Page 1
ADMINISTRATION GUIDE Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x July 21, 2017...
Page 2
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company.
Page 4
System Time Options Configuring System Time Configuring SNTP Server Time Range Absolute Time Range Periodic Time Range Chapter 7: Administration: Diagnostics Testing Copper Ports Viewing Optical Module Status Configuring Port and VLAN Mirroring Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 5
Chapter 9: Port Management Port Management Workflow Configuring Basic Port Settings Configuring Error Recovery Settings Loopback Detection How LBD Works Configuring Loopback Detection Default Settings and Configuration Interactions with Other Features Configuring LBD Workflow Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 6
Viewing VLAN Membership Configuring GVRP Configuring Voice VLAN Configuring Voice VLAN Properties Configuring Telephony OUI Adding Interfaces to Voice VLAN on Basis of OUIs Chapter 12: Spanning Tree Protocol STP Modes Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 7
Configuring MLD Snooping Querying IGMP/MLD IP Multicast Groups Configuring Multicast Router Ports Configuring Forward All Multicast Configuring Maximum IGMP and MLD Groups Configuring Multicast Filtering Configuring Multicast Filter Profiles Configuring Interface Filter Settings Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 8
Configuring Storm Control Configuring Port Security Configuring 802.1X 802.1X Parameters Workflow Defining 802.1X Properties Defining 802.1X Port Authentication Defining Host and Session Authentication Viewing Authenticated Hosts Configuring DoS Protection Secure Core Technology (SCT) Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Window Navigation Getting Started with the Web-based Interface The Cisco 220 switch can be accessed and managed by two methods; over your IP network by using the web-based interface, or by using the command-line interface through the console interface. Using the console interface requires Cisco 220 Series Smart Switches Command Line advanced user skills.
Locate the IP address of the switch. STEP 3 a. The switch can be accessed and managed by Cisco network tools and services including the Cisco FindIT Network Discovery Utility which enables you to automatically discover all supported Cisco devices in the same local network segment as your computer.
When the login page appears, choose the language that you prefer to use in the STEP 7 web-based interface and enter the username and password. The default username is cisco and the default password is cisco. Both username and password are case sensitive. Click Log In.
If you do not want to change the password, check Disable Password NOTE Strength Enforcement and click Apply. Click Apply. STEP 2 Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
When a timeout occurs or you intentionally log out of the switch, a message is displayed and the login page opens with a message indicating the logged-out state. After you log in, the application returns to the initial page. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Administration > Diagnostics > Port and VLAN Mirroring page There are two hot links on the Getting Started page that take you to Cisco web pages for more information. Clicking on the Support link takes you to the device product support page, and clicking on the Forums link takes you to the Cisco Support Community page.
(English) cannot be deleted. Logout Click to log out of the web-based interface. About Click to display the switch name and device version number. Help Click to display the online help. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 20
Running Configuration. Click Close to return to the main page. Click Save to display the Copy/Save Configuration page and save the Running Configuration to the Startup Configuration file type on the switch. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 21
3. Click Apply to save the changes and click Close to return to the main page. Delete After selecting an entry in the table, click Delete to remove. Details Click to display the details associated with the entry selected. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 22
Click to see the statistics counters for all interfaces on Statistics a single page. View Interface Click to see the statistics counters for the selected Statistics interface on a single page. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Refresh Rate—Select the time period that passes before the Ethernet statistics are refreshed. The available options are: No Refresh —Statistics are not refreshed. 15 sec —Statistics are refreshed every 15 seconds. 30 sec —Statistics are refreshed every 30 seconds. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 24
Select an interface and click View Interface Statistics to see the statistics counters for the selected interface on a single page. • Click Refresh to manually refresh the statistics counters for all interfaces. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Click Clear Interface Counters to clear the statistics counters for the selected STEP 3 interface. Click Refresh to manually refresh the statistics counters for the selected interface. STEP 4 Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
To view TCAM utilization, click Status and Statistics > TCAM Utilization. The following fields are displayed: • Maximum TCAM Entries—Maximum TCAM entries available. • In Use—Number of TCAM entries that are currently using. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Status—Displays the status of the switch thermals. Operational Status —Displays OK when the thermal operates normally, or displays Fault when the thermal does not operate normally. Temperature Value —Displays the current temperature in Celsius. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 28
F (69 F (69 F (74 ° ° ° ° ° ° ° ° SF220-50P F (70 F (75 F (75 F (80 ° ° ° ° ° ° ° ° Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
NOTE enabled on the switch. This section includes the following topics: • Viewing RMON Statistics • Configuring and Viewing RMON Histories • Configuring and Viewing RMON Events • Configuring RMON Alarms Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
RMON Multicast Packets Received—Number of good Multicast packets received. • RMON CRC & Align Errors—Number of CRC and Align errors that have occurred. • RMON Undersize Packets—Number of undersized packets (less than 64 octets) received. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 31
Click Refresh to manually refresh RMON statistics counters for the selected STEP 4 interface. Click View All Interfaces Statistics to view RMON statistics counters for all STEP 5 interfaces on a single page. The RMON Statistics Table displays the RMON Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
New History Entry—Displays the number of the history entry. • Source Interface—Select the port or LAG from where the history samples are to be taken. • Max No. of Samples to Keep—Enter the number of samples to store. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 33
FCS octets, but excluding framing bits. • Packets Received—Number of packets received, including bad packets, Multicast, and Broadcast packets. • Broadcast Packets—Number of good Broadcast packets received. This number does not include Multicast packets. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
This is performed as follows: • Events Page—Configures what happens when an alarm is triggered. This can be any combination of logs and traps. • Alarms Page—Configures the occurrences that trigger an alarm. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 35
Click Apply. The RMON event is added, and the Running Configuration is updated. STEP 4 Click Event Log Table to display the log of alarms that have occurred and that STEP 5 have been logged. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Use the Alarms page to configure alarms and to bind them with events. Alarm counters can be monitored by either absolute values or changes (delta) in the counter values. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 37
—A falling counter value triggers the falling threshold alarm. Rising and Falling Alarm —Both a rising and falling counter values trigger the alarm. • Interval—Enter the alarm interval time in seconds. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 38
Managing RMON • Owner—Enter the name of the user or network management system that receives the alarm. Click Apply. The RMON alarm is added, and the Running Configuration is updated. STEP 4 Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
The event severity levels are listed from the highest severity to the lowest severity: • Emergency—System is not usable. • Alert—Immediate action is needed. • Critical—System is in a critical condition. • Error—System is in error condition. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 40
Flash Memory Logging—Check Enable to enable flash memory logging and check the severity levels of the messages to be logged to flash memory. Click Apply. The global log settings are defined, and the Running Configuration is STEP 3 updated. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Log in RAM (cleared during reboot). See Viewing RAM Memory Logs more information. • Log in flash memory (cleared only upon user command). See Viewing Flash Memory Logs for more information. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
By default, the SYSLOG Alert Status icon appears and blinks when a SYSLOG STEP 3 message above the critical severity level is logged. To disable this alert icon blinking, click Disable Alert Icon Blinking. The SYSLOG Alert Status icon is no longer displayed. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Copying various types of configuration files internally on the switch. • Copying files to or from an external device, such as an external server. The possible methods of file transfer are: • Internal copy. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 45
You can copy the Mirror Configuration, Startup Configuration, or Running Configuration to the Backup Configuration. The Backup Configuration exists in flash and is preserved if the switch is rebooted. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Save configuration files on the switch to a location on another device as described in the Download/Backup Configuration or Logs section. • Clear the Startup Configuration or Backup Configuration file types as described in the Configuration File Properties section. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
The following methods for transferring files are supported: • HTTP/HTTPS that uses the facilities provided by the browser. • TFTP that requires a TFTP server. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 48
To replace the firmware image on the switch with a new version located on STEP 4 another device such as your local PC, enter the following information: • Transfer Method—Select via HTTP/HTTPS as the transfer method. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 49
Click Administration > File Management > Upgrade/Backup Firmware/ STEP 1 Language. To upload a language file from a TFTP server to the switch, enter the following STEP 2 information: • Transfer Method—Select via TFTP as the transfer method. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 50
File Type—Select Language File as the file type. • File Name—Click Browse to select a new language file located on another device such as your local PC. Click Apply. STEP 5 Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
When restoring a configuration file to the Running Configuration, the imported file adds any configuration commands that do not exist in the old file and overwrites any parameter values in the existing configuration commands. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 52
Transfer Method—Select via HTTP/HTTPS as the transfer method. • Save Action—Select Download as the action. • File Name—Click Browse to select a source file. • Destination File Type—Select the configuration file type to be upgraded. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
• Transfer Method—Select via HTTP/HTTPS as the transfer method. • Save Action—Select Backup as the action. • Source File Type—Select the configuration file type to be stored. Click Apply. STEP 5 Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Use the Copy/Save Configuration page to copy or save one configuration file to another for backup purposes. The bottom of the page has a button, Disable Save Icon Blinking. Click to toggle between disable and enable. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 55
The Save Icon Blinking field indicates whether an icon blinks when there is STEP 4 unsaved data. To disable or enable this feature, click Disable Save Icon Blinking or Enable Save Icon Blinking. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
When DHCPv6 messages are received from the server. When DHCPv6 information is refreshed by the switch. After rebooting the switch when stateless DHCPv6 client is enabled. • When the DHCPv6 server packets contain the configuration filename option. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 57
IPv4 Management and Interface section. Use the DHCP Auto Configuration page to perform the following actions when the information is not provided in a DHCP message: • Enable the DHCP Auto Configuration feature. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 58
TFTP server that is currently using. • Last Auto Configuration File Name—Displays the name of the configuration file located on the TFTP server that is currently using. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 59
Administration: File Management DHCP Auto Configuration Click Apply. The DHCP Auto Configuration parameters are defined, and the STEP 3 Running Configuration is updated. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
1 to 48 SF220-48P-K9-NA, and 2 special-purpose SF220-48P-K9-EU, combo ports (GE/SFP) SF220-48P-K9-UK, SF220-48P-K9-AU, SF220-48P-K9-CN Gigabit Ethernet SG220-26 24 GE copper ports SG220-26-K9-NA, and 2 special-purpose SG220-26-K9-EU, combo ports (GE/SFP) SG220-26-K9-UK, SG220-26-K9-AU, SG220-26-K9-BR, SG220-26-K9-AR Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 62
(-CN), indicating that these features are only applicable for their China SKUs. These features are noted in this guide. You can find the PID information of your switch from the System Summary page. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Firmware Version (Active Image)—Version number of the active firmware image. • Firmware MD5 Checksum (Active Image)—MD5 checksum of the active firmware image. • Firmware Version (Non-active)—Version number of the non-active firmware image. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 64
You can click Detail to go to the Port Management > PoE > PoE NOTE Properties page to see more details about the PoE settings. Other Summary Information • Serial Number—Serial number. • PID VID—Part number and version ID. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
The banners defined on the web-based interface can also be NOTE activated on the command-line interfaces (Console, Telnet, and SSH). Click Apply. The system settings are modified, and the Running Configuration is STEP 4 updated. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Click Administration > Reboot. STEP 1 Click Reboot to reboot the switch. Because any unsaved information in the STEP 2 Running Configuration is discarded when the switch is rebooted, you must click Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Select the timeout for the session from the corresponding drop-down menu. The STEP 2 default value is 10 minutes. Click Apply. The idle session timeout settings are defined, and the Running STEP 3 Configuration is updated. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
To use the Traceroute utility: Click Administration > Traceroute. STEP 1 Enter the following information: STEP 2 Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 69
The Traceroute command terminates when the destination is reached or when this value is reached. To use the default value (30), select Use Default. Click Apply. STEP 3 Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
This chapter describes how to configure the system time, time zone, and daylight savings time (DST). It includes the following topics: • System Time Options • Configuring System Time • Configuring SNTP Server • Time Range Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Check Enable next to the Main Clock Source (SNTP Servers) field to use the STEP 2 SNTP source to set the system clock. The system time is obtained from an SNTP Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 72
Selecting Recurring allows further customization of the start and stop of DST: • From—Enter the date when DST begins each year. Day—Day of the week on which DST begins every year. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
SNTP Server Port—Enter the UDP port number to be specified in the SNTP message headers. By default, the port number is the well-known IANA value of 123. Click Apply. The SNTP server is added, and the Running Configuration is updated. STEP 3 Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
(see Configuring Ports and Configuring LAG Settings) • Limit PoE operation to a specified period. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Select the absolute time range to which to add the periodic range. STEP 2 To add a new periodic time range, click Add. STEP 3 Enter the following fields: STEP 4 Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 76
Periodic Ending Time—Enter the date and time that the Time Range ends on a periodic basis. Click Apply. STEP 5 Click Time Range to access the Absolute Time Range. STEP 6 Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Select a port on which to run the copper test. STEP 2 Click Copper Test. STEP 3 The following fields for the test are displayed: • Test Results—Summary of the test results. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
10 km. • MGBSX1—1000BASE-SX SFP transceiver, for multimode fiber, 850 nm wavelength, supports up to 550 m. • MGBT1: 1000BASE-T SFP transceiver for category 5 copper wire, supports up to 100 m. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
(destination) port. If more data is sent to the analyzer port than it can support, some data might be lost. The RSPAN VLAN feature is only applicable for the China switch models. NOTE Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 80
The options are: Rx Only—Port mirroring on incoming packets. Tx Only—Port mirroring on outgoing packets. Tx and Rx—Port mirroring on both incoming and outgoing packets. N/A—Traffic from this port is not mirrored. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 81
Destination Port—Select the analyzer port to where packets are copied. • Allow Ingress Packets—Check Enable to allow the destination port to send or receive normal packets. Click Apply. The Running Configuration is updated. STEP 9 Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Select the Refresh Rate (time period in seconds) that passes before the statistics STEP 3 are refreshed. A new sample is created for each time period. STEP 4 Click Apply. STEP 4 Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
When Bonjour Discovery is disabled, the switch stops any service type advertisements and does not respond to requests for service from network management applications. By default, Bonjour is enabled on all interfaces that are members of the Management VLAN. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Configuration is updated. LLDP and CDP Link Layer Discovery Protocol (LLDP) and Cisco Discovery Protocol (CDP) are link layer protocols for directly connected LLDP and CDP-capable neighbors to advertise themselves and their capabilities to each other. By default, the switch...
Information Base (MIB). The network management system models the topology of the network by querying these MIB databases. LLDP is a link layer protocol. By default, the switch terminates and processes all incoming LLDP packets as required by the protocol. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 86
Neighbors Information section. • View LLDP statistics of each port as described in the Viewing LLDP Statistics section. • View LLDP overloading information as described in the Viewing LLDP Overloading section. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
LLDP MED Fast Start mechanism is initialized. This occurs when a new endpoint device links to the switch. Refer the Configuring LLDP MED Network Policy section for more details. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
System Description—Description of the network entity (in alphanumeric format). This includes the system's name and versions of the hardware, operating system, and networking software supported by the switch. The value equals the sysDescr object. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
LLDP packets to the attached LLDP media endpoint device. The media endpoint device should send its traffic as specified in the network policy that it receives. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 90
VLAN ID—Enter the VLAN ID to which the traffic should be sent. • VLAN Tag—Select whether the traffic is Tagged or Untagged. • User Priority—Select the traffic priority applied to traffic defined by this network policy. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Location Coordinate—Enter the coordinate location to be published by LLDP. • Location Civic Address—Enter the civic address to be published by LLDP. • Location (ECS) ELIN—Enter the Emergency Call Service (ECS) ELIN location to be published by LLDP. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
LLDP MED Status—Where LLDP MED is enabled or disabled on the port. • Local PoE—(Only applicable for PoE models) Local PoE information advertised. • Remote PoE—(Only applicable for PoE models) PoE information advertised by the neighbor. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
• Port ID Subtype—Type of the port identifier that is shown. • Port ID—Identifier of port. • Port Description—Information about the port, including manufacturer, product name, and hardware and software versions. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 94
Aggregation Capability—Indicates whether the interface can be aggregated. • Aggregation Status—Indicates whether the interface is aggregated. • Aggregation Port ID—Advertised aggregated interface ID. MED Details • Capabilities Supported—MED capabilities supported on the port. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 95
Tagged —Indicates the network policy is defined for tagged VLANs. Untagged —Indicates the network policy is defined for untagged VLANs. • User Priority—Network policy user priority. • DSCP—Network policy DSCP. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Click Detail to display the details of LLDP port status in a table. STEP 3 Click Refresh to refresh the data in the LLDP Neighbor table. STEP 4 Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
PDU size supported by a port. The LLDP Overloading page displays the number of bytes of LLDP/LLDP MED information, the number of available bytes for additional LLDP information, and the overloading status of each port. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 98
Size (Bytes) —Total LLDP MED network policies packets byte size. Status —If the LLDP MED network policies packets were sent, or if they were overloaded. • LLDP MED Expanded Power via MDI Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 99
• Total Total (Bytes) —Total number of bytes of LLDP information in each packet. Available Bytes Left —Total number of available bytes left for additional LLDP information in each packet. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Administration: Discovery Configuring CDP Configuring CDP Similar to LLDP, Cisco Discovery Protocol (CDP) is a link layer protocol for directly connected neighbors to advertise themselves and their capabilities to each other. Unlike LLDP, CDP is a Cisco proprietary protocol. This section describes how to configure CDP and includes the following topics: •...
Page 101
This means that the duplex information in the incoming frame does not match what the local device is advertising. Click Apply. The CDP properties are defined, and the Running Configuration is STEP 3 updated. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Syslog Duplex Mismatch—Check Enable to send a SYSLOG message when duplex information mismatch is detected. This means that the duplex information in the incoming frame does not match what the local device is advertising. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
—Information about the software release on which the device is running. • Platform TLV Platform —Identifier of platform advertised in the platform TLV. • Native VLAN TLV Native VLAN —The native VLAN identifier advertised in the native VLAN TLV. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 104
TLV is received with a Request-ID field which is different from the last- received set (or when the first value is received). The interface transitions to Down. Available Power —(Only applicable for PoE models) Amount of power consumed by port. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
• Local Interface—Interface number of port through which frame arrived. • Advertisement Version—Version of CDP. • Time to Live—Time interval (in seconds) after which the information for this neighbor is deleted. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Packets Received—Displays the counters for various types of packets received per interface. Version 1 —Number of CDP version 1 packets received. Version 2 —Number of CDP version 2 packets received. Total —Total number of CDP packets received. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 107
Click Clear All Interfaces Counters to clear the CDP statistics counters for all STEP 3 interfaces. Click Refresh to refresh the CDP statistics counters. STEP 4 Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
By default, all LAGs are empty. Configure the Ethernet parameters, such as speed and auto-negotiation for the STEP 4 LAGs on the LAG Settings page, as described in the Configuring LAG Settings section. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
To update the settings of a port, select the desired port and click Edit. STEP 5 Enter the following information: STEP 6 • Interface—Select the port to be modified. • Port Description—Enter the port user-defined name or comment. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 110
Operational Duplex Mode—Displays the port’s current duplex mode that is the result of negotiation. • Auto Advertisement Speed—Select the speed capability to be advertised by the port. The options are: All Speed—All port speed settings can be accepted. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 111
Packets received from protected ports can be forwarded only to unprotected egress ports. Protected port filtering rules are also applied to packets that are forwarded by software, such as snooping applications. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
BPDU Guard —Check Enable to enable the timer to recover from the BPDU Guard cause. Broadcast Flood —Check Enable to enable the timer to recover from the Broadcast flood cause. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Network managers can define a Detection Interval that sets the time interval between LBD packets. The following loop cases can be detected by the Loopback Detection protocol: • Shorted wire—Port that loop backs all receiving traffic. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Loopback detection is not enabled by default. Detection interval is 30 seconds. Interactions with Other Features If STP is enabled on a port on which Loopback Detection is enabled, the port must be in STP forwarding state. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
STEP 6 Select Enable in the Loopback Detection State field for the port or LAG selected. STEP 7 Click Apply to save the configuration to the Running Configuration file. STEP 8 Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Traffic load balancing over the active member ports of a LAG is managed by a hash-based distribution function that distributes Unicast and Multicast traffic based on Layer 2 packet header information. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
All the ports in the LAG must have the same 802.1p priority. By default, ports are not members of a LAG and are not candidates to become part of a LAG. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
STEP 1 In the Load Balance Algorithm area, select one of the following load balancing STEP 2 algorithms: • MAC Address—Performs load balancing by source and destination MAC addresses on all packets. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
LAG—Select the LAG to be configured. • LAG Type—Displays the port type that comprises the LAG. • Description—Enter the name of the LAG. • Administrative Status—Set the LAG to operational (Up) or nonoperational (Down). Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 120
Flow Control on the LAG. • Current Flow Control—Displays the current Flow Control setting. • Protected Port—Check Enable to make the LAG a protected port for Layer 2 isolation. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
If the port LACP priority of the link is lower than that of the currently active link members, and the number of active members is already at the maximum number, the link becomes inactive, and placed in standby mode. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 122
Click Apply. The LACP system priority is defined, and the Running Configuration is STEP 3 updated. To edit the LACP settings for a specific port, select the desired port, and click Edit. STEP 4 Enter the following information: STEP 5 Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Ethernet on the port, or uncheck to disable it on the port. Click Apply. The Energy Efficient Ethernet is enabled or disabled on the port, and STEP 3 the Running Configuration is updated. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 124
Port Management Configuring Energy Efficient Ethernet Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
802.3at SG220-50P 375 Watts 1 to 48 802.3at SF220-28MP 375 Watts 1 to 24 802.3at The switch should be connected only to PoE networks without routing to the CAUTION outside plant. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Eliminates the need to run 110/220 V AC power to all devices on a wired LAN. • Removes the necessity for placing all network devices next to power sources. • Eliminates the need to deploy double cabling systems in an enterprise significantly decreasing installation costs. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 127
There are two factors to consider in the PoE feature: • The amount of power that the PSE can supply • The amount of power that the PD is actually attempting to consume You can decide the following: Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
These settings are entered in advance. When the PD actually connects and is consuming power, it might consume much less than the maximum power allowed. Power is disabled during power-on reboot, initialization, and system configuration to ensure that PDs are not damaged. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 129
Allocated Power—Displays the amount of power allocated for the PoE ports. • Available Power—Nominal power minus the amount of allocated power. Click Apply. The PoE properties are defined, and the Running Configuration is STEP 3 updated. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
• Administrative Power Allocation—If the power mode is Power Limit, enter the maximum amount of power in milliwatts allocated to the port. The default is 30,000 mW. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 131
Signatures are the means by which the powered device identifies itself to the PSE. Signatures are generated during powered device detection, classification, or maintenance. Click Apply. The PoE port settings are defined, and the Running Configuration is STEP 4 updated. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 132
Power over Ethernet Configuring PoE Port Settings Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
A port in VLAN Access mode can be part of only one VLAN. If it is in General or Trunk mode, the port can be part of one or more VLANs. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 134
GVRP information exchanged by devices. A VLAN can be static or dynamic (from GVRP), but not both. For more information about GVRP, refer to the Configuring GVRP section. Some VLANs can have additional roles, including: Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
VLAN. The default VLAN has the following characteristics: • Distinct, nonstatic, and non-dynamic, and all ports are untagged members by default. • Cannot be deleted. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Each VLAN must be configured with a unique VID (VLAN ID) with a value from 1 to 4094. The switch reserves VID 4095 as the Discard VLAN. All packets classified to the Discard VLAN are discarded at ingress, and are never forwarded to a port. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
To configure the interface’s VLAN settings: Click VLAN Management > Interface Settings. STEP 1 Select an interface type (Port or LAG), and click Go. STEP 2 Select a port or LAG, and click Edit. STEP 3 Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 138
Ingress filtering can be disabled or enabled on general ports. It is always enabled on access ports and trunk ports. • Uplink—(Available in Trunk mode) Check Enable to set the interface as an uplink port. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
PVID—Check to set the PVID of the interface to the VID of the VLAN. PVID is a per-port setting. Click Apply. The interfaces are assigned to the VLAN, the Running STEP 4 Configuration is updated. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Operational VLANs—Displays all VLANs of which the interface is currently a member. • LAG—If the interface selected is Port, displays the LAG in which it is a member. Select a port, and click Join VLAN. STEP 3 Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 141
VLAN membership. Click Apply. The settings are modified, and the Running Configuration is updated. STEP 5 To see the administrative and operational VLANs on an interface, click Details. STEP 6 Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
VLANs are not created. • GVRP Registration—Displays the VLAN registration mode on the interface. To define the GVRP settings for an interface, select the desired interface and click STEP 5 Edit. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Ethernet MAC address. For more information about Telephony OUI, see the Configuring Telephony OUI section. • Auto Voice VLAN—In Auto Voice VLAN mode, the voice VLAN can be either the default voice VLAN or manually configured. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 144
Add an interface to the voice VLAN on the basis of the OUI identifier and to configure the OUI QoS mode of voice VLAN as described in the Adding Interfaces to Voice VLAN on Basis of OUIs section. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
VLAN. The OUI Global table can hold up to 16 OUIs. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 146
Click Apply. The OUI is added, and the Running Configuration is updated. STEP 6 Click Restore Default OUI to delete all user-created OUIs, and leave only the STEP 7 default OUIs in the table. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Manual —Manually assigned to the voice VLAN. • Telephony OUI QoS Mode—Select one of the following options: Telephony Source MAC Address —QoS attributes are applied only on packets from IP phones. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 148
—QoS attributes are applied only on all packets that are classified to the voice VLAN. Click Apply. The Telephony OUI interface settings are defined, and the Running STEP 4 Configuration is updated. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
STP provides a tree topology for any arrangement of switches and interconnecting links, creating a unique path between end stations on a network, eliminating loops. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
In the Global Settings area, enter the following information: STEP 2 • Spanning Tree State—Enable or disable STP on the switch. • STP Loopback Guard—Select to enable Loopback Guard on the device. • STP Operation Mode—Select the STP mode. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 151
Root Port—The port that offers the lowest cost path from this bridge to the Root Bridge. (This is significant when the bridge is not the root.) • Root Path Cost—The cost of the path from this bridge to the root. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
BPDU Filter—If enabled, the interface will not send and receive BPDU messages. • Path Cost—Select User Defined to enter the port contribution to the root path cost, or select Use Default to use the default cost generated by the system. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Use the RSTP Interface Settings page to configure RSTP per port. Any configuration that is done on this page is active when the global STP mode is set to RSTP or MSTP. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 154
Backup ports also occur when a LAN has two or more connections connected to a shared segment. Disabled—The port is not participating in Spanning Tree. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Set the STP operation mode to MSTP as described in the Configuring STP STEP 1 Status and Global Settings section. Define global MSTP parameters as described in the Configuring MSTP STEP 2 Properties section. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
STEP 2 • Region Name—Enter the MSTP region name. • Revision—Enter an unsigned 16-bit number that identifies the revision of the current MSTP configuration. The field range is from 0 to 65535. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Action—Select either Add or Remove to map or remove the VLANs to or from the MSTP instance. Click Apply. The VLAN-to-MSTP instance mapping is defined, and the Running STEP 4 Configuration file is updated. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
To configure the MSTP interface settings: Click Spanning Tree > MSTP Interface Settings. STEP 1 Select an MSTP instance and the interface type (Port or LAG) and click Go. STEP 2 Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 159
LAN to the Root Bridge for the MST instance. Alternate—The port provides an alternate path to the root device from the root interface. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 160
Ports with a lower cost are less likely to be blocked if STP detects loops. • Remaining Hops—Displays the hops remaining to the next destination. Click Apply. The Running Configuration is updated. STEP 5 Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
MAC address that is not found in the tables, they are transmitted or broadcast to all ports on the relevant VLAN. Such frames are referred to as unknown Unicast frames. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Delete on Timeout—The MAC address is deleted when aging occurs. Secure—The MAC address is secure when the port is in classic locked mode. Click Apply. The static MAC address is added, and the Running Configuration is STEP 4 updated. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
For example, if you entered 300 seconds, the aging time is between 300 and 599 seconds. Click Apply. The aging time is defined, and the Running Configuration is updated. STEP 3 Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Table Sort Key drop-down menu, and click Go. The address table will be sorted by VLAN ID, MAC address, or interface. Click Clear Table to delete all dynamic MAC addresses. STEP 5 Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Bridge—Forwards the packet to all VLAN members. Discard—Deletes the packet. Peer—Drops or deals with the packet depending on the protocol. Click Apply. The MAC address is reserved, and the Running Configuration is STEP 4 updated. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
The data is sent only to relevant ports. Forwarding the data only to the relevant ports conserves bandwidth and host resources on links. For Multicast forwarding to work across IP subnets, nodes, and routers must be Multicast-capable. A Multicast-capable node must be able to: Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 167
Multicast information that each port should receive. The Multicast groups and their receiving ports can be configured statically or learned dynamically using IGMP or Multicast Listener Discovery (MLD) protocols snooping. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 168
Each IPv4 Multicast address is in the address range 224.0.0.0 to 239.255.255.255. • The IPv6 Multicast address is FF00:/8. • To map an IP Multicast group address to an Layer 2 Multicast address: Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Unknown Multicast Action—Choose how to deal with unknown Multicast frames. The possible options are: Drop —Drops unknown Multicast frames. Flood —Floods unknown Multicast frames. Forward to Router Port —Forwards unknown Multicast frames to Mrouter port. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
STEP 6 • Static—Attaches the port to the Multicast group as a static member. • None—Indicates that the port is not currently a member of this Multicast group on this VLAN. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
There should be only one IGMP querier in a Layer 2 multicast domain. The switch supports standards-based IGMP querier election when more than one IGMP querier is present in the domain. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 172
Query Interval—Enter the interval between the general queries to be used if this switch is the elected querier. • Query Max Response Interval—Enter the delay used to calculate the maximum response code inserted into the periodic general queries. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Multicast groups. The switch does not support MLD querier. The switch supports two MLD Snooping versions: • MLDv1 Snooping detects MLDv1 control packets, and sets up traffic bridging, based on IPv6 destination Multicast addresses. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 174
Multicast traffic. The switch performs MLD Snooping only when MLD Snooping is enabled globally and on the VLAN. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
VLAN ID equals to—Enter the VLAN ID to query. • IP Version equals to—Select either Version 4 or Version 6. • IP Multicast Group Address equals to—Enter the IP Multicast group address to query. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Click Go. The interfaces matching the query criteria are displayed. STEP 3 For each interface, select its association type. The options are: STEP 4 • Static—The port is statically configured as a Multicast router port. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Forbidden—The port cannot receive any registered Multicast streams, even if IGMP/MLD snooping designated the port to join a Multicast group. • None—The port is not currently a Forward All port. Click Apply. The Running Configuration is updated. STEP 4 Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
IP group range, and assign the profile to an interface. The Multicast filter settings will be applied to the selected interface. This section includes the following topics: • Configuring Multicast Filter Profiles Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
STEP 1 Select the IP version and the interface type (Port and LAG), and click Go. STEP 2 Select an interface and click Edit. STEP 3 Enter the following information: STEP 4 Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 180
Filter Profile Index—If enabled, select the Multicast filter profile to be applied. The Multicast filter settings defined in the profile are applied to the interface. Click Apply. The Running Configuration is updated. STEP 5 Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
If the ARP response shows that the IPv4 address is in use, the switch sends a DHCPDECLINE message to the offering DHCP server, and sends another DHCPDISCOVER packet that restarts the process. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 182
IP address must be defined and known. The default configuration of the switch is to use its factory default IP address of 192.168.1.254. The switch IP address can be manually configured. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Operational Default Gateway—Displays the current default gateway IP address. If the switch is not configured with a default gateway, it cannot NOTE communicate with other devices that are not in the same IP subnet. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
IPv6 Address—Enter the IPv6 address of the switch. • Prefix_Length—Enter the length of the global IPv6 prefix of the switch. • IPv6 Gateway—Enter the link local IPv6 address of the default router. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
IP addresses through the use of one or more configured DNS servers. This section describes how to define DNS servers and includes the following topics: • Configuring General DNS Settings • Viewing Static and Dynamic DNS Servers • Configuring Host Mapping Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Preference—Select the preference value for the DNS server. Each server has a preference value, a lower value means a higher chance of being used. Click Apply. The DNS server is defined, and the Running Configuration is updated. STEP 8 Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
The following fields are displayed: • Host Name—User-defined host name or fully-qualified name. • IP Address—The host IP address. • IP Version—IP version of the host IP address. • Type—Static entry to the cache. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 188
IP Address (es)—Enter a single address or up to eight associated IP addresses (IPv4 or IPv6). Click Apply. The host mapping is added, and the Running Configuration is STEP 4 updated. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Configuring Security The Cisco 220 switch handles various types of security, such as permission to administer the switch, protection from attacks directed at the switch CPU, access control of end-users to the network through the switch, protection from other network users (prevent the attacks that pass through, but are not directed at, the switch).
Configuring Users Configuring Users The default username/password is cisco/cisco. The first time that you log in with the default username and password, or when the current password expires, you are required to set a new password. Password complexity is enabled by default.
TACACS+ server. If you enter the default key string here and a key string for an individual TACACS+ server, the key string configured for the individual TACACS+ server takes precedence. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 192
Authentication IP Port—Enter the port number through which the TACACS+ session occurs. The default is port 49. Click Apply. The TACACS+ server is added, and the Running Configuration is STEP 6 updated. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Configuration is updated. To add a RADIUS server, click Add. STEP 4 Enter the following information: STEP 5 • Server Definition—Select whether to specify the RADIUS server by IP address or name. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 194
All—RADIUS server is used for authenticating user that wants to administer the switch and for authentication in 802.1X access control. Click Apply. The RADIUS server is added, and the Running Configuration is STEP 6 updated. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
All of the above • Action—Permits or denies access to an interface or source address. • Interface—Which ports or LAGs are permitted to access or denied access to the web-based interface. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
A caution message appears if you selected Console Only. If you continue, NOTE you are immediately disconnected from the web-based interface and can only access the switch through the console port. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 197
Deny—Denies access to the switch if the user matches the settings in the profile. • Applies to Interface—Select the interface attached to the rule. The options are: All—Applies to all ports, VLANs, and LAGs. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
For example, you can limit access to the switch from all IP addresses except IP addresses that are allocated to the IT management center. In this way, the switch can still be managed and has gained another layer of security. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 199
Applies to Interface—Select the interface attached to the rule. The options are: All—Applies to all interfaces. User Defined—Applies only to a specific port or LAG. You need to select a port or LAG from the Interface drop-down menu. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Click Security > Password Strength. STEP 1 Enter the password aging parameters: STEP 2 • Password Aging—Check Enable to ask the user to change the password when the Password Aging Time expires. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 201
• The New Password Must Be Different than the User Name—If selected, the new password cannot be the same as the current username upon a password change. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
RADIUS servers. • TACACS+—User is authenticated on a TACACS+ server. You must have configured one or more TACACS+ servers. • None—User is allowed to access the switch without authentication. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Remote Port—TCP port of the remote device that is requesting the service. • State—The state of the service. The optional values are: ESTABLISHED—The socket has an established connection. SYN_SENT—The socket is actively attempting to establish a connection. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 204
HTTPS Service—Check Enable to enable the HTTPS service, or uncheck to disable it. The default is enabled. • SNMP Service—Check Enable to enable the SNMP service, or uncheck to disable it. The default is disabled. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Click Apply. The storm control parameters are defined, and the Running STEP 3 Configuration is updated. To modify the storm control settings for a port, select the desired port and click STEP 4 Edit. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 206
Drop —Discard the frames received beyond the threshold. Shutdown —Shut down the port. Click Apply. The port’s storm control settings are modified, and the Running STEP 6 Configuration is updated. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Use the Port Security page to configure the security parameters for all ports, and to enable their modification. To configure port security: Click Security > Port Security. STEP 1 Select a port and click Edit. STEP 2 Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 208
The switch enables traps when a packet is received on a locked interface. This is relevant for lock violations. Click Apply. Port security is modified, and the Running Configuration is updated. STEP 4 Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
• Multi-Session 802.1X—Every device (supplicant) connecting to a port must be authenticated and authorized by the switch (authenticator) separately in a different 802.1x session. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
The Guest VLAN cannot be used as the Voice VLAN and an unauthenticated VLAN. 802.1X Parameters Workflow Define the 802.1X parameters as follows: • Define 802.1X settings for each port by using the Edit Port Authentication page. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
A port with 802.1x defined on it cannot become a member of a LAG. NOTE Click Security > 802.1X > Port Authentication. STEP 1 Select a port, and click Edit. STEP 2 Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 212
VLAN attributes to be sent by the RADIUS server (as defined in RFC 3580): [64] Tunnel-Type = VLAN (type 13) [65] Tunnel-Medium-Type = 802 (type 6) [81] Tunnel-Private-Group-Id = VLAN ID Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 213
Supplicant Timeout-—Enter the number of seconds that lapses before EAP requests are resent to the supplicant. • Server Timeout—Enter the number of seconds that lapses before the switch resends a request to the authentication server. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Host Authentication—Select one of the modes. These modes are described above in Defining Host and Session Authentication. The following fields are only relevant if you select Single in the Host NOTE Authentication field. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Session Time (DD:HH:MM:SS)—Amount of time that the supplicant was logged on the port. • Authentication Method—Method by which the last session was authenticated. • MAC Address—Displays the supplicant MAC address. • VLAN ID—Displays the supplicant VLAN ID. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
One method of resisting DoS attacks employed by the switch is the use of SCT. SCT is enabled by default on the switch and cannot be disabled. The Cisco device is an advanced device that handles management traffic, protocol traffic and snooping traffic, in addition to end-user (TCP) traffic. SCT ensures that the switch receives and processes management and protocol traffic, no matter how much total traffic is received.
• IP Gratuitous ARPs Protection—Check Enable to enable the IP gratuitous ARP protection feature on the port, or uncheck to disable this feature on the port. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
SYN and FIN flags are dropped on the ports that enabled DoS protection. • SYN Protection Mode—Select one of the following protection modes: Disable—The feature is disabled on the port. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Write Delay—Enter the duration in seconds for which the transfer should be delayed after the DHCP Snooping binding database changes. The default is 300 seconds. The range is from 15 to 86400 seconds. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Select the interface type (Port or LAG), and click Go. STEP 2 Select an interface and click Edit. STEP 3 Enter the following information: STEP 4 • Trusted Interface—Select to trust or not trust the selected interface. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
MAC Address—MAC address found during the query. • IP Address—IP address found during the query. • Interface—Interface connected to the address found during the query. • Type—IP address binding type. The possible values are: Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Invalid Drop—Total number of packets that are dropped due to invalid. Click Refresh to refresh the data in the table, or click Clear to clear all data in the STEP 3 table. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Enter the following information: STEP 3 • Interface—Select a port or a LAG. • VLAN Status—Check Enable to use circuit ID on a specific VLAN, or uncheck to use circuit ID on all VLANs. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Enter the following information: STEP 4 • Interface—Select a port or LAG. • IP Source Guard—Check Enable to enable IP Source Guard on the interface, or uncheck to disable this feature on the interface. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
—Indicates the IP address is a static IP address. • Lease Time—The amount of time that the IP address is active. IP addresses whose lease times are expired are deleted from the database. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Source MAC Address—Compares the packet’s source MAC address in the Ethernet header against the sender’s MAC address in the ARP request. This check is performed on both ARP requests and responses. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Configuring ARP Inspection Properties more details. Configure interfaces as ARP trusted or untrusted on the Security > ARP Inspection STEP 2 > Interface Settings page. See Configuring ARP Inspection Trusted Interfaces for more details. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Allow all-zeros IP —If IP address validation is enabled, check Enable to allow 0.0.0.0 the IP address. Click Apply. The ARP Inspection properties are defined, and the Running STEP 3 Configuration is updated. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Rate Limit (pps)—Enter the maximum rate that is allowed on the interface. The range is 1 to 300 pps and the default is 15. Click Apply. The ARP Inspection trusted interfaces are defined, and the Running STEP 5 Configuration is updated. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
ARP Inspection list. If the addresses match, the packet passes through the interface. • If the switch does not find a matching IP address, but DHCP Snooping is enabled on the VLAN, the switch checks the DHCP Snooping database for Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 234
Select the VLANs from the Available VLANs column and add them to the Enabled STEP 2 VLANs column. Click Apply. ARP Inspection settings are applied on the selected VLANs, and the STEP 3 Running Configuration is updated. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
To associate more than one ACL with a port, a policy with one or more class maps must be used (see Configuring QoS Policies in the Configuring QoS Advanced Mode section). Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 237
IPv6-based ACL on the IPv6-Based ACL page and the IPv6-Based ACE page. See Configuring IPv6-based ACLs Configuring IPv6-based ACEs for more details. Associate the ACL with interfaces on the ACL Binding page. See Configuring ACL STEP 2 Binding for more details. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Enter the name of the new ACL in the ACL Name field. ACL names are STEP 3 case-sensitive. Click Apply. The MAC-based ACL is added, and the Running Configuration is STEP 4 updated. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
User Defined to enter a destination address or a range of destination addresses. Destination MAC Address Value —Enter the MAC address to which the destination MAC address will be matched and its mask (if relevant). Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 240
—Enter the wildcard mask to be applied to the VPT tag. • Ethertype—Enter the frame Ethertype to be matched. Click Apply. The MAC-based ACE is defined, and the Running Configuration is STEP 5 updated. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
STEP 4 updated. Click IPv4-Based ACE Table. STEP 5 The IPv4-Based ACE page opens. You can view and/or add rules to this IPv4- based ACL. See Configuring IPv4-Based ACEs for more details. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Select from list—Select one of the following protocols from the drop- down menu: ICMP—Internet Control Message Protocol IP in IP—IP in IP encapsulation TCP—Transmission Control Protocol EGP—Exterior Gateway Protocol IGP—Interior Gateway Protocol UDP—User Datagram Protocol HMP—Host Mapping Protocol RDP—Reliable Datagram Protocol Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 243
Any—Match to all source ports. Single—Enter a single TCP/UDP source port to which packets are matched. This field is active only if TCP or UDP is selected from the Select from list drop-down menu. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 244
ICMP Code—The ICMP messages can have a code field that indicates how to handle the message. Select Any to accept all codes, or select User Defined to enter an ICMP code for filtering purposes. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Select an IPv6-based ACL, and click Go. All currently defined IPv6-based ACEs for STEP 2 the selected ACL are displayed. To add a rule (ACE) for the selected ACL, click Add. STEP 3 Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 246
—Enter the prefix length of the source IP address. • Destination IP Address—Select Any if all destination address are acceptable, or select User Defined to enter a destination address or a range of destination addresses. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 247
ICMP—If the ACL is based on ICMP, select the ICMP message type that will be used for filtering purposes. The options are: Any (IP)—All message types are accepted. Select from list—Select the message type by name from the drop-down list. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
IPv4 ACL—IPv4-based ACLs that are bound to the interface (if any). • IPv6 ACL—IPv6-based ACLs that are bound to the interface (if any). To unbind all ACLs from an interface, select the interface, and click Clear. STEP 3 Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 249
Click Apply. The ACL binding setting is modified, and the Running Configuration is STEP 6 updated. If no ACL is selected, the ACLs that are previously bound to the interface are NOTE unbound. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
ACL, and only traffic that meets the ACL criteria is subject to cost of service (CoS) or QoS classification. • Assignment to Hardware Queues—Assigns incoming packets to forwarding queues. Packets are sent to a particular queue for handling as a Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 251
When changing from QoS basic mode to QoS advanced mode, the QoS trust mode configuration in QoS basic mode is not retained. • When disabling QoS, the shaper and queue setting (WRR/SP bandwidth setting) are reset to default values. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Remark the DSCP value for egress traffic from each queue as described in Mapping Queue to DSCP section. Enter bandwidth and rate limits: STEP 7 • Set ingress rate limit and egress shaping rate per port as described in the Configuring Bandwidth section. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
(that do not have a VLAN tag). The range is 0 to 7. The default CoS value is applicable only if the switch is in QoS basic mode and CoS/802.1p is the trusted mode. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
WRR queues. After the SP queues have been emptied, traffic from the WRR queues is forwarded. (The relative portion from each WRR queue depends on its weight). Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
802.1p priority will be the default CoS/802.1p priority assigned to the ingress ports. 802.1p Values Queue Notes (0 to 7, 7 being (8 queues, 8 being the highest) the highest priority) Background Best Effort Excellent Effort Critical Application LVS phone SIP Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 256
Click Apply. 802.1p priority values to queues are mapped, and the Running STEP 3 Configuration is updated. Click Restore Defaults to restore the CoS/802.1p to Queue mappings to factory STEP 4 defaults. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
The Ingress DSCP column displays the DSCP value in the incoming packet and its associated class. Select the traffic forwarding queue from the Output Queue drop-down menu to STEP 2 which the DSCP value is mapped. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
For each output queue, select the IP precedence to which egress traffic from the STEP 2 queue is remarked. Click Apply. The Running Configuration is updated. STEP 3 Click Restore Defaults to restore the queue to IP precedence mappings to factory STEP 4 defaults. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Remark IP Precedence—Check Enable to remark the IP precedence for egress traffic on this port or LAG. • Remark DSCP—Check Enable to remark the DSCP value for egress traffic on this port or LAG. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
The switch limits all frames except for management frames. Any frames that are not limited are ignored in the rate calculations, meaning that their size is not included in the limit total. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
VLAN rate limit values will be applied on each of the devices independently. This feature requires that the switch is in QoS basic mode or in QoS advanced mode. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
• Interface—Enter an interface or a range of interfaces. The interfaces must be bound to the selected VLAN. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
If there is any port that, as an exception, should not trust the incoming CoS mark, STEP 3 disable the QoS state on that port on the Interface Settings page, as described in Configuring Basic QoS Interface Settings section. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
The actual mapping of the IP precedence to queue can be configured on the IP Precedence to Queue page. • CoS/802.1p-DSCP—Uses the trust CoS mode for non-IP traffic and trust DSCP mode for IP traffic. Click Apply. The Running Configuration is updated. STEP 3 Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
A class map defines a flow with one or more associating ACLs. Packets that match only ACL rules (ACE) in a class map with Permit (forward) action are considered belonging to the same flow, and are subjected to the same Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 266
Select the trust mode for QoS advanced mode on the Global Settings page, as STEP 2 described in the Configuring Advanced QoS Global Settings section. Create ACLs as described in the Creating ACLs Workflow section. STEP 3 Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
VLAN tag, or based on the per-port default CoS/802.1p value (if there is no VLAN tag on the incoming packet), the actual mapping of the VPT to queue can be configured on the CoS/802.1p to Queue page. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
If more complex sets of rules are needed, several class maps can be grouped into a super-group called a policy (see the Configuring QoS Policies section). Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
It can be done by using the ACLs in the class maps to match the desired traffic, and by using a policer to apply the QoS on the matching traffic. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
QoS to all of its flows in aggregation regardless of policies and ports. To define an aggregate policer: Click Quality of Service > QoS Advanced Mode > Aggregate Policer. STEP 1 Click Add. STEP 2 Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
STEP 3 Click Apply. The QoS policy profile is added, and the Running Configuration is STEP 4 updated. Click Policy Class Map Table to display the Policy Class Maps page. STEP 5 Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Aggregate Policer—If Police Type is Aggregate, select a previously defined aggregate policer. • Ingress Committed Information Rate (CIR)—If Police Type is Single, enter the CIR in kbps. See the description in the Configuring Bandwidth section. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
To view the policies bound to all interfaces, click Show Policy Binding Per Port. STEP 5 The Policy Binding Table displays the policy bound to each interface. Click Back to return to the previous page. STEP 6 Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Configuring SNMP Notification Recipients SNMP Versions and Workflow The Cisco 220 switch functions as an SNMP agent and supports SNMP v1, v2, and v3. It also reports system events to trap receivers using the traps defined in the Management Information Base (MIB) that it supports.
Page 275
Configuring SNMP Views section. Define SNMP groups on the SNMP > Groups page, as described in the STEP 2 Configuring SNMP Groups section. The group can be associated with the specified SNMP view. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 276
The SNMP users can be associated with an SNMP group. Define the notification recipients on the SNMP > Notification Recipients SNMPv3 STEP 5 page as described in the Configuring SNMPv3 Notification Recipients section. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
MAC address. The SNMP Engine ID must be unique for the administrative domain, so that no two devices in a network have the same Engine Local information is stored in four MIB variables that are read-only (snmpEngineId, snmpEngineBoots, snmpEngineTime, and snmpEngineMaxMessageSize). Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 279
Server IP Address/Name—Enter the IP address or domain name of the remote server that receives the traps. • Engine ID—Enter the Engine ID. Click Apply. The remote Engine ID is defined, and the Running Configuration is STEP 6 updated. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Include In View—Check to include the selected MIBs in this view, or uncheck to exclude them. Click Apply. The SNMP view is defined, and the Running Configuration is updated. STEP 4 Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
To add a new SNMP group, click Add. STEP 2 Enter the following information: STEP 3 • Group Name—Enter the new group name. • Security Model—Select the SNMP version (SNMPv1, SNMPv2, or SNMPv3) attached to the group. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
An SNMP user is defined by the login credentials (username, passwords, and authentication method) and by the context and scope in which it operates by association with a group and an Engine ID. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 283
Privacy Password—Select Encrypted to enter an encrypted privacy password, or select Plaintext to enter the privacy password in plaintext format. The password that is used for generating a key by the DES method. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Admin) and, optionally, further qualify it for a specific view. By default, it applies to the entire MIB. If this option is selected, enter the following fields: Access Mode —Select the access rights of the community. The options are: Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
An SNMP notification is a message sent from the switch to the SNMP management station indicating that a certain event has occurred, such as a link up/ down. This section describes how to configure SNMP notification recipients and includes the following topics: Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Notification Version—Select the trap SNMP version. Either SNMPv1 or SNMPv2 may be used, with only a single version enabled at a single time. Click Apply. The SNMPv1,2 notification recipient is defined, and the Running STEP 4 Configuration is updated. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
No Authentication —Indicates that the packet is neither authenticated nor encrypted. Authentication —Indicates that the packet is authenticated but not encrypted. Privacy —Indicates that the packet is both authenticated and encrypted. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Page 288
Authentication and Privacy on the Users page, the security level on this screen can be either No Authentication, or Authentication, or Privacy. Click Apply. The SNMPv3 notification recipient is defined, and the Running STEP 4 Configuration is updated. Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x...
Where to Go From Here Cisco provides a wide range of resources to help you and your customer obtain the full benefits of the Cisco 220 Series Smart Switches. Cisco Support Community www.cisco.com/go/smallbizsupport Cisco Support and www.cisco.com/go/smallbizhelp Resources Phone Support Contacts www.cisco.com/en/US/support/...