alone switch operate as normal Ethernet links. A stand-alone switch does not participate in a stack even if the device is physically connected to a stack.
Page 22 Managing Device Information Managing Stacking • Master Election. Master Election takes place automatically to select the Master unit. If there are two or more units in the stack, then a Backup unit is also automatically selected. • Topology Discovery. The stack Master unit carries out a process called topology discovery to learn which units are present in the stack, the order in which they are connected and the Unit ID that each unit reports itself as owning.
Page 23: Stack Membership
Managing Device Information Managing Stacking configured through the web management system. By default, Unit IDs are assigned automatically. However, you can use the browser to assign a specific Unit ID; for example, the same unit ID as the unit which was recently removed.
Page 24: Defining Stacking Unit Id
Managing Device Information Managing Stacking • The stacking members operate under the control of the Master unit. Device software is downloaded separately for each stack member. All stacking members must run the same software version. A stack may contain from zero to six stacking members (not including the Backup unit).
Page 25 Managing Device Information Managing Stacking Factory Default Units A unit in factory default mode has the following attributes: • Unit ID = 0. This setting indicates that the unit is in autonumbering mode. • Switch Operation Mode = Stack. The combination of these two settings directs the system to automatically configure the unit as a new stack member.
Page 26 Managing Device Information Managing Stacking Unit ID as the switch being replaced. The newly inserted switch is identified by the Master unit by its Unit ID. Since the configuration of the original switch is also stored in the Master and Backup units by Unit ID, the new switch automatically receives the configuration of the old switch.
Page 27 Managing Device Information Managing Stacking When inserting a unit into a running stack, units that are members of the existing STEP 1 stack retain their Unit IDs. Therefore: • If an automatically numbered unit was inserted into a running stack, the existing unit retains its Unit ID and the newer unit is reset to Unit ID=0.
Page 28 Managing Device Information Managing Stacking Master Election The Master and Backup unit selection is known as Master Election. Master Election takes place if there are one or more eligible candidates contending to be the Master unit. Master Election Candidate Eligibility In general, not all stack member units are eligible to be candidates for Master Election.
Page 29 Managing Device Information Managing Stacking For example: • If there are two or more Master-enabled units and only one of them has been assigned as Force Master, the Force Master unit is the winner of step 1 and therefore the winner of the Master Election. •...
Page 30: Adding, Replacing And Removing Stacking Members - Examples
Managing Device Information Managing Stacking each one to any existing stack member unit and then powering the new unit on. Each new unit is assigned the next available Unit ID. • After the stack is initialized and configured, the system administrator may reset the Unit IDs manually to the same values assigned by automatic numbering.
Page 31 Managing Device Information Managing Stacking • A stack is initially configured in chain topology and the units are connected as follows: Unit 2—Unit 5—Unit 1—Unit 4—Unit 6—Unit 8 The system administrator resets Unit 4 but does not realize that the Switch System Information Operation Mode After Reset field on the page was...
Page 32: Managing Stacks
Managing Device Information Managing Stacks connection to the stack via the new Unit 4. The old Unit 4 and the new Unit 4 appear to the Master unit as two new, manually numbered units trying to simultaneously join the stack. Therefore, both units are shut down, and thus Units 6, 7 and 8 remain shut down.
Page 33 Managing Device Information Managing Stacks Stack Management Page STEP 1 Click System > System Management > Stack Management. opens: Stack Management Page Stack Management Page contains the following fields: • Master Election — Indicates the method of electing the master device. The possible values are: Automatically —...
Page 34: Viewing Device Health
Managing Device Information Viewing Device Health Click Apply. Stack management is defined, and the device is updated. STEP 3 Viewing Device Health Health Page displays physical device information, including information about the device’s power and ventilation sources. Health Page Click System > System Management > Health. The opens: STEP 1 Health Page...
Page 35: Resetting The Device
Managing Device Information Resetting the Device OK — Indicates the fan is operating normally. Fail — Indicates the fan is not operating normally. NOTE: The GE device has up to five fans (the FE device has one fan). Resetting the Device Reset Page enables the device to be reset from a remote location.
Page 36: Defining Bonjour
Managing Device Information Defining Bonjour Reset Page Click System > System Management > Reset. The opens: STEP 1 Reset Page Click one of the available Reset commands. The device resets. STEP 2 Enter the user name and password to reconnect to the Web Interface. STEP 3 Defining Bonjour Bonjour is a service discovery protocol that enables automatic discovery of...
Page 37 Managing Device Information Defining Bonjour • Model Number • Device Type • Firmware Version • MAC Address • Serial Number • Hostname The Service Types that are provided for Bonjour are: _csbdp, (a Cisco specific Service Type) , HTTP, HTTPS and Other. Other allows for additional Service Types to be added manually.
Page 38: Disabling Bonjour
Managing Device Information Defining Bonjour Disable — Disables Bonjour on the device. • DNS Service Discovery Service Type Selection — Defines the (DNS-SD) Service Type used to publish devices on the network. The possible field values are: _csbdp (default) — Specifies the Service Type selected is _csbdp. This is a Cisco generic Service Type.
Page 39: Tcam Utilization
Managing Device Information TCAM Utilization TCAM Utilization The maximum number of rules that may be allocated by all applications on the device is 1024. Some applications allocate rules upon their initiation. Additionally, applications that initialize during system boot use some of their rules during the startup process.
Page 40: Tcam Allocation
Managing Device Information TCAM Utilization TCAM Allocation Application Allocation Application TCAM rules per User ACL Comments Port/ Upper Limit Activation Device Port 6/device No limit 1 or 2 TCAM entries per each rule. Feature is activated Advanced by default. Mode rules Access Port 6/device...
Page 41 Managing Device Information TCAM Utilization TCAM Utilization Page TCAM Utilization Page contains the following fields: • TCAM Utilization — Indicates the percentage of the available TCAM resources which are used. For example, if more ACLs and policy maps are defined, the system uses more TCAM resources.
Page 42: Chapter 3: Configuring System Time
Configuring System Time Defining System Time Configuring System Time The device supports the Simple Network Time Protocol (SNTP). SNTP assures accurate network device clock time synchronization up to the millisecond. Time synchronization is performed by a network SNTP server. The device operates only as an SNTP client, and cannot provide time services to other systems.
Page 43 Configuring System Time Defining System Time System Time Click System > System Management > Time > System Time. The STEP 1 Page opens: System Time Page System Time Page contains the following fields: • Clock Source — Indicates the source used to set the system clock. The possible field values: Use Local Settings —...
Page 44 Configuring System Time Defining System Time European — The device switches to DST at 1:00 am on the last Sunday in March and reverts to standard time at 1:00 am on the last Sunday in European October. The option applies to EU members, and other European countries using the EU standard.
Page 45: Defining Sntp Settings
Configuring System Time Defining SNTP Settings Week — The week within the month at which DST ends every year. The possible field range is 1-5. Month — The month of the year in which DST ends every year. The possible field range is Jan.-Dec. Time —...
Page 46 Configuring System Time Defining SNTP Settings SNTP Settings Click System > System Management > Time > SNTP Settings. The STEP 1 Page opens: SNTP Settings Page SNTP Settings Page contains the following fields: • Enable SNTP Broadcast — Enables polling the selected SNTP Server for system time information.
Page 47 Configuring System Time Defining SNTP Settings Unknown — The progress of the SNTP information currently being sent is unknown. For example, the device is currently trying to locate an interface. • Status — The operating SNTP server status. The possible field values are: —...
Page 48: Defining Sntp Authentication
Configuring System Time Defining SNTP Authentication • Encryption Key ID — Select if Key Identification is used to communicate between the SNTP server and device. The range is 1 - 4294967295. Define the relevant fields. STEP 3 Click Add. The SNTP Server is added, and the device is updated. STEP 4 Defining SNTP Authentication SNTP Authentication Page...
Page 49 Configuring System Time Defining SNTP Authentication Checked — Authenticates SNTP sessions between the device and SNTP server. Unchecked — Disables authenticating SNTP sessions between the device and SNTP server. • Encryption Key ID — Indicates the Key Identification used to authenticate the SNTP server and device.
Page 50: Chapter 4: Configuring Device Security
Configuring Device Security Passwords Management Configuring Device Security The Security Suite contains the following topics: • Passwords Management • Defining Authentication • Defining Access Methods • Defining Traffic Control • Defining 802. 1 X • Defining Access Control • Defining DoS Prevention •...
Page 51 Configuring Device Security Passwords Management User Click Security Suite > Passwords Management > User Authentication. The STEP 1 Authentication Page opens: User Authentication Page User Authentication Page contains the following fields: • User Name — Displays the user name. Add Local User Page Click the Add button.
Page 52: Modifying The Local User Settings
Configuring Device Security Passwords Management • Password — Specifies the new password. The is not displayed. As it entered an * corresponding to each character is displayed in the field. (Range: 1-159 characters) • Confirm Password — Confirms the new password. The password entered into this field must be exactly the same as the password entered in the Password field.
Page 53: Defining Authentication
Configuring Device Security Defining Authentication Click Apply. The local user settings are modified, and the device is updated. Defining Authentication The Authentication section contains the following pages: • Defining Profiles • Mapping Authentication Profiles • Defining TACACS+ • Defining RADIUS Defining Profiles Authentication profiles allow network administrators to assign authentication methods for user authentication.
Page 54 Configuring Device Security Defining Authentication Profiles Page Click Security Suite > Authentication > Profiles. The opens: STEP 1 Profiles Page Profiles Page contains the following fields: • Profile Name — Displays the Profile name defined for the Login Table. • Methods —...
Page 55 Configuring Device Security Defining Authentication Add Authentication Profile Page Add Authentication Profile Page contains the following fields: • Profile Name — Displays the Authentication profile name. • Authentication Method — Defines the user authentication methods. The order of the authentication methods defines the order in which authentication is attempted.
Page 56: Modifying An Authentication Profile
Configuring Device Security Defining Authentication Modifying an Authentication Profile Profiles Page Click Security Suite > Authentication > Profiles. The opens: STEP 1 Edit Authentication Profile Page Click the Edit Button. The opens: STEP 2 Edit Authentication Profile Page Edit Authentication Profile Page contains the following fields: •...
Page 57: Mapping Authentication Profiles
Configuring Device Security Defining Authentication Mapping Authentication Profiles After authentication profiles are defined, authentication profiles can be applied to management access methods. For example, console users can be authenticated by one authentication profile, while Telnet users are authenticated by another authentication profile.
Page 58 Configuring Device Security Defining Authentication • Secure HTTP — Configures the device Secure HTTP settings. Optional Methods — Lists available authentication methods. Local — Authenticates the user at the device level. The device checks the user name and password for authentication. No authentication method can be added under Local.
Page 59: Defining Tacacs
Configuring Device Security Defining Authentication Defining TACACS+ The devices provide Terminal Access Controller Access Control System (TACACS+) client support. TACACS+ provides centralized security for validation of users accessing the device. TACACS+ provides a centralized user management system, while still retaining consistency with RADIUS and other authentication processes.
Page 60 Configuring Device Security Defining Authentication TACACS+ Page Click Security Suite > Authentication > TACACS+. The opens: STEP 1 TACACS+ Page TACACS+ Page contains the following fields: • Supported IP Format — TACACS+ is supported only on IPv4. • Source IPv4 Address — Displays the device source IPv4 address used for the TACACS+ session between the device and the TACACS+ server.
Page 61 Configuring Device Security Defining Authentication • Timeout for Reply — Displays the amount of time in seconds that passes before the connection between the device and the TACACS+ times out. The field range is 1-1000 seconds. • Single Connection — Maintains a single open connection between the device and the TACACS+ server when selected.
Page 62 Configuring Device Security Defining Authentication Use Default — Uses the default value for the parameter. If Use Default check box is selected, the global value of 0.0.0.0. is used and interpreted as a request to use the IP address of the outgoing IP interface. •...
Page 63 Configuring Device Security Defining Authentication Edit TACACS+ Server Page Edit TACACS+ Server Page contains the following fields: • Host IP Address — Defines the TACACS+ Server IP address. • Priority — Defines the order in which the TACACS+ servers are used. The default is 0.
Page 64: Defining Radius
Configuring Device Security Defining Authentication Define the relevant fields. STEP 3 Click Apply. The authentication profile is defined, the device is updated. STEP 4 Defining RADIUS Remote Authorization Dial-In User Service (RADIUS) servers provide additional security for networks. RADIUS servers provide a centralized authentication method for web access.
Page 65 Configuring Device Security Defining Authentication Both — Both 802. 1 X and login authentication are used to initiate accounting. None — No authentication is used to initiate accounting. • Supported IP Format — Indicates whether Ipv4 or Ipv6 are supported. •...
Page 66 Configuring Device Security Defining Authentication • Key String — Defines the default key string used for authenticating and encrypting all RADIUS communications between the device and the RADIUS server. This key must match the RADIUS encryption. • Usage Type — Specifies the RADIUS server authentication type. The default value is Login.
Page 67 Configuring Device Security Defining Authentication Global — Indicates the IPv6 address is a global Unicast IPV6 type which is visible and reachable from different subnets. • RADIUS Host IP Address — Displays the Server IP address. • Priority — Displays the server priority. The possible values are 0-65535, where 1 is the highest value.
Page 68 Configuring Device Security Defining Authentication • Use Default — Uses the default value for the parameter. Define the relevant fields. STEP 3 Click Apply. The RADIUS Server is added, and the device is updated. STEP 4 Modifying RADIUS Server Settings RADIUS Page Click Security Suite >...
Page 69: Defining Access Methods
Configuring Device Security Defining Access Methods • Number of Retries — Defines the number of transmitted requests sent to RADIUS server before a failure occurs. The possible field values are 1 - 10. Three is the default value. • Timeout for Reply — Defines the amount of the time in seconds the device waits for an answer from the RADIUS server before retrying the query, or switching to the next server.
Page 70: Defining Access Profiles
Configuring Device Security Defining Access Methods Defining Access Profiles Access profiles are profiles and rules for accessing the device. Access to management functions can be limited to user groups. User groups are defined for interfaces according to IP addresses or IP subnets. Access profiles contain management methods for accessing and managing the device.
Page 71 Configuring Device Security Defining Access Methods Access Profiles Click Security Suite > Access Method > Access Profiles. The STEP 1 Page opens: Access Profiles Page Access Profiles Page contains the following fields: • Access Profile Name — Defines the access profile name. The access profile name can contain up to 32 characters.
Page 72 Configuring Device Security Defining Access Methods Add Access Profile Page Add Access Profile Page contains the following fields: • Supported IP Format — Indicates the supported IP version. The possible values are: Version 6 — Indicates the device supports IPv6. Version 4 —...
Page 73 Configuring Device Security Defining Access Methods — Assigns all management methods to the rule. Telnet — Assigns Telnet access to the rule. If selected, users accessing the device using Telnet meeting access profile criteria are permitted or denied access to the device. SNMP —...
Page 74: Defining Profile Rules
Configuring Device Security Defining Access Methods Click Apply. The access profile is added, and the device is updated. STEP 4 Defining Profile Rules Access profiles can contain up to 128 rules that determine which users can manage the switch module, and by which methods. Users can also be blocked from accessing the device.
Page 75 Configuring Device Security Defining Access Methods Profile Rules Page Click Security Suite > Access Method > Profile Rules. The STEP 1 opens: Profile Rules Page Profile Rules Page contains the following fields: • Access Profile Name — Displays the access profile to which the rule is attached.
Page 76 Configuring Device Security Defining Access Methods Telnet — Assigns Telnet access to the rule. If selected, users accessing the device using Telnet meeting access profile criteria are permitted or denied access to the device. SNMP — Assigns SNMP access to the rule. If selected, users accessing the device using SNMP meeting access profile criteria are permitted or denied access to the device.
Page 77 Configuring Device Security Defining Access Methods Add Profile Rule Page The Add Profile Rule Page contains the following fields: • Supported IP Format — Indicates the supported IP version. The possible values are: Version — Indicates the device supports IPv6. Version —...
Page 78 Configuring Device Security Defining Access Methods • Rule Priority — Defines the rule priority. When the packet is matched to a rule, user groups are either granted permission or denied device management access. The rule number is essential to matching packets to rules, as packets are matched on a first-fit basis.
Page 79 Configuring Device Security Defining Access Methods • Prefix Length — Defines the number of bits that comprise the source IP address prefix, or the network mask of the source IP address. • Action — Defines the action attached to the rule. The possible field values are: Permit —...
Page 80 Configuring Device Security Defining Access Methods Version 6 — Indicates the device supports IPv6. Version 4 — Indicates the device supports IPv4. • IPv6 Address type — Displays the IPv6 Type. The possible field values are: Link Local — Indicates the IPv6 address is link-local, that uniquely identifies hosts on a single network link.
Page 81: Defining Traffic Control
Configuring Device Security Defining Traffic Control Secure Telnet (SSH) — Assigns SSH access to the rule. If selected, users accessing the device using Telnet meeting access profile criteria are permitted or denied access to the device. • Interface — Defines the interface on which the access profile is defined. The possible field values are: Port —...
Page 82: Defining Storm Control
Configuring Device Security Defining Traffic Control Defining Storm Control Storm Control enables limiting the amount of Multicast and Broadcast frames accepted and forwarded by the device. When Layer 2 frames are forwarded, Broadcast and Multicast frames are flooded to all ports on the relevant VLAN. This occupies bandwidth, and loads all nodes connected on all ports.
Page 83 Configuring Device Security Defining Traffic Control • Copy From Entry Number — Copies the storm control configuration from the specified table entry. • To Entry Number(s) — Assigns the copied storm control configuration to the specified table entry. • Unit Number — Displays the stacking member for which the storm control parameters are displayed.
Page 84 Configuring Device Security Defining Traffic Control Edit Storm Control Page Edit Storm Control Page contains the following fields: • Port — Indicates the port from which storm control is enabled. • Enable Broadcast Control — The possible field values are: Checked —...
Page 85: Defining Port Security
Configuring Device Security Defining Traffic Control Defining Port Security Network security can be increased by limiting access on a specific port only to users with specific MAC addresses. The MAC addresses can be dynamically learned or statically configured. Locked port security monitors both received and learned packets that are received on specific ports.
Page 86 Configuring Device Security Defining Traffic Control Port Security Page Click Security Suite > Traffic Control > Port Security. The STEP 1 opens: Port Security Page Port Security Page contains the following fields: • Ports of Unit — Indicates the port number and stacking member on which port security is configured.
Page 87 Configuring Device Security Defining Traffic Control Classic Lock — Locks the port using the classic lock mechanism. The port is immediately locked, regardless of the number of addresses that have already been learned. Limited Dynamic Lock — Locks the port by deleting the current dynamic MAC addresses associated with the port.
Page 88 Configuring Device Security Defining Traffic Control Modifying Port Security Click Security Suite > Traffic Control > Port Security. The Port Security Page STEP 1 opens: Edit Port Security Page Click the Edit Button. The opens: STEP 2 Edit Port Security Page Edit Port Security Page contains the following fields: •...
Page 89: Defining 802.1X
Configuring Device Security Defining 802. 1 X Interface Status field. In addition, the Limited Dynamic Lock mode is selected. The possible range is 1-128. The default is 1. • Action on Violation — Indicates the action to be applied to packets arriving on a locked port.
Page 90: Defining 802.1X Properties
Configuring Device Security Defining 802. 1 X • Authentication Server — Specifies the external server, for example, the RADIUS server that performs the authentication on behalf of the authenticator, and indicates whether the supplicant is authorized to access system services. The 802.
Page 91: Defining Port Authentication
Configuring Device Security Defining 802. 1 X Enable — Enables port-based authentication on the device. Disable — Disables port-based authentication on the device. • Authentication Method — Defines the user authentication methods. The possible field values are: RADIUS, None — Indicates port authentication is performed first via the RADIUS server.
Page 92 Configuring Device Security Defining 802. 1 X 802. 1 X Port Authentication Click Security Suite > 802. 1 X > Port Authentication. The STEP 1 Page opens: 802.1X Port Authentication Page 802. 1 X Port Authentication Page contains the following fields: •...
Page 93 Configuring Device Security Defining 802. 1 X • Reauthentication Period — Specifies the number of seconds in which the selected port is reauthenticated (Range: 300-4294967295). The field default is 3600 seconds. • Authenticator State — Specifies the port authorization state. The possible field values are as follows: ForceAuthorized —...
Page 94 Configuring Device Security Defining 802. 1 X Modifying 8021X Security Click Security Suite > 802. 1 X > Port Authentication. The 802. 1 X Properties Page STEP 1 opens: Port Authentication Settings Page Click the Edit button. The opens: STEP 2 Port Authentication Settings Page Port Authentication Settings Page contains the following fields:...
Page 95 Configuring Device Security Defining 802. 1 X ForceUnauthorized — Denies the selected interface system access by moving the interface into unauthorized state. The device cannot provide authentication services to the client through the interface. • Enable Guest VLAN — Specifies whether the Guest VLAN is enabled on the device.
Page 96: Defining Authentication
Configuring Device Security Defining 802. 1 X Force-Authorized — Indicates the controlled port state is set to Force- Authorized (forward traffic). Force-Unauthorized — Indicates the controlled port state is set to Force- Unauthorized (discard traffic). • Quiet Period — Specifies the number of seconds that the switch remains in the quiet state following a failed authentication exchange (Range: 0-65535).
Page 97 Configuring Device Security Defining 802. 1 X 802. 1 X Authentication Page Click Security Suite > 802. 1 X > Authentication. The STEP 1 opens: 802.1X Authentication Page 802. 1 X Authentication Page contains the following fields: • Unit Number — Displays the stacking member for which the Multiple Hosts configuration is displayed.
Page 98 Configuring Device Security Defining 802. 1 X Forward — Forwards the packet. Discard — Discards the packets. This is the default value. Shutdown — Discards the packets and shuts down the port. The ports remains shut down until reactivated, or until the device is reset. •...
Page 99 Configuring Device Security Defining 802. 1 X Edit Authentication Page Edit Authentication Page contains the following fields: • Port — Displays the port number for which advanced port-based authentication is enabled. • Host Authentication— Defines the Host Authentication mode. The possible field values are: Single —...
Page 100: Defining Authenticated Hosts
Configuring Device Security Defining 802. 1 X • Trap Frequency — Defines the time period by which traps are sent to the host. The Trap Frequency (1-1000000) field can be defined only if multiple hosts are disabled. The default is 10 seconds. Modify the relevant fields.
Page 101: Defining Access Control
Configuring Device Security Defining Access Control • Authentication Method — Displays the method by which the last session was authenticated. The possible field values are: Remote — Indicates the 802. 1 x authentication is not used on this port (port is forced-authorized). None —...
Page 102 Configuring Device Security Defining Access Control To define the MAC Based ACL: MAC Based ACL Click Security Suite >Access Control > MAC Based ACL. The STEP 1 Page opens: MAC Based ACL Page MAC Based ACL Page contains the following fields: •...
Page 103 Configuring Device Security Defining Access Control • 802. 1 p — Displays the packet tag value. • 802. 1 p Mask — Displays the wildcard bits to be applied to the CoS. • EtherType — Displays the Ethernet type of the packet. •...
Page 104 Configuring Device Security Defining Access Control • New Rule Priority — Indicates the ACE priority, which determines which ACE is matched to a packet on a first-match basis. The possible field values are 1- 2147483647. • Source MAC Address: MAC Addres s —...
Page 105 Configuring Device Security Defining Access Control Permit — Forwards packets which meet the ACL criteria. Deny — Drops packets which meet the ACL criteria. Shutdown — Drops packet that meet the ACL criteria, and disables the port to which the packet was addressed. Define the relevant fields.
Page 106 Configuring Device Security Defining Access Control MAC Address — Matches the source MAC address from which packets are addressed to the ACE. Wildcard Mask — Indicates the source MAC Address wildcard mask. Wildcards are used to mask all or part of a source MAC Address. Wildcard masks specify which octets are used and which octets are ignored.
Page 107 Configuring Device Security Defining Access Control Define the relevant fields. STEP 3 Click Apply. The ACL Rule is defined, and the device is updated. STEP 4 Modifying MAC Based ACL MAC Based ACL Click Security Suite >Access Control > MAC Based ACL. The STEP 1 Page opens.
Page 108 Configuring Device Security Defining Access Control are important. For example, if the source MAC address 09:00:07:A9:B2:EB and the wildcard mask is 00:ff:00:ff:00:ff, the 1st, 3rd, and 5th octets of the MAC address are checked, while the 2nd, 4th, and 6th octets are ignored. •...
Page 109: Defining Ip Based Acl
Configuring Device Security Defining Access Control Defining IP Based ACL IP Based ACL Page page contains information for defining IP Based ACLs, including defining the ACEs defined for IP Based ACLs. To define an IP based ACL: IP Based ACL Page Click Security Suite >Access Control >...
Page 110 Configuring Device Security Defining Access Control Internet Protocol — (IP). Specifies the format of packets and their addressing method. IP addresses packets and forwards the packets to the correct port. Transmission Control Protocol — (TCP). Enables two hosts to communicate and exchange data streams. TCP guarantees packet delivery, and guarantees packets are transmitted and received in the order the are sent.
Page 111 Configuring Device Security Defining Access Control IPV6:ICMP — Matches packets to the Matches packets to the IPv6 and nternet Control Message Protocol EIGRP Enhanced Interior Gateway Routing Protocol — (EIGRP). Provides fast convergence, support for variable-length subnet mask, and supports multiple network layer protocols. OSPF Open Shortest Path First —...
Page 112 Configuring Device Security Defining Access Control IP Address — Displays the source port IP address to which packets are addressed to the ACE. Wildcard Mask — Displays the source IP address wildcard mask. Wildcard masks specify which bits are used and which bits are ignored. A wildcard mask of 255.255.255.255 indicates that no bit is important.
Page 113 Configuring Device Security Defining Access Control Add IP Based ACL Page Add IP Based ACL Page contains the following fields: • ACL Name — Displays the user-defined IP based ACLs. • New Rule Priority — Indicates the rule priority, which determines which rule is matched to a packet on a first-match basis.
Page 114 Configuring Device Security Defining Access Control • ICMP — Filters packets by ICMP message type. The field values is 0-255. • ICMP Code — Indicates and ICMP message code for filtering ICMP packets. ICMP packets that are filtered by ICMP message type can also be filtered by the ICMP message code.
Page 115 Configuring Device Security Defining Access Control Define the relevant fields, STEP 3 Click Apply. The IP Based ACL is defined, and the device is updated. STEP 4 Modifying IP Based ACL IP Based ACL Page Click Security Suite >Access Control > IP Based ACL. The STEP 1 opens.
Page 116 Configuring Device Security Defining Access Control • Destination Port — Defines the TCP/UDP destination port. This field is active only if 800/6-TCP or 800/17-UDP are selected in the Select from List drop- down menu. The possible field range is 0 - 65535. •...
Page 117 Configuring Device Security Defining Access Control • Action — Indicates the action assigned to the packet matching the ACL. Packets are forwarded or dropped. In addition, the port can be shut down, a trap can be sent to the network administrator, or packet is assigned rate limiting restrictions for forwarding.
Page 118 Configuring Device Security Defining Access Control Rules Associated with IP-ACL Page Rules Associated with IP-ACL Page contains the following fields: • ACL Name — Displays the user-defined IP based ACLs. • New Rule Priority — Indicates the rule priority, which determines which rule is matched to a packet on a first-match basis.
Page 119 Configuring Device Security Defining Access Control • Source IP Address — Matches the source port IP address to which packets are addressed to the ACE. • Dest. IP Address — Matches the destination port IP address to which packets are addressed to the ACE. •...
Page 120 Configuring Device Security Defining Access Control Add IP Based Rule Page Add IP Based Rule Page contains the following fields: • ACL Name — Displays the user-defined IP based ACLs. • New Rule Priority — Indicates the rule priority, which determines which rule is matched to a packet on a first-match basis.
Page 121: Defining Ipv6 Based Acls
Configuring Device Security Defining Access Control • IGMP — Filters packets by IGMP message or message types. • Source IP Address — Matches the source port IP address to which packets are addressed to the ACE. • Dest. IP Address — Matches the destination port IP address to which packets are addressed to the ACE.
Page 122 Configuring Device Security Defining Access Control IPv6 Based ACL Click Security Suite >Access Control > IPv6 Based ACL. The STEP 1 Page opens: IPv6 Based ACL Page IPv6 Based ACL Page contains the following fields: • ACL Name — Displays the user-defined IP based ACLs. •...
Page 123 Configuring Device Security Defining Access Control Transmission Control Protocol — (TCP). Enables two hosts to communicate and exchange data streams. TCP guarantees packet delivery, and guarantees packets are transmitted and received in the order the are sent. Exterior Gateway Protocol —...
Page 124 Configuring Device Security Defining Access Control EIGRP Enhanced Interior Gateway Routing Protocol — (EIGRP). Provides fast convergence, support for variable-length subnet mask, and supports multiple network layer protocols. OSPF Open Shortest Path First — The (OSPF) protocol is a link-state, hierarchical Interior Gateway Protocol (IGP) for network routing Layer Two (2) Tunneling Protocol, an extension to the PPP protocol that enables ISPs to operate Virtual Private Networks (VPNs).
Page 125 Configuring Device Security Defining Access Control • Destination IP Address — Matches the destination port IP address to which packets are addressed to the ACE. Prefix Length — Defines the IP route prefix for the destination IP. The prefix length must be preceded by a forward slash /. •...
Page 126 Configuring Device Security Defining Access Control Add IPv6 Based ACL Page Add IPv6 Based ACL Page contains the following fields: • ACL Name — Displays the user-defined IP based ACLs. • New Rule Priority — Indicates the rule priority, which determines which rule is matched to a packet on a first-match basis.
Page 127 Configuring Device Security Defining Access Control • ICMP Code — Indicates and ICMP message code for filtering ICMP packets. ICMP packets that are filtered by ICMP message type can also be filtered by the ICMP message code. • Source IP Address —...
Page 128: Click The Edit Button. The Edit Ip Based Acl Page
Configuring Device Security Defining Access Control Modifying IPv6 Based ACL Click Security Suite >Access Control > IPv6 Based ACL. The Edit IPv6 Based ACL STEP 1 Page opens. Edit IP Based ACL Page Click the Edit button. The opens: STEP 2 Edit IPv6 Based ACL Page The Edit IPv6 Based ACL Page contains the following fields: •...
Page 129 Configuring Device Security Defining Access Control • TCP Flags — Filters packets by TCP flag. Filtered packets are either forwarded or dropped. Filtering packets by TCP flags increases packet control, which increases network security. The possible field values are: • ICMP —...
Page 130: Defining Acl Binding
Configuring Device Security Defining Access Control Define the relevant fields, STEP 3 Click Apply. The IP Based ACL is modified, and the device is updated. STEP 4 Defining ACL Binding When an ACL is bound to an interface, all the ACE rules that have been defined are applied to the selected interface.
Page 131 Configuring Device Security Defining Access Control For each entry, an interface has a bound ACL. • Interface — Indicates the interface to which the associated ACL is bound. • ACL Name — Indicates the ACL which is bound to the associated interface. •...
Page 132: Defining Dos Prevention
Configuring Device Security Defining DoS Prevention Click Apply. The ACL binding is defined, and the device is updated. STEP 4 Defining DoS Prevention Denial of Service (DOS) increases network security by preventing packets with invalid IP addresses from entering the network. DoS eliminates packets from malicious networks which can compromise a network’s stability.
Page 133 Configuring Device Security Defining DoS Prevention Global Settings Page Click Security Suite > DoS Prevention > Global Settings. The STEP 1 opens: Global Settings Page Global Settings Page contains the following fields: • Security Suite Status — Indicates if DoS security is enabled on the device. The possible field values are: •...
Page 134: Defining Martian Addresses
Configuring Device Security Defining DoS Prevention Click Apply. The DoS prevention global settings are defined, and the device is STEP 3 updated. Defining Martian Addresses Martian Address Filtering enables discarding IP packets from invalid IP addresses. Martian addresses include packets from a source IP addresses outside or not used within the configured network.
Page 135 Configuring Device Security Defining DoS Prevention Martian Click Security Suite > DoS Prevention > Martian Addresses. The STEP 1 Addresses Page opens: Martian Addresses Page Martian Addresses Page contains the following fields: • Include Reserved Martian Addresses — Indicates that packets arriving from Martian addresses are dropped.
Page 136: Defining Dhcp Snooping
Configuring Device Security Defining DHCP Snooping Add Martian Addresses Page The Add Martian Addresses Page contains the following fields: • Supported IP Format — Indicates only Ipv4 is supported. • IP Address — Enter the Martian IP addresses for which DoS attack is enabled. The possible values are: One of the addresses in the Martian IP address list.
Page 137: Defining Dhcp Snooping Properties
Configuring Device Security Defining DHCP Snooping • Defining DHCP Snooping Properties • Defining DHCP Snooping on VLANs • Defining Trusted Interfaces • Binding Addresses to the DHCP Snooping Database • Defining IP Source Guard Defining DHCP Snooping Properties DHCP Snooping Properties Page contains parameters for enabling DHCP Snooping on the device.
Page 138: Defining Dhcp Snooping On Vlans
Configuring Device Security Defining DHCP Snooping Unchecked — Disables DHCP Snooping on the device. This is the default value. • Option 82 Passthrough — Indicates if the device forwards or rejects packets that include Option 82 information, while DHCP Snooping is enabled. Checked —...
Page 139: Defining Trusted Interfaces
Configuring Device Security Defining DHCP Snooping To define DHCP Snooping on VLANs: DHCP Snooping Click Security Suite > DHCP Snooping > VLAN Settings. The STEP 1 VLAN Settings Page opens: DHCP Snooping VLAN Settings Page DHCP Snooping VLAN Settings Page contains the following fields: •...
Page 140 Configuring Device Security Defining DHCP Snooping Trusted Click Security Suite > DHCP Snooping > Trusted Interfaces. The STEP 1 Interfaces Page opens: Trusted Interfaces Page Trusted Interfaces Page contains the following fields: • Ports of Unit — Displays the ports which can be defined as trusted. •...
Page 141: Binding Addresses To The Dhcp Snooping Database
Configuring Device Security Defining DHCP Snooping Edit Trusted Interface Page In addition to the Trusted Interfaces Page, Edit Trusted Interface Page contains the following field: • Interface — Contains a list of existing interfaces. • Trust Status — Indicates whether the interface is a Trusted Interface. Enable —...
Page 142 Configuring Device Security Defining DHCP Snooping Binding Database Click Security Suite > DHCP Snooping > Binding Database. The STEP 1 Page opens: Binding Database Page Binding Database Page contains the following fields: • Supported IP Format — Indicates only Ipv4 is supported. Define any of the following fields as a query filter: STEP 2 Query By...
Page 143 Configuring Device Security Defining DHCP Snooping — Queries the VLAN database by LAG number. Click Query. The results appear in the Query Results table. STEP 3 Query Results The Query Results table contains the following fields: • MAC Address — Indicates the MAC address found during the query. •...
Page 144: Defining Ip Source Guard
Configuring Device Security Defining DHCP Snooping Defining IP Source Guard IP Source Guard is a security feature that restricts the client IP traffic to those source IP addresses configured in the DHCP Snooping Binding Database and in manually configured IP source bindings. For example, IP Source Guard can help prevent traffic attacks caused when a host tries to use the IP address of its neighbor.
Page 145 Configuring Device Security Defining DHCP Snooping Click Security Suite > DHCP Snooping > IP Source Guard > Properties. The STEP 1 Source Guard Properties Page opens: IP Source Guard Properties Page IP Source Guard Properties Page contains the following fields: •...
Page 146 Configuring Device Security Defining DHCP Snooping • IPv4 traffic — Only IPv4 traffic with a source IP address that is associated with the specific port is permitted. • Non IPv4 traffic — All non-IPv4 traffic is permitted. IP Source Guard NOTE: IP Source Guard must be enabled globally in the Properties Page...
Page 147 Configuring Device Security Defining DHCP Snooping • Status — Indicates if IP Source Guard is enabled or disabled. Enabled — Indicates that IP Source Guard is enabled on the interface. Disabled — Indicates that IP Source Guard is disabled on the interface. This is the default value.
Page 148 Configuring Device Security Defining DHCP Snooping Click Security Suite > DHCP Snooping> IP Source Guard > Binding Database. The STEP 1 IP Source Guard Binding Database Page opens: IP Source Guard Binding Database Page IP Source Guard Binding Database Page contains the following fields: TCAM Resources •...
Page 149 Configuring Device Security Defining DHCP Snooping • MAC Address — Queries the database by MAC address. • IP Address — Queries the database by IP address. • VLAN — Queries the database by VLAN ID. • Interface — Queries the database by interface number. The possible field values are: Unit No.
Page 150: Defining Dynamic Arp Inspection
Configuring Device Security Defining Dynamic ARP Inspection Resource Problem — Indicates that the TCAM is full. Click Apply. The device is updated. STEP 4 Defining Dynamic ARP Inspection Dynamic Address Resolution Protocol (ARP) is a TCP/IP protocol for translating IP addresses into MAC addresses.
Page 151: Defining Arp Inspection Properties
Configuring Device Security Defining Dynamic ARP Inspection ARP inspection is performed only on untrusted interfaces. NOTE The ARP Inspection section contains the following topics: • Defining ARP Inspection Properties • Defining ARP Inspection Trusted Interfaces • Defining ARP Inspection List •...
Page 152 Configuring Device Security Defining Dynamic ARP Inspection ARP Inspection Properties Click Security Suite > ARP Inspection > Properties. The STEP 1 Page opens: ARP Inspection Properties Page ARP Inspection Properties Page contains the following fields: • Enable ARP Inspection — Enables ARP Inspection on the device. The possible field values are: Checked —...
Page 153: Defining Arp Inspection Trusted Interfaces
Configuring Device Security Defining Dynamic ARP Inspection Unchecked — Disable ARP Inspection Validation on the device. This is the default value. • Log Buffer Interval — Defines the minimal interval between successive Syslog messages. The possible field values are: Retry Frequency —...
Page 154 Configuring Device Security Defining Dynamic ARP Inspection ARP Inspection Click Security Suite > ARP Inspection > Trusted Interfaces. The STEP 1 Trusted Interfaces Page opens: ARP Inspection Trusted Interfaces Page ARP Inspection Trusted Interfaces Page contains the following fields: • Ports of Unit —...
Page 155: Defining Arp Inspection List
Configuring Device Security Defining Dynamic ARP Inspection Edit Interface Settings Page Define the fields. STEP 3 Click Apply. The Trusted Interface’s configuration is modified, and the device is STEP 4 updated. Defining ARP Inspection List ARP Inspection List Page provides information for creating static ARP Binding Lists.
Page 156 Configuring Device Security Defining Dynamic ARP Inspection ARP Inspection Click Security Suite > ARP Inspection > ARP Inspection List. The STEP 1 List Page opens: ARP Inspection List Page ARP Inspection List Page contains the following fields: • ARP Inspection List Name — Name of the Inspection List. Select List —...
Page 157: Assigning Arp Inspection Vlan Settings
Configuring Device Security Defining Dynamic ARP Inspection Add ARP List Page In addition to the fields in the ARP Inspection List Page, the Add ARP List Page contains the additional field: • List Name — Specifies a name for the new ARP list. Define the fields.
Page 158 Configuring Device Security Defining Dynamic ARP Inspection ARP Inspection VLAN Click Security Suite > ARP Inspection > VLAN Settings. The STEP 1 Settings Page opens: ARP Inspection VLAN Settings Page ARP Inspection VLAN Settings Page contains the following fields: • VLAN ID —...
Page 159 Configuring Device Security Defining Dynamic ARP Inspection Add VLAN Settings Page Add VLAN Settings Page contains the following fields: • Bind List Name — Select a static ARP Inspection List to assign to the VLAN. ARP Inspection List Page. These lists are defined in the •...
Page 160: Chapter 5: Configuring Ports
Configuring Ports Configuring Ports Settings for Layer 2 Enabled Devices Configuring Ports This section contains information for configuring ports and contains the following topics: • Configuring Ports Settings for Layer 2 Enabled Devices • Configuring Ports Settings for Layer 3 Enabled Devices Configuring Ports Settings for Layer 2 Enabled Devices Port Settings Page varies, depending on whether the device is in Layer 2 or...
Page 161 Configuring Ports Configuring Ports Settings for Layer 2 Enabled Devices Click Bridging > Port Management > Port Settings. The Port Settings Page opens: STEP 1 Port Settings Page The Port Settings Page contains the following fields: • Copy From Entry Number — Copies the port configuration from the specified table entry.
Page 162 Configuring Ports Configuring Ports Settings for Layer 2 Enabled Devices Down — Port is disconnected. • Port Speed — Displays the current port speed. • Duplex Mode — Displays the port duplex mode. This field is configurable only when auto negotiation is disabled, and the port speed is set to 10M or 100M. This field cannot be configured on LAGs.
Page 163 Configuring Ports Configuring Ports Settings for Layer 2 Enabled Devices Edit Port Page Edit Port Page contains the following fields: • Port — Displays the port number. • Description — Specifies the port’s user-defined name. • Port Type — Displays the port type. The possible field values are: 1000M —...
Page 164: Device And The Client In Both Directions Simultaneously
Configuring Ports Configuring Ports Settings for Layer 2 Enabled Devices Down — Indicates the port is currently not operating. • Current Port Status — Displays the port connection status. • Suspended Port — Reactivates a port if the port has been disabled through the locked port security option or through Access Control List configurations.
Page 165: In Layer 2 Mode
Configuring Ports Configuring Ports Settings for Layer 2 Enabled Devices 1000 Full — Indicates that the port is advertising a 1000 mbps speed and full Duplex mode setting. • Current Advertisement — The port advertises its capabilities to its neighbor port to start the negotiation process.
Page 166: Configuring Ports Settings For Layer 3 Enabled Devices
Configuring Ports Configuring Ports Settings for Layer 3 Enabled Devices Define the relevant fields. STEP 4 Click Apply. The Port Settings are modified, and the device is updated. STEP 5 Configuring Ports Settings for Layer 3 Enabled Devices To define port settings (Layer 3): Click Bridging >...
Page 167 Configuring Ports • To Entry Number(s) — Assigns the copied port configuration to the specified table entry. • Unit Number — Indicates the stacking member for which the ports are defined. • Interface — Displays the port number. • Port Type — Displays the port type. The possible field values are: 1000M —...
Page 168: Define The Unit Number
Configuring Ports Modifying Port Settings Click Bridging > Port Management > Port Settings. The Port Settings Page opens: STEP 1 Define the Unit number. STEP 2 Edit Port Page Click a specific entry’s Edit button. The opens: STEP 3 Edit Port Page Edit Port Page contains the following fields: •...
Page 169 Configuring Ports 1000M — ComboC (combo port with copper cable 3). 1000M — ComboF (combo port with optic fiber cable). Fiber — Indicates the port has a fiber optic port connection. • Admin Status — Enables or disables traffic forwarding through the port. •...
Page 170 Configuring Ports 10 Full — Indicates that the port is advertising a 10 mbps speed and full Duplex mode setting. 100 Half — Indicates that the port is advertising a 100 mbps speed and half Duplex mode setting. 100 Full —...
Page 171 Configuring Ports — Use for end stations. • Current MDI/MDIX — Displays the current MDI/MDIX setting. • LAG — Defines if the port is part of a Link Aggregation (LAG). Define the relevant fields. STEP 4 Click Apply. The Port Settings are modified, and the device is updated. STEP 5 Cisco Small Business SFE/SGE Managed Switches Administration Guide...
Page 172: Chapter 6: Configuring Vlans
Configuring VLANs Configuring VLANs A VLAN is a logical group that allow devices connected to the VLAN to communicate to each other at the Ethernet MAC layer regardless of the physical LAN segment of the bridged network to which they are attached. A physical bridged network can support a maximum of 4094 VLANs.
Page 173: Defining Vlan Properties
Configuring VLANs Defining VLAN Properties • Defining GVRP Settings • Defining Multicast TV VLAN • Defining CPE VLAN Mapping • Defining Protocol Groups • Defining a Protocol Port Defining VLAN Properties VLAN Properties Page provides information and global parameters for configuring and working with VLANs.
Page 174 Configuring VLANs Defining VLAN Properties • Type — Displays the VLAN type. The possible field values are: Dynamic — Indicates the VLAN was dynamically created through GVRP. Static — Indicates the VLAN is user-defined. Default — Indicates the VLAN is the default VLAN. •...
Page 175: Modifying Vlans
Configuring VLANs Defining VLAN Properties Click Apply. The VLAN settings are defined, and the device is updated. STEP 4 Modifying VLANs VLAN Properties Page Click Bridging > VLAN Management > Properties. The STEP 1 opens. Edit VLAN Page Click Edit. The opens: STEP 2 Edit VLAN Page...
Page 176: Defining Vlan Membership
Configuring VLANs Defining VLAN Membership • Unit Number — Displays the stacking member for which the VLAN parameters are displayed. • Port List — Available ports on the device. Select ports from this list to include in the VLAN. • VLAN Members —...
Page 177 Configuring VLANs Defining VLAN Membership Port to VLAN Click Bridging > VLAN Management > Port to VLAN. The Page STEP 1 opens: Port to VLAN Page The Port to VLAN Page contains the following fields: • VLAN ID — Selects the VLAN ID. •...
Page 178: Modifying Vlan Membership
Configuring VLANs Defining VLAN Membership • Interface Status — Indicates the interface’s membership status in the VLAN. The possible field values are: Untagged — Indicates the interface is an untagged VLAN member. Packets forwarded by the interface are untagged. Tagged —...
Page 179: Assigning Ports To Multiple Vlans
Configuring VLANs Assigning Ports to Multiple VLANs Tagged — Indicates the interface is a tagged member of a VLAN. All packets forwarded by the interface are tagged. The packets contain VLAN information. Exclude — Excludes the interface from the VLAN. However, the interface can be added to the VLAN through GARP.
Page 180 Configuring VLANs Assigning Ports to Multiple VLANs VLAN To Port Page Click VLAN Management > VLAN to Port. The opens: STEP 1 VLAN To Port Page VLAN To Port Page contains the following fields: • Indicates that ports on the specified stacking member Unit No.
Page 181 Configuring VLANs Assigning Ports to Multiple VLANs Customer — The port can be a member of one or more double tagged Multicast TV VLAN. Refer to "Define Customer VLAN using Q-in-Q" for details. • Join VLAN — Defines the VLANs to which the interface is joined. Pressing the Join VLAN to Port Screen Join VLAN button displays the Select the VLAN to which to add the port, select the VLANs to be tagged or...
Page 182: Defining Gvrp Settings
Configuring VLANs Defining GVRP Settings Defining GVRP Settings GARP VLAN Registration Protocol (GVRP) is specifically provided for automatic distribution of VLAN membership information among VLAN-aware bridges. GVRP allows VLAN-aware bridges to automatically learn VLANs to bridge ports mapping, without having to individually configure each bridge and register VLAN membership.
Page 183: Modifying Gvrp Settings
Configuring VLANs Defining GVRP Settings • Copy From Entry Number — Copies GVRP parameters from the specified table entry. • To Entry Number(s) — Assigns the copied GVRP parameters to the specified table entry. • Ports of Unit — Indicates the port number and stacking member for which GVRP parameters are displayed.
Page 184 Configuring VLANs Defining GVRP Settings Edit GVRP Page Edit GVRP Page contains the following fields: • Interface — Port or LAG described by the GVRP settings entry. • GVRP State — Indicates if GVRP is enabled on the interface. The possible field values are: Enable —...
Page 185: Defining Vlan Interface Settings
Configuring VLANs Defining VLAN Interface Settings Defining VLAN Interface Settings VLAN Interface Setting Page provides parameters for managing ports that are Port part of a VLAN. The port default VLAN ID (PVID) is configured on the VLAN Settings page. All untagged packets arriving to the device are tagged by the ports PVID.
Page 186 Configuring VLANs Defining VLAN Interface Settings • To Entry Number(s) — Assigns the copied VLAN configuration to the specified table entry. • Ports of Unit — Indicates that ports on the specified stacking member are described in the page. • LAGs —...
Page 187: Modifying Vlan Interface Settings
Configuring VLANs Defining VLAN Interface Settings Disable — Ingress filtering is not activated on the port. • Multicast TV VLAN — Indicates if a Multicast TV VLAN is enabled on the device. Multicast TV VLANs enable VLANs to receive Multicast TV transmissions from ports that are not Access ports.
Page 188 Configuring VLANs Defining VLAN Interface Settings Customer — The port can be member of one or more double tagged Multicast TV VLAN. Refer to "Define Customer VLAN using Q-in-Q" for details. • PVID — Assigns a VLAN ID to untagged packets. The possible values for General, Access, and Trunk Interface VLAN Mode are: SGE devices —...
Page 189: Defining Customer Vlans Using Qinq
Configuring VLANs Defining Customer VLANs Using QinQ Defining Customer VLANs Using QinQ QinQ, also known as Double Tagging, allows network managers to add an additional tag to previously tagged packets received from ports that are in Customer Interface VLAN mode, therefore creating more VLAN space and expanding service to VLAN users.
Page 190: Defining Multicast Tv Vlan
Configuring VLANs Defining Multicast TV VLAN Defining Multicast TV VLAN An access port can be configured as a member of a Multicast TV VLAN. See Defining VLAN Interface Setting . This is required to supply multicast transmissions to Level 2-isolated subscribers, without replicating the multicast transmissions for each subscriber VLAN.
Page 191 Configuring VLANs Defining Multicast TV VLAN Multicast TV VLAN Click Bridging > VLAN Management > Multicast TV VLAN. The STEP 1 Page opens: Multicast TV VLAN Page Multicast TV VLAN Page contains the following fields: • Interface — Defines the VLAN to which the ports are assigned. •...
Page 192: Defining Cpe Vlan Mapping
Configuring VLANs Defining CPE VLAN Mapping Defining CPE VLAN Mapping CPE VLAN Network managers can map CPE VLANs to Multicast TV VLANs in the Mapping Page . Once the CPE VLAN is mapped to the Multicast VLAN, the VLAN can participate in IGMP snooping. To map CPE VLANs: CPE VLAN Click Bridging >...
Page 193: Defining Protocol Groups
Configuring VLANs Defining Protocol Groups Add CPE VLAN Mapping Page Add CPE VLAN Mapping Page contains the following fields: • CPE VLAN — Defines the CPE VLAN which is mapped to the Multicast TV VLAN. • Multicast TV VLAN — Defines the Multicast TV VLAN which is mapped to the CPE VLAN.
Page 194 Configuring VLANs Defining Protocol Groups Protocol Click Bridging > VLAN Management > Protocol Group (Layer 2). The STEP 1 Group Page (Layer 2) opens: Protocol Group Page Protocol Group Page contains the following fields: • Frame Type — Displays the packet type. •...
Page 195 Configuring VLANs Defining Protocol Groups Add Protocol Group Page Add Protocol Group Page provides information for configuring new VLAN Add Protocol Group Page protocol groups. The contains the following fields. • Frame Type — Displays the packet type. • Protocol Value — Defines the User-defined protocol value. The options are as follows: Protocol Value —...
Page 196: Defining A Protocol Port
Configuring VLANs Defining a Protocol Port Edit Protocol Group Page Edit Protocol Group Page contains the following fields. • Frame Type — Displays the packet type. • Protocol Value — Displays the User-defined protocol value. • Group ID (Hex) — Defines the Protocol group ID to which the interface is added.
Page 197 Configuring VLANs Defining a Protocol Port Protocol Port Page Click Bridging > VLAN Management > Protocol Port. The STEP 1 opens: Protocol Port Page Protocol Port Page contains the following fields. • Interface — Port or LAG number added to a protocol group. •...
Page 198 Configuring VLANs Defining a Protocol Port Add Protocol Port to VLAN Page Add Protocol Port to VLAN Page contains the following fields. • Interface — Port or LAG number added to a protocol group. • Group ID — Protocol group ID to which the interface is added. Protocol group IDs are defined in the Protocol Group Table.
Page 199: Chapter 7: Configuring Ip Information
Configuring IP Information IP Addressing Configuring IP Information This section provides information for defining device IP addresses, and includes the following topics: • IP Addressing • Layer 3 IP Addressing • Domain Name System IP Addressing The IP Addressing section contains the topics: •...
Page 200 Configuring IP Information IP Addressing The main improvement IPv6 presents is address size, increasing from 32-bit to 128-bit addresses. The larger address size introduces greater flexibility in assigning IP addresses. IPv6 addresses are normally written as eight groups of four hexadecimal digits, for example FE80:0000:9C00:876A:130B.
Page 201 Configuring IP Information IP Addressing Click System > System Management > IP Addressing > IPv6 Configuration > IPv6 STEP 1 Interface . The IPv6 Interface Page opens: IPv6 Interface Page The IPv6 Interface Page contains the following fields: • Interface — Indicates the Link Local Interface. The possible field values are: VLAN —...
Page 202 Configuring IP Information IP Addressing Duplicate — Indicates the IPv6 address is being used by an another host on the network. Preferred — Indicates the DAD Status is set to active. Tentative — Indicates the system is in process of IPv6 address duplication verification.
Page 203 Configuring IP Information IP Addressing Add IPv6 Interface Page opens: Click the Add button. The STEP 3 Add IPv6 Interface Page Select an IPv6 Interface and define the number of DAD Attempts. STEP 4 Click Apply. The IPv6 Interface is added, and the device is updated. STEP 5 Defining Default Gateway The Default Gateway Page provides information for configuring default gateways...
Page 204 Configuring IP Information IP Addressing Click System > System Management > IP Addressing > IPv6 Configuration > STEP 1 Default Gateway. The Default Gateway Page opens: Default Gateway Page The Default Gateway Page contains the following fields: • Default Gateway IP Address — Defines the Link Local IP Address of the Default Gateway.
Page 205 Configuring IP Information IP Addressing Reachable — Indicates that a positive confirmation was received within the last Reachable Time. Stale — Indicates that the previously known neighbor is no longer reachable. No action is taken to verify its reachability, until traffic needs to be sent.
Page 206 Configuring IP Information IP Addressing • Default Gateway IP Address — Defines the Static Default Gateway IP Address. Define the relevant fields. STEP 3 Click Apply. The Default Gateway is defined, and the device is updated. STEP 4 Configuring ISATAP Tunnels Intra-Site Automatic Tunnel Access Protocol (ISATAP) enables encapsulating IPv6 packets within IPv4 packets for transmission over IPv4 networks.
Page 207 Configuring IP Information IP Addressing To define an IPv6 ISATAP tunnel: Click > System > System Management > IP STEP 1 ISATAP Tunnel Page Addressing > IPv6 Configuration > ISATAP Tunnel. The opens: ISATAP Tunnel Page ISATAP Tunnel Page contains the following fields: •...
Page 208 Configuring IP Information IP Addressing • — ISATAP Solicitation Interval (10-3600) Specifies the interval between ISATAP router solicitations messages when there is no active ISATAP router. The range is 10 - 3600 seconds. The default is 10. Use Default — Selecting the check box that returns settings to default.
Page 209 Configuring IP Information IP Addressing Click System > System Management > IP Addressing > IPv6 Configuration > IPv6 STEP 1 IPv6 Neighbors Page Neighbors. The opens: IPv6 Neighbors Page IPv6 Neighbors Page contains the following fields: • Clear Table — Deletes the entries in the IPv6 Neighbor Table. The possible field values are: Static Only —...
Page 210 Configuring IP Information IP Addressing • Type — Displays the type of the neighbor discovery cache information entry. The possible field values are: Static — Shows static neighbor discovery cache entries. Dynamic — Shows dynamic neighbor discovery cache entries. • State —...
Page 211 Configuring IP Information IP Addressing • IPv6 Address — Defines the currently configured IPv6 network assigned to the interface. The address must be a valid IPv6 address, specified in hexadecimal using 16-bit values between colons. • MAC Address — Indicates the MAC address mapped to the specified IPv6 address.
Page 212: Viewing Ipv6 Routes Table
Configuring IP Information IP Addressing Viewing IPv6 Routes Table IPv6 Routes Table Page allows network managers to view IPv6 network routes. To view IPv6 routing entries: Click >System > System Management > IP Addressing > IPv6 Configuration > STEP 1 IPv6 Routes Table Page IPv6 Routes Table.
Page 213: Layer 2 Ip Addressing
Configuring IP Information IP Addressing • Next Hop — Displays the address to which the packet is forwarded (typically the address of a neighboring router). This can be either a Link Local or Global address. • Metric — Indicates the value used for comparing this route to other routes with the same destination in the IPv6 route table.
Page 214: Defining Ipv4 Interface (Layer 2)
Configuring IP Information IP Addressing • Defining DHCP Relay (Layer 3) • Defining IPv4 Interface (Layer 2) IPv4 Interface Page contains fields for assigning IPv4 addresses. Packets are forwarded to the default IP when frames are sent to a remote network. The configured IP address must belong to the same IP address subnet of one of the IP interfaces.
Page 215: Defining Ipv4 Interface (Layer 3)
Configuring IP Information IP Addressing • IP Address — The currently configured IP address. • Network Mask — Displays the currently configured IP address mask. • Prefix Length — Specifies the length of the IPv6 prefix. The range is 5 -128 (64 Prefix in the case EUI-64 parameter is used).
Page 216 Configuring IP Information IP Addressing IPv4 Click System > System Management > IP Addressing > IPv4 Interface. The STEP 1 Interface Page opens: IPv4 Interface Page IPv4 Interface Page contains the following fields: • IP Address — Displays the currently configured IP address. •...
Page 217 Configuring IP Information IP Addressing • Interface — Specifies the interface to be associated with this IP configuration. • IP Address — Defines the currently configured IP address. • Network Mask — Defines the currently configured IP address mask. • Prefix Length —...
Page 218: Enabling Arp Proxy (Layer 3)
Configuring IP Information IP Addressing Define the relevant fields. STEP 3 Click Apply. The IP interface configuration is defined, and the device is updated. STEP 4 Enabling ARP Proxy (Layer 3) The Address Resolution Protocol (ARP) is a TCP/IP protocol that converts IP ARP Proxy Page addresses into physical addresses.
Page 219: Defining Udp Relay (Layer 3)
Configuring IP Information IP Addressing Click Apply. ARP Proxy is enabled, and the device is updated. STEP 3 Defining UDP Relay (Layer 3) The UDP Relay allows UDP packets to reach other networks. This feature enables browsing from workstations to servers on different networks. This section is applicable to Layer 3 devices only.
Page 220 Configuring IP Information IP Addressing • UDP Destination Port— Indicate the destination UDP port ID number of the relayed UDP packets. The following table lists UDP Port allocations. UDP Port Number Acronym Application Echo Echo SysStat Active User NetStat Netstat Quote Quote of the day CHARGEN...
Page 221: Defining Dhcp Relay (Layer 2)
Configuring IP Information IP Addressing Add UDP Relay Page Add UDP Relay Page contains the following fields: • Source IP Interface — Indicates the input IP interface that relays UDP packets. If this field is 255.255.255.255, UDP packets from all interfaces are relayed. The following address ranges are 0.0.0.0 to 0.255.255.255.
Page 222 Configuring IP Information IP Addressing Click System > System Management > IP Addressing > DHCP Relay > DHCP STEP 1 DHCP Server Page Server. The opens: DHCP Server Page DHCP Server Page Server contains the following fields: • DHCP Relay — Enable or disable DHCP Relay on the device. The possible values are: Enable —...
Page 223: Defining Dhcp Relay Interfaces
Configuring IP Information IP Addressing Disable — Disables DHCP Option 82 with data insertion on the device. This is the default value. • DHCP Server — Port or LAG on which DHCP Relay has been enabled. Add DHCP Server Page Click the Add button.
Page 224 Configuring IP Information IP Addressing Click System > System Management > IP Addressing > DHCP Relay > DHCP STEP 1 DHCP Interfaces Page Interfaces. The opens: DHCP Interfaces Page DHCP Interfaces Page contains the following fields: • Interface — Displays the interface selected for relay functionality. •...
Page 225: Defining Dhcp Relay (Layer 3)
Configuring IP Information IP Addressing Add DHCP Interface Page Add DHCP Interface Page contains the following field: • Interface — Selects the interface to define DHCP Relay. The possible field values are: Ports — Defines the DHCP Relay on the selected port. LAGs —...
Page 226 Configuring IP Information IP Addressing Click System > System Management > IP Addressing > DHCP Relay > DHCP STEP 1 DHCP Server Page Server. The opens: DHCP Server Page DHCP Server Page contains the following fields: • DHCP Relay — Enable or disable DHCP Relay on the device. The possible values are: Enable —...
Page 227: Arp
Configuring IP Information IP Addressing Disable — Disables DHCP Option 82 with data insertion on the device. This is the default value. • DHCP Server — Defines the address of the remote DHCP server to track across the VLANs. Add DHCP Server Page Click the Add button.
Page 228 Configuring IP Information IP Addressing ARP Page Click System > System Management > IP Addressing > ARP. The opens: STEP 1 ARP Page ARP Page contains the following fields. • ARP Entry Age Out — Defines the amount of time (seconds) that pass between ARP requests about an ARP table entry.
Page 229 Configuring IP Information IP Addressing • MAC Address — Indicates the station MAC address, which is associated in the ARP table with the IP address. • Status — Indicates the ARP Table entry status. Possible field values are: Dynamic — Indicates the ARP entry was learned dynamically. Static —...
Page 230: Defining Ip Routing
Configuring IP Information IP Addressing Edit ARP Page Edit ARP Page contains the following fields: • VLAN — Indicates the ARP-enabled interface. • IP Address — Indicates the station IP address, which is associated with the MAC address filled in below. •...
Page 231 Configuring IP Information IP Addressing IP Static Routing Page Click Routing > IP Static Routing. The opens: STEP 1 IP Static Routing Page IP Static Routing Page contains the following fields: • Dest. IP Address — Defines the destination IP address. •...
Page 232 Configuring IP Information IP Addressing Add IP Static Route Page In addition to the fields in the IP Static Routing Page, Add IP Static Route Page contains the following additional fields: • Destination IP Address — Defines the destination IP address. •...
Page 233: Domain Name System
Configuring IP Information Domain Name System Domain Name System Domain Name System (DNS) converts user-defined domain names into IP addresses. Each time a domain name is assigned, the DNS service translates the name into a numeric IP address. For example, www.ipexample.com is translated into 192.87.56.2.
Page 234 Configuring IP Information Domain Name System • Enable DNS — Enables translating the DNS names into IP addresses. The possible field values are: Checked — Translates the domains into IP addresses. Unchecked — Disables translating domains into IP addresses. Default Parameters •...
Page 235: Mapping Dns Hosts
Configuring IP Information Domain Name System • IPv6 Address Type — Indicates the IPv6 Type. The possible field values are: Link-Local — Indicates the IPv6 address is link-local. Global Unicast — Indicates the IPv6 address is global Unicast. • Link Local Interface —Indicates the IPv6 link-local interface. The possible field values are: VLAN —...
Page 236 Configuring IP Information Domain Name System Click System > System Management > IP Addressing > Domain Name System > STEP 1 Host Mapping Page Host Mapping. The opens: Host Mapping Page Host Mapping Page contains the following fields: • Host Names — Displays a user-defined default domain name. When defined, Host the default domain name is applied to all unqualified host names.
Page 237 Configuring IP Information Domain Name System Add Host Name Page Add Host Name Page contains the following fields: • Supported IP Format — Indicates the IP address format supported by the host. The possible field values are: Version 6 — Indicates that the host supports IPv6 addresses. Version 4 —...
Page 238 Configuring IP Information Domain Name System • IP Address 3 (optional) — Indicates the third IPv6 network assigned to the interface. The address must be a valid IPv6 address, specified in hexadecimal using 16-bit values between colons. • IP Address 4 (optional) — Indicates the fourth IPv6 network assigned to the interface.
Page 239: Chapter 8: Defining Address Tables
Defining Address Tables Defining Static Addresses Defining Address Tables MAC addresses are stored in either the Static Address or the Dynamic Address databases. A packet addressed to a destination stored in one of the databases is forwarded immediately to the port. The Dynamic Address Table can be sorted by interface, VLAN, and MAC Address.
Page 240 Defining Address Tables Defining Static Addresses Static Page Click Bridging > Address Tables > Static. The opens: STEP 1 Static Page Static Page contains the following fields: • VLAN ID — Displays the VLAN ID number to which the entry refers. •...
Page 241 Defining Address Tables Defining Static Addresses Add Static MAC Address Page Click the Add button. The opens: STEP 2 Add Static MAC Address Page Add Static MAC Address Page contains the following fields: • Interface — Displays the interface to which the entry refers: Ports —...
Page 242: Defining Dynamic Addresses
Defining Address Tables Defining Dynamic Addresses Defining Dynamic Addresses The Dynamic Address Table contains the MAC addresses learned by monitoring the source address for traffic entering the switch. When the destination address for inbound traffic is found in the database, the packets intended for that address are forwarded directly to the associated port.
Page 243 Defining Address Tables Defining Dynamic Addresses • Aging Interval — Specifies the amount of time the MAC address remains in the Dynamic MAC Address table before it is timed out, if no traffic from the source is detected. The default value is 300 seconds. •...
Page 244: Chapter 9: Configuring Multicast Forwarding
Configuring Multicast Forwarding IGMP Snooping Configuring Multicast Forwarding The Multicast section contains the following topics: • IGMP Snooping • Defining Multicast Group • Configuring IGMP Snooping Mapping • Defining Multicast TV Membership • Defining Multicast Forwarding • Defining Unregistered Multicast Settings IGMP Snooping When IGMP Snooping is enabled globally, all IGMP packets are forwarded to the CPU.
Page 245 Configuring Multicast Forwarding IGMP Snooping IGMP Snooping Page Click Bridging > Multicast > IGMP Snooping. The opens: STEP 1 IGMP Snooping Page IGMP Snooping Page contains the following fields: • Enable IGMP Snooping Status — Indicates that the device monitors network traffic to determine which hosts want to receive multicast traffic.
Page 246: Modifying Igmp Snooping
Configuring Multicast Forwarding IGMP Snooping • Leave Timeout — Indicates the amount of time the host waits, after requesting to leave the IGMP group and not receiving a Join message from another station, before timing out. If a Leave Timeout occurs, the switch notifies the Multicast device to stop sending traffic The Leave Timeout value is either user-defined, Immediate Leave or an...
Page 247: Defining Multicast Group
Configuring Multicast Forwarding Defining Multicast Group • AutoLearn — Indicates if Auto Learn is enabled on the device. If Auto Learn is enabled, the devices automatically learns where other Multicast groups are located. The possible field values are: Enable — Enables auto learn. Disable —...
Page 248 Configuring Multicast Forwarding Defining Multicast Group Multicast Group Page Click Bridging > Multicast> Multicast Group. The opens: STEP 1 Multicast Group Page Multicast Group Page contains the following fields: • Enable Bridge Multicast Filtering — Indicates if Bridge Multicast Filtering is enabled on the device.
Page 249: Modifying A Multicast Group
Configuring Multicast Forwarding Defining Multicast Group Forbidden — Forbidden interfaces are not included the Multicast group, even if IGMP Snooping designated the interface to join a Multicast group. None — The interface is not part of a Multicast group. Add Multicast Group Page Click the Add button.
Page 250 Configuring Multicast Forwarding Defining Multicast Group Edit Multicast Group Page Edit Multicast Group Page contains the following fields: • VLAN ID — Displays the VLAN ID. • Bridge IP Multicast — Displays the IP address attached to the Multicast Group. •...
Page 251: Configuring Igmp Snooping Mapping
Configuring Multicast Forwarding Configuring IGMP Snooping Mapping Configuring IGMP Snooping Mapping Multicast TV allows subscribers to join the same Multicast stream, even if the subscribers are not members of the same VLAN, eliminating television traffic duplication. IGMP snooping is supported for those transmissions. Ports which receive Multicast Transmissions, or Receiver Ports , can be defined in...
Page 252: Defining Multicast Tv Membership
Configuring Multicast Forwarding Defining Multicast TV Membership • Multicast Group — Indicates the Multicast group IP address for which the IGMP Snooping is enabled. Add IGMP Snooping Mapping Page Click the Add button. The opens: STEP 2 Add IGMP Snooping Mapping Page Add IGMP Snooping Mapping Page contains the following fields: •...
Page 253: Defining Multicast Forwarding
Configuring Multicast Forwarding Defining Multicast Forwarding Multicast TV Click Bridging > Multicast > Multicast TV Membership. The STEP 1 Membership Page opens: Multicast TV Membership Page Multicast TV Membership Page contains the following fields: • Multicast TV VLAN ID — Indicates the Multicast VLAN ID in which the source ports and receiver ports are members.
Page 254: Modifying Multicast Forwarding
Configuring Multicast Forwarding Defining Multicast Forwarding Multicast Forward Page Click Bridging > Multicast > Forward. The opens: STEP 1 Multicast Forward Page Multicast Forward Page contains the following fields: • VLAN ID — Displays the VLAN ID. • Ports — Displays the Multicast Forwarding status of all of the specified stacking member’s ports.
Page 255: Defining Unregistered Multicast Settings
Configuring Multicast Forwarding Defining Unregistered Multicast Settings Edit Multicast Forward All Page Edit Multicast Forward All Page contains the following fields: • VLAN ID — Displays the VLAN ID. • Interface — Displays the port or LAG attached to the Multicast Group. •...
Page 256 Configuring Multicast Forwarding Defining Unregistered Multicast Settings Unregistered Multicast Page contains fields to handle Multicast frames that belong to Unregistered Multicast groups. Unregistered Multicast groups are the groups that are not known to the device. All Unregistered Multicast frames are still forwarded to all ports on the VLAN.
Page 257 Configuring Multicast Forwarding Defining Unregistered Multicast Settings Filtering — Enables filtering of Unregistered Multicast frames to the selected VLAN interface. Click Edit. The Edit Unregistered Multicast Page opens: STEP 2 Unregistered Multicast Define the field. STEP 3 Click Apply. The settings are saved and the device is updated. STEP 4 Cisco Small Business SFE/SGE Managed Switches Administration Guide...
Page 258: Chapter 10: Configuring Spanning Tree
Configuring Spanning Tree Defining Spanning Tree Configuring Spanning Tree The Spanning Tree Protocol (STP) provides tree topography for any arrangement of bridges. STP also provides one path between end stations on a network, eliminating loops. Loops occur when alternate routes exist between hosts. Loops in an extended network can cause bridges to forward traffic indefinitely, resulting in increased traffic and reducing network efficiency.
Page 259 Configuring Spanning Tree Defining Spanning Tree STP Properties Page Click Bridging > Spanning Tree > Properties. The opens: STEP 1 STP Properties Page STP Properties Page contains the following fields: Global Settings The Global Settings area contains device-level parameters. • Spanning Tree State —...
Page 260 Configuring Spanning Tree Defining Spanning Tree • BPDU Handling — Determines how BPDU packets are managed when STP is disabled on the port or device. BPDUs are used to transmit spanning tree information. The possible field values are: Filtering — Filters BPDU packets when spanning tree is disabled on an interface.
Page 261: Defining Spanning Tree Interface Settings
Configuring Spanning Tree Defining Spanning Tree • Root Port — Indicates the port number that offers the lowest cost path from this bridge to the Root Bridge. It is significant when the Bridge is not the Root. • Root Path Cost — The cost of the path from this bridge to the root. •...
Page 262 Configuring Spanning Tree Defining Spanning Tree Interface Settings Click Bridging > Spanning Tree > Interface Settings. The STP STEP 1 Page opens: Interface Settings Page Interface Settings Page The STP contains the following fields: • Copy From Entry Number — Indicates the port from which the STP interface setting are copied.
Page 263 Configuring Spanning Tree Defining Spanning Tree convergence. STP convergence can take 30-60 seconds in large networks. The possible values are: Enabled — Port Fast is enabled. Disabled — Port Fast is disabled. Auto — Port Fast mode is enabled a few seconds after the interface becomes active.
Page 264 Configuring Spanning Tree Defining Spanning Tree Designated — The port or LAG through which the designated switch is attached to the LAN. Alternate — Provides an alternate path to the root switch from the root interface. Backup — Provides a backup path to the designated port path toward the Spanning Tree leaves.
Page 265: Modifying Interface Settings
Configuring Spanning Tree Defining Spanning Tree Modifying Interface Settings Interface Settings Page Click Bridging > Spanning Tree > Interface Settings. The STEP 1 opens: Edit Interface Settings Page Click the Edit button. The opens: STEP 2 Edit Interface Settings Page Edit Interface Settings Page contains the following fields: •...
Page 266 Configuring Spanning Tree Defining Spanning Tree Auto — Enables Port Fast mode a few seconds after the interface becomes active. • Enable Root Guard — Enable the prevention of a devices outside the network core from being assigned the spanning tree root. The possible field values are: Checked —...
Page 267: Defining Rapid Spanning Tree
Configuring Spanning Tree Defining Spanning Tree • Priority — Priority value of the port. The priority value influences the port choice when a bridge has two ports connected in a loop. The priority value is between 0 -240. The priority value is provided in increments of 16. •...
Page 268 Configuring Spanning Tree Defining Spanning Tree RSTP Page Click Bridging > Spanning Tree > RSTP. The opens STEP 1 RSTP Page RSTP Page contains the following fields: • Copy From Entry Number — Indicate the port from which the STP interface setting are copied.
Page 269 Configuring Spanning Tree Defining Spanning Tree Backup — Provides a backup path to the designated port path toward the Spanning Tree leaves. Backup ports occur only when two ports are connected in a loop by a point-to-point link. Backup ports also occur when a LAN has two or more connections connected to a shared segment.
Page 270: Modifying Rtsp
Configuring Spanning Tree Defining Spanning Tree • Activate Activate Protocol Migration — Click the button to run a Protocol Migration Test. The test identifies the STP mode of the interface connected to the selected interface. Define the relevant fields. STEP 2 Click Apply.
Page 271 Configuring Spanning Tree Defining Spanning Tree Backup — Provides a backup path to the designated port path toward the Spanning Tree leaves. Backup ports occur only when two ports are connected in a loop by a point-to-point link. Backup ports also occur when a LAN has two or more connections connected to a shared segment.
Page 272: Defining Multiple Spanning Tree
Configuring Spanning Tree Defining Multiple Spanning Tree Auto — Device automatically determines the state. • Point-to-Point Operational Status — Indicates the Point-to-Point operating state. • Activate Protocol Migration Test — Enables a Protocol Migration Test.The test identifies the STP mode of the interface connected to the selected interface. The possible field values are: Checked —...
Page 273 Configuring Spanning Tree Defining Multiple Spanning Tree MSTP Properties Page Click Bridging > Spanning Tree > MSTP > Properties. The STEP 1 opens: MSTP Properties Page MSTP Properties Page contains the following fields: • Region Name — Provides a user-defined STP region name. •...
Page 274: Defining Mstp Instance To Vlan
Configuring Spanning Tree Defining Multiple Spanning Tree Defining MSTP Instance to VLAN MSTP maps VLANs into STP instances. Packets assigned to various VLANs are Multiple Spanning Tree Regions transmitted along different paths within (MST Regions). Regions are one or more Multiple Spanning Tree bridges by which frames can be transmitted.
Page 275: Defining Mstp Instance Settings
Configuring Spanning Tree Defining Multiple Spanning Tree Defining MSTP Instance Settings MSTP maps VLANs into STP instances. Packets assigned to various VLANs are Multiple Spanning Tree Regions transmitted along different paths within (MST Regions). Regions are one or more Multiple Spanning Tree bridges by which frames can be transmitted.
Page 276: Defining Mstp Interface Settings
Configuring Spanning Tree Defining Multiple Spanning Tree • Designated Root Bridge ID — Indicates the priority and MAC address of the bridge with the lowest path cost to the instance ID. • Root Port — Indicates the selected instance’s root port. •...
Page 277 Configuring Spanning Tree Defining Multiple Spanning Tree MSTP Interface Click Bridging > Spanning Tree > MSTP > Interface Settings. The STEP 1 Settings Page opens: MSTP Interface Settings Page MSTP Interface Settings Page contains the following fields: • Instance ID — Lists the MSTP instances configured on the device. Possible field range is 0-15.
Page 278 Configuring Spanning Tree Defining Multiple Spanning Tree Forwarding — Indicates that the port is in Forwarding mode. The port can forward traffic and learn new MAC addresses. • Type — Indicates if the port is a point-to-point port, or a port connected to a hub.
Page 279 Configuring Spanning Tree Defining Multiple Spanning Tree • Designated Bridge ID — Indicates the bridge ID number that connects the link or shared LAN to the root. • Designated Port ID — Indicates the Port ID number on the designated bridge that connects the link or the shared LAN to the root.
Page 280 Configuring Spanning Tree Defining Multiple Spanning Tree Designated — Indicates the port or LAG via which the designated device is attached to the LAN. Alternate — Provides an alternate path to the root device from the root interface. Backup — Provides a backup path to the designated port path toward the Spanning Tree leaves.
Page 281 Configuring Spanning Tree Defining Multiple Spanning Tree Listening — Indicates that the port is in Listening mode. The port cannot forward traffic nor can it learn MAC addresses. Learning — Indicates that the port is in Learning mode. The port cannot forward traffic, however it can learn new MAC addresses.
Page 282: Chapter 11: Configuring Quality Of Service
Configuring Quality of Service Configuring Quality of Service Network traffic is usually unpredictable, and the only basic assurance that can be offered is best effort traffic delivery. To overcome this challenge, Quality of Service (QoS) is applied throughout the network. This ensures that network traffic is prioritized according to specified criteria, and that specific traffic receives preferential treatment.
Page 283: Defining General Settings
Configuring Quality of Service Defining General Settings • Traffic Classification — Classifies each incoming packet as belonging to a given traffic class, based on the packet contents and/or the context. • Assignment to Hardware Queues — Assigns incoming packets to forwarding queues.
Page 284 Configuring Quality of Service Defining General Settings CoS Page Click Quality of Service > General > CoS. The opens: STEP 1 CoS Page CoS Page contains the following fields: • QoS Mode — Indicates if QoS is enabled on the device. The possible values are: Advanced —...
Page 285: Defining Qos Queue
Configuring Quality of Service Defining General Settings Modifying Interface Priorities Edit Interface Priority Page Click the Edit button. The opens: STEP 2 Edit Interface Priority Page Edit Interface Priority Page contains the following fields: • Interface — Indicates whether the interface is a port or LAG. •...
Page 286 Configuring Quality of Service Defining General Settings Queue Page Click Quality of Service > General > Queue. The opens: STEP 1 Queue Page Queue Page contains the following fields: • Queue — Displays the queue for which the queue settings are displayed. The possible field range is 1 - 4.
Page 287: Mapping Cos To Queue
Configuring Quality of Service Defining General Settings Mapping CoS to Queue Cos to Queue Page contains fields for classifying CoS settings to traffic queues. Cos to Queue Page Click Quality of Service > General > CoS to Queue. The opens: STEP 1 Cos to Queue Page Cos to Queue Page...
Page 288: Mapping Dscp To Queue
Configuring Quality of Service Defining General Settings Mapping DSCP to Queue DSCP to Queue Page enables mapping DSCP values to specific queues. To map DCSP to Queues: DSCP to Queue Page Click Quality of Service > General > DSCP to Queue. The STEP 1 opens: DSCP to Queue Page...
Page 289: Configuring Bandwidth
Configuring Quality of Service Defining General Settings Configuring Bandwidth Bandwidth Page allows network managers to define the bandwidth settings for specified egress and ingress interfaces. Rate Limits and Shaping are defined per interface: • Rate Limit sets the maximum bandwidth allowed on ingress interfaces. •...
Page 290 Configuring Quality of Service Defining General Settings Rate Limit — Defines the rate limit for ingress ports. Defines the amount of bandwidth assigned to the interface. For FE ports, the rate is 62 - 100,000 Kbps. For GE ports, the rate is 62 - 1,000,000 Kbps. •...
Page 291: Configuring Vlan Rate Limit
Configuring Quality of Service Defining General Settings • Committed Information Rate (CIR) — Defines CIR as the queue shaping type. The possible field values are: For FE ports, the rate is 64 - 62,500 Kbps. For GE ports, the rate is 64 - 1,000,000 Kbps. •...
Page 292 Configuring Quality of Service Defining General Settings VLAN Rate Limit Page Click Quality of Service > General > VLAN Rate Limit. The STEP 1 opens: VLAN Rate Limit Page VLAN Rate Limit Page contains the following fields: • VLAN – Indicates the VLAN on which the Rate Limit is applied. •...
Page 293 Configuring Quality of Service Defining General Settings Add VLAN Rate Limit Page Add VLAN Rate Limit Page contains the following fields. • VLAN ID – Defines the VLAN on which to apply the Rate Limit. • Rate Limit (CIR) – Defines the maximum rate (CIR) in kbits per second (bps) that forwarding traffic is permitted in the VLAN.
Page 294: Defining Advanced Qos Mode
Configuring Quality of Service Defining Advanced QoS Mode Edit VLAN Rate Limit Page VLAN Rate Limit Page contains the following fields: • VLAN ID – Defines the VLAN on which to apply the Rate Limit. • Rate Limit (CIR) – Defines the maximum rate (CIR) in kbits per second (bps) that forwarding traffic is permitted in the VLAN.
Page 295: Configuring Dscp Mapping
Configuring Quality of Service Defining Advanced QoS Mode After assigning packets to a specific queue, services such as configuring output queues for the scheduling scheme, or configuring output shaping for burst size, CIR, or CbS per interface or per queue, can be applied. Advanced Mode section contains the following topics: •...
Page 296 Configuring Quality of Service Defining Advanced QoS Mode DSCP Mapping Click Quality of Service > Advanced Mode > DSCP Mapping. The STEP 1 Page opens: DSCP Mapping Page DSCP Mapping Page contains the following fields: • DSCP In — Indicates the DSCP value in the incoming packet which will be mapped to an outgoing packet.
Page 297: Defining Class Mapping
Configuring Quality of Service Defining Advanced QoS Mode Defining Class Mapping Class Mapping Page contains parameters for defining class maps. One IP ACL and/or one MAC ACL comprise a class map. Class maps are configured to match packet criteria, and are matched to packets on a first-fit basis. For example, Class Map A is assigned to packets based only on an IP-based ACL or a MAC-based ACL.
Page 298 Configuring Quality of Service Defining Advanced QoS Mode Add QoS Class Map Page Click the Add button. The opens: STEP 2 Add QoS Class Map Page Add QoS Class Map Page contains the following fields. • Class Map Name — Defines a new Class Map name •...
Page 299: Defining Aggregate Policer
Configuring Quality of Service Defining Advanced QoS Mode Defining Aggregate Policer A policy is a collection of classes, each of which is a combination of a class map and a QoS action to apply to matching traffic. Classes are applied in a first-fit manner within a policy.
Page 300 Configuring Quality of Service Defining Advanced QoS Mode • Ingress CIR — Defines the Committed Information Rate (CIR) in bits per second. • Ingress CS — Defines the Committed Burst Size (CS) in bytes per second. • Exceed Action — Action assigned to incoming packets exceeding the CIR. Possible values are: Drop —...
Page 301 Configuring Quality of Service Defining Advanced QoS Mode Click Apply. The Aggregate policer is added, and the device is updated. STEP 4 Modifying QoS Aggregate Policer Aggregate Click Quality of Service > Advanced Mode > Aggregate Policer. The STEP 1 Policer Page opens: Edit QoS Aggregate Policer Page...
Page 302: Configuring Policy Table
Configuring Quality of Service Defining Advanced QoS Mode Configuring Policy Table Policy Table Page, In the QoS policies are set up and assigned to interfaces. To set up QoS policies: Policy Table Page Click Quality of Service > Advanced Mode > Policy Table. The STEP 1 opens: Policy Table Page...
Page 303 Configuring Quality of Service Defining Advanced QoS Mode Add QoS Policy Profile Page Add QoS Policy Profile Page contains the following fields. • New Policy Name — Displays the user-defined policy name. • Class Map — Selects the user-defined class maps which can be associated with the policy.
Page 304 Configuring Quality of Service Defining Advanced QoS Mode defined if the policer is shared with multiple classes. Traffic from two different ports can be configured for policing purposes. An aggregate policer can be applied to multiple classes in the same policy map, but cannot be used across different policy maps.
Page 305 Configuring Quality of Service Defining Advanced QoS Mode Edit QoS Policy Profile Page Edit QoS Policy Profile Page contains the following fields. • Policy Name — Displays the user-defined policy name. • Class Map — Displays the user-defined name of the class map. •...
Page 306: Defining Policy Binding
Configuring Quality of Service Defining Advanced QoS Mode • Ingress Committed Information Rate (CIR) — Defines the CIR in Kbps. This field is only relevant when the Police value is Single. • Ingress Committed Burst Size (CS) — Defines the CS in bytes. This field is only relevant when the Police value is Single.
Page 307 Configuring Quality of Service Defining Advanced QoS Mode Policy Binding Click Quality of Service > Advanced Mode > Policy Binding. The STEP 1 Page opens: Policy Binding Page Policy Binding Page contains the following fields: • Interface — Displays the interface to which the entry refers. •...
Page 308: Defining Qos Basic Mode
Configuring Quality of Service Defining QoS Basic Mode Define the relevant fields. STEP 3 Click Apply. The QoS Policy Binding is defined, and the device is updated. STEP 4 Modifying QoS Policy Binding Settings Click Quality of Service > Advanced Mode > Policy Binding. The Policy Binding STEP 1 Page...
Page 309: Rewriting Dscp Values
Configuring Quality of Service Defining QoS Basic Mode Basic Mode Page Click Quality of Service > Basic Mode. The opens: STEP 1 Basic Mode Page Basic Mode Page contains the following fields: • Trust Mode — Displays the trust mode. If a packet’s CoS tag and DSCP tag, are mapped to different queues, the Trust Mode determines the queue to which the packet is assigned.
Page 310 Configuring Quality of Service Defining QoS Basic Mode DSCP Mapping Click Quality of Service > Advanced Mode > DSCP Mapping. The STEP 1 Page opens: DSCP Mapping Page DSCP Mapping Page contains the following fields: • DSCP In — Indicates the DSCP value in the incoming packet. •...
Page 311: Chapter 12: Configuring Snmp
Configuring SNMP Configuring SNMP The Simple Network Management Protocol (SNMP) provides a method for managing network devices. The device supports the following SNMP versions: SNMP v1 and v2 SNMP agents maintain a list of variables that are used to manage the device. The variables are defined in the Management Information Base (MIB).
Page 312: Configuring Snmp Security
Configuring SNMP Configuring SNMP Security • Copy trap • Stacking traps The SNMP section contains the following topics: • Configuring SNMP Security Defining Trap Management All private MIBs for the switches in this manual are anchored under the MIB root: NOTE enterprises(1).cisco(9).otherEnterprises(6).ciscosb(1) Configuring SNMP Security...
Page 313 Configuring SNMP Configuring SNMP Security Engine ID Page Click System > SNMP > Security > Engine ID. The opens: STEP 1 Engine ID Page Engine ID Page contains the following fields. • Local Engine ID (10-64 Hex characters) — Indicates the local device engine ID. The field value is a hexadecimal string.
Page 314: Defining Snmp Views
Configuring SNMP Configuring SNMP Security Click Apply. The device is updated. STEP 3 Defining SNMP Views SNMP Views provide access or block access to device features or feature aspects. For example, a view displays that the SNMP Group A has Read Only (R/ O) access to Multicast groups, while SNMP Group B has Read-Write (R/W) access to Multicast groups.
Page 315 Configuring SNMP Configuring SNMP Security • Object ID Subtree — Indicates the device feature OID that is included or excluded in the selected SNMP view. • View Type — Indicates if the defined OID branch that are included or excluded in the selected SNMP view.
Page 316: Defining Snmp Users
Configuring SNMP Configuring SNMP Security Defining SNMP Users SNMP Users Page provides information for creating SNMP users, and assigning SNMP access control privileges to SNMP users. Groups allow network managers to assign access rights to specific device features, or feature aspects. SNMP Users Page Click System >...
Page 317 Configuring SNMP Configuring SNMP Security Add SNMP Group Membership Page The Add SNMP Group Membership Page provides information for assigning Add SNMP Group SNMP access control privileges to SNMP groups. The Membership Page contains the following fields. • User Name — Provides a user-defined local user list. •...
Page 318 Configuring SNMP Configuring SNMP Security • Password — Defines the local user password. Local user passwords can contain up to 159 characters. This field is available if the Authentication Method is a password. • Authentication Key — Defines the HMAC-MD5-96 or HMAC-SHA-96 authentication level.
Page 319: Defining Snmp Groups
Configuring SNMP Configuring SNMP Security • Authentication Method— Indicates the Authentication method used. The possible field values are: MD5 Key — Users are authenticated using a valid HMAC-MD5 key. SHA Key — Users are authenticated using a valid HMAC-SHA-96 key. MD5 Password —...
Page 320 Configuring SNMP Configuring SNMP Security SNMP Groups Page Click System > SNMP > Security > Groups. The opens: STEP 1 SNMP Groups Page SNMP Groups Page contains the following fields: • Group Name — Displays the user-defined group to which privileges are applied.
Page 321 Configuring SNMP Configuring SNMP Security • Operation — Defines the group access right, which are per view. The possible field values are: Read — The management access is restricted to read-only, and changes cannot be made to the assigned SNMP view. Write —...
Page 322 Configuring SNMP Configuring SNMP Security Authentication — Authenticates SNMP messages, and ensures the SNMP messages origin is authenticated. Privacy — Encrypts SNMP message. • Operation — Defines the group access right, which are per view. The possible field values are: Default —...
Page 323: Defining Snmp Communities
Configuring SNMP Configuring SNMP Security SNMPv3 — SNMPv3 is defined for the group. • Security Level — Defines the security level attached to the group. Security levels apply to SNMPv3 only. No Authentication — Neither the Authentication nor the Privacy security levels are assigned to the group.
Page 324 Configuring SNMP Configuring SNMP Security SNMP Communities Page Click System > SNMP > Security > Communities. The STEP 1 opens: SNMP Communities Page SNMP Communities Page is divided into the following tables: • Basic Table • Advanced Table The SNMP Communities Basic Table area contains the following fields: •...
Page 325 Configuring SNMP Configuring SNMP Security • Group Name — Displays advanced SNMP communities group name. Add SNMP Community Page Click the Add button. The opens. STEP 2 Add SNMP Community Page Add SNMP Community Page allows network managers to define and Add SNMP Community Page configure new SNMP communities.
Page 326 Configuring SNMP Configuring SNMP Security • Basic — Enables SNMP Basic mode for a selected community and contains the following fields: • Access Mode — Defines the access rights of the community. The possible field values are: Read Only — Management access is restricted to read-only, and changes cannot be made to the community.
Page 327 Configuring SNMP Configuring SNMP Security Edit SNMP Community Page Edit SNMP Community Page contains the following fields: • SNMP Management — Defines the management station IP address for which the SNMP community is defined. • Community String — Defines the password used to authenticate the management station to the device.
Page 328: Defining Trap Management
Configuring SNMP Defining Trap Management Click Apply. The device is updated. STEP 4 Defining Trap Management This section contains the following topics: • Defining Trap Settings • Configuring Station Management • Defining SNMP Filter Settings Defining Trap Settings Trap Settings Page contains parameters for defining SNMP notification parameters.
Page 329: Configuring Station Management
Configuring SNMP Defining Trap Management • Enable SNMP Notification — Specifies whether the device can send SNMP notifications. The possible field values are: Checked — Enables SNMP notifications. Unchecked — Disables SNMP notifications. • Enable Authentication Notification — Specifies whether SNMP authentication failure notification is enabled on the device.
Page 330 Configuring SNMP Defining Trap Management Station Click System > SNMP > Trap Management > Station Management. The STEP 1 Management Page opens: Station Management Page Station Management Page SNMPv1,2 Notification contains two areas, the Recipient SNMPv3 Notification Recipient and the table.
Page 331 Configuring SNMP Defining Trap Management • Filter Name — Indicates if the SNMP filter for which the SNMP Notification filter is defined. • Timeout — Indicates the amount of time (seconds) the device waits before re- sending informs. The default is 15 seconds. •...
Page 332 Configuring SNMP Defining Trap Management Add SNMP Notification Recipient Page Add SNMP Notification Recipient Page contains information for defining filters that determine whether traps are sent to specific users, and the trap type sent. SNMP notification filters provide the following services: •...
Page 333 Configuring SNMP Defining Trap Management Trap — Indicates traps are sent. Inform — Indicates informs are sent. Either SNMPv1,2 or SNMPv3 may be used as the version of traps, with only one version enabled at a single time. The SNMPv1,2 Notification Recipient area contains the following fields: •...
Page 334 Configuring SNMP Defining Trap Management Define the relevant fields. STEP 3 Click Apply. The SNMP Notification Recipient settings are defined, and the device STEP 4 is updated. Modifying SNMP Notifications Edit SNMP Notification Recipient Page allows system administrators to define Edit SNMP Notification Recipient Page notification settings.
Page 335 Configuring SNMP Defining Trap Management Inform — Indicates informs are sent. Either SNMPv1,2 or SNMPv3 may be used as the version of traps, with only one version enabled at a single time. The SNMPv1,2 Notification Recipient area contains the following fields: •...
Page 336: Defining Snmp Filter Settings
Configuring SNMP Defining Trap Management Define the relevant fields. STEP 3 Click Apply. The SNMP Notification Receivers are defined, and the device is STEP 4 configured. Defining SNMP Filter Settings Filter Settings Page permits filtering traps based on OIDs. Each OID is linked to a device feature or a feature aspect.
Page 337 Configuring SNMP Defining Trap Management Excluded — Restricts sending OID traps or informs. Included — Sends OID traps or informs. Add SNMP Notification Filter Page Click the Add button. The opens: STEP 2 Add SNMP Notification Filter Page Add SNMP Notification Filter Page contains the following fields: •...
Page 338: Chapter 13: Managing System Files
Managing System Files Managing System Files The configuration file structure consists of the following configuration files: • Startup Configuration File — Contains the commands required to reconfigure the device to the same settings as when the device is powered down or rebooted.
Page 339: Firmware Upgrade
Managing System Files Firmware Upgrade Firmware Upgrade Firmware files are downloaded as required for upgrading the firmware version or for backing up the system configuration. File names cannot contain slashes (\ or /), the leading letter of the file name should not be a period (.), and the maximum length for file names on the TFTP server is 127 characters or 31 characters for Firmware files on the switch.
Page 340: Save Configuration
Managing System Files Save Configuration • Supported IP Format — Indicates the supported IP version. The possible values are: — Indicates the device supports IPv6. — Indicates the device supports IPv4. • IPv6 Address Type — Displays the IPv6 Type. The possible field values are: Link local —...
Page 341 Managing System Files Save Configuration was started or rebooted. When the device shuts down or reboots the next time, this configuration becomes the Starting Configuration. • Starting configuration — Contains the parameter definitions which were valid in the Running Configuration when the system last rebooted or shut down. •...
Page 342: Copy Files
Managing System Files Copy Files Via TFTP • — Specifies that the configuration file is associated with a upgrade. • — Specifies that the configuration file contains the system backup configuration. Via HTTP • Source File — Name of the configuration file. Define the relevant fields.
Page 343 Managing System Files Copy Files Copy Files Page Click Admin > File Management > Copy Files. The opens: STEP 1 Copy Files Page Copy Files Page contains the following fields: • Copy Master Firmware — Indicates the Stacking Master image or boot file to copy.
Page 344: Active Image
Managing System Files Active Image Active Image Active Image Page allows network managers to select the Image files. For stackable device, active image is indicated/selected per each stack unit. Images are activated only after the device is reset. Active Image Page Click Admin >...
Page 345: Chapter 14: Managing Power-Over-Ethernet Devices
Managing Power-over-Ethernet Devices Defining PoE Settings Managing Power-over-Ethernet Devices Power-over-Ethernet (PoE) provides power to devices over existing LAN cabling, without updating or modifying the network infrastructure. Power-over-Ethernet removes the necessity of placing network devices next to power sources. Power-over-Ethernet can be used in the following applications: •...
Page 346 Managing Power-over-Ethernet Devices Defining PoE Settings PoE Settings Page Click Bridging > Port Management > PoE Settings. The opens: STEP 1 PoE Settings Page PoE Settings Page displays the currently configured PoE ports and contains the following information: • Port — Displays the selected port number. •...
Page 347 Managing Power-over-Ethernet Devices Defining PoE Settings Edit PoE Settings Page The Edit PoE Settings Page contains the following fields: • Port — Indicates the specific interface for which PoE parameters are defined, and assigned to the powered interface connected to the selected port. •...
Page 348 Managing Power-over-Ethernet Devices Defining PoE Settings • Power Consumption — Indicates the amount of power in milliwatts assigned to the powered device connected to the selected interface. • Overload Counter — Indicates the total power overload occurrences. • Short Counter — Indicates the total power shortage occurrences. •...
Page 349: Chapter 15: Managing Device Diagnostics
Managing Device Diagnostics Viewing Integrated Cable Tests Managing Device Diagnostics This section contains information for configuring port mirroring, running cable tests, and viewing device operational information, and includes the following topics: • Viewing Integrated Cable Tests • Performing Optical Tests •...
Page 350 Managing Device Diagnostics Viewing Integrated Cable Tests Copper Ports Page Click Admin > Diagnostics > Copper Ports. The opens: STEP 1 Copper Ports Page Copper Ports Page contains the following fields: • Unit Number — Indicates the unit number on which the tests are performed. •...
Page 351 Managing Device Diagnostics Viewing Integrated Cable Tests The following message appears: STEP 3 Click OK, The Copper Ports Page opens: STEP 4 Copper Ports Results Page The Copper Ports Results Page contains the following fields: • Port — Specifies port to which the cable is connected. •...
Page 352 Managing Device Diagnostics Viewing Integrated Cable Tests • Approximate Cable Length — Indicates the estimated cable length. This test can only be performed when the port is up and operating at 1 Gbps. Copper Cable Extended For testing on GE ports, an Advanced button opens the Feature Screen Advanced Cable Test Screen - GE Ports Copper Cable Extended Feature Screen...
Page 353: Performing Optical Tests
Managing Device Diagnostics Performing Optical Tests Click Done to close the window. STEP 5 Performing Optical Tests Optical Test Page allows network managers to perform tests on Fiber Optic cables. Optical transceiver diagnostics can be performed only when the link is present.
Page 354: Configuring Port Mirroring
Managing Device Diagnostics Configuring Port Mirroring • Loss of Signal — Indicates if a signal loss occurred in the cable. • Data Ready — Indicates the data status. Configuring Port Mirroring Port Mirroring monitors and mirrors network traffic by forwarding copies of incoming and outgoing packets from one port to a monitoring port.
Page 355 Managing Device Diagnostics Configuring Port Mirroring • Type — Indicates the port mode configuration for port mirroring. The possible field values are: RxOnly — Defines the port mirroring for receive traffic only on the selected port. TxOnly — Defines the port mirroring on transmitting ports. This is the default value.
Page 356: Modifying Port Mirroring
Managing Device Diagnostics Configuring Port Mirroring Define the relevant fields. STEP 3 Click Apply. Port mirroring is added, and the device is updated. STEP 4 Modifying Port Mirroring Port Mirroring Page Click Admin > Diagnostics > Port Mirroring. The opens: STEP 1 Edit Port Mirroring Page Click the Edit Button.
Page 357: Viewing Cpu Utilization
Managing Device Diagnostics Viewing CPU Utilization Viewing CPU Utilization CPU Utilization Page contains information about the system’s CPU utilization. CPU Utilization Page CPU Utilization Page contains the following fields: • CPU Utilization — Displays CPU resource utilization information. The possible field values are: Enabled —...
Page 358 Managing Device Diagnostics Viewing CPU Utilization 60 Sec — Indicates that the CPU utilization statistics are refreshed every 60 seconds. • Usage Percentages — Graph’s y-axis indicates the percentage of the CPU’s resources consumed by the device. • Time — Graph’s x-axis indicates the time, in 15,30,60 second intervals, that usage samples are taken.
Page 359: Chapter 16: Managing System Logs
Managing System Logs Enabling System Logs Managing System Logs The System Logs enable viewing device events in real time, and recording the events for later usage. System Logs record and manage events and report errors or informational messages. Event messages have a unique format, as per the SYSLOG protocols recommended message format for all error reporting.
Page 360 Managing System Logs Enabling System Logs Log Settings Page Click Admin > Logs > Logs Settings. The opens. STEP 1 Log Settings Page Log Settings Page contains the following fields: • Enable Logging — Indicates if message logging is enabled globally in the device.
Page 361: Viewing The Device Memory Logs
Managing System Logs Viewing the Device Memory Logs • Memory Logs — The selected Severity types will appear in chronological order in all system logs that are saved in RAM (Cache). After restart, these logs are deleted. • Log Flash — The selected Severity types will be sent to the Logging file kept in FLASH memory.
Page 362: Clearing Message Logs
Managing System Logs Viewing the Flash Logs • Log Time — Displays the time at which the log entry was generated. • Severity — Displays the event severity. • Description — Displays the log message text. Clearing Message Logs Message Logs can be cleared from the Memory Page .
Page 363: Clearing Flash Logs
Managing System Logs Viewing the Flash Logs Flash Page Click Admin > Logs > Flash. The opens: STEP 1 Flash Page Flash Page contains the following fields: • Log Index — Displays the log entry number. • Log Time — Displays the time at which the log entry was generated. •...
Page 364: Viewing Remote Logs
Managing System Logs Viewing Remote Logs Viewing Remote Logs Remote Log Servers Page contains information for viewing and configuring the Remote Log Servers. New log servers and the minimum severity level of events sent to them may be added. Remote Log Servers Page Click Admin >...
Page 365 Managing System Logs Viewing Remote Logs The following are the available log severity levels: Emergency — The highest warning level. If the device is down or not functioning properly, an emergency log message is saved to the specified logging location. Alert —...
Page 366 Managing System Logs Viewing Remote Logs Add Syslog Server Page Add Syslog Server Page contains fields for defining new Remote Log Servers. Add Syslog Server Page contains the following fields: • Supported IP Format — Provides the supported IP format: Version 6 or Version •...
Page 367: Modifying Syslog Server Settings
Managing System Logs Viewing Remote Logs • Description — Provides a user-defined server description. • Minimum Severity — Indicates the minimum severity level of logs that are sent to the server. For example, if Notice is selected, all logs from a Notice severity and higher are sent to the remote server.
Page 368 Managing System Logs Viewing Remote Logs Edit Syslog Server Page Edit Syslog Server Page contains fields for modifying Remote Log Server settings. Edit Syslog Server Page contains the following fields: • Server — Specifies the name of the Remote Log Server to which logs can be sent.
Page 369 Managing System Logs Viewing Remote Logs Critical — The third highest warning level. A critical log is saved if a critical device malfunction occurs; for example, two device ports are not functioning, while the rest of the device ports remain functional. Error —...
Page 370: Chapter 17: Viewing Statistics
Viewing Statistics Viewing Ethernet Statistics Viewing Statistics This section describes device statistics for RMON, interfaces, GVRP, EAP, and Etherlike statistics. This section contains the following topics: • Viewing Ethernet Statistics • Managing RMON Statistics • Managing QoS Statistics Viewing Ethernet Statistics The Ethernet section contains the following : •...
Page 371 Viewing Statistics Viewing Ethernet Statistics Ethernet Interface Page Click Statistics > Ethernet > Interface. The opens: STEP 1 Ethernet Interface Page Ethernet Interface Page contains the following fields: • Interface — Indicates the interface for which statistics are displayed. The possible field values are: Port —...
Page 372: Viewing Etherlike Statistics
Viewing Statistics Viewing Ethernet Statistics • Total Bytes (octets) — Displays the number of octets received on the interface since the page was last refreshed. This number includes bad packets and FCS octets, but excludes framing bits. • Unicast Packets — Displays the number of good Unicast packets received on the interface since the page was last refreshed.
Page 373 Viewing Statistics Viewing Ethernet Statistics Etherlike Page Click Statistics > Ethernet > Etherlike. The opens: STEP 1 Etherlike Page Etherlike Page contains Ethernet-like interface statistics. The Etherlike Page contains the following fields: • Interface — Indicates the interface for which statistics are displayed. The possible field values are: Port —...
Page 374: Viewing Gvrp Statistics
Viewing Statistics Viewing Ethernet Statistics • Frame Check Sequence (FCS) Errors — Displays the number of FCS errors received on the selected interface. • Single Collision Frames — Displays the number of single collision frames received on the selected interface. •...
Page 375 Viewing Statistics Viewing Ethernet Statistics GVRP Page Click Statistics > Ethernet > GVRP. The opens: STEP 1 GVRP Page GVRP Page is divided into two areas, GVRP Statistics Table and GVRP Error Statistics Table. The following fields are relevant for both tables: •...
Page 376: Viewing Eap Statistics
Viewing Statistics Viewing Ethernet Statistics • Empty — Displays the device GVRP Empty statistics. • Leave Empty — Displays the device GVRP Leave Empty statistics. • Join In — Displays the device GVRP Join In statistics. • Leave In — Displays the device GVRP Leave in statistics. •...
Page 377 Viewing Statistics Viewing Ethernet Statistics EAP Page STEP 1 Click Statistics > Ethernet > EAP. The opens: EAP Page The EAP Page contains the following fields: • Unit Number — Indicates the stacking member for which the EAP statistics are displayed.
Page 378: Managing Rmon Statistics
Viewing Statistics Managing RMON Statistics • Start Frames Receive — Indicates the number of EAPOL Start frames received on the port. • Log off Frames Receive — Indicates the number of EAPOL Logoff frames that have been received on the port. •...
Page 379: Viewing Rmon Statistics
Viewing Statistics Managing RMON Statistics Viewing RMON Statistics RMON Statistics Page contains fields for viewing information about device utilization and errors that occurred on the device. To view the RMON statistics: RMON Statistics Page Click Statistics > RMON > Statistics. The opens: STEP 1 RMON Statistics Page...
Page 380 Viewing Statistics Managing RMON Statistics 30 Sec — Indicates that the RMON statistics are refreshed every 30 seconds. 60 Sec — Indicates that the RMON statistics are refreshed every 60 seconds. • Received Bytes (Octets) — Displays the number of octets received on the interface since the page was last refreshed.
Page 381: Resetting Rmon Statistics Counters
Viewing Statistics Configuring RMON History Interface Select an interface in the field. The RMON statistics are displayed. STEP 2 Resetting RMON Statistics Counters Click the Reset Counters button. The RMON statistics counters are cleared. STEP 3 Configuring RMON History This section contains the following topics: •...
Page 382 Viewing Statistics Configuring RMON History RMON History Control Page 1. Click Statistics > RMON > History. The opens. STEP 1 RMON History Control Page RMON History Control Page contains the following fields: • History Entry No. — Number automatically assigned to the table entry number. •...
Page 383 Viewing Statistics Configuring RMON History Add RMON History Page Add RMON History Page contains the following fields: • New History Entry — Number automatically assigned to the table entry number. • Source Interface — Select the interface (port or LAG) from which the history samples will be taken.
Page 384: Viewing The Rmon History Table
Viewing Statistics Configuring RMON History Edit RMON History Page Edit RMON History Page contains the following fields: • History Entry No. — Displays the entry number for the History Control Table page. • Source Interface — Displays the interface (port or LAG) from which the history samples are taken.
Page 385 Viewing Statistics Configuring RMON History To view the RMON History Table: RMON History Control Page Click Statistics > RMON > History. The opens: STEP 1 RMON History Table Page Click the History Table button. The opens: STEP 2 RMON History Table Page RMON History Table Page contains the following fields: •...
Page 386: Defining Rmon Events Control
Viewing Statistics Configuring RMON History • Received Packets — Displays the number of packets received on the interface since the page was last refreshed, including bad packets, Multicast and Broadcast packets. • Broadcast Packets — Displays the number of good Broadcast packets received on the interface since the page was last refreshed.
Page 387 Viewing Statistics Configuring RMON History RMON Events Page Click Statistics > RMON > Events. The opens: STEP 1 RMON Events Page RMON Events Page contains the following fields: • Event Entry — Displays the event index number. • Community — Displays the SNMP community string. •...
Page 388 Viewing Statistics Configuring RMON History Add RMON Events Page Add RMON Events Page contains the following fields: • Event Entry — Indicates the event entry index number. • Community — Displays the SNMP community string. • Description — Displays a user-defined event description. •...
Page 389: Viewing The Rmon Events Logs
Viewing Statistics Configuring RMON History Edit RMON Events Page Edit RMON Events Page contains the following fields: • Entry Event No. — Displays the event entry index number. • Community — Displays the SNMP community string. • Description — Displays the user-defined event description. •...
Page 390: Defining Rmon Alarms
Viewing Statistics Configuring RMON History RMON Events Log Page RMON Events Log Page contains the following fields: • Event — Displays the RMON Events Log entry number. • Log No.— Displays the log number. • Log Time — Displays the time when the log entry was entered. •...
Page 391 Viewing Statistics Configuring RMON History RMON Alarms Page Click Statistics > RMON > Alarms. The opens: STEP 1 RMON Alarms Page RMON Alarms Page contains the following fields: • Alarm Entry — Indicates the alarm entry number. • Counter Name — Displays the selected MIB variable. •...
Page 392 Viewing Statistics Configuring RMON History • Rising Threshold — Displays the rising counter value that triggers the rising threshold alarm. The rising threshold is presented on top of the graph bars. Each monitored variable is designated a color. • Rising Event — Selects an event which is defined in the Events table that triggers the rising threshold alarm.
Page 393 Viewing Statistics Configuring RMON History Add RMON Alarm Page Add RMON Alarm Page contains the following fields: • Alarm Entry — Indicates the alarm entry number. • Interface — Displays the interface (port or LAG) for which RMON statistics are displayed.
Page 394 Viewing Statistics Configuring RMON History • Falling Threshold — Displays the falling counter value that triggers the falling threshold alarm. The falling threshold is graphically presented on top of the graph bars. Each monitored variable is designated a color. • Falling Event —...
Page 395 Viewing Statistics Configuring RMON History Edit RMON Alarm Page Edit RMON Alarm Page contains the following fields: • Alarm Entry — Indicates the alarm entry number. • Interface — Displays the interface (port or LAG) for which RMON statistics are displayed.
Page 396: Managing Qos Statistics
Viewing Statistics Managing QoS Statistics • Falling Threshold — Displays the falling counter value that triggers the falling threshold alarm. The falling threshold is graphically presented on top of the graph bars. Each monitored variable is designated a color. • Falling Event —...
Page 397 Viewing Statistics Managing QoS Statistics To view policer statistics: Click Quality of Service > QoS Statistics >Aggregated Policer Statistics. The STEP 1 Policer Statistics Page opens: Policer Statistics Page Policer Statistics Page contains the following fields: • Interface — Displays the interface (port or LAG) for which Policer statistics are displayed.
Page 398: Viewing Aggregated Policer Statistics
Viewing Statistics Managing QoS Statistics Click Apply. The Police Statistics accumulation configuration is modified, and the STEP 3 device is updated. Viewing Aggregated Policer Statistics To view Aggregated Policer Statistics: To view Aggregated Policer Statistics Aggregate Click Quality of Service > QoS Statistics >Aggregate Polcier. The STEP 1 Policer Page opens:...
Page 399 Viewing Statistics Managing QoS Statistics Queues Click Quality of Service > QoS Statistics > Queues Statistics. The STEP 1 Statistics Page opens: Queues Statistics Page Queues Statistics Page contains the following fields: • Set — Displays the counter set. The possible field values are: Set 1 —...
Page 400 Viewing Statistics Managing QoS Statistics Add Queues Statistics Page Add Queues Statistics Page contains the following fields: • Select Counter Set — Selects the counter set. • Interface — Defines the ports for which statistics are displayed. The possible field values are: Unit No.
Page 401 Viewing Statistics Managing QoS Statistics Resetting Queues Statistics Counters Click Quality of Service > QoS Statistics > Queues Statistics. The Queues STEP 1 Statistics Page opens: Click Clear Counters. The Queues statistics counters are cleared. Cisco Small Business SFE/SGE Managed Switches Administration Guide...
Page 402: Chapter 18: Aggregating Ports
Aggregating Ports Aggregating Ports Link Aggregated Groups (LAGs) optimize port usage by linking a group of ports together to form a single aggregated group. Link aggregated groups multiply the bandwidth between the devices, increase port flexibility, and provide link redundancy. The device supports both static LAGs and Link Aggregation Control Protocol (LACP) LAGs.
Page 403: Defining Lag Management
Aggregating Ports Defining LAG Management • Configuring LACP Defining LAG Management Ports added to a LAG lose their individual port configuration. When ports are removed from the LAG, the original port configuration is applied to the ports. To define LAG management: LAG Management Click Bridging >...
Page 404 Aggregating Ports Defining LAG Management Define the relevant fields. STEP 2 Click Apply. LAG Management is defined, and the device is updated. STEP 3 Modifying LAG Membership LAG Management Click Bridging > Port Management > LAG Management. The STEP 1 Page opens: Edit LAG Membership Page...
Page 405: Defining Lag Settings
Aggregating Ports Defining LAG Settings Click Apply. The LAG membership is defined, and the device is updated. STEP 4 Defining LAG Settings Link Aggregated Groups optimize port usage by linking a group of ports together to form a single aggregated group. Link aggregated groups multiply the bandwidth between the devices, increase port flexibility, and provide link redundancy.
Page 406 Aggregating Ports Defining LAG Settings • Copy From Entry Number — Copies the LAG configuration from the specified table entry. • To Entry Number(s) — Assigns the copied LAG configuration to the specified table entry. • LAG — Displays the LAG ID number. •...
Page 407 Aggregating Ports Defining LAG Settings Edit LAG Page Edit LAG Page contains the following fields: • LAG — Displays the LAG ID number. • Description — Displays the user-defined port name. • LAG Type — Indicates he port types that comprise the LAG. •...
Page 408 Aggregating Ports Defining LAG Settings advertise its transmission rate, and flow control (the flow control default is disabled) abilities to its partner. • Current Auto Negotiation — Displays the current Auto Negotiation setting. • Admin Advertisement — Specifies the capabilities to be advertised by the LAG.
Page 409: Configuring Lacp
Aggregating Ports Configuring LACP Configuring LACP Aggregate ports can be linked into link-aggregation port-groups. Each group is comprised of ports with the same speed, set to full-duplex operations. Aggregated Links can be manually setup or automatically established by enabling Link Aggregation Control Protocol (LACP) on the relevant links. Aggregate ports can be linked into link-aggregation port-groups.
Page 410 Aggregating Ports Configuring LACP • Port Priority — Defines the LACP priority value for the port. The field range is 1- 65535. • LACP Timeout — Administrative LACP timeout. The possible field values are: Short — Defines a short timeout value. Long —...

This manual is also suitable for:

Sge2000p Sge2010 Sfe2010 Sfe2000

Cisco SGE2000 - - Gigabit Switch Administration Manual

Table of Contents

Chapter 1: Getting Started

Chapter 2: Managing Device Information

Chapter 3: Configuring System Time

Chapter 4: Configuring Device Security

Click the Edit Button. the Edit IP Based Acl Page

Chapter 5: Configuring Ports

Edit Port

Chapter 6: Configuring Vlans

Chapter 7: Configuring IP Information

Chapter 8: Defining Address Tables

Chapter 9: Configuring Multicast Forwarding

Chapter 10: Configuring Spanning Tree

Chapter 11: Configuring Quality of Service

Chapter 12: Configuring SNMP

Chapter 13: Managing System Files

Chapter 14: Managing Power-Over-Ethernet Devices

Chapter 15: Managing Device Diagnostics

Chapter 16: Managing System Logs

Chapter 17: Viewing Statistics

Chapter 18: Aggregating Ports

Quick Links

Chapters

Related Manuals for Cisco SGE2000 - Cisco - Gigabit Switch

Summary of Contents for Cisco SGE2000 - Cisco - Gigabit Switch