Cisco Small Business 200 Series Administration Manual

Cisco Small Business 200 Series Administration Manual

Small business 200 series smart switch
Hide thumbs Also See for Small Business 200 Series:
Table of Contents

Advertisement

ADMINISTRATION
GUIDE
Cisco Small Business 200 Series Smart Switch
Administration Guide

Advertisement

Table of Contents
loading

Summary of Contents for Cisco Small Business 200 Series

  • Page 1 ADMINISTRATION GUIDE Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 2: Table Of Contents

    Health RMON View Log Chapter 4: Administration: System Log Setting System Log Settings Setting Remote Logging Settings Viewing Memory Logs Chapter 5: Administration: File Management System Files Upgrade/Backup Firmware/Language Download/Backup Configuration/Log Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 3 Discovery - LLDP Discovery - CDP Ping Chapter 7: Administration: Time Settings System Time Options SNTP Modes Configuring System Time Chapter 8: Administration: Diagnostics Copper Ports Tests Displaying Optical Module Status Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 4 Chapter 11: Port Management: Unidirectional Link Detection UDLD Overview UDLD Operation Usage Guidelines Dependencies On Other Features Default Settings and Configuration Before You Start Common UDLD Tasks Configuring UDLD Chapter 12: Smartport Overview Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 5 PoE Properties PoE Settings Chapter 14: VLAN Management Overview Regular VLANs Voice VLAN Chapter 15: Spanning Tree STP Flavors STP Status and Global Settings Spanning Tree Interface Settings Rapid Spanning Tree Settings Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 6 Overview IPv4 Management and Interfaces Domain Name Chapter 19: Security Defining Users Configuring RADIUS Management Access Method Management Access Authentication Secure Sensitive Data Management SSL Server SSH Client Configuring TCP/UDP Services Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 7 SSH Client Configuration Through the GUI Chapter 22: Security: Secure Sensitive Data Management Introduction SSD Rules SSD Properties Configuration Files SSD Management Channels Menu CLI and Password Recovery Configuring SSD Chapter 23: Quality of Service Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 8 Chapter 24: SNMP SNMP Versions and Workflow Model OIDs SNMP Engine ID Configuring SNMP Views Creating SNMP Groups Managing SNMP Users Defining SNMP Communities Defining Trap Settings Notification Recipients SNMP Notification Filters Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 9: Chapter 2: Getting Started

    When the device is using the factory default IP address of 192.168.1.254, its power NOTE LED flashes continuously. When the device is using a DHCP-assigned IP address or an administrator-configured static IP address, the power LED is on solid. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 10 Starting the Web-based Configuration Utility Logging In The default username is cisco and the default password is cisco. The first time that you log in with the default username and password, you are required to enter a new password. If you have not previously selected a language for the GUI, the language of the Login...
  • Page 11 Password Expiration The New Password page is displayed in the following cases: • The first time that you access the device with the default username cisco and password cisco. This page forces you to replace the factory default password. •...
  • Page 12 The initial page displayed depends on the “Do not show this page on startup” option in the Getting Started page. If you did not select this option, the initial page is the Getting Started page. If you did select this option, the initial page is the System Summary page. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 13: Quick Start Device Configuration

    Port and VLAN Mirroring page There are two hot links on the Getting Started page that take you to Cisco web pages for more information. Clicking on the Support link takes you to the device product support page, and clicking on the Forums link takes you to the Small Business Support Community page.
  • Page 14 Gigabit Ethernet ports (10/100/1000 bits)—These are displayed as GE. LAG (Port Channel)—These are displayed as LAG. VLAN—These are displayed as VLAN. Tunnel —These are displayed as Tunnel. • Interface Number: Port, LAG, tunnel or VLAN ID Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 15: Window Navigation

    Configuration and sets the device parameters according to the data in the Running Configuration. Username Displays the name of the user logged on to the device. The default username is cisco. (The default password is cisco). Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 16 SYSLOG Alert Status icon is no longer displayed. To display the page when there is not an active SYSLOG message, Click Status and Statistics > View Log > RAM Memory. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 17 Click to clear the statistic counters for the selected Counters interface. Clear Logs Clears log files. Clear Table Clears table entries. Close Returns to main page. If any changes were not applied to the Running Configuration, a message appears. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 18 Enter the query filtering criteria and click Go. The results are displayed on the page. Refresh Clich Refresh to refresh the counter values. Test Click Test to perform the related tests. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 19: Chapter 3: Status And Statistics

    This page is useful for analyzing the amount of traffic that is both sent and received and its dispersion (Unicast, Multicast, and Broadcast). To display Ethernet statistics and/or set the refresh rate: Click Status and Statistics > Interface. STEP 1 Enter the parameters. STEP 2 Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 20: Etherlike Statistics

    This page provides more detailed information regarding errors in the physical layer (Layer 1) that might disrupt traffic. To view Etherlike Statistics and/or set the refresh rate: Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 21: 802.1X Eap Statistics

    To configure the 802.1X feature, see the 802.1X Properties page. To view the EAP Statistics and/or set the refresh rate: Click Status and Statistics > 802.1x EAP. STEP 1 Select the Interface that is polled for statistics. STEP 2 Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 22: Health

    Click Clear Interface Counters to clear the selected interfaces counters. • Click Refresh to refresh the selected interfaces counters. • Click View All Interfaces Statistics to clear the counters of all interfaces. Health See Health. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 23: Rmon

    Select the Interface for which Ethernet statistics are to be displayed. STEP 2 Select the Refresh Rate, which is the time period that passes before the interface STEP 3 statistics are refreshed. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 24 Frames of 256 to 511 Bytes—Frames, containing 256-511 bytes that were received. • Frames of 512 to 1023 Bytes—Frames, containing 512-1023 bytes that were received. • Frames of 1024 Bytes or More—Frames, containing 1024-2000 bytes, and Jumbo Frames, that were received. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 25: Rmon History

    Click Apply. The entry is added to the History Control Table page and the Running STEP 4 Configuration file is updated. Click History Table (described below) to view the actual statistics. STEP 5 Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 26: Rmon History Table

    FCS octets that had either a bad FCS (Frame Check Sequence) with an integral number of octets (FCS Error) or a bad FCS with a non-integral octet (Alignment Error) number. • Collisions—Collisions received. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 27: Rmon Events Control

    Log and Trap—Add a log entry to the Event Log table and send a trap to the remote log server when the alarm goes off. • Owner—Enter the device or user that defined the event. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 28: Rmon Alarms

    One or more alarms are bound to an event, which indicates the action to be taken when the alarm occurs. Alarm counters can be monitored by either absolute values or changes (delta) in the counter values. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 29 Rising and Falling—Both rising and falling values trigger the alarm. • Interval—Enter the alarm interval time in seconds. • Owner—Enter the name of the user or network management system that receives the alarm. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 30: View Log

    Status and Statistics View Log Click Apply. The RMON alarm is saved to the Running Configuration file. STEP 4 View Log Viewing Memory Logs. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 31: Chapter 4: Administration: System Log

    The event severity levels are listed from the highest severity to the lowest severity, as follows: • Emergency—System is not usable. • Alert—Action is needed. • Critical—System is in a critical condition. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 32 IPv6 Address—Include the IPv6 address of the sending interface in SYSLOG messages. User Defined—Enter a description to be included in SYSLOG messages. • RAM Memory Logging—Select the severity levels of the messages to be logged to the RAM. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 33: Setting Remote Logging Settings

    FE80, is not routable, and can be used for communication only on the local network. Only one link local address is supported. If a link local address exists on the interface, this entry replaces the address in the configuration. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 34: Viewing Memory Logs

    The top of the page has a button that allows you to Disable Alert Icon Blinking. Click. This button toggles between disable and enable. The Current Logging Threshold specifies the levels of logging that are generated. This can be changed by clicking Edit by the field’s name. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 35 Log Index—Log entry number. • Log Time—Time when message was generated. • Severity—Event severity. • Description—Message text describing the event. To clear the messages, click Clear Logs. The messages are cleared. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 36: Chapter 5: Administration: File Management

    HTTP/HTTPS that uses the facilities that the browser provides • TFTF/SCP client, requiring a TFTP/SCP server Configuration files on the device are defined by their type, and contain the settings and parameter values for the device. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 37 Configuration Files Properties page. • Backup Configuration—A manual copy of a configuration file used for protection against system shutdown or for the maintenance of a specific operating state. You can copy the Mirror Configuration, Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 38 Enable automatically uploading a configuration file from a DHCP server to the device, as described in the section. This section covers the following topics: • Upgrade/Backup Firmware/Language • Download/Backup Configuration/Log • Configuration Files Properties • Copy/Save Configuration • Auto Configuration/Image Update via DHCP Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 39: Upgrade/Backup Firmware/Language

    Select one of the following Save Action:: • Upgrade—Specifies that the file type on the device is to be replaced with a new version of that file type located on a TFTP server. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 40 SSH user authentication method (password or public/private key), set a username and password on the device (if the password method is selected), and generate an RSA or DSA key if required. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 41 • (For Backup) Destination File Name—Enter the name of the backup file. Click Apply. If the files, passwords and server addresses are correct, one of the STEP 6 following may happen: Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 42: Configuration File Backwards Compatibility

    If the configuration file is downloaded during an automatic configuration process, the Startup Configuration file is deleted and the device reboots automatically in the new System mode. The device is configured with an empty configuration file. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 43 Backup—Specifies that a file type is to be copied to a file on another device. Enter the following fields: a. TFTP Server Definition—Select whether to specify the TFTP server by IP address or by domain name. b. IP Version—Select whether an IPv4 or an IPv6 address is used. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 44 Destination File Type—Select the configuration file type. Only valid file types are displayed. (The file types are described in the Files and File Types section). c. Click Apply. The file is transferred from the other device to the device. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 45 SCP Server Definition—Select whether to specify the SCP server by IP address or by domain name. • IP Version—Select whether an IPv4 or an IPv6 address is used. • IPv6 Address Type—Select the IPv6 address type (if used). The options are: Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 46 NOTE refer to Secure Sensitive Data Management > SSD Rules page. • Destination File Name—Name of file being copied to. Click Apply. The file is upgraded or backed up. STEP 6 Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 47: Configuration Files Properties

    Unless the Running Configuration is copied to the Startup Configuration or another CAUTION configuration file, all changes made since the last time the file was copied are lost when the device is rebooted. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 48 The Save Icon Blinking field indicates whether an icon blinks when there is STEP 5 unsaved data. To disable/enable this feature, click Disable/Enable Save Icon Blinking. Click Apply. The file is copied. STEP 6 Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 49: Auto Configuration/Image Update Via Dhcp

    The Auto Configuration/Image Update feature provides a convenient method to automatically configure Cisco Small Business 200, 300 and 500 switches in a network and upgrade their firmware. This process enables the administrator to remotely ensure that the configuration and firmware of these devices in the network are up-to-date.
  • Page 50 DHCPv4 servers and in the Information Reply messages coming from DHCPv6 servers. If this information is not found in the DHCP server messages, backup information that has been configured in the DHCP Auto Configuration/Image Update page is used. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 51 SYSLOG messages are generated by the copy process. Missing Options • If the DHCP server did not send the TFTP/SCP server address in a DHCP option and the backup TFTP/SCP server address parameter has not been configured, then: Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 52 Auto Configuration/Image Update via DHCPv6 is triggered when the following conditions are fulfilled: • When a DHCPv6 server sends information to the device. This occurs in the following cases: When an IPv6-enabled interface is defined as a DHCPv6 stateless configuration client. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 53 Default Settings and Configuration The following defaults exist on the system: • Auto Configuration is enabled. • Auto Image Update is enabled. • The device is enabled as a DHCP client. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 54 2. Create an indirect file that contains a path and the name of the firmware version (for example indirect- cisco.txt that contains cisco\cisco-version.ros). 3. Copy this indirect file to the TFTP/SCP server’s main directory Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 55 —Select to indicate that only the SCP protocol is to be used for auto configuration. • Image Auto Update Via DHCP—Select this field to enable update of the firmware image from the DHCP server. This feature is enabled by default, but can be disabled here. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 56 Enter the following optional information that is used if the DHCP server did not STEP 3 provide the required information. • Backup Server IP Address/Name—Enter either the backup server IP address or name. • Backup Configuration File Name—Enter the backup configuration file name. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 57 Backup Indirect Image File Name—Enter the indirect image file name to be used. This is holds the path to the image. An example of an indirect image file name is: indirect-cisco.scp. This file contains the path and name of the firmware image.
  • Page 58: Chapter 6: Administration

    Discovery - LLDP • Discovery - CDP • Ping Device Models All models can be fully managed through the web-based switch configuration utility. Interface Naming Conventions for port naming conventions. NOTE Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 59 48 FE ports + 2 GE special-purpose 180W 24 PoE ports combo-ports SG200-10FP SG200- 10-Port Gigabit PoE Smart Switch 10FP V.0 SF200-24FP SF200- 24-Port 10/100 PoE Smart Switch 180W 24FP V.0 Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 60: System Settings

    System Object ID—Unique vendor identification of the network management subsystem contained in the entity (used in SNMP). • System Uptime—Time that has elapsed since the last reboot. • Current Time—Current system time. • Base MAC Address—Device MAC address. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 61 View or modify the system settings. STEP 2 • System Description—Displays a description of the device. • System Location—Enter the physical location of the device. • System Contact—Enter the name of a contact person. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 62: Management Interface

    HTTP session can remain idle before it times out and you must log in again to reestablish the session. • HTTP Session Timeout • HTTPS Session Timeout Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 63: Time Settings

    You can back up the device configuration by using Configuration or clicking Save at the top of the window. You can also upload the configuration from a remote device. See the Download/Backup Configuration/Log section. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 64 Startup Configuration file, and the backup configuration file. The mirror configuration file is not deleted when restoring to factory default. • Clear Startup Configuration File—Check to clear the startup configuration on the device for the next time it boots up. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 65: Health

    • (On devices that support PoE) Disable the PoE circuitry so that less power is consumed and less heat is emitted. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 66: Diagnostics

    OK—The temperature is below the warning threshold. Warning—The temperature is between the warning threshold to the critical threshold. Critical—Temperature is above the critical threshold Diagnostics Administration: Diagnostics. Discovery - Bonjour See Bonjour. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 67: Discovery - Lldp

    If the Auto option is selected, the system computes the source address based on the NOTE destination address. • Destination IPv6 Address Type—Select Link Local or Global as the type of IPv6 address to enter as the destination IP address. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 68 STEP 3 added to the list of messages, indicating the result of the ping operation. View the results of ping in the Ping Counters and Status section of the page. STEP 4 Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 69: Chapter 7: Administration: Time Settings

    As part of the boot process, the device always configures the time, time zone, and DST. These parameters are obtained from the PC running the GUI, SNTP, values set manually, or if all else fails, from the factory defaults. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 70 Dynamic configuration of the time zone and DST continues after the IP address lease time has expired. • Manual configuration of the time zone and DST becomes the Operational time zone and DST, only if the dynamic configuration is disabled or fails. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 71: Sntp Modes

    Use the System Time page to select the system time source. If the source is manual, you can enter the time here. If the system time is set manually and the device is rebooted, the manual time CAUTION settings must be reentered. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 72 Time Zone Offset—Select the difference in hours between Greenwich Mean Time (GMT) and the local time. For example, the Time Zone Offset for Paris is GMT +1, while the Time Zone Offset for New York is GMT – 5. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 73 Week —Week within the month from which DST ends every year. Month —Month of the year in which DST ends every year. Time —The time at which DST ends every year. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 74: Adding A Unicast Sntp Server

    (stratum level 1) unless polling interval is enabled. • Status—SNTP server status. The possible values are: Up—SNTP server is currently operating normally. Down—SNTP server is currently not available. Unknown—SNTP server is currently being searched for by the device. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 75 • SNTP Server—Select the name of the SNTP server from a list of well-known NTP servers. If other is chosen, enter the name of an SNTP server in the adjacent field. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 76: Configuring The Sntp Mode

    SNTP IPv6 Anycast Client Mode (Client Broadcast Transmission)—Select to transmit SNTP IPv6 synchronization packets requesting system time information. The packets are transmitted to all SNTP servers on the subnet. Click Apply to save the settings to the Running Configuration file. STEP 3 Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 77: Defining Sntp Authentication

    Trusted Key—Select to enable the device to receive synchronization information only from a SNTP server by using this authentication key. Click Apply. The SNTP Authentication parameters are written to the Running STEP 6 Configuration file. STEP 7 Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 78: Chapter 8: Administration: Diagnostics

    (Mandatory) Disable Short Reach mode (see the Port Management > Green Ethernet > Properties page) • (Optional) Disable EEE (see the Port Management > Green Ethernet > Properties page) Use a CAT5 data cable when testing cables using (VCT). Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 79 If the port being tested is a Giga port, the Advanced Information block contains the following information, which is refreshed each time you enter the page: • Cable Length: Provides an estimate for the length. • Pair—Cable wire pair being tested. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 80: Displaying Optical Module Status

    10 km. • MGBSX1:1000BASE-SX SFP transceiver, for multimode fiber, 850 nm wavelength, supports up to 550 • MGBT1: 1000BASE-T SFP transceiver for category 5 copper wire, supports up to 100 m. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 81: Configuring Port And Vlan Mirroring

    Mirroring does not guarantee that all traffic from the source port(s) is received on the analyzer (destination) port. If more data is sent to the analyzer port than it can support, some data might be lost. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 82 Rx Only—Port mirroring on incoming packets. Tx Only—Port mirroring on outgoing packets. Tx and Rx—Port mirroring on both incoming and outgoing packets. Click Apply. Port mirroring is added to the Running Configuration. STEP 4 Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 83: Viewing Cpu Utilization And Secure Core Technology

    STEP 2 Select the Refresh Rate (time period in seconds) that passes before the statistics STEP 3 are refreshed. A new sample is created for each time period. Click Apply. STEP 4 Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 84: Chapter 9: Administration: Discovery

    When Bonjour Discovery is disabled, the device stops service type advertisements and does not respond to requests for service from network management applications. By default, Bonjour is enabled on all interfaces that are members of the Management VLAN. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 85: Lldp And Cdp

    LLDP and CDP LLDP (Link Layer Discovery Protocol) and CDP (Cisco Discovery Protocol) are link layer protocols for directly-connected LLDP and CDP-capable neighbors to advertise themselves and their capabilities. By default, the device sends an LLDP/CDP advertisement periodically to all its interfaces and processes incoming LLDP and CDP packets as required by the protocols.
  • Page 86: Configuring Lldp

    LLDP Port Settings • LLDP MED Network Policy • LLDP MED Port Settings • LLDP Port Status • LLDP Local Information • LLDP Neighbor Information • LLDP Statistics • LLDP Overloading Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 87: Lldp Overview

    LLDP MED Port Settings page. 5. If Auto Smartport is to detect the capabilities of LLDP devices, enable LLDP in the Smartport Properties page. 6. Display overloading information by using the LLDP Overloading page. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 88: Lldp Properties

    LLDP-MED Fast Start mechanism is initialized. This occurs when a new endpoint device links to the device. For a description of LLDP MED, refer to the LLDP MED Network Policy section. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 89: Lldp Port Settings

    Selected Optional TLVs—Select the information to be published by the device by moving the TLV from the Available Optional TLVs list. The available TLVs contain the following information: Port Description—Information about the port, including manufacturer, product name and hardware/software version. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 90 Port & Protocol VLAN ID—Select to advertise the port and protocol VLAN ID. • VLAN ID—Select which VLANs will be advertised. • Protocol IDs—Select which protocols will be advertised. • Selected Protocol IDs—Displays selected protocols. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 91: Lldp Med Network Policy

    In addition, an administrator can instruct the device to automatically generate and advertise a network policy for voice application based on the voice VLAN maintained by the device. Refer the Auto Voice VLAN section for details on how the device maintains its voice VLAN. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 92 Click Apply. The network policy is defined. STEP 6 You must manually configure the interfaces to include the desired manually-defined network NOTE policies for the outgoing LLDP packets using the LLDP MED Port Settings. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 93: Lldp Med Port Settings

    Available Network Policies list to the Selected Network Policies list. These were created in the LLDP MED Network Policy page To include one or more user-defined network polices in the advertisement, you must also select Network Policy from the Available Optional TLVs. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 94 Supported System Capabilities—Primary functions of the device, such as Bridge, WLAN AP, or Router. • Enabled System Capabilities—Primary enabled function(s) of the device. • Port ID Subtype—Type of the port identifier that is shown. LLDP Port Status Table • Interface—Port identifier. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 95: Lldp Local Information

    Enabled System Capabilities—Primary enabled function(s) of the device. • Port ID Subtype—Type of the port identifier that is shown. • Port ID—Identifier of port. • Port Description—Information about the port, including manufacturer, product name and hardware/ software version. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 96 Local Rx—Indicates the time (in micro seconds) that the receiving link partner requests that the transmitting link partner waits before transmission of data following Low Power Idle (LPI mode). • Remote Tx Echo—Indicates the local link partner’s reflection of the remote link partner’s Tx value. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 97 Civic—Street address. • Coordinates—Map coordinates: latitude, longitude, and altitude. • ECS ELIN—Emergency Call Service (ECS) Emergency Location Identification Number (ELIN). Network Policy Table • Application Type—Network policy application type; for example, Voice. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 98: Lldp Neighbor Information

    System Name—Published name of the device. • Time to Live—Time interval (in seconds) after which the information for this neighbor is deleted. Select a local port, and click Details. STEP 3 Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 99 Interface Number—Port number. MAC/PHY Details • Auto-Negotiation Supported—Port speed auto-negotiation support status. The possible values are True and False. • Auto-Negotiation Enabled—Port speed auto-negotiation active status. The possible values are True and False. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 100 Local Rx Echo—Indicates the local link partner’s reflection of the remote link partner’s Rx value. MED Details • Capabilities Supported—MED capabilities enabled on the port. • Current Capabilities—MED TLVs advertised by the port. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 101 802. 1 VLAN and Protocol • PVID—Advertised port VLAN ID. PPVIDs PPVID Table • VID—Protocol VLAN ID. • Supported—Supported Port and Protocol VLAN IDs. • Enabled—Enabled Port and Protocol VLAN IDs. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 102: Lldp Statistics

    Select a port and click LLDP Port Status Table to see the details in the LLDP Port STEP 4 Status Table. LLDP Statistics The LLDP Statistics page displays LLDP statistical information per port. To view the LLDP statistics: Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 103: Lldp Overloading

    Interface—Port identifier. • Total Bytes In-Use—Total number of bytes of LLDP information in each packet • Available Bytes Left—Total number of available bytes left for additional LLDP information in each packet. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 104 —If the LLDP MED optional TLVs packets were sent, or if they were overloaded. • LLDP MED Inventory Size (Bytes) —Total LLDP MED inventory TLVs packets byte size. Status —If the LLDP MED inventory packets were sent, or if they were overloaded. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 105: Configuring Cdp

    • CDP Statistics CDP Properties Similar to LLDP, the Cisco Discovery Protocol (CDP) is a link layer protocol for directly-connected neighbors to advertise themselves and their capabilities to each other. Unlike LLDP, CDP is a Cisco proprietary protocol. CDP Configuration Workflow The followings is sample workflow for configuring CDP on the device.
  • Page 106 Device ID Format—Select the format of the device ID (MAC address or serial number). The following options are possible: MAC Address—Use the MAC address of the device as the device ID. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 107 This page displays the following CDP information for each interface. • CDP Status—CDP publishing option for the port. • Reporting Conflicts with CDP Neighbors—Status of the reporting options that are enabled/disabled in the Edit page (Voice VLAN/Native VLAN/Duplex). Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 108 This means that the duplex information in the incoming frame does not match what the local device is advertising. Enter the relevant information, and click Apply. The port settings are written to the STEP 3 Running Configuration. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 109 Native VLAN—The native VLAN identifier advertised in the native VLAN TLV. • Full/Half Duplex TLV Duplex—Whether port is half or full duplex advertised in the full/half duplex TLV. • Appliance TLV Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 110 The CDP Neighbors Information page displays CDP information received from neighboring devices. After timeout (based on the value received from the neighbor Time To Live TLV during which no CDP PDU was received from a neighbor), the information is deleted. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 111 7 indicate Other, Repeater, Bridge, WLAN AP, Router, Telephone, DOCSIS cable device, and station respectively. Bits 8 through 15 are reserved. • Platform—Identifier of the neighbors platform. • Neighbor Interface—Interface number of the neighbor through which frame arrived. • Native VLAN—Neighbors native VLAN. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 112: Cdp Statistics

    Other Errors—Number of packets received with errors other than illegal checksums. • Neighbors Over Maximum—Number of times that packet information could not be stored in cache because of lack of room. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 113 Administration: Discovery CDP Statistics To clear all counters on all interfaces, click Clear All Interface Counters. To clear all counters on an interface, select it and click Clear Interface Counters. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 114: Chapter 10: Port Management

    5. Configure Green Ethernet and 802.3 Energy Efficient Ethernet by using the Properties page. 6. Configure Green Ethernet energy mode and 802.3 Energy Efficient Ethernet per port by using the Port Settings page. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 115: Port Configuration

    Combo Fiber—SFP Fiber Gigabit Interface Converter Port with the following values: 100M and 1000M (type: ComboF). 10G-Fiber Optics—Ports with speed of either 1G or 10G. SFP Fiber takes precedence in Combo ports when both ports are being used. NOTE Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 116 100 Full—100 Mbps speed and Full Duplex mode. 1000 Full—1000 Mbps speed and Full Duplex mode. • Operational Advertisement—Displays the capabilities currently published to the ports neighbor. The possible options are those specified in the Administrative Advertisement field. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 117: Error Recovery Settings

    This page enables automatically reactivating a port that has been shutdown because of an error condition after the Automatic Recovery Interval has passed. To configure error recovery settings: Click Port Management > Error Recovery Settings. STEP 1 Enter the following fields: STEP 2 Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 118: Loopback Detection

    Detection Interval that sets the time interval between LBD packets. The following loop cases can be detected by the Loopback Detection protocol: • Shorted wire—Port that loop backs all receiving traffic. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 119: Configuring Loopback Detection

    Interactions with Other Features If STP is enabled on a port on which Loopback Detection is enabled, the port must be in STP forwarding state. Configuring LBD Workflow To enable and configure LBD: Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 120: Link Aggregation

    Click Apply to save the configuration to the Running Configuration file. STEP 8 Link Aggregation This section describes how to configure LAGs. It covers the following topics: • Link Aggregation Overview • Default Settings and Configuration Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 121: Link Aggregation Overview

    In general, a LAG is treated by the system as a single logical port. In particular, the LAG has port attributes similar to a regular port, such as state and speed. The device supports eight LAGs. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 122: Static And Dynamic Lag Workflow

    2. Configure various aspects of the LAG, such as speed and flow control by using the LAG Settings page. 3. Set the LACP priority and timeout of the ports in the LAG by using the LACP page. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 123: Defining Lag Management

    Members list. Up to eight ports per static LAG can be assigned, and 16 ports can be assigned to a dynamic LAG These are candidate ports. Click Apply. LAG membership is saved to the Running Configuration file. STEP 3 Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 124: Configuring Lag Settings

    Max Capability—All LAG speeds and both duplex modes are available. 10 Full—The LAG advertises a 10 Mbps speed and the mode is full duplex. 100 Full—The LAG advertises a 100 Mbps speed and the mode is full duplex. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 125: Configuring Lacp

    Any link operating at a different speed from the highest-speed active member or operating at half- duplex is made standby. All the active ports in a dynamic LAG operate at the same baud rate. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 126 STEP 4 • Port—Select the port number to which timeout and priority values are assigned. • LACP Port Priority—Enter the LACP priority value for the port. See Setting LACP Parameter Settings. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 127: Udld

    This section describes the Green Ethernet feature that is designed to save power on the device. It contains the following sections: • Green Ethernet Overview • Global Green Ethernet Properties • Green Ethernet Properties for Ports Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 128: Green Ethernet Overview

    Green Ethernet mode. The saved energy displayed is only related to Green Ethernet. The amount of energy saved by EEE is not displayed. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 129: Az Energy Efficient Ethernet Feature

    LLDP is used to select the optimal set of parameters for both devices. If LLDP is not supported by the link partner, or is disabled, 802.3az EEE still be operational, but it might not be in the optimal operational mode. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 130: Advertise Capabilities Negotiation

    If auto-negotiation is not enabled on the port, the 802.3az EEE operational status is disabled. The exception to this rule is that if the link speed is 1 gigabyte, EEE still be enabled even though Auto- Negotiation is disabled. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 131 To display 802.3az EEE information on the remote device, open the Administration STEP 5 > Discovery LLDP > LLDP Neighbor Information pages, and view the information in the 802.3 Energy Efficient Ethernet (EEE) block. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 132 802.3 Energy Efficient Ethernet (EEE)— Globally enable or disable EEE mode. Click Reset Energy Saving Counter—To reset the Cumulative Energy Saved STEP 3 information. Click Apply. The Green Ethernet Properties are written to the Running STEP 4 Configuration file. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 133 Operational—Displays whether EEE is currently operating on the local port. This is a function of whether it has been enabled (Administrative Status), whether it has been enabled on the local port and whether it is operational on the local port. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 134 (advertisement of EEE capabilities through LLDP) if there are GE ports on the device. Click Apply. The Green Ethernet port settings are written to the Running STEP 7 Configuration file. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 135: Chapter 11: Port Management: Unidirectional Link Detection

    UDLD, it is not possible for the device to detect the status of the link. In this case, the status of the link is set to undetermined. The user can configure whether ports in the undetermined state are shut down or merely trigger notifications. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 136: Udld Operation

    UDLD is enabled on a port when one of the following occurs: • The port is a fiber port and UDLD is enabled globally. • The port is a copper port and you specifically enable UDLD on it. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 137 If UDLD is not supported or disabled on a neighbor, then no UDLD messages are received from that neighbor. In this case, the device cannot determine whether the link is unidirectional or bidirectional. The status of the interface is then set to undetermined. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 138: Usage Guidelines

    Manually—You can reactivate a port in the Port Management > Error Recovery Settings page Usage Guidelines Cisco does not recommend enabling UDLD on ports that are connected to devices on which UDLD is not supported or disabled. Sending UDLD packets on a port connected to a device that does not support UDLD causes more traffic on the port without providing benefits.
  • Page 139: Default Settings And Configuration

    STEP 1 a. Enter the Message Time. b. In the Fiber Port UDLD Default State field, enter either Disabled, Normal or Aggressive as the global UDLD status. Click Apply STEP 2 Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 140: Configuring Udld

    Fiber Port UDLD Default State—This field is only relevant for fiber ports. The UDLD state of copper ports must be set individually in the UDLD Interface Settings page. The possible states are: Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 141 Bidirectional—Traffic sent by the local device is received by its neighbor, and traffic from the neighbor is received by the local device. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 142 Bidirectional—Traffic sent by the local device is received by its neighbor, and traffic from the neighbor is received by the local device. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 143 Neighbor Expiration Time (Sec.)—Displays the time that must pass before the device attempts to determine the port UDLD status. This is three times the Message Time. • Neighbor Message Time (Sec.)—Displays the time between UDLD messages. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 144: Chapter 12: Smartport

    Smartport macro to multiple interfaces, the interfaces share a common set of configurations. A Smartport macro can be applied to an interface by the Smartport type associated with the macro. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 145: What Is A Smartport

    Smartport types refers to the types of devices attached, or to be attached to Smartports. The device supports the following Smartport types: • Printer • Desktop • Guest • Server • Host • IP Camera Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 146 Smartport Type Supported by Auto Supported by Auto Smartport Smartport by default Unknown Default Printer Desktop Guest Server Host IP camera IP phone IP phone desktop Switch Router Wireless Access Point Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 147: Special Smartport Types

    Smartport macro is limited to the interface on which it is applied. The macro source may be found by clicking the View Macro Source button on the Smartport Type Settings page. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 148: Applying A Smartport Type To An Interface

    When a Smartport macro fails, a SYSLOG message containing the following parameters is sent: • Port number • Smartport type • The line number of the failed CLI command in the macro Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 149: How The Smartport Feature Works

    By default, Auto Smartport is enabled and allowed to configure all interfaces. The Smartport type assigned to each interface is determined by the CDP and LLDP packets received on the each interface respectively. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 150: Enabling Auto Smartport

    Using CDP/LLDP Information to Identify Smartport Types The device detects the type of device attached to the port, based on the CDP/LLDP capabilities. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 151 Telephone IETF RFC 4293 ip_phone DOCSIS cable device IETF RFC 4639 Ignore and IETF RFC 4546 Station Only IETF RFC 4293 Host C-VLAN Component of a VLAN Bridge Switch IEEE Std. 802.1Q Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 152: Multiple Devices Attached To The Port

    If one of the devices is an IP phone desktop and the other is an IP phone or host, the ip_phone_desktop Smartport type is used. • In all other cases the default Smartport type is used. For more information about LLDP/CDP refer to the Configuring LLDP Configuring CDP sections, respectively. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 153: Persistent Auto Smartport Interface

    CDP and LLDP to detect attaching device's Smartport type, and detects Smartport type IP phone, IP phone + Desktop, Switch, and Wireless Access Point. Voice VLAN for a description of the voice factory defaults. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 154: Relationships With Other Features And Backwards Compatibility

    Workflow2: To configure an interface as a static Smartport, perform the following steps: To enable the Smartport feature on the interface, open the Smartport > Interface STEP 1 Settings page. Select the interface, and click Edit. STEP 2 Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 155 Return to the main page and reapply the macro using either Reapply (for devices STEP 5 that are not switches, routers or APs) or Reapply Smartport Macro (for switches, routers or APs) to run the Smartport Macro on the interface. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 156: Smartport Properties

    Administrative Auto Smartport—Select to globally enable or disable Auto Smartport. The following options are available: Disable—Select to disable Auto Smartport on the device. Enable—Select to enable Auto Smartport on the device. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 157: Smartport Type Settings

    To view the Smartport macro associated with a Smartport type, select a STEP 2 Smartport type and click View Macro Source. To modify the parameters of a macro, select a Smartport type and click Edit. STEP 3 Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 158: Smartport Interface Settings

    Reapply a Smartport macro after it fails for one of the following types of interfaces: switch, router and AP. It is expected that the necessary corrections have been made prior to clicking Reapply. See the workflow area in Common Smartport Tasks section for troubleshooting tips. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 159 This clean up must be done manually. To assign a Smartport type to an interface or activate Auto Smartport on the interface: Select an interface and click Edit. STEP 1 Enter the fields. STEP 2 Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 160: Built-In Smartport Macros

    Macro code for the following Smartport types are provided: • desktop • printer • guest • server • host Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 161 [no_desktop] #macro description No Desktop no smartport switchport trunk native vlan smartport switchport trunk allowed vlan remove all no port security Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 162 [no_printer] #macro description No printer no switchport access vlan no switchport mode no port security no port security mode no smartport storm-control broadcast enable Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 163 Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 164 Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 165 Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 166 [ip_phone] #macro description ip_phone #macro keywords $native_vlan $voice_vlan $max_hosts Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 167 Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 168 Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 169 [router] #macro description router #macro keywords $native_vlan $voice_vlan #macro key description: $native_vlan: The untag VLAN which will be configured on the port $voice_vlan: The voice VLAN ID Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 170 [ap] #macro description ap #macro keywords $native_vlan $voice_vlan Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 171 Smartport Built-in Smartport Macros #macro key description: $native_vlan: The untag VLAN which will be configured on the port Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 172: Chapter 13: Port Management: Poe

    Eliminates the need to run 110/220 V AC power to all devices on a wired LAN. • Removes the necessity for placing all network devices next to power sources. • Eliminates the need to deploy double cabling systems in an enterprise significantly decreasing installation costs. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 173: Poe Configuration Considerations

    There are two factors to consider in the PoE feature: • The amount of power that the PSE can supply • The amount of power that the PD is actually attempting to consume Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 174 To prevent false detection, you should disable PoE on the ports on the PoE switches that are used to connect to PSEs. You should also first power up a PSE device Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 175: Poe Properties

    Nominal Power—Total amount of power the device can supply to all the connected PDs. • Consumed Power—Amount of power currently being consumed by the PoE ports. • Available Power—Nominal power minus the amount of consumed power. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 176: Poe Settings

    Power Mode. The fields are slightly different if the Power Mode is Class Limit. Select a port and click Edit. STEP 2 Enter the value for the following field: STEP 3 • Interface—Select the port to configure. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 177 PSE. Signatures are generated during powered device detection, classification, or maintenance. Click Apply. The PoE settings for the port are written to the Running Configuration STEP 4 file. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 178: Chapter 14: Vlan Management

    VLANs address security and scalability issues. Traffic from a VLAN stays within the VLAN, and terminates at devices in the VLAN. It also eases network configuration by logically connecting devices without physically relocating those devices. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 179 Management VLAN: For more information refer to the Configuring IP Information section. QinQ QinQ provides isolation between service provider networks and customers' networks. The device is a provider bridge that supports port-based c-tagged service interface. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 180: Regular Vlans

    2. Create the required VLANs as described in the VLAN Settings - Creating VLANs section. 3. Set the desired VLAN-related configuration for ports and enable QinQ on an interface as described in the Interface Settings section. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 181 Current Default VLAN ID—Displays the current default VLAN ID. • Default VLAN ID After Reboot—Enter a new VLAN ID to replace the default VLAN ID after reboot. Click Apply. STEP 3 Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 182 VLAN Interface State—Select to shutdown the VLAN. In this state, the VLAN does not transmit/ receive messages. • from/to higher levels. For example, if you shut down a VLAN, on which an IP interface is configured, Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 183: Interface Settings

    Frame Type—Select the type of frame that the interface can receive. Frames that are not of the configured frame type are discarded at ingress. These frame types are only available in General mode. Possible values are: Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 184: Vlan Membership

    Click VLAN Management > Port to VLAN. STEP 1 Select a VLAN and the interface type (Port or LAG), and click Go to display or to STEP 2 change the port characteristic with respect to the VLAN. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 185 In the VLAN to Port page, the port is marked with an upper case P. • When the port is authenticated, it receives membership in the VLAN in which it was configured. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 186 Untagged—Select whether port is untagged. This is not relevant for Access ports. Click Apply. The settings are modified and written to the Running Configuration STEP 5 file. To see the administrative and operational VLANs on an interface, click Details. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 187: Voice Vlan

    The following are typical voice deployment scenarios with appropriate configurations: • UC3xx/UC5xx hosted: All Cisco phones and VoIP endpoints support this deployment model. For this model, the UC3xx/UC5xx, Cisco phones and VoIP endpoints reside in the same voice VLAN. The voice VLAN of UC3xx/UC5xx defaults to VLAN 100. •...
  • Page 188 CDP and/or LLDP-MED. Voice End-Points To have a voice VLAN work properly, the voice devices, such as Cisco phones and VoIP endpoints, must be assigned to the voice VLAN where it sends and receives its voice traffic. Some of the possible scenarios...
  • Page 189 VLAN and on switches that have already been configured. You may manually disable and enable Auto Voice VLAN and/or Auto Smartport to fit your deployment if needed. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 190 If multiple neighbor switches and/or routers, such as Cisco Unified Communication (UC) devices, are advertising their voice VLAN, the voice VLAN from the device with the lowest MAC address is used. If connecting the device to a Cisco UC device, you may need to configure the port on the UC NOTE device using the switchport voice vlan command to ensure the UC device advertises its voice VLAN in CDP at the port.
  • Page 191 The Voice VLAN QoS is applied to candidate ports that have joined the Voice VLAN, and to static ports. • The voice flow is accepted if the MAC address can be learned by the Forwarding Database (FDB). (If there is no free space in FDB, no action occurs). Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 192 If the device is currently in Auto Voice VLAN mode, you must disable it before you can enable NOTE Telephony OUI. Configure Telephony OUI in the Telephony OUI page. STEP 2 Configure Telephony OUI VLAN membership for ports in the Telephony OUI STEP 3 Interface page. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 193: Voice Vlan Configuration

    Administration > Discovery > LLDP > LLDP MED Network Policy for additional details. • Dynamic Voice VLAN—Select this field to disable or enable voice VLAN feature in one of the following ways: Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 194 Source Type—Displays the type of source where the voice VLAN is discovered by the root device. • CoS/802.1p—Displays CoS/802.1p values to be used by the LLDP-MED as a voice network policy. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 195 This voice VLAN is the voice VLAN for the network unless a voice VLAN from a higher priority source is discovered. Only one local source is the best local source. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 196 Click Apply to update the Running Configuration of the device with these values. STEP 2 The Telephony OUI table appears: • Telephony OUI—First six digits of the MAC address that are reserved for OUIs. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 197 To configure an interface to be a candidate port of the telephony OUI-based voice STEP 2 VLAN, click Edit. Enter the values for the following fields: STEP 3 • Interface—Select an interface. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 198 All—QoS attributes are applied on all packets that are classified to the Voice VLAN. Telephony Source MAC Address—QoS attributes are applied only on packets from IP phones. Click Apply. The OUI is added. STEP 4 Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 199: Chapter 15: Spanning Tree

    This is most effective when the network topology is naturally tree-structured, and therefore faster convergence might be possible. RSTP is enabled by default. The 200 series switches do not support MSTP. NOTE Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 200: Stp Status And Global Settings

    • Forward Delay—Set the interval (in seconds) that a bridge remains in a learning state before forwarding packets. For more information, refer to Spanning Tree Interface Settings. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 201: Spanning Tree Interface Settings

    Forwarding state when the port link is up. Fast Link optimizes the STP protocol convergence. The options are: Enable—Enables Fast Link immediately. Auto—Enables Fast Link a few seconds after the interface becomes active. This allows STP to resolve loops before enabling Fast Link. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 202 STP detects loops. • Forward Transitions—Displays the number of times the port has changed from the Blocking state to Forwarding state. • Speed—Displays the speed of the port. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 203: Rapid Spanning Tree Settings

    (usually within 2 seconds). Disable —The port is not considered point-to-point for RSTP purposes, which means that STP works on it at regular speed, as opposed to high speed. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 204 —The port is in Learning mode. The port cannot forward traffic, however it can learn new MAC addresses. Forwarding —The port is in Forwarding mode. The port can forward traffic and learn new MAC addresses. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 205 Spanning Tree Rapid Spanning Tree Settings Click Apply. The Running Configuration file is updated. STEP 7 Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 206: Chapter 16: Managing Mac Address Tables

    If frames are sent to a MAC address that is not found in the tables, they are transmitted/broadcasted to all the ports on the relevant VLAN. Such frames are referred to as unknown Unicast frames. The device supports a maximum of 8K static and dynamic MAC addresses. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 207: Static Mac Addresses

    Delete on timeout—The MAC address is deleted when aging occurs. Secure—The MAC address is secure when the interface is in classic locked mode (see Configuring Port Security). Click Apply. A new entry appears in the table. STEP 4 Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 208: Dynamic Mac Addresses

    LAGs. Click Go. The Dynamic MAC Address Table is queried and the results are STEP 3 displayed. To delete all of the dynamic MAC addresses. click Clear Table. STEP 4 Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 209: Chapter 17: Multicast

    By default, all Multicast frames are flooded to all ports of the VLAN. It is possible to selectively forward only to relevant ports and filter (drop) the Multicast on the rest of the ports by enabling the Bridge Multicast filtering status in the Multicast > Properties page. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 210: Typical Multicast Setup

    When the device is IGMP/MLD-snooping-enabled and receives a frame for a Multicast stream, it forwards the Multicast frame to all the ports that have registered to receive the Multicast stream using IGMP/MLD Join messages. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 211: Multicast Address Properties

    This results in the creation of a forwarding entry in the Multicast Forwarding Data Base. Multicast Address Properties Multicast addresses have the following properties: • Each IPv4 Multicast address is in the address range 224.0.0.0 to 239.255.255.255. • The IPv6 Multicast address is FF00:/8. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 212 A proxy device performs the router portion of IGMP/MLD on its downstream interfaces, and the host portion of IGMP/MLD on its upstream interface. Only one tree is supported. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 213: Multicast Properties

    Forwarding Method for IPv4—Set one of the following forwarding methods for IPv4 addresses: MAC Group Address, IP Group Address, or Source Specific IP Group Address. Click Apply. The Running Configuration file is updated. STEP 3 Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 214: Mac Group Address

    STEP 6 To configure and display the registration for the interfaces within the group, select an address, and click Details. The page displays: • VLAN ID—The VLAN ID of the Multicast group. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 215: Ip Multicast Group Addresses

    IP Version equals to—Select IPv6 or IPv4. • IP Multicast Group Address equals to—Define the IP address of the Multicast group to be displayed. This is only relevant when the Forwarding mode is (S,G). Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 216 None—Indicates that the port is not currently a member of this Multicast group on this VLAN. This is selected by default until Static or Forbidden is selected. Click Apply. The Running Configuration file is updated. STEP 9 Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 217: Igmp Snooping Configuration

    Last Member Query Counter—Number of IGMP group-specific queries sent before the device assumes there are no more members for the group, if the device is the elected querier. Select a VLAN, and click Edit. STEP 4 Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 218 Max Response Time value from group-specific queries sent by the elected querier. Select an interface, and click Edit. Enter the values of the fields described above. STEP 2 Click Apply. The Running Configuration file is updated. STEP 3 Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 219: Mld Snooping

    Last Member Query Counter—Number of MLD group-specific queries sent before the device assumes there are no more members for the group, if the device is the elected querier. Use Query Robustness—This value is set in MLD VLAN Settings page. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 220 Max Response Time value from group-specific queries sent by the elected querier. To configure a VLAN, select it and click Edit. Enter the fields described above. STEP 2 Click Apply. The Running Configuration file is updated. STEP 3 Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 221: Igmp/Mld Snooping Ip Multicast Group

    Included Ports—The list of destination ports for the Multicast stream. • Excluded Ports—The list of ports not included in the group. • Compatibility Mode—The oldest IGMP/MLD version of registration from the hosts the device receives on the IP group address. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 222: Multicast Router Ports

    VLAN. This feature requires that Bridge Multicast filtering in the Properties page be enabled. If it is disabled, then all Multicast traffic is flooded to ports in the device. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 223: Unregistered Multicast

    You can select a port to receive or reject (filter) unregistered Multicast streams. The configuration is valid for any VLAN of which the port is a member (or will be a member). Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 224 Forwarding—Enables forwarding of unregistered Multicast frames to the selected interface. Filtering—Enables filtering (rejecting) of unregistered Multicast frames to the selected interface. Click Apply. The settings are saved, and the Running Configuration file is updated. STEP 5 Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 225: Chapter 18: Ip Configuration

    DHCPDISCOVER packet that restarts the process. If the device does not receive a DHCPv4 response in 60 seconds, it continues to send DHCPDISCOVER queries, and adopts the default IPv4 address: 192.168.1.254/24. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 226: Loopback Interface

    IP interface is down. A loopback interface does not support bridging; it cannot be a member of any VLAN, and no layer 2 protocol can be enabled on it. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 227: Ipv4 Management And Interfaces

    Web GUI. VLAN1 is the default Management VLAN. • IP Address Type—Select one of the following options: Dynamic —Discover the IP address using DHCP from the management VLAN. Static —Manually define a static IP address. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 228 Click Apply. The IPv4 interface settings are written to the Running Configuration STEP 3 file. Local —Indicates that the route is a local path. This type cannot be selected but is created by the system. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 229 Status—Whether the entry was manually entered or dynamically learned. Click Add. STEP 4 Enter the parameters: STEP 5 • IP Version—The IP address format supported by the host. Only IPv4 is supported. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 230: Ipv6 Global Configuration

    Each 2 hex characters can be separated by a period or colon. • DHCPv6 Unique Identifier (DUID)—Displays the identifier selected. Click Apply. The IPv6 global parameters and DHCPv6 client settings are updated. STEP 3 Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 231: Ipv6 Interface

    Number of DAD Attempts—Enter the number of consecutive neighbor solicitation messages that are sent while Duplicate Address Detection (DAD) is performed on the interface’s Unicast IPv6 addresses. DAD verifies the uniqueness of a new Unicast IPv6 address before it is assigned. New addresses Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 232 Stateless Service—Is the client defined as stateless (receives configuration information from a DHCP server) or not. • Minimum Information Refresh Time— See above. • Information Refresh Time—See above. • Received Information Refresh Time—Refresh time received from DHCPv6 server. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 233: Ipv6 Tunnel

    The system does not have a default router for ISATAP traffic until the DNS process is resolved. Configuring Tunnels After configuring a tunnel, configure IPv6 interface in the IPv6 Interfaces page. NOTE Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 234 Source IPv4 Address Auto. When an ISATAP tunnel is created, this button becomes Delete ISATAP Tunnel. Clicking this button deletes the ISATAP tunnel. To shutdown a tunnel, click Edit and unselect Tunnel State. NOTE Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 235: Defining Ipv6 Addresses

    Prefix Length—The length of the Global IPv6 prefix is a value from 0-128 indicating the number of the high-order contiguous bits of the address comprise the prefix (the network portion of the address). Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 236: Ipv6 Default Router List

    State—Specifies the router status. The values are: Reachable —Router is known to be reachable. Unreachable —Router is known to be unreachable. Click Add to add a static default router. STEP 2 Enter the following fields: STEP 3 Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 237: Defining Ipv6 Neighbors Information

    Type—Neighbor discovery cache information entry type (static or dynamic). • State—Specifies the IPv6 neighbor status. The values are: Incomplete —Address resolution is working. The neighbor has not yet responded. Reachable —Neighbor is known to be reachable. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 238 Than is specified, the range is from the value entered for the network/length argument to the Lower Than. If both the Greater Than and Lower Than arguments are entered, the range is between the values used for Greater Than and Greater Than. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 239: Viewing Ipv6 Route Tables

    —A directly-connected network whose prefix is derived from a manually-configured device’s IPv6 address. Dynamic —The destination is an indirectly-attached (remote) IPv6 subnet address. The entry was obtained dynamically via the ND or ICMP protocol. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 240: Domain Name

    Default Parameters—Enter the following default parameters: Default Domain Name—Enter the DNS domain name used to complete unqualified host names. The device appends this to all non-fully qualified domain names (NFQDNs) turning them into FQDNs. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 241 Preference—Select a value that determines the order in which the domains are used (from low to high). This effectively determines the order in which unqualified names are completed during DNS queries. Click Apply. The DNS server is saved to the Running Configuration file. STEP 5 Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 242: Search List

    If required, select the Clear Table option to clear some or all of the entries in the STEP 2 Host Mapping Table. • Static Only—Deletes the static hosts. • Dynamic Only—Deletes the dynamic hosts. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 243 (.) is used to separate labels. • IP Address—Enter a single address or up to eight associated IP addresses (IPv4 or IPv6). Click Apply. The settings are saved to the Running Configuration file. STEP 5 Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 244: Chapter 19: Security

    Access control of end-users to the network through the device is described in the following sections: • Management Access Method • Management Access Method • Configuring RADIUS • Configuring Port Security • 802.1X Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 245: Defining Users

    Configuring Port Security Defining Users The default username/password is cisco/cisco. The first time that you log in with the default username and password, you are required to enter a new password. Password complexity is enabled by default. If the password that you choose is not complex enough (Password Complexity Settings are enabled in the Password Strength page), you are prompted to create another password.
  • Page 246 Password Aging Time—Enter the number of days that can elapse before the user is prompted to change the password. Password aging also applies to zero-length passwords (no password). NOTE Select Password Complexity Settings to enable complexity rules for passwords. STEP 3 Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 247: Configuring Radius

    802.1X or MAC-based network access control for all of its devices. In this way, authentication and authorization can be handled on a single server for all devices in the organization. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 248: Accounting Using A Radius Server

    If more than one RADIUS server has been configured, the device uses the NOTE configured priorities of the available RADIUS servers to select the RADIUS server to be used by the device. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 249 Server Definition—Select whether to specify the RADIUS server by IP address or name. • IP Version—Select the version of the IP address of the RADIUS server. • IPv6 Address Type—Select the IPv6 address type (if IPv6 is used). The options are: Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 250 Login—RADIUS server is used for authenticating users that ask to administer the device. 802. 1 X—RADIUS server is used for 802.1x authentication. All—RADIUS server is used for authenticating user that ask to administer the device and for 802.1X authentication. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 251: Active Access Profile

    Source IP Address—IP addresses or subnets that are allowed access. Active Access Profile The Access Profiles page displays the access profiles that are defined and enables selecting one access profile to be the active one. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 252 HTTP— Users requesting access to the device that meets the HTTP access profile criteria, are permitted or denied. Secure HTTP (HTTPS)—Users requesting access to the device that meets the HTTPS access profile criteria, are permitted or denied. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 253: Defining Profile Rules

    Defining Profile Rules Access profiles can contain up to 128 rules to determine who is permitted to manage and access the device, and the access methods that may be used. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 254 IP source defined in this rule. Or select Deny to deny access. • Applies to Interface—Select the interface attached to the rule. The options are: All—Applies to all ports, VLANs, and LAGs. User Defined—Applies only to the port, VLAN, or LAG selected. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 255: Management Access Authentication

    Similarly, if authorization is not enabled, and authentication fails for a method, the device stops the authentication attempt. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 256: Secure Sensitive Data Management

    Local or None are ignored. Click Apply. The selected authentication methods are associated with the access STEP 6 method. Secure Sensitive Data Management Security: Secure Sensitive Data Management. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 257: Ssl Server

    Valid From—Specifies the date from which the certificate is valid. • Valid To—Specifies the date up to which the certificate is valid. • Certificate Source—Specifies whether the certificate was generated by the system (Auto Generated) or the user (User Defined). Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 258 Private Key (Encrypted)—Select and copy in the RSA private key in encrypted form. • Private Key (Plaintext)—Select and copy in the RSA private key in plain text form. Click Apply to apply the changes to the Running Configuration. STEP 4 Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 259: Ssh Client

    HTTPS Service—Indicates whether the HTTPS service is enabled or disabled. • SNMP Service—Indicates whether the SNMP service is enabled or disabled. Click Apply. The services are written to the Running Configuration file. STEP 3 Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 260: Defining Storm Control

    When the rate of Broadcast, Multicast, or Unknown Unicast frames is higher than the user-defined threshold, frames received beyond the threshold are discarded. To define Storm Control: Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 261: Configuring Port Security

    • Classic Lock—All learned MAC addresses on the port are locked, and the port does not learn any new MAC addresses. The learned addresses are not subject to aging or re-learning. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 262 The Learning Mode field is enabled only if the Interface Status field is locked. To change the Learning Mode, the Lock Interface must be cleared. After the mode is changed, the Lock Interface can be reinstated. The options are: Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 263: 262

    Trap Frequency—Enter minimum time (in seconds) that elapses between traps. Click Apply. Port security is modified, and the Running Configuration file is STEP 4 updated. 802.1X See the Security: 802.1X Authentication chapter for information about 802.1X authentication. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 264: Denial Of Service Prevention

    One method of resisting DoS attacks employed by the device is the use of SCT. SCT is enabled by default on the device and cannot be disabled. The Cisco device is an advanced device that handles management traffic, protocol traffic and snooping traffic, in addition to end-user (TCP) traffic.
  • Page 265: Defense Against Dos Attacks

    Security Suite Settings displays. CPU Protection Mechanism: Enabled indicates that SCT is enabled. Click Details beside CPU Utilization to go to the CPU Utilization page and view STEP 2 CPU resource utilization information. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 266 The SYN Protection Interface Table displays the following fields for every port or LAG (as requested by the user). • Current Status—Interface status. The possible values are: Normal—No attack was identified on this interface. Attacked—Attack was identified on this interface. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 267 Security Denial of Service Prevention • Last Attack—Date of last SYN-FIN attack identified by the system and the system action (Reported). Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 268: Chapter 20: Security: 802.1X Authentication

    802.1x authentication restricts unauthorized clients from connecting to a LAN through publicity-accessible ports. 802.1x authentication is a client-server model. In this model, network devices have the following specific roles. • Client or supplicant • Authenticator • Authentication server Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 269 Port Host Modes for more information. In 802.1x-based authentication, the authenticator extracts the EAP messages from the 802.1x messages (EAPOL frames) and passes them to the authentication server, using the RADIUS protocol. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 270: Authentication Server

    Port Administrative Authentication States The port administrative state determines whether the client is granted access to the network. The port administrative state can be configured in the Security > 802.1X > Port Authentication page. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 271 RADIUS-assigned VLAN or the unauthenticated VLANs. Radius VLAN assignment on a port is set in the Security > 802.1X > Port Authentication page. • Multi-Host Mode A port is authorized if there is if there is at least one authorized client. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 272 The EAP messages between supplicants and the authenticator are encapsulated into the 802.1x messages, and the EAP messages between the authenticator and authentication servers are encapsulated into the RADIUS messages. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 273 You can also configure the device to send SNMP traps, with a configurable minimum time between consecutive traps. If seconds = 0, traps are disabled. If minimum time is not specified, it defaults to 1 second for the restrict mode and 0 for the other modes. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 274: Common Tasks

    Select a port, and click Edit. STEP 10 Set the Administrative Port Control field to Auto. STEP 11 Define the authentication methods. STEP 12 Click Apply, and the Running Configuration file is updated. STEP 13 Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 275: 802.1X Configuration Through The Gui

    802.1X to function, it must be activated both globally and individually on each port. To define port-based authentication: Click Security > 802.1X > Properties. STEP 1 Enter the parameters. STEP 2 Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 276: X Port Authentication

    Click Security > 802.1XAuthentication> Port Authentication. STEP 1 This page displays authentication settings for all ports. Select a port, and click Edit. STEP 2 Enter the parameters. STEP 3 • Interface—Select a port. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 277 If the port is not in Force-Unauthorized, it is in Auto Mode and the authenticator displays the NOTE state of the authentication in progress. After the port is authenticated, the state is shown as Authenticated. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 278: Defining Host And Session Authentication

    Edit page. • Number of Violations—Displays the number of packets that arrive on the interface in single-host mode, from a host whose MAC address is not the supplicant MAC address. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 279: Viewing Authenticated Hosts

    User Name—Supplicant names that were authenticated on each port. • Port—Number of the port. • Session Time (DD:HH:MM:SS)—Amount of time that the supplicant was logged on the port. • Authentication Server—RADIUS server. • MAC Address—Displays the supplicant MAC address. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 280 802. 1 X Configuration Through the GUI Up to 5 HTTP users and one HTTPS user can request web-based authentication at NOTE the same time. When these users are authenticated, more users can request authentication. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 281: Chapter 21: Security: Ssh Client

    With respect to SSH, the SCP running on the device is an SSH client application and the SCP server is a SSH server application. When files are downloaded via TFTP or HTTP, the data transfer is unsecured. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 282: Protection Methods

    Data can be encrypted using a one-time symmetric key negotiated during the session. Each device being managed must have its own username/password, although the same username/ password can be used for multiple switches. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 283: Ssh Server Authentication

    Trusted SSH Servers Table. This table stores the following information per each SSH Trusted server for a maximum of 16 servers, and contains the following information: • Server IP address/host name Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 284: Ssh Client Authentication

    SSH server exchange data in order to determine the algorithms to use in the SSH transport layer. The following algorithms are supported on the client side: • Key Exchange Algorithm-diffie-hellman • Encryption Algorithms aes128-cbc Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 285: Before You Begin

    When using public/private keys authentication method, the public key must be stored on the SSH server. Common Tasks This section describes some common tasks performed using the SSH client. All pages referenced are pages found under the SSH Client branch of the menu tree. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 286 Click Details to view the generated, encrypted keys, and copy them (including the STEP 3 Begin and End footers) from the Details page to an external device. Copy the public and private keys separately. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 287: Ssh User Authentication

    This must match the username defined on the SSH server. If the By Password method was selected, enter a password (Encrypted or STEP 4 Plaintext) or leave the default encrypted password. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 288: Ssh Server Authentication

    Click Add and enter the following fields for the SSH trusted server: STEP 3 • Server Definition—Select one of the following ways to identify the SSH server: Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 289 IP Version—If you selected to specify the SSH server by IP address, select whether that IP address is an IPv4 or IPv6 address. • IP Address Type—If the SSH server IP address is an IPv6 address, select the IPv6 address type. The options are: Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 290 Old Password—This must match the password on the server. • New Password—Enter the new password and confirm it in the Confirm Password field. Click Apply. The password on the SSH server is modified. STEP 3 Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 291: Chapter 22: Security: Secure Sensitive Data Management

    SSD grants read permission to sensitive data only to authenticated and authorized users, and according to SSD rules. A device authenticates and authorizes management access to users through the user authentication process. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 292: Ssd Management

    A device comes with a set of default SSD rules. An administrator can add, delete, and change SSD rules as desired. A device may not support all the channels defined by SSD. NOTE Elements of an SSD Rule An SSD rule includes the following elements: Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 293 (If a user matches multiple SSD rules, the rule with the most preference User Type will be applied). Specific—The rule applies to a specific user. Default User (cisco)—The rule applies to the default user (cisco). Level 15—The rule applies to users with privilege level 15.
  • Page 294 0 (meaning null string or numeric 0). If the user wants to view sensitive data, the rule must be changed to plaintext. • By default, an SNMPv3 user with privacy and XML-over-secure channels permissions is considered to be a level-15 user. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 295 For example, if a user logs in via a secure channel and starts a TFTP upload session, the SSD read permission of the user on the insecure channel (TFTP) is applied Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 296 The read permission of the SSD rule that is applied to the session user is changed and is no longer compatible with the current read mode of the session. In this case, the session read mode returns to the default read mode of the SSD rule. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 297: Ssd Properties

    A device maintains a local passphrase which is the passphrase of its Running Configuration. SSD normally performs encryption and decryption of sensitive data with the key generated from the local passphrase. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 298: Configuration File Passphrase Control

    Configuration File Integrity Control. It is recommended that Configuration File Integrity Control be enabled when a device uses a user-defined passphrase with Unrestricted Configuration File Passprhase Control. Any modification made to a configuration file that is integrity protected is CAUTION considered tampering. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 299: Configuration Files

    • The SSD indicator is used to enforce SSD read permissions on text-based configuration files, but is ignored when copying the configuration files to the Running or Startup Configuration file. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 300: Ssd Control Block

    Otherwise, the source file is rejected and the copy fails. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 301: Running Configuration File

    By default, auto mirror configuration service is enabled. To configure auto mirror configuration to be enabled or disabled, click Administration > File Management > Configuration File Properties. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 302 • Enforce the integrity of the file content • Include the secure, authentication configuration commands and SSD rules that properly control and secure the access to devices and the sensitive data Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 303: Ssd Management Channels

    Management Channel GUI/HTTP Insecure GUI/HTTPS GUI/HTTPS Secure XML/HTTP Insecure-XML- XML/HTTPS SNMP XML/HTTPS Secure-XML-SNMP SNMPv1/v2/v3 without Insecure-XML- Secure-XML-SNMP privacy SNMP SNMPv3 with privacy Secure-XML-SNMP (level-15 users) TFTP Insecure SCP (Secure Copy) Secure Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 304: Menu Cli And Password Recovery

    Click Security > Secure Sensitive Data Management > Properties. The STEP 1 following field appears: • Current Local Passphrase Type—Displays whether the default passphrase or a user-defined passphrase is currently being used. Enter the following Persistent Settings fields: STEP 2 Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 305 Specific User—Select and enter the specific user name to which this rule applies (this user does not necessarily have to be defined). Default User (cisco)—Indicates that this rule applies to the default user. Level 15—Indicates that this rule applies to all users with privilege level 15.
  • Page 306 STEP 3 The following actions can be performed on selected rules: STEP 4 • Add, Edit or Delete rules • Restore to Default—Restore a user-modified default rule to the default rule. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 307: Chapter 23: Quality Of Service

    This section covers the following topics: • QoS Features and Components • Configuring QoS - General • Managing QoS Statistics Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 308: Qos Features And Components

    Enable QoS by using the QoS Properties page to select the trust mode. Then STEP 1 enable QoS on ports by using the Interface Settings page. Assign each interface a default CoS or DSCP priority by using the QoS Properties STEP 2 page. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 309: Setting Qos Properties

    Select Port/LAG and click GO to display/modify all ports/LAGs on the device and STEP 6 their CoS information. The following fields are displayed for all ports/LAGs: • Interface—Type of interface. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 310: Interface Qos Settings

    To enter QoS settings per interface: Click Quality of Service > General > Interface Settings. STEP 1 Select Port or LAG to display the list of ports or LAGs. STEP 2 Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 311: Configuring Qos Queues

    (The relative portion from each WRR queue depends on its weight). To select the priority method and enter WRR data. Click Quality of Service > General > Queue. STEP 1 Enter the parameters. STEP 2 Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 312 The following table describes the default mapping when there are 4 queues: 802.1p Queue Notes Values (4 queues 1- (0-7, 7 being 4, 4 being the the highest) highest priority) Background Best Effort Excellent Effort Critical Application - LVS phone SIP Video Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 313 Click Apply, Cancel or Restore Defaults. 801.1p priority values to queues are STEP 4 mapped, and the Running Configuration file is updated, the changes that were entered are cancelled, or previously defined values are restored. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 314: Mapping Dscp To Queue

    DSCP to Queue mapping is applicable to IP packets if DSCP is the trusted mode. Non-IP packets are always classified to the best-effort queue. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 315 Select the Output Queue (traffic forwarding queue) to which the DSCP value is STEP 2 mapped. Select Restore Defaults to restore the factory CoS default setting for this STEP 3 interface. Click Apply. The Running Configuration file is updated. STEP 4 Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 316: Configuring Bandwidth

    Egress Committed Burst Size (CBS)—Enter the maximum burst size of data for the egress interface in bytes of data. This amount can be sent even if it temporarily increases the bandwidth beyond the allowed limit. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 317: Configuring Egress Shaping Per Queue

    Default CoS—Default VPT value for incoming packets that do not have a VLAN Tag. The default CoS is 0. The default is only relevant for untagged frames if Trust CoS is selected. Select Restore Defaults to restore the factory CoS default setting for this STEP 7 interface. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 318: Managing Qos Statistics

    Total Packets—Number of packets forwarded or tail dropped. • Tail Drop Packets—Percentage of packets that were tail dropped. Click Add. STEP 2 Enter the parameters. STEP 3 • Counter Set—Select the counter set: Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 319 Queue—Select the queue for which statistics are displayed. • Drop Precedence—Enter drop precedence that indicates the probability of being dropped. Click Apply. The Queue Statistics counter is added, and the Running Configuration STEP 4 file is updated. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 320: Chapter 24: Snmp

    To control access to the system, a list of community entries is defined. Each community entry consists of a community string and its access privilege. The system responds only to SNMP messages specifying the community which has the correct permissions and correct operation. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 321: Snmp Workflow

    You can configure the group with a specific security model. The access rights of a group are Read, Write, and Notify. Choose whether to restrict the SNMP management station to one address or allow STEP 2 SNMP management from all addresses. If you choose to restrict SNMP Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 322: Supported Mibs

    Define a notification recipient(s) by using the Notification Recipients SNMPv3 STEP 7 page. Supported MIBs For a list of supported MIBs, visit the following URL and navigate to the download area listed as Cisco MIBS: www.cisco.com/cisco/software/navigator.html Model OIDs Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 323: Snmp Engine Id

    SNMP engine. This means that the agent responds to incoming messages (Get, GetNext, GetBulk, Set) and sends trap messages to a manager. The agent's local information is encapsulated in fields in the message. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 324 Server Definition—Select whether to specify the Engine ID server by IP address or name. • IP Version—Select the supported IP format. • IPv6 Address Type—Select the IPv6 address type (if IPv6 is used). The options are: Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 325: Configuring Snmp Views

    View Name—Enter a view name between 0-30 characters) • Object ID Subtree—Select the node in the MIB tree that is included or excluded in the selected SNMP view. The options to select the object are as follows: Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 326: Creating Snmp Groups

    Authentication—The device checks that the SNMP user is an authorized system administrator. This is done for each frame. • Privacy—SNMP frames can carry encrypted data. Thus, in SNMPv3, there are three levels of security: • No security (No authentication and no privacy) Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 327 MIBs except those that control SNMP itself. Write—Management access is write for the selected view. Otherwise, a user or a community associated with this group is able to write all MIBs except those that control SNMP itself. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 328: Managing Snmp Users

    SNMP Engine ID deletes the SNMPv3 User Database. To receive inform messages and request information, you must define both a local and remote user. Local—User is connected to the local device. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 329: Defining Snmp Communities

    Access rights in SNMPv1 and SNMPv2 are managed by defining communities in the Communities page. The community name is a type of shared password between the SNMP management station and the device. It is used to authenticate the SNMP management station. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 330 Link Local Interface—If the IPv6 address type is Link Local, select whether it is received through a VLAN or ISATAP. • IP Address—Enter the SNMP management station IP address. • Community String—Enter the community name used to authenticate the management station to the device. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 331: Defining Trap Settings

    STEP 1 Select Enable for SNMP Notifications to specify that the device can send SNMP STEP 2 notifications. Select Enable for Authentication Notifications to enable SNMP authentication STEP 3 failure notification. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 332: Notification Recipients

    IPv4 address in inform messages for communication with IPv4 SNMP servers. • Traps IPv4 Source Interface—Select the source interface whose IPv6 address will be used as the source IPv6 address in trap messages for communication with IPv6 SNMP servers. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 333 Either SNMPv1 or SNMPv2 may be used as the version of traps, with only a single version enabled at a time. • Notification Filter—Select to enable filtering the type of SNMP notifications sent to the management station. The filters are created in the Notification Filter page. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 334: Defining Snmpv3 Notification Recipients

    Global—The IPv6 address is a global Unicast IPV6 type that is visible and reachable from other networks. • Link Local Interface—Select the link local interface (if IPv6 Address Type Link Local is selected) from the pull-down list. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 335 Filter Name—Select the SNMP filter that defines the information contained in traps (defined in the Notification Filter page). Click Apply. The SNMP Notification Recipient settings are written to the Running STEP 4 Configuration file. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 336: Snmp Notification Filters

    Select or deselect Include in filter. If this is selected, the selected MIBs are STEP 4 included in the filter, otherwise they are excluded. Click Apply. The SNMP views are defined and the running configuration is STEP 5 updated. Cisco Small Business 200 Series Smart Switch Administration Guide...
  • Page 337 Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company.

Table of Contents