Page 1 ADMINISTRATION GUIDE Cisco ESW2 Series Advanced Switches...
Page 2: Table Of Contents
Defining RMON Events Control Viewing the RMON Events Logs Defining RMON Alarms Chapter 3: Administration: System Log Setting System Log Settings Setting Remote Logging Settings Viewing Memory Logs RAM Memory Flash Memory Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 3 Backward Compatibility of Number of Units in Stack Unit LEDs Stack Topology Types of Stack Topology Topology Discovery Unit ID Assignment Duplicate Unit IDs Master Selection Process Stack Changes Connecting a New Unit Unit Failure in Stack Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 4 System Mode and Stack Management Chapter 6: Administration: General Information Device Models System Information Displaying the System Summary Configuring the System Settings Console Settings (Autobaud Rate Support) Rebooting the Device Routing Resources Monitoring Fan Status Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 5 Viewing CPU Utilization and Secure Core Technology Chapter 9: Administration: Discovery Configuring Bonjour Discovery Bonjour in Layer 2 System Mode Bonjour in Layer 3 System Mode LLDP and CDP Configuring LLDP LLDP Overview Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 6 Defining LAG Management Configuring LAG Settings Configuring LACP LACP Priority and Rules LACP With No Link Partner Setting LACP Parameter Settings Configuring Green Ethernet Green Ethernet Overview Power Saving by Disabling Port LEDs Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 7 Relationships with Other Features and Backwards Compatibility Common Smartport Tasks Configuring Smartport Using The Web-based Interface Smartport Properties Smartport Type Settings Smartport Interface Settings Built-in Smartport Macros Chapter 12: Port Management: PoE PoE on the Device Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 8 Voice VLAN Overview Dynamic Voice VLAN Modes Voice End-Points Auto Voice VLAN, Auto Smartports, CDP, and LLDP Voice VLAN QoS Voice VLAN Constraints Voice VLAN Workflows Configuring Voice VLAN Configuring Voice VLAN Properties Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 9 Defining MSTP Interface Settings Chapter 15: Managing MAC Address Tables Types of MAC Addresses Configuring Static MAC Addresses Managing Dynamic MAC Addresses Configuring Dynamic MAC Address Aging Time Querying Dynamic Addresses Defining Reserved MAC Addresses Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 10 Defining an IPv4 Interface in Layer 2 System Mode Defining IPv4 Interface in Layer 3 System Mode IPv4 Routes RIPv2 Access List IPv4 VRRP Virtual Routers ARP Proxy UDP Relay/IP Helper DHCPv4 Snooping/Relay DHCPv4 Snooping DHCPv4 Relay Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 11 IPv6 Static Routing IPv6 Global Configuration IPv6 Interface IPv6 Tunnel Types of Tunnels Configuring Tunnels Defining IPv6 Addresses IPv6 Router Configuration Router Advertisement IPv6 Prefixes IPv6 Default Router List Defining IPv6 Neighbors Information Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 12 RIPv2 Settings on an IP Interface Displaying RIPv2 Statistic Counters Displaying the RIPv2 Peers Database Access Lists Creating an Access List Populate an Access List Chapter 19: IP Configuration: IPv4 VRRP Virtual Routers Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 13 Accounting Using a RADIUS Server Defaults Interactions With Other Features Radius Workflow Key Management Key Management Creating a Key Chain Creating a Key Settings Configuring Management Access Authentication Defining Management Access Method Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 14 Dependencies Between Features Default Configuration Configuring DoS Prevention Security Suite Settings SYN Protection Martian Addresses SYN Filtering SYN Rate Protection ICMP Filtering IP Fragmented Filtering IP Source Guard Interactions with Other Features Filtering Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 15 Supported Algorithms Before You Begin Common Tasks SSH Client Configuration Through the GUI SSH User Authentication SSH Server Authentication Modifying the User Password on the SSH Server Chapter 22: Security: SSH Server Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 16 File SSD Indicator SSD Control Block Startup Configuration File Running Configuration File Backup and Mirror Configuration File Sensitive Data Zero-Touch Auto Configuration SSD Management Channels Menu CLI and Password Recovery Configuring SSD SSD Properties Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 17 Configuring VLAN Ingress Rate Limit TCP Congestion Avoidance QoS Basic Mode Workflow to Configure Basic QoS Mode Configuring Global Settings Interface QoS Settings QoS Advanced Mode Workflow to Configure Advanced QoS Mode Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 18 Model OIDs SNMP Engine ID Configuring SNMP Views Creating SNMP Groups Managing SNMP Users Defining SNMP Communities Defining Trap Settings Notification Recipients Defining SNMPv1,2 Notification Recipients Defining SNMPv3 Notification Recipients SNMP Notification Filters Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 19: Chapter 1: Getting Started
• If you have multiple IPv6 interfaces on your management station, use the IPv6 global address instead of the IPv6 link local address to access the device from your browser. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 20: Launching The Configuration Utility
IP address, the power LED is on solid. Logging In The default username is cisco and the default password is cisco. The first time that you log in with the default username and password, you are required to enter a new password.
Page 21: Http/Https
Getting Started Starting the Web-based Configuration Utility If this is the first time that you logged on with the default user ID (cisco) and the STEP 3 default password (cisco) or your password has expired, the Change Password Page appears. See Password Expiration for additional information.
Page 22: Logging Out
Getting Started page. If you did not select this option, the initial page is the Getting Started page. If you did select this option, the initial page is the System Summary page. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 23: Quick Start Device Configuration
Configuration/Log page Create MAC Based ACL MAC Based ACL page Create IP Based ACL IPv4 Based ACL page Configure QoS QoS Properties page Configure Port Mirroring Port and VLAN Mirroring page Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 24: Interface Naming Conventions
Getting Started Interface Naming Conventions There are two hot links on the Getting Started page that take you to Cisco web pages for more information. Clicking on the Support link takes you to the device product support page, and clicking on the Forums link takes you to the Small Business Support Community page.
Page 25 Enabling IPv4 routing is done differently in the two types of devices, as follows: SG500X/ESW2-550X—IPv4 routing must be enabled in the IPv4 Interface page. Sx500—When the device is switched from Layer 2 to Layer 3 system mode, IPv4 routing is automatically enabled. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 26: Window Navigation
Configuration and sets the device parameters according to the data in the Running Configuration. Username Displays the name of the user logged on to the device. The default username is cisco. (The default password is cisco). Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 27 SYSLOG Alert Status icon is no longer displayed. To display the page when there is not an active SYSLOG message, Click Status and Statistics > View Log > RAM Memory. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 28: Management Buttons
Counters interface. Clear Logs Clears log files. Clear Table Clears table entries. Close Returns to main page. If any changes were not applied to the Running Configuration, a message appears. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 29 2. Click Close to return to the main page. Enter the query filtering criteria and click Go. The results are displayed on the page. Test Click Test to perform the related tests. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 30: Chapter 2: Status And Statistics
Ethernet statistics are to be displayed. • Refresh Rate—Select the time period that passes before the interface Ethernet statistics are refreshed. The available options are: No Refresh—Statistics are not refreshed. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 31: Viewing Etherlike Statistics
The refresh rate of the information can be selected. This page provides more detailed information regarding errors in the physical layer (Layer 1), which might disrupt traffic. To view Etherlike Statistics and/or set the refresh rate: Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 32 To clear statistics counters: • Click Clear Interface Counters to clear the selected interfaces counters. • Click View All Interfaces Statistics to see all ports on a single page. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 33: Viewing Gvrp Statistics
Invalid Protocol ID—Invalid protocol ID errors. • Invalid Attribute Type—Invalid attribute ID errors. • Invalid Attribute Value—Invalid attribute value errors. • Invalid Attribute Length—Invalid attribute length errors. • Invalid Event—Invalid events. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 34: Viewing 802.1X Eap Statistics
EAP Response Frames Received—EAP Response frames received by the port (other than Resp/ID frames). • EAP Request/ID Frames Transmitted—EAP Req/ID frames transmitted by the port. • EAP Request Frames Transmitted—EAP Request frames transmitted by the port. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 35: Viewing Tcam Utilization
• Maximum TCAM Entries for IPv4 and IPv6 Routing—Maximum TCAM entries available. • IPv4 Routing In Use—Number of TCAM entries used for IPv4 routing. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 36: Managing Rmon
History tab. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 37: Viewing Rmon Statistics
This number does not include Multicast packets. • Multicast Packets Received—Number of good Multicast packets received. • CRC & Align Errors—Number of CRC and Align errors that have occurred. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 38 2000 bytes, and Jumbo Frames, that were received. To clear statistics counters: • Click Clear Interface Counters to clear the selected interfaces counters. • Click View All Interfaces Statistics to see all ports on a single page. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 39: Configuring Rmon History
Click Apply. The entry is added to the History Control Table page and the Running STEP 4 Configuration file is updated. Click History Table to view the actual statistics. STEP 5 Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 40: Viewing The Rmon History Table
This number excludes frame bits, but includes FCS octets that had either a bad FCS (Frame Check Sequence) with an integral number of octets (FCS Error) or a bad FCS with a non-integral octet (Alignment Error) number. • Collisions—Collisions received. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 41: Defining Rmon Events Control
Log and Trap—Add a log entry to the Event Log table and send a trap to the remote log server when the alarm goes off. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 42: Viewing The Rmon Events Logs
After a falling alarm is issued, the next alarm is issued when a rising threshold is crossed. One or more alarms are bound to an event, which indicates the action to be taken when the alarm occurs. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 43 Startup Alarm—Select the first event from which to start generation of alarms. Rising is defined by crossing the threshold from a low-value threshold to a higher-value threshold. Rising Alarm—A rising value triggers the rising threshold alarm. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 44 Interval—Enter the alarm interval time in seconds. • Owner—Enter the name of the user or network management system that receives the alarm. Click Apply. The RMON alarm is saved to the Running Configuration file. STEP 4 Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 45 Status and Statistics Managing RMON Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 46: Chapter 3: Administration: System Log
(-) on each side (except for Emergency that is indicated by the letter F). For example, the log message "%INIT-I-InitCompleted: … " has a severity level of I, meaning Informational. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 47 Time and sent in a single message. The aggregated messages are sent in the order of their arrival. Each message states the number of times it was aggregated. • Max Aggregation Time—Enter the interval of time that SYSLOG messages are aggregated. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 48: Setting Remote Logging Settings
Server Definition—Select whether to identify the remote log server by IP address or name. • IP Version—Select the supported IP format. • IPv6 Address Type—Select the IPv6 address type (if IPv6 is used). The options are: Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 49: Viewing Memory Logs
You can configure the messages that are written to each log by severity, and a message can go to more than one log, including logs that reside on external SYSLOG servers. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 50: Ram Memory
Log Index—Log entry number. • Log Time—Time when message was generated. • Severity—Event severity. • Description—Message text describing the event. To clear the messages, click Clear Logs. The messages are cleared. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 51 Administration: System Log Viewing Memory Logs Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 52: Chapter 4: Administration: File Management
The possible methods of file transfer are: • Internal copy. • HTTP/HTTPS that uses the facilities that the browser provides. • TFTF/SCP client, requiring a TFTP/SCP server. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 53 The device has been operating continuously for 24 hours. No configuration changes have been made to the Running Configuration in the previous 24 hours. The Startup Configuration is identical to the Running Configuration. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 54 Copy one configuration file type to another configuration file type as described in the Copy/Save Configuration section. • Enable automatically uploading a configuration file from a DHCP server to the device, as described in the DHCP Auto Configuration section. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 55: Upgrade/Backup Firmware/Language
Image can be updated prior to connecting a unit to the stack. This is the recommended method. • Upgrade device or stack. If the stack is updated, the slave units are automatically updated. This is done as follows: Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 56: Upgrade/Backing Firmware Or Language File
Select one of the following Save Actions: • Upgrade—Specifies that the file type on the device is to be replaced with a new version of that file type located on a TFTP server. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 57 If you selected via SCP (Over SSH), see SSH Client Authentication STEP 5 instructions. Then, enter the following fields: (only unique fields are described, for non-unique fields, see the descriptions above) Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 58 • IP Version—Select whether an IPv4 or an IPv6 address is used. • IPv6 Address Type—Select the IPv6 address type (if used). The options are: Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 59: Active Image
To select the active image: Click Administration > File Management > Active Image. STEP 1 The page displays the following: • Active Image—Displays the image file that is currently active on the device. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 60: Download/Backup Configuration/Log
Rebooting the Device section. Configuration File Backwards Compatibility When restoring configuration files from an external device to the device, the following compatibility issues might arise: Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 61: Downloading Or Backing-Up A Configuration Or Log File
Click Administration > File Management > Download/Backup Configuration/ STEP 1 Log. Select the Transfer Method. STEP 2 If you selected via TFTP, enter the parameters. Otherwise, skip to STEP STEP 3 Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 62 Server Definition—Select whether to specify the TFTP server by IP address or by domain name. b. IP Version—Select whether an IPv4 or an IPv6 address is used. c. IPv6 Address Type—Select the IPv6 address type (if used). The options are: Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 63 (\ or /), the leading letter of the file name must not be a period (.), and the file name must be between 1 and 160 characters. (Valid characters: A-Z, a-z, 0-9, “.”, “-”, “_”). Click Apply. The file is upgraded or backed up. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 64 SSH user authentication method (password or public/private key), set a username and password on the device, if the password method is selected, and generate an RSA or DSA key if required. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 65 Source File Name—Enter the name of the source file. • Destination File Type—Select the configuration file type. Only valid file types are displayed. (The file types are described in the Files and File Types section). Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 66: Configuration Files Properties
If required, disable Auto Mirror Configuration. This disables the automatic STEP 2 creation of mirror configuration files. When disabling this feature, the mirror configuration file, if it exists, is deleted. See System Files for a description of Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 67: Copy/Save Configuration
Configuration or Backup Configuration. • From the Backup Configuration to the Running Configuration, Startup Configuration or Backup Configuration. • From the Mirror Configuration to the Running Configuration, Startup Configuration or Backup Configuration. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 68: Dhcp Auto Configuration
DHCPv4 server is supported and/or a DHCPv6 client in which auto configuration from a DHCPv6 server is supported. By default, the device is enabled as a DHCP client when the Auto Configuration feature is enabled. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 69: Dhcp Server Options
Backup information (configuration server name/address and configuration file name/path) can be configured in the Auto Configuration page. This information is used when the DHCPv4 message does not contain this information (but it is not used by DHCPv6). Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 70: Auto Configuration Download Protocol (Tftp Or Scp)
SSH password: anonymous The SSH Client authentication parameters can also be used when downloading a NOTE file for manual download (a download that is not performed through the DHCP Auto Configuration feature). Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 71: Auto Configuration Process
The SSH Server is configured in the SSH Trusted Servers list. If the SSH server authentication process is enabled, and the SSH server is not found in the SSH Trusted Servers list, the Auto Configuration process is halted. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 72: Configuring Dhcp Auto Configuration
In IPv4, to ensure that the device configuration functions as intended, due to allocation of different IP addresses with each DHCP renew cycle, it is recommended that IP addresses be bound to MAC addresses in the DHCP Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 73 Enter the following optional information to be used if no configuration file name STEP 3 was received from the DHCP server. • Backup Server Definition—Select By IP address or By name to configure the server. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 74 Backup Configuration File Name—Enter the path and file name of the file to be used if no configuration file name was specified in the DHCP message. Click Apply. The parameters are copied to the Running Configuration file. STEP 4 Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 75 Administration: File Management DHCP Auto Configuration Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 76: Chapter 5: Administration: Stack Management
The devices (units) in a stack are connected through stack ports. These devices are then collectively managed as a single logical device. The stack is based on a single master/backup and multiple slaves model. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 77 During Fast Stack Link failover, the master/backup units remain active and functioning. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 78: Types Of Units In Stack
Hybrid stack mode, its system mode will revert to the default system mode (SG500X: L3 and L2, Sx500: L2). If a stack whose unit IDs are manually-configured, those units whose ID is greater than 4 are switched to auto numbering. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 79: Unit Leds
Unit 5: LED 1 and 4 are lit. • Unit 6: LED 2 and 4 are lit. • Unit 7: LED 3 and 4 are lit. • Unit 8: LED 1, 3, and 4 are lit. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 80: Stack Topology
The following are examples of events that trigger this process: • Changing the stack topology from a ring to a chain • Merging two stacks into a single stack Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 81: Unit Id Assignment
The following shows a case where two units were manually assigned the same unit ID. Unit 1 does not join the stack and is shut down. It did not win the master selection process between the master-enabled units (1 or 2). Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 82 Administration: Stack Management Unit ID Assignment Duplicate Unit Shut Down The following shows a case where one of the duplicate units (auto-numbered) is renumbered. Duplicate Unit Renumbered Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 83: Master Selection Process
IDs are the same, the unit with the lowest MAC address is chosen. Note: The up time of the backup unit is retained when it is selected as master in the switch failover process. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 84: Stack Changes
No duplicate unit IDs exist. Units with user-defined IDs retain their unit ID. Units with automatically-assigned IDs retain their unit ID. Factory default units receive unit IDs automatically, beginning from the lowest available ID. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 85 The following shows an example of auto numbering when a new unit joins the stack. The existing units retain their ID. The new unit receives the lowest available Auto Number Unit Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 86: Unit Failure In Stack
LACP, and GVRP are not synchronized. When a master is being configured, it synchronizes the backup immediately. Synchronization is performed as soon as a command is executed. This is transparent. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 87: Master/Backup Switchover
Packet forwarding on the slave unit resumes after the state of its ports are set to forwarding by the master according to STP. Packet flooding to unknown unicast MAC addresses occurs until the NOTE MAC addresses are learned or relearned. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 88: Reconnecting The Original Master Unit After Failover
SG500X, since the feature set is that of the Sx500. In this mode, any type of device can take the master/backup roles. Only the 5G stacking ports can be used as stack ports. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 89: Stack Configuration Options
Slaves: Either type of device Stack consists of mixed device Enabled/ 1G/5G types in Advanced Hybrid mode. Disabled • Master: SG500X • Backup: SG500X • Slaves: Either type of device Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 90: Consistency Of Stack Unit Modes In The Stack
SG500X devices—If the device is in Standalone or Native Stacking mode, its System mode is always Layer 2 and 3. When the device is in Basic or Advanced Hybrid mode, it behaves as described above for Sx500 devices. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 91: Configuration After Reboot
You must indicate to the system (reserve) which ports you plan to use as stack ports (in the System Mode and Stack Management page). All ports that are not reserved to be stack ports, are considered to be network ports. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 92: Default Stack And Network Ports
Either 5G slot or 10G slot 10G slot (S1, S2) • Hybrid Modes: Only 5G slot available. SG500X Available as network ports Available as network 10G slot (XG1, ports XG1 network ports) Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 93: Port Speeds
This is done by configuring the stack ports speed to: • Auto Speed mode • Same speed on each side of the connection Cables Types Each type of stack port can be used with specific cable types. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 94 Cisco SFP-10G- supported supported supported supported Cisco SFP-10G- supported supported supported supported Cisco SFP-10G- supported supported supported supported 1G SFP Module MGBSX1 1G SFP Module MGBT1 1G SFP Module MGBLX1 Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 95 According According Forced user Forced user Forced Forced speed speed user speed user speed EEPROM EEPROM EEPROM EEPROM speed speed speed speed 1G speed 1G speed 1G speed 10G speed Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 96: Default Configuration
• Change the System mode (Layer 2/3) of a standalone device or of the stack. • Change the Queues mode from 4 to 8 supported queues or vice versa. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 97: System Mode Backwards Compatibility
Stack Unit Mode—Displays one of the following values for the device: Standalone—Device is not part of a stack. Native Stacking—Device is part of a stack in which all of the units are either SG500Xs or Sx500Xs. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 98 Speed—The speed of the stack port that is connected. Neighbor—Unit ID of the connected stack unit. • Stack Connection 2—Information for the second stack connection: Port—The type of the stack port that is connected. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 99 Stack Ports Speed—The speed of the network ports for connecting to neighbor units in the stack after reboot. Click Apply and Reboot to reboot the device with the new settings. STEP 5 Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 100: Chapter 6: Administration: General Information
When the device operates in Layer 3 system mode, the VLAN Rate Limit, and QoS policers are not operational. Other QoS Advanced mode features are operational. Only the SG500X/ESW2-550X models support Virtual Router Redundancy Protocol (VRRP), and Routing Information Protocol (RIP). Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 101 24-Port Gigabit with 4-Port 10- Gigabit Stackable Managed Switch SG500X-24P SG500X-24P-K9 24-Port Gigabit with 4-Port 10- 375W Gigabit PoE Stackable Managed Switch SG500X-48 SG500X-48-K9 48-Port Gigabit with 4-Port 10- Gigabit Stackable Managed Switch Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 102: System Information
• Firmware Version (Non-active Image)—Firmware version number of the non-active image. If the system is in Native Stacking mode, the version of the master unit is displayed. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 103 If the system is in stack mode (Native Stacking mode), the Firmware NOTE Version number shown is based on the version of the master. See the Stack Unit Mode section for more information about stack modes. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 104 Port Management > PoE > Properties page. This page shows the PoE power information on a per-unit basis. The units in the stack are displayed graphically, along with the following information for each unit: Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 105: Configuring The System Settings
When you define a login banner from the web-based configuration NOTE utility, it also activates the banner for the CLI interfaces (Console, Telnet, and SSH). Click Apply to save the values in the Running Configuration file. STEP 3 Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 106: Console Settings (Autobaud Rate Support)
You can back up the configuration by using Copy/Save Configuration or clicking Save at the top of the window. You can also upload the configuration from a remote device. See the Download/Backup Configuration/Log section. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 107 This option can only be used if the system time has either been set NOTE manually or by SNTP. In—Reboot within the specified number of hours and minutes. The maximum amount of time that can pass is 24 days. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 108: Routing Resources
ACL rules, CoS policers, and VLAN rate limits. If IPv4 routing is enabled on the device, the following table describes the number of TCAM entries used by the various features: Logical Entity IPv4 IP Neighbor 1 entry Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 109 TCAM Entries is the number of TCAM entries being used for the IP addresses. • Routes—Count is the number of routes recorded on the device and TCAM Entries is the number of TCAM entries being used for the routes. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 110 A summary of the TCAM entries actually in use and available is NOTE displayed at the bottom of this page. For an explanation of the fields, see Viewing TCAM Utilization[. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 111: Monitoring Fan Status
• (On devices that support PoE) Disable the PoE circuitry so that less power is consumed and less heat is emitted. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 112 OK—Fan(s) are operating normally. Fail—Fan(s) are not operating correctly. N/A—Fan ID(s) are not applicable for the specific model. • Fan Direction—The direction that the fans are working in. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 113: Defining Idle Session Timeout
To ping a host: Click Administration > Ping. STEP 1 Configure ping by entering the fields: STEP 2 • Host Definition—Select whether to specify hosts by their IP address or name. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 114 View the results of ping in the Ping Counters and Status section of the page. STEP 4 Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 115: Traceroute
Timeout—Enter the length of time that the system waits for a frame to return before declaring it lost, or select Use Default. Click Activate Traceroute. The operation is performed. STEP 3 Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 116 Host—Displays a stop along the route to the destination. • Round Trip Time (1-3)—Displays the round trip time in (ms) for the first through third frame and the status of the first through third operation. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 117 Administration: General Information Traceroute Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 118: Chapter 7: Administration: Time Settings
This section describes the options for configuring the system time, time zone, and Daylight Savings Time (DST). It covers the following topics: • System Time Options • SNTP Modes • Configuring System Time Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 119: System Time Options
After the time has been set by any of the above sources, it is not set again by the browser. SNTP is the recommended method for time setting. NOTE Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 120: Time Zone And Daylight Savings Time (Dst)
The device supports having all of the above modes active at the same time and selects the best system time received from an SNTP server, according to an algorithm based on the closest stratum (distance from the reference clock). Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 121: Configuring System Time
RIP MD5 authentication to work. This also helps features that associate with time, for example: Time Based ACL, Port, 802. 1 port authentication that are supported on some devices. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 122 —DST is set manually, typically for a country other than the USA or a European country. Enter the following parameters: Recurring —DST occurs on the same date every year. By Dates Selecting allows customization of the start and stop of DST: Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 123: Adding A Unicast Sntp Server
STEP 1 This page contains the following information for each Unicast SNTP server: • SNTP Server—SNTP server IP address. The preferred server, or hostname, is chosen according to its stratum level. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 124 To specify a well-known SNTP server, the device must be connected NOTE to the Internet and configured with a DNS server or configured so that a DNS server is identified by using DHCP. (See Settings) Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 125 Authentication Key ID—If authentication is enabled, select the value of the key ID. (Create the authentication keys using the SNTP Authentication page.) Click Apply. The STNP server is added, and you are returned to the main page. STEP 5 Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 126: Configuring The Sntp Mode
MD5 function; the result of the MD5 is also included in the response packet. The SNTP Authentication page enables configuration of the authentication keys that are used when communicating with an SNTP server that requires authentication. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 127: Time Range
STEP 6 Configuration file. Time Range Time ranges can be defined and associated with the following types of commands, so that they are applied only during that time range: • ACLs Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 128: Absolute Time Range
Click Administration > Time Settings > Time Range. STEP 1 The existing time ranges are displayed. To add a new time range, click Add. STEP 2 Enter the following fields: STEP 3 Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 129: Recurring Time Range
Recurring Starting Time—Enter the date and time that the Time Range begins on a recurring basis. • Recurring Ending Time—Enter the date and time that the Time Range ends on a recurring basis. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 130: Chapter 8: Administration: Diagnostics
Preconditions to Running the Copper Port Test Before running the test, do the following: • (Mandatory) Disable Short Reach mode (see the Port Management > Green Ethernet > Properties page) Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 131 Unknown Test Result—Error has occurred. • Distance to Fault—Distance from the port to the location on the cable where the fault was discovered. • Operational Port Status—Displays whether port is up or down. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 132: Displaying Optical Module Status
10 km. The following GE SFP (1000Mbps) transceivers are supported: • MGBBX1: 1000BASE-BX-20U SFP transceiver, for single-mode fiber, 1310 nm wavelength, supports up to 40 km. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 133: Configuring Port And Vlan Mirroring
A network analyzer connected to the monitoring port processes the data packets for diagnosing, debugging, and performance monitoring. Up to eight sources can be mirrored. This can be any combination of eight individual ports and/or VLANs. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 134 Not Ready—Either source or destination (or both) are down or not forwarding traffic for some reason. Click Add to add a port or VLAN to be mirrored. STEP 2 Enter the parameters: STEP 3 Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 135: Viewing Cpu Utilization And Secure Core Technology
SCT is enabled by default on the device and cannot be disabled. There are no interactions with other features. To display CPU utilization: Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 136 X axis is the sample number. Select the Refresh Rate (time period in seconds) that passes before the statistics STEP 2 are refreshed. A new sample is created for each time period Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 137 Administration: Diagnostics Viewing CPU Utilization and Secure Core Technology Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 138: Chapter 9: Administration: Discovery
Services page. When Bonjour Discovery and IGMP are both enabled, the IP Multicast address of Bonjour appears on the Adding IP Multicast Group Address page. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 139: Bonjour In Layer 3 System Mode
Bonjour Discovery advertisements sent by other devices. To configure Bonjour when the device is in Layer 3 system mode: Click Administration > Discovery - Bonjour. STEP 1 Select Enable to enable Bonjour discovery globally. STEP 2 Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 140: Lldp And Cdp
Apply). LLDP and CDP LLDP (Link Layer Discovery Protocol) and CDP (Cisco Discovery Protocol) are link layer protocols for directly-connected LLDP and CDP-capable neighbors to advertise themselves and their capabilities to each other. By default, the device sends an LLDP/CDP advertisement periodically to all its interfaces and terminates and processes incoming LLDP and CDP packets as required by the protocols.
Page 141: Configuring Lldp
This section describes how to configure LLDP. It covers the following topics: • LLDP Overview • Setting LLDP Properties • Editing LLDP Port Settings • LLDP MED Network Policy • Configuring LLDP MED Port Settings • Displaying LLDP Port Status Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 142: Lldp Overview
LLDP PDUs, send SNMP notifications, specify which TLVs to advertise, and advertise the device's management address. 3. Create LLDP MED network policies by using the LLDP MED Network Policy page. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 143: Setting Lldp Properties
LLDP, following an LLDP enable/disable cycle. • Transmit Delay—Enter the amount of time in seconds that passes between successive LLDP frame transmissions due to changes in the LLDP local systems MIB. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 144: Editing Lldp Port Settings
Disable—Indicates that LLDP is disabled on the port. • SNMP Notification—Select Enable to send notifications to SNMP notification recipients; for example, an SNMP managing system, when there is a topology change. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 145 Auto Advertise—Specifies that the software would automatically choose a management address to advertise from all the IP addresses of the product. In case of multiple IP addresses the software chooses the Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 146: Lldp Med Network Policy
Voice over Internet Protocol (VoIP), Emergency Call Service (E-911) by using IP Phone location information. • Troubleshooting information. LLDP MED sends alerts to network managers upon: Port speed and duplex mode conflicts QoS policy misconfigurations Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 147 • Application—Select the type of application (type of traffic) for which the network policy is being defined. • VLAN ID—Enter the VLAN ID to which the traffic must be sent. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 148: Configuring Lldp Med Port Settings
MED Network Policies to a port, select it, and click Edit. Enter the parameters: STEP 4 • Interface—Select the interface to configure. • LLDP MED Status—Enable/disable LLDP MED on this port. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 149: Displaying Lldp Port Status
TLVs sent to the neighbor. Click LLDP Neighbor Information Detail to see the details of the LLDP and LLDP- STEP 3 MED TLVs received from the neighbor. LLDP Port Status Global Information Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 150: Displaying Lldp Local Information
Click LLDP Neighbor Information Details to see the details of the LLDP and LLDP- MED TLVs received from the neighbor. Select the desired port from the Port list. STEP 3 Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 151 Interface Subtype—Numbering method used for defining the interface number. • Interface Number—Specific interface associated with this management address. MAC/PHY Details • Auto-Negotiation Supported—Port speed auto-negotiation support status. • Auto-Negotiation Enabled—Port speed auto-negotiation active status. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 152 Rx value. MED Details • Capabilities Supported—MED capabilities supported on the port. • Current Capabilities—MED capabilities enabled on the port. • Device Class—LLDP-MED endpoint device class. The possible device classes are: Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 153 VLAN ID—VLAN ID for which the network policy is defined. • VLAN Type—VLAN type for which the network policy is defined. The possible field values are: Tagged —Indicates the network policy is defined for tagged VLANs. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 154: Displaying Lldp Neighbors Information
Select a local port, and click Details. STEP 2 This page contains the following fields: Port Details • Local Port—Port number. • MSAP Entry—Device Media Service Access Point (MSAP) entry number. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 155 Auto-Negotiation Enabled—Port speed auto-negotiation active status. The possible values are True and False. • Auto-Negotiation Advertised Capabilities—Port speed auto-negotiation capabilities, for example, 1000BASE-T half duplex mode, 100BASE-TX full duplex mode. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 156 Local Tx Echo—Indicates the local link partner’s reflection of the remote link partner’s Tx value. • Local Rx Echo—Indicates the local link partner’s reflection of the remote link partner’s Rx value. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 157 Model Name—Device model name. • Asset ID—Asset ID. 802. 1 VLAN and Protocol • PVID—Advertised port VLAN ID. PPVID Table • VID—Protocol VLAN ID. • Supported—Supported Port and Protocol VLAN IDs. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 158: Accessing Lldp Statistics
• User Priority—Network policy user priority. • DSCP—Network policy DSCP. Accessing LLDP Statistics The LLDP Statistics page displays LLDP statistical information per port. To view the LLDP statistics: Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 159: Lldp Overloading
Click Administration > Discovery - LLDP > LLDP Overloading. STEP 1 This page contains the following fields for each port: • Interface—Port identifier. • Total (Bytes)—Total number of bytes of LLDP information in each packet Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 160 • 802.3 TLVs Size (Bytes) —Total LLDP MED 802.3 TLVs packets byte size. Status —If the LLDP MED 802.3 TLVs packets were sent, or if they were overloaded. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 161: Configuring Cdp
• Viewing CDP Statistics Setting CDP Properties Similar to LLDP, CDP (Cisco Discovery Protocol) is a link layer protocol for directly connected neighbors to advertise themselves and their capabilities to each other. Unlike LLDP, CDP is a Cisco proprietary protocol.
Page 162 CDP Mandatory TLVs Validation—If selected, incoming CDP packets not containing the mandatory TLVs are discarded and the invalid error counter is incremented. • CDP Version—Select the version of CDP to use. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 163 This means that the duplex information in the incoming frame does not match what the local device is advertising. Click Apply. The LLDP properties are defined. STEP 3 Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 164: Editing Cdp Interface Settings
CDP Status—Select to enable/disable the CDP publishing option for the port. The next three fields are operational when the device has been set up NOTE to send traps to the management station. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 165: Displaying Cdp Local Information
Device ID—Device ID advertised in the device ID TLV. • System Name TLV System Name—System name of the device. • Address TLV Address1-3—IP addresses (advertised in the device address TLV). • Port TLV Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 166 Layer 2 CoS value, meaning, an 802. 1 D/802. 1 p priority value. This is the COS value with which all packets received on an untrusted port are remarked by the device. • Power TLV Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 167: Displaying Cdp Neighbors Information
Local Interface—Number of the local port to which the neighbor is connected. • Advertisement Version—CDP protocol version. • Time to Live (sec)—Time interval (in seconds) after which the information for this neighbor is deleted. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 168 • Version—Neighbors software version. Clicking on the Clear Table button disconnect all connected devices if from CDP, NOTE and if Auto Smartport is enabled change all port types to default. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 169: Viewing Cdp Statistics
Configuring CDP Viewing CDP Statistics The CDP Statistics page displays information regarding Cisco Discovery Protocol (CDP) frames that were sent or received from a port. CDP packets are received from devices attached to the switches interfaces, and are used for the Smartport feature.
Page 170: Chapter 10: Port Management
6. Configure Green Ethernet energy mode and 802.3 Energy Efficient Ethernet per port by using the Port Settings page. 7. If PoE is supported and enabled for the device, configure the device as described in Port Management: PoE. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 171: Setting Port Configuration
SFP Fiber takes precedence in Combo ports when both ports are NOTE being used. • Port Description—Enter the port user-defined name or comment. • Administrative Status—Select whether the port must be Up or Down when the device is rebooted. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 172 Half—The interface supports transmission between the device and the client in only one direction at a time. • Operational Duplex Mode—Displays the ports current duplex mode. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 173 • Protected Port—Select to make this a protected port. (A protected port is also referred as a Private VLAN Edge (PVE).) The features of a protected port are as follows: Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 174: Configuring Link Aggregation
This section describes how to configure LAGs. It covers the following topics: • Link Aggregation Overview • Static and Dynamic LAG Workflow • Defining LAG Management • Configuring LAG Settings • Configuring LACP Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 175: Link Aggregation Overview
In general, a LAG is treated by the system as a single logical port. In particular, the LAG has port attributes similar to a regular port, such as state and speed. The device supports 32 LAGs with up to 8 ports in a LAG group. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 176: Default Settings And Configuration
Members list. Select the load balancing algorithm for the LAG. Perform these actions in the LAG Management page. 2. Configure various aspects of the LAG, such as speed and flow control by using the LAG Settings page. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 177: Defining Lag Management
LACP—Select to enable LACP on the selected LAG. This makes it a dynamic LAG. This field can only be enabled after moving a port to the LAG in the next field. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 178: Configuring Lag Settings
Operational Time-Range State—Displays whether the time range is currently active or inactive. • Reactivate Suspended LAG—Select to reactivate a port if the LAG has been disabled through the locked port security option or through ACL configurations. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 179 Protected LAG—Select to make the LAG a protected port for Layer 2 isolation. See the Port Configuration description in Setting Basic Port Configuration for details regarding protected ports and LAGs. Click Apply. The Running Configuration file is updated. STEP 4 Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 180: Configuring Lacp
In order for LACP to create a LAG, the ports on both link ends should be configured for LACP, meaning that the ports send LACP PDUs and handle received PDUs. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 181: Setting Lacp Parameter Settings
LACP Timeout—Time interval between the sending and receiving of consecutive LACP PDUs. Select the periodic transmissions of LACP PDUs, which occur at either a Long or Short transmission speed, depending upon the expressed LACP timeout preference. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 182: Configuring Green Ethernet
RJ45 GE ports; it does not apply to Combo ports. This mode is globally disabled by default. It cannot be enabled if EEE mode is enabled (see below). Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 183: Power Saving By Disabling Port Leds
LEDs. On the Green Ethernet -> Properties page, the device enables the user to disable the ports LEDs in order to save power. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 184: 802.3Az Energy Efficient Ethernet Feature
Keep Alive signal indicates that the ports are in LPI status (and not in Down status), and power is reduced. For ports to stay in LPI mode, the Keep Alive signal must be received continuously from both sides. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 185 Mode option on the port is checked. • If the port speed on the GE port is changed to 10Mbit, 802.3az EEE is disabled. This is supported in GE models only. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 186: Setting Global Green Ethernet Properties
It also displays the current power savings. To enable Green Ethernet and EEE and view power savings: Click Port Management > Green Ethernet > Properties. STEP 1 Enter the values for the following fields: STEP 2 Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 187: Setting Green Ethernet Properties For Ports
Auto negotiation. The exception is that EEE is still functional even when Auto Negotiation is disabled, but the port is at 1GB or higher. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 188 Status), whether it has been enabled on the local port and whether it is operational on the local port. LLDP Administrative—Displays whether advertising EEE counters through LLDP was enabled. LLDP Operational—Displays whether advertising EEE counters through LLDP is currently operating. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 189 (advertisement of EEE capabilities through LLDP) if there are GE ports on the device. Click Apply. The Green Ethernet port settings are written to the Running STEP 7 Configuration file. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 190: Chapter 11: Smartport
Auto Smartport • Error Handling • Default Configuration • Relationships with Other Features and Backwards Compatibility • Common Smartport Tasks • Configuring Smartport Using The Web-based Interface • Built-in Smartport Macros Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 191: Overview
Voice VLAN and Smartport, described in the Voice VLAN section. • LLDP/CDP for Smartport, described in the Configuring LLDP Configuring CDP sections, respectively. Additionally, typical work flows are described in the Common Smartport Tasks section. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 192: What Is A Smartport
"the anti-macro," serves to undo all configuration performed by "the macro" when that interface happens to become a different Smartport type. You can apply a Smartport macro by the following methods: • The associated Smartport type. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 193 Smartport Type Supported by Auto Supported by Auto Smartport Smartport by default Unknown Default Printer Desktop Guest Server Host IP camera IP phone IP phone desktop Switch Router Wireless Access Point Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 194: Special Smartport Types
CDP or LLDP messages are received on the interface before both TTLs of the most recent CDP and LLDP packets decrease to 0, then the anti- macro is run, and the Smartport type returns to default. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 195: Smartport Macros
(for example: no_my_printer) Smartport macros are bound to Smartport types in the Edit Smartport Type Setting page. Built-in Smartport Macros for a listing of the built-in Smartport macros for each device type. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 196: Applying A Smartport Type To An Interface
When a Smartport macro fails on an interface, the status of the interface is set to Unknown. The reason for the failure can be displayed in the Interface Settings page, Show Diagnostics popup. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 197: How The Smartport Feature Works
In both cases, the associated anti-macro is run when the Smartport type is removed from the interface, and the anti-macro runs in exactly the same manner, removing all of the interface configuration. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 198: Auto Smartport
(in the Interface Settings page), the device applies a Smartport macro to the interface based on the Smartport type of the attaching device. Auto Smartport derives the Smartport types of attaching devices based on the CDP and/or LLDP the devices advertise. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 199: Using Cdp/Lldp Information To Identify Smartport Types
Switch Host 0x10 Host IGMP conditional filtering 0x20 Ignore Repeater 0x40 Ignore VoIP Phone 0x80 ip_phone Remotely-Managed Device 0x100 Ignore CAST Phone Port 0x200 Ignore Two-Port MAC Relay 0x400 Ignore Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 200: Multiple Devices Attached To The Port
If multiple devices are connected to the device through one interface, Auto Smartport considers each capability advertisement it receives through that interface in order to assign the correct Smartport type. The assignment is based on the following algorithm: Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 201: Persistent Auto Smartport Interface
Interface Settings page and reset the port and reapply the macro after the error is corrected from the Interface Settings and Interface Settings Edit pages. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 202: Default Configuration
STEP 4 To enable the Auto Smartport feature on one or more interfaces, open the STEP 5 Smartport > Interface Settings page. Select the interface, and click Edit. STEP 6 Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 203 Smartport type and/or modify the default values of the parameters in the macros bound to that Smartport type. These parameter default values are used when Auto Smartport applies the selected Smartport type (if applicable) to an interface. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 204 Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 205: Configuring Smartport Using The Web-Based Interface
Auto Smartport Device Detection—Select each type of device for which Auto Smartport can assign Smartport types to interfaces. If unchecked, Auto Smartport does not assign that Smartport type to any interface. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 206: Smartport Type Settings
Macro Name—Displays the name of the Smartport macro currently associated with the Smartport type. • Macro Type—Select whether the pair of macro and anti-macro associated with this Smartport type is built-in or user-defined. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 207: Smartport Interface Settings
Smartport type to become Unknown. • Reapply a Smartport macro after it fails for one of the following types of interfaces: switch, router and AP. It is expected that the necessary Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 208 Default type. After correcting the error in the macro or on the current interface configuration or both, a new macro may be applied. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 209 STEP 3 unsuccessful macro application). The macro can be reapplied on the main page. Click Apply to update the changes and assign the Smartport type to the interface. STEP 4 Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 210: Built-In Smartport Macros
#Default Values are #$native_vlan = Default VLAN #$max_hosts = 10 #the port type cannot be detected automatically #the default mode is trunk smartport switchport trunk native vlan $native_vlan port security max $max_hosts Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 211 #$native_vlan = Default VLAN #the port type cannot be detected automatically switchport mode access switchport access vlan $native_vlan #single host port security max 1 port security mode max-addresses port security discard trap 60 Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 212 $native_vlan #single host port security max 1 port security mode max-addresses port security discard trap 60 smartport storm-control broadcast level 10 smartport storm-control include-multicast Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 213 #the default mode is trunk smartport switchport trunk native vlan $native_vlan port security max $max_hosts port security mode max-addresses port security discard trap 60 smartport storm-control broadcast level 10 smartport storm-control broadcast enable Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 214 $native_vlan port security max $max_hosts port security mode max-addresses port security discard trap 60 smartport storm-control broadcast level 10 smartport storm-control include-multicast smartport storm-control broadcast enable spanning-tree portfast Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 215 $native_vlan #single host port security max 1 port security mode max-addresses port security discard trap 60 smartport storm-control broadcast level 10 smartport storm-control include-multicast smartport storm-control broadcast enable spanning-tree portfast Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 216 $native_vlan port security max $max_hosts port security mode max-addresses port security discard trap 60 smartport storm-control broadcast level 10 smartport storm-control include-multicast smartport storm-control broadcast enable spanning-tree portfast Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 217 $voice_vlan smartport switchport trunk native vlan $native_vlan port security max $max_hosts port security mode max-addresses port security discard trap 60 smartport storm-control broadcast level 10 smartport storm-control include-multicast Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 218 #Default Values are #$native_vlan = Default VLAN #$voice_vlan = 1 #the default mode is trunk smartport switchport trunk allowed vlan add all smartport switchport trunk native vlan $native_vlan spanning-tree link-type point-to-point Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 219 $native_vlan smartport storm-control broadcast level 10 smartport storm-control broadcast enable spanning-tree link-type point-to-point no_router [no_router] #macro description No router Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 220 [ap] #macro description ap #macro keywords $native_vlan $voice_vlan #macro key description: $native_vlan: The untag VLAN which will be configured on the port Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 221 Smartport Built-in Smartport Macros Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 222: Chapter 12: Port Management: Poe
LAN. • Removes the necessity for placing all network devices next to power sources. • Eliminates the need to deploy double cabling systems in an enterprise significantly decreasing installation costs. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 223: Poe Operation
There are two factors to consider in the PoE feature: • The amount of power that the PSE can supply • The amount of power that the PD is actually attempting to consume Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 224 (Powered Devices). These devices include VoIP phones, IP cameras, and wireless access points. The PoE switches can detect and supply power to pre-standard legacy PoE Powered Devices. Due to the support of legacy PoE, it is possible that Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 225: Configuring Poe Properties
Classification stage. When you change from Port Limit to Class Limit or vice versa, you NOTE must disable PoE ports, and enable them after changing the power configuration. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 226: Configuring Poe Settings
PoE Port Limit mode. That mode is configured in the PoE Properties page. When the power consumed on the port exceeds the port limit, the port power is turned off. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 227: Poe Priority Example
For example, if the power supply is running at 99% usage and port 1 is prioritized as high, but port 3 is prioritized as low, port 1 receives power and port 3 might be denied power. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 228 PSE. Signatures are generated during powered device detection, classification, or maintenance. Click Apply. The PoE settings for the port are written to the Running Configuration STEP 4 file. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 229 Port Management: PoE Configuring PoE Settings Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 230: Chapter 13: Vlan Management
A VLAN is a logical group of ports that enables devices associated with it to communicate with each other over the Ethernet MAC layer, regardless of the physical LAN segment of the bridged network to which they are connected. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 231 VLAN, and the original frame does not have a VLAN tag. • Removes the VLAN tag from the frame if the egress port is an untagged member of the target VLAN, and the original frame has a VLAN tag. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 232 With QinQ, the device adds an ID tag known as Service Tag (S-tag) to forward traffic over the network. The S-tag is used to segregate traffic between various customers, while preserving the customer VLAN tags. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 233 6. If required, configure VLAN groups as described in the MAC-based Groups Protocol-based VLANs sections. 7. If required, configure TV VLAN as described in the Access Port Multicast TV VLAN Customer Port Multicast TV VLAN sections. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 234: Configuring Default Vlan Settings
To change the default VLAN: Click VLAN Management > Default VLAN Settings. STEP 1 Enter the value for the following field: STEP 2 • Current Default VLAN ID—Displays the current default VLAN ID. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 235: Creating Vlans
Static—VLAN is user-defined. Default—VLAN is the default VLAN. Click Add to add a new VLAN or select an existing VLAN and click Edit to modify STEP 2 the VLAN parameters. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 236: Configuring Vlan Interface Settings
Trunk—The interface is an untagged member of one VLAN at most, and is a tagged member of zero or more VLANs. A port configured in this mode is known as a trunk port. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 237: Defining Vlan Membership
To forward the packets properly, intermediate VLAN-aware devices that carry VLAN traffic along the path between end nodes must either be manually configured or must dynamically learn the VLANs and their port memberships from Generic VLAN Registration Protocol (GVRP). Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 238: Configuring Port To Vlan
Untagged—The interface is an untagged member of the VLAN. Frames of the VLAN are sent untagged to the interface VLAN. • Multicast TV VLAN—The interface used for Digital TV using Multicast IP. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 239: Configuring Vlan Membership
• LAG—If interface selected is Port, displays the LAG in which it is a member. Select a port, and click the Join VLAN button. STEP 3 Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 240 VLAN membership. Click Apply. The settings are modified and written to the Running Configuration STEP 5 file. To see the administrative and operational VLANs on an interface, click Details. STEP 6 Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 241: Gvrp Settings
Interface—Select the interface (Port or LAG) to be edited. • GVRP State—Select to enable GVRP on this interface. • Dynamic VLAN Creation—Select to enable Dynamic VLAN Creation on this interface. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 242: Vlan Groups
These MAC-based groups can be assigned to specific ports/LAGs. MAC-based VLAN groups cannot contain overlapping ranges of MAC addresses on the same port. Workflow To define a MAC-based VLAN group: Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 243: Assigning Mac-Based Vlan Groups
On Sx500 devices, this feature is only available when the device is in Layer 2 system mode. On SG500X/ESW2-550X devices, it is always available. Ports/LAGs must be in General mode. To assign a MAC-based VLAN group to a VLAN on an interface: Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 244: Protocol-Based Vlans
Click VLAN Management > VLAN Groups > Protocol-Based Groups. STEP 1 The Protocol-Based Groups Page contains the following fields: • Encapsulation—Displays the protocol on which the VLAN group is based. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 245: Protocol-Based Groups To Vlan Mapping
To associate an interface with a protocol-based group and VLAN, click Add. STEP 2 Enter the following fields. STEP 3 • Interface—Port or LAG number assigned to VLAN according to protocol- based group. • Group ID—Protocol group ID. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 246: Voice Vlan
The following are typical voice deployment scenarios with appropriate configurations: • UC3xx/UC5xx hosted: All Cisco phones and VoIP endpoints support this deployment model. For this model, the UC3xx/UC5xx, Cisco phones and VoIP endpoints reside in the same voice VLAN. The voice VLAN of UC3xx/ UC5xx defaults to VLAN 100.
Page 247: Dynamic Voice Vlan Modes
OUIs. An OUI is the first three bytes of an Ethernet MAC address. For more information about Telephony OUI, see Configuring Telephony OUI. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 248: Voice End-Points
CDP and/or LLDP-MED. Voice End-Points To have a voice VLAN work properly, the voice devices, such as Cisco phones and VoIP endpoints, must be assigned to the voice VLAN where it sends and receives its voice traffic.
Page 249 Communication (UC) devices, are advertising their voice VLAN, the voice VLAN from the device with the lowest MAC address is used. If connecting the device to a Cisco UC device, you may need to NOTE configure the port on the UC device using the switchport voice vlan command to ensure the UC device advertises its voice VLAN in CDP at the port.
Page 250: Voice Vlan Qos
Working with the OUI mode, the device can additionally configure the mapping and remarking (CoS/802. 1 p) of the voice traffic based on the OUI. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 251: Voice Vlan Constraints
The device default configuration on Auto Voice VLAN, Auto Smartports, CDP, and LLDP cover most common voice deployment scenarios. This section describes how to deploy voice VLAN when the default configuration does not apply. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 252: Configuring Voice Vlan
Configure Telephony OUI VLAN membership for ports in the Telephony OUI STEP 3 Interface page. Configuring Voice VLAN This section describes how to configure voice VLAN. It covers the following topics: Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 253: Configuring Voice Vlan Properties
DSCP—Selection of DSCP values that to be used by the LLDP-MED as a voice network policy. Refer to Administration > Discovery > LLDP > LLDP MED Network Policy for additional details. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 254: Displaying Auto Voice Vlan Settings
LAN that are Auto Voice VLAN enabled. This only resets the voice VLAN to the default voice vlan if the Source Type is in the NOTE Inactive state. To view Auto Voice VLAN parameters: Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 255 Source MAC Address— MAC address of a UC from which the voice configuration was received. • Source Type— Type of UC from which voice configuration was received. The following options are available: Default—Default voice VLAN configuration on the device Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 256: Configuring Telephony Oui
The OUI Global table can hold up to 128 OUIs. This section covers the following topics: • Adding OUIs to the Telephony OUI Table • Adding Interfaces to Voice VLAN on Basis of OUIs Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 257: Adding Ouis To The Telephony Oui Table
OUIs. To add a new OUI, click Add. STEP 4 Enter the values for the following fields: STEP 5 • Telephony OUI—Enter a new OUI. • Description—Enter an OUI name. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 258: Adding Interfaces To Voice Vlan On Basis Of Ouis
Voice VLAN QoS Mode—Select one of the following options: All—QoS attributes are applied on all packets that are classified to the Voice VLAN. Telephony Source MAC Address—QoS attributes are applied only on packets from IP phones. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 259: Access Port Multicast Tv Vlan
Any VLAN can be configured as a Multicast-TV VLAN. A port assigned to a Multicast-TV VLAN: • Joins the Multicast-TV VLAN. • Packets passing through egress ports in the Multicast TV VLAN are untagged. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 260: Igmp Snooping
Multicast TV VLAN VLAN Membership Source and all receiver Source and receiver ports ports must be static cannot be members in the members in the same same data VLAN. data VLAN. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 261: Configuration
Multicast TV VLAN—VLAN to which the Multicast packets are assigned. Click Add to associate a Multicast group to a VLAN. Any VLAN can be selected. STEP 2 When a VLAN is selected, it becomes a Multicast TV VLAN. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 262: Port Multicast Vlan Membership
The box forwards the packets from the network port to the subscriber's devices based on the VLAN tag of the packet. Each VLAN is mapped to one of the MUX access ports. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 263: Mapping Cpe Vlans To Multicast Tv Vlans
To support the CPE MUX with subscriber’s VLANs, subscribers may require multiple video providers, and each provider is assigned a different external VLAN. CPE (internal) Multicast VLANs must be mapped to the Multicast provider (external) VLANs. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 264: Cpe Port Multicast Vlan Membership
The ports associated with the Multicast VLANs must be configured as customer ports (see Configuring VLAN Interface Settings). Use the Port Multicast VLAN Membership page to map these ports to Multicast TV VLANs as described in Port Multicast VLAN Membership Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 265 VLAN Management Customer Port Multicast TV VLAN Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 266: Chapter 14: Spanning Tree
STP provides a tree topology for any arrangement of switches and interconnecting links, by creating a unique path between end stations on a network, and thereby eliminating loops. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 267: Configuring Stp Status And Global Settings
Click Spanning Tree > STP Status & Global Settings. STEP 1 Enter the parameters. STEP 2 Global Settings: • Spanning Tree State—Enable or disable STP on the device. • STP Operation Mode—Select an STP mode. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 268 Root Port—The port that offers the lowest cost path from this bridge to the Root Bridge. (This is significant when the bridge is not the root.) • Root Path Cost—The cost of the path from this bridge to the root. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 269: Defining Spanning Tree Interface Settings
STP port if connected to another device. This helps avoid loops. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 270 0 to 240, set in increments of 16. • Port State—Displays the current STP state of a port. Disabled—STP is currently disabled on the port. The port forwards traffic while learning MAC addresses. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 271: Configuring Rapid Spanning Tree Settings
The RSTP Interface Settings page enables you to configure RSTP per port. Any configuration that is done on this page is active when the global STP mode is set to RSTP or MSTP. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 272 Role—Displays the role of the port that was assigned by STP to provide STP paths. The possible roles are: Root —Lowest cost path to forward packets to the Root Bridge. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 273 MAC addresses. Forwarding —The port is in Forwarding mode. The port can forward traffic and learn new MAC addresses. Click Apply. The Running Configuration file is updated. STEP 7 Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 274: Multiple Spanning Tree
For two or more switches to be in the same MST region, they must have the same VLANs to MST instance mapping, the same configuration revision number, and the same region name. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 275: Mapping Vlans To A Mstp Instance
Configuration on this page (and all of the MSTP pages) applies if the system STP mode is MSTP. Up to 16 MST instances can be defined on the 500 Series switches in addition to instance zero. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 276: Defining Mstp Instance Settings
To enter MSTP instance settings: Click Spanning Tree > MSTP Instance Settings. STEP 1 Enter the parameters. STEP 2 • Instance ID—Select an MST instance to be displayed and defined. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 277: Defining Mstp Interface Settings
Interface Type equals to—Select whether to display the list of ports or LAGs. Click Go. The MSTP parameters for the interfaces on the instance are displayed. STEP 3 Select an interface, and click Edit. STEP 4 Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 278 LAN, which provides the lowest root path cost from the LAN to the Root Bridge for the MST instance. Alternate—The interface provides an alternate path to the root device from the root interface. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 279 Remaining Hops—Displays the hops remaining to the next destination. • Forward Transitions—Displays the number of times the port has changed from the Forwarding state to the Blocking state. Click Apply. The Running Configuration file is updated. STEP 6 Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 280: Chapter 15: Managing Mac Address Tables
VLAN. Such frames are referred to as unknown Unicast frames. The device supports a maximum of 8K static and dynamic MAC addresses. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 281: Configuring Static Mac Addresses
Delete on timeout—The MAC address is deleted when aging occurs. Secure—The MAC address is secure when the interface is in classic locked mode (see Configuring Port Security). Click Apply. A new entry appears in the table. STEP 4 Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 282: Managing Dynamic Mac Addresses
VLAN ID, MAC address, or interface. Click Go. The Dynamic MAC Address Table is queried and the results are STEP 4 displayed. To delete all of the dynamic MAC addresses. click Clear Table. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 283: Defining Reserved Mac Addresses
Action—Select one of the following actions to be taken upon receiving a packet that matches the selected criteria: Discard —Delete the packet. Bridge —Forward the packet to all VLAN members. Click Apply. A new MAC address is reserved. STEP 4 Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 284: Chapter 16: Multicast
The data is sent only to relevant ports. Forwarding the data only to the relevant ports conserves bandwidth and host resources on links. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 285: Typical Multicast Setup
When the device is IGMP/MLD-snooping-enabled and receives a frame for a Multicast stream, it forwards the Multicast frame to all the ports that have registered to receive the Multicast stream using IGMP Join messages. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 286 The device can be configured to be an IGMP Querier as a backup querier, or in situation where a regular IGMP Querier does not exist. The device is not a full capability IGMP Querier. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 287: Multicast Address Properties
VLAN as defined in the Multicast Forwarding Data Base. Multicast filtering is enforced on all traffic. By default, such traffic is flooded to all relevant ports, but you can limit forwarding to a smaller subset. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 288 Source Specific IP Group Address. • Forwarding Method for IPv4—Set one of the following forwarding methods for IPv4 addresses: MAC Group Address, IP Group Address, or Source Specific IP Group Address. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 289: Adding Mac Group Address
If no MAC Group Address is specified, the page contains all the MAC Group Addresses from the selected VLAN. Click Go, and the MAC Multicast group addresses are displayed in the lower STEP 3 block. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 290 Click Apply, and the Running Configuration file is updated. STEP 10 Entries that were created in the IP Multicast Group Address page NOTE cannot be deleted in this page (even if they are selected). Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 291: Adding Ip Multicast Group Addresses
VLAN ID—Defines the VLAN ID of the group to be added. • IP Version—Select the IP address type. • IP Multicast Group Address—Define the IP address of the new Multicast group. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 292: Configuring Igmp Snooping
Multicast frames to ports that have registered Multicast clients. The device supports IGMP Snooping only on static VLANs. It does not support NOTE IGMP Snooping on dynamic VLANs. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 293 Multicast traffic. The device only performs IGMP Snooping if both IGMP snooping and Bridge Multicast filtering are enabled. Select a VLAN, and click Edit. STEP 3 Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 294 • Last Member Query Interval—Enter the Maximum Response Delay to be used if the device cannot read Max Response Time value from group- specific queries sent by the elected querier. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 295: Mld Snooping
MLDv2 snooping uses MLDv2 control packets to forward traffic based on the source IPv6 address, and the destination IPv6 Multicast address. The actual MLD version is selected by the Multicast router in the network. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 296 MRouter Ports Auto-Learn—Enable or disable Auto Learn for the Multicast router. • Query Robustness—Enter the Robustness Variable value to be used if the device cannot read this value from messages sent by the elected querier. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 297: Querying Igmp/Mld Ip Multicast Group
Click Apply. The Running Configuration file is updated. STEP 5 Querying IGMP/MLD IP Multicast Group The IGMP/MLD IP Multicast Group page displays the IPv4 and IPv6 group address learned from IGMP/MLD messages. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 298: Defining Multicast Router Ports
Multicast router port(s) numbers when it forwards the Multicast streams and IGMP/MLD registration messages. This is required so that the Multicast routers can, in turn, forward the Multicast streams and propagate the registration messages to other subnets. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 299: Defining Forward All Multicast
Multicast traffic is flooded to ports in the device. You can statically (manually) configure a port to Forward All, if the devices connecting to the port do not support IGMP and/or MLD. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 300: Defining Unregistered Multicast Settings
The Unregistered Multicast page enables handling Multicast frames that belong to groups that are not known to the device (unregistered Multicast groups). Unregistered Multicast frames are usually forwarded to all ports on the VLAN. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 301 Forwarding—Enables forwarding of unregistered Multicast frames to the selected interface. Filtering—Enables filtering (rejecting) of unregistered Multicast frames to the selected interface. Click Apply. The settings are saved, and the Running Configuration file is updated. STEP 3 Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 302: Chapter 17: Ip Configuration
In Layer 3 system mode, the device has IP routing capabilities as well as Layer 2 system mode capabilities. In this system mode, a Layer 3 port still retains much of the Layer 2 functionality, such as Spanning Tree Protocol and VLAN membership. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 303: Layer 2 Ip Addressing
IP address collisions occur when the same IP address is used in the same IP subnet by more than one device. Address collisions require administrative actions on the DHCP server and/or the devices that collide with the device. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 304: Layer 3 Ip Addressing
All DHCP-assigned default gateways are stored as default routes. In addition, you can manually define default routes. This is defined in the IPv4 Static Routes and IPv6 Routes pages. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 305: Ipv4 Management And Interfaces
DHCP option 12 will not be requested by the device. The DHCP server must be configured to send option 12 regardless of what is requested in order to make use of this feature. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 306: Defining Ipv4 Interface In Layer 3 System Mode
The IPv4 Interface page is used when the device is in Layer 3 system mode. This mode enables configuring multiple IP addresses for device management, and provides routing services. The IP address can be configured on a port, a LAG, or VLAN interface. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 307 Valid—The IP address collision check was completed, and no IP address collision was detected. Valid-Duplicated—The IP address duplication check was completed, and a duplicate IP address was detected. Duplicated—A duplicated IP address was detected for the default IP address. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 308 DHCP, it might receive a different IP address than the one that was received by the stack’s original master-enabled unit. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 309: Ipv4 Routes
IP address from a DHCP server. • Metric—Enter the administrative distance to the next hop. The range is 1– 255. Click Apply. The IP Static route is saved to the Running Configuration file. STEP 4 Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 310: Ripv2
Clear ARP Table Entries—Select the type of ARP entries to be cleared from the system. —Deletes all of the static and dynamic addresses immediately. Dynamic —Deletes all of the dynamic addresses immediately. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 311: Arp Proxy
The Proxy ARP technique is used by the device on a given IP subnet to answer ARP queries for a network address that is not on that network. The ARP proxy feature is only available when the device is in L3 mode. NOTE Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 312: Udp Relay/Ip Helper
Enter the UDP Destination Port number for the packets that the device is to relay. STEP 4 Select a well-known port from the drop-down list, or click the port radio button to enter the number manually. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 313: Dhcpv4 Snooping/Relay
VLANs that do not have IP addresses. Whenever DHCP Relay is enabled on a VLAN without an IP address, Option 82 is inserted automatically. This insertion is in the specific VLAN and does not influence the global administration state of Option 82 insertion. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 314: Transparent Dhcp Relay
The following cases are possible: • DHCP client and DHCP server are connected to the same VLAN. In this case, a regular bridging passes the DHCP messages between DHCP client and DHCP server. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 315: Interactions Between Dhcpv4 Snooping, Dhcpv4 Relay And Option 82
Enabled original packet Bridge – no Option 82 Option 82 is Bridge – no Bridge – sent Option 82 is Packet is sent sent with the original Option 82 Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 316 DHCP Relay DHCP Relay VLAN with IP Address VLAN without IP Address Packet arrives Packet arrives Packet arrives Packet arrives without with Option without with Option Option 82 Option 82 Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 317 Option 82 Option 82 Bridge – Bridge – Packet is sent Bridge – Packet is sent without Packet is sent with the Option 82 with the Option 82 Option 82 Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 318: Dhcp Snooping Binding Database
The DHCP Snooping Binding database contains the following data: input port, input VLAN, MAC address of the client and IP address of the client if it exists. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 319: Dhcp Trusted Ports
Device snoops packet. If an entry exists in the DHCP Snooping Binding table that STEP 5 matches the packet, the device replaces it with IP-MAC binding on receipt of DHCPACK. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 320 Otherwise the packet is forwarded to trusted interfaces only, and the entry is removed from database. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 321: Dhcp Snooping Along With Dhcp Relay
Option 82 Passthrough Not enabled Verify MAC Address Enabled Backup DHCP Snooping Binding Not enabled Database DHCP Relay Disabled Configuring DHCP Work Flow To configure DHCP Relay and DHCP Snooping: Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 322: Dhcp Snooping/Relay
—Select to back up the DHCP Snooping Binding database on the device’s flash memory. Backup Database Update Interval —Enter how often the DHCP Snooping Binding database is to be backed up (if Backup Database is selected). Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 323: Interface Settings
Relay > DHCP Snooping Trusted Interfaces. Select the interface and click Edit. STEP 2 Select Trusted Interface (Yes or No) and click Apply to save the settings to the STEP 3 Running Configuration file. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 324: Dhcp Snooping Binding Database
Lease Time—If the entry is dynamic, enter the amount of time that the entry is to be active in the DHCP Database. If there is no Lease Time, check Infinite.) Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 325: Dhcp Server
Option # Type of Option Name Option Basic Subnet Mask Basic Router Option Basic Time Server Option Basic Domain Name Server Option Basic Host Name Option Basic Domain Name Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 326 5 - DHCPACK • 6 - DHCPNAK • 7 - DHCPRELEASE • 8 - DHCPINFORM Server Identifier This option, created by the DHCP client, is the IP address of the selected server. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 327: Dependencies Between Features
Define up to 8 network pools of IP addresses using the Network Pools page. STEP 3 Configure clients that will be assigned a permanent IP address, using the Static STEP 4 Hosts page. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 328: Dhcpv4 Server
Click Add to define a new network pool. Note that you either enter the Subnet IP STEP 2 Address and the Mask, or enter the Mask, the Address Pool Start and Address Pool End. Enter the fields: STEP 3 Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 329 Hybrid—A hybrid combination of b-node and p-node is used. When configured to use h-node, a computer always tries p-node first and uses b-node only if p-node fails. This is the default. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 330: Excluded Addresses
End IP Address—Last IP address in the range of excluded IP addresses. Static Hosts You might want to assign some DHCP clients a permanent IP address that never changes. This client is then known as a static host. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 331 NetBIOS WINS Server (Option 44)— Enter the NetBIOS WINS name server available to the static host. • NetBIOS Node Type (Option 46)—Select how to resolve the NetBIOS name. Valid node types are: Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 332: Address Binding
Address Type— Whether the address of the DHCP client appears as a MAC address or using a client identifier. • MAC Address/Client Identifier—A unique identification of the client specified as a MAC Address or in dotted hexadecimal notation, e.g., 01b6.0819.6811.72. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 333: Ipv6 Management And Interfaces
Tunneling treats the IPv4 network as a virtual IPv6 local link, with mappings from each IPv4 address to a link local IPv6 address. The device detects IPv6 frames by the IPv6 Ethertype. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 334: Ipv6 Static Routing
In Layer 2 system mode, click Administration > Management Interface > IPv6 STEP 1 Global Configuration. In Layer 3 system mode, click IP Configuration > IPv6 Management and Interfaces > IPv6 Global Configuration. Enter values for the following fields: STEP 2 Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 335: Ipv6 Interface
An IPv6 interface can be configured on a port, LAG, VLAN, or tunnel. A tunnel interface is configured with an IPv6 address based on the settings defined in the IPv6 Tunnel page. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 336 Select either Infinite (no refresh unless the server sends this option) or User Defined to set a value. To configure additional IPv6 parameters, enter the following fields: STEP 6 Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 337 DHCPv6 Client Details The DHCPv6 Client Details button displays information received on the interface from a DHCPv6 server. It is active when the interface selected is defined as a DHCPv6 stateless client. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 338 POSIX Timezone String—Timezone received from the DHCPv6 server. • Configuration Server—Server containing configuration file received from the DHCPv6 server. • Configuration Path Name—Path to configuration file on the configuration server received from the DHCPv6 server. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 339: Ipv6 Tunnel
Up to 16 tunnels (of which one can be ISATAP) can be defined. Configuring Tunnels To configure a tunnel, first configure an IPv6 interface as a tunnel in the IPv6 NOTE Interfaces page. To configure an IPv6 tunnel: Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 340 Click Apply. The tunnel is saved to the Running Configuration file. STEP 3 In Layer 3 system mode, click IP Configuration > IPv6 Management and STEP 4 Interfaces > IPv6 Tunnel. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 341 If the IPv4 address is changed, the local address of the tunnel NOTE interface is not changed. Interface —Select the interface whose IPv4 address will be used as the source address of the tunnel. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 342: Defining Ipv6 Addresses
If an * is displayed, this means that the IPv6 interface is not enabled but has been configured. • IPv6 Address Type—Select the type of the IPv6 address to add. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 343: Ipv6 Router Configuration
The following sections describe how to configure IPv6 routers. Router Advertisement IPv6 routers are able to advertise their prefixes to neighboring devices. This feature can be enabled or suppressed per interface, as follows: Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 344 Neighbor Solicitation Retransmissions Interval—Set the interval to determine the time between retransmissions of neighbor solicitation messages to a neighbor when resolving the address or when probing the reachability of a neighbor. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 345: Ipv6 Prefixes
STEP 5 • IPv6 Prefix—Select Default to change the configuration for the default prefixes created when an address is defined on an interface. Use User Defined to enter the following: Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 346 (L-bit set). No Onlink—Configures the specified prefix as not onlink. A no onlink prefix is inserted into the routing table as a connected prefix but advertised with a L-bit clear. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 347: Ipv6 Default Router List
Interface—Outgoing IPv6 interface where the default router resides. • Type—The default router configuration that includes the following options: Static—The default router was manually added to this table through the Add button. Dynamic—The default router was dynamically configured. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 348 Default Router IPv6 Address—The IP address of the static default router • Metric—Enter the cost of this hop. Click Apply. The default router is saved to the Running Configuration file. STEP 4 Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 349: Defining Ipv6 Neighbors Information
Type—Neighbor discovery cache information entry type (static or dynamic). • State—Specifies the IPv6 neighbor status. The values are: Incomplete —Address resolution is working. The neighbor has not yet responded. Reachable —Neighbor is known to be reachable. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 350: Viewing Ipv6 Route Tables
IPv6 subnets that the device wants to communicate. To view IPv6 routers or manually add a route: To view IPv6 routing entries in Layer 2 system mode: Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 351 —A directly-connected network whose prefix is derived from a manually-configured device’s IPv6 address. Dynamic —The destination is an indirectly-attached (remote) IPv6 subnet address. The entry was obtained dynamically via the ND or ICMP protocol. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 352: Dhcpv6 Relay
Enter the fields: STEP 3 • IPv6 Address Type—Enter the type of the destination address to which client messages are forwarded. The address type can be Link Local, Global or Multicast (All_DHCP_Relay_Agents_and_Servers). Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 353: Interface Settings
Click Apply. The Running Configuration file is updated. STEP 3 Domain Name The Domain Name System (DNS) translates domain names into IP addresses for the purpose of locating and addressing hosts. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 354: Dns Settings
Click Apply. The Running Configuration file is updated. STEP 3 DNS Server Table: The following fields are displayed for each DNS server configured: • DNS Server—The IP address of the DNS server. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 355: Search List
Click IP Configuration > Domain Name > Search List. STEP 1 The following fields are displayed for each DNS server configured on the device. • Domain Name—Name of domain that can be used on the device. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 356: Host Mapping
All Dynamic & Static—Deletes the static and dynamic hosts. The Host Mapping Table displays the following fields: • Host Name—User-defined host name or fully-qualified name. • IP Address—The host IP address. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 357 0 through 9, the underscore and the hyphen. A period (.) is used to separate labels. • IP Address(es)—Enter a single address or up to eight associated IP addresses (IPv4 or IPv6). Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 358: Chapter 18: Ip Configuration: Ripv2
IP Routing, go to Configuration > Management and IP Interface > IPv4 Interface page. The device supports RIP version 2, which is based on the following standards: • RFC2453 RIP Version 2, November 1998 • RFC2082 RIP-2 MD5 Authentication, January 1997 Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 359: How Rip Operates On The Device
In this way, the relative cost of the interfaces can be adjusted as desired. It is your responsibility to set the offset for each interface (1 by default). Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 360: Passive Mode
In this case, the router is passive, and only receives the updated RIP information on this interface. By default, transmission of routing updates on an IP interface is enabled. RIPv2 Settings on an IP Interface for more information. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 361: Filtering Routing Updates
These feature are disabled by default and can be enabled globally. If these features are enabled, rejected routes are advertised by routes with a metric of 16. The route configurations can be propagated using one of the following options: Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 362 If the metric value of a static route is greater than 15, the route is not advertised to other routers using RIP. • User Defined Metric Causes RIP to use the metric value entered by the user. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 363: Using Rip In Network With Non-Rip Devices
Redistribution Feature for more information. RIP Authentication You can disable authentication of RIP messages per IP interface or enable one of the following types of authentication: Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 364: Rip Statistical Counters
Globally enable/disable RIP protocol, using the RIPv2 Properties page. Enable/disable RIP protocol on an IP interface, using the RIPv2 Settings page. • Optional actions (if these are not performed, default values are used by the system) Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 365: Ripv2 Properties
Default Route Advertisement—Select to enable sending the default route to the RIP domain. This route will serve as the default router. • Default Metric—Enter the value of the default metric (refer to Redistribution Feature). Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 366 If the metric value of a static route is greater than 15, the static route is not advertised to other routers using RIP. • User Defined Metric—Enter the value of the metric. Click Apply. The settings are written to the Running Configuration file. STEP 7 Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 367: Ripv2 Settings On An Ip Interface
IP interface. The following options are available: None—There is no authentication performed. Text—The key password entered below is used for authentication. MD5—The MD5 digest of the key chain selected below is used for authentication. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 368: Displaying Ripv2 Statistic Counters
For example, the IP destination is a Broadcast address, or the metric is 0 or greater than 16 • Updates Sent—Specifies the number of packets sent by RIP on the IP interface. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 369: Displaying The Ripv2 Peers Database
1. Create an access list with a single IP address, using the Access List Settings page. 2. Add additional IP addresses if required, using the Source IPv4 Address List page. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 370: Creating An Access List
To modify the parameters of an access list, click Add to open the Edit Access List STEP 2 page and modify any of the following fields: • Access List Name—Name of the access list. • Source IPv4 Address—Source IPv4 address. The following options are available: Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 371 Action—Action for the access list. The following options are available: Permit—Permit entry of packets from the IP address(es) in the access list. Deny—Reject entry of packets from the IP address(es) in the access list. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 372: Chapter 19: Ip Configuration: Ipv4 Vrrp Virtual Routers
VRRP also enables load sharing of traffic. Traffic can be shared equitably among available routers by configuring VRRP in such a way that traffic to and from LAN clients are shared by multiple routers. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 373: Constraints
The VRRP router that is the IP address owner responds/processes packets whose NOTE destination is to the IP address. The VRRP router that is the virtual router master, but not the IP address owner, does not respond/process those packets. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 374 The following shows a LAN topology in which VRRP is configured. Routers A and B share the traffic to and from clients 1 through 4 and Routers A and B act as virtual router backups to each other if either router fails. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 375 For virtual router 2, rB is the owner of IP address 192. 1 68.2.2 and virtual router master, and rA is the virtual router backup to rB. Clients 3 and 4 are configured with the default gateway IP address of 192. 1 68.2.2. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 376: Configurable Elements Of Vrrp
VRRP router to operate in VRRPv3. • All the existing VRRP routers of the virtual router operate in VRRPv2. In this case, configure your new VRRP router to operate in VRRPv2. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 377: Virtual Router Ip Addresses
The VRRP routers that are non-owners must be configured with an IP interface on the same IP subnet as the IP addresses of the virtual router. The corresponding IP subnets must be configured manually in the VRRP router, not DHCP assigned. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 378: Source Ip Address In A Vrrp Router
IP address value is selected to become the virtual router master. By default, a preemptive feature is enabled, which functions as follows: Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 379: Vrrp Advertisements
• Interface—Interface on which virtual router is defined. • Virtual Router Identifier—User-defined number identifying virtual router. • Description—User-defined string identifying virtual router. • Status—Select to enable VRRP on the device. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 380 Virtual Router MAC Address—The virtual MAC address of the virtual router • Virtual Router IP Address Table—IP addresses associated with this virtual router. • Description—The virtual router name. • Version—The virtual router version. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 381 IP Configuration: IPv4 VRRP Virtual Routers Configuring VRRP Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 382: Chapter 20: Security
Defining Storm Control • Access Control Access control of end-users to the network through the device is described in the following sections: • Configuring Management Access Authentication • Defining Management Access Method Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 383: Defining Users
Access Control Defining Users The default username/password is cisco/cisco. The first time that you log in with the default username and password, you are required to enter a new password. Password complexity is enabled by default. If the password that you choose is not complex enough (Password Complexity Settings are enabled in the Password Strength page), you are prompted to create another password.
Page 384 CLI commands that change the device configuration. See the CLI Reference Guide for more information. Read/Write Management Access (15)—User can access the GUI, and can configure the device. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 385: Setting Password Complexity Rules
Do not repeat or reverse the users name or any variant reached by changing the case of the characters. • Do not repeat or reverse the manufacturers name or any variant reached by changing the case of the characters. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 386: Configuring Tacacs
• Authorization—Performed at login. After the authentication session is completed, an authorization session starts using the authenticated username. The TACACS+ server then checks user privileges. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 387: Accounting Using A Tacacs+ Server
Username that is entered for login authentication. rem-addr P address of the user. elapsed-time Indicates how long the user was logged in. reason Reports why the session was terminated. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 388: Defaults
Privilege level 15 is given to a user or group of users on the TACACS+ server by the following string in the user or group definition: service = exec { priv-lvl = 15 To configure TACACS+ server parameters: Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 389 By IP Address—If this is selected, enter the IP address of the server in the Server IP Address/Name field. By Name—If this is selected enter the name of the server in the Server IP Address/Name field. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 390 To display sensitive data in plaintext form in the configuration file, click Display STEP 7 Sensitive Data As Plaintext. Click Apply. The TACACS+ server is added to the Running Configuration file of the STEP 8 device. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 391: Configuring Radius
The following defaults are relevant to this feature: • No default RADIUS server is defined by default. • If you configure a RADIUS server, the accounting feature is disabled by default. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 392: Interactions With Other Features
RADIUS server before a failure is considered to have occurred. • Timeout for Reply—Enter the number of seconds that the device waits for an answer from the RADIUS server before retrying the query, or switching to the next server. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 393 Global—The IPv6 address is a global Unicast IPV6 type that is visible and reachable from other networks. • Link Local Interface—Select the link local interface (if IPv6 Address Type Link Local is selected) from the list. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 394 802. 1 X—RADIUS server is used for 802. 1 x authentication. All—RADIUS server is used for authenticating user that ask to administer the device and for 802. 1 X authentication. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 395: Key Management
Key Identifier—Integer identifier for the key chain. • Key String—Value of the key chain string. Enter one of the following options: User Defined (Encrypted)—Enter an encrypted version. User Defined (Plaintext)—Enter a plaintext version Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 396: Creating A Key Settings
Click Apply. The settings are written to the Running Configuration file. STEP 3 Creating a Key Settings Use the Key Chain Settings page to add a key to an already existing key chain. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 397 • Duration—Length of time that the key identifier is valid. Enter the following fields: Days—Number of days that the key-identifier is valid. Hours—Number of hours that the key-identifier is valid. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 398: Configuring Management Access Authentication
RADIUS—User is authenticated on a RADIUS server. You must have configured one or more RADIUS servers. • TACACS+—User authenticated on the TACACS+ server. You must have configured one or more TACACS+ servers. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 399: Defining Management Access Method
Secure Telnet (SSH) Hypertext Transfer Protocol (HTTP) Secure HTTP (HTTPS) Simple Network Management Protocol (SNMP) All of the above • Action—Permit or deny access to an interface or source address. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 400: Active Access Profile
This only applies to device types that offer a console port. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 401 Permit—Permits access to the device if the user matches the settings in the profile. Deny—Denies access to the device if the user matches the settings in the profile. • Applies to Interface—Select the interface attached to the rule. The options are: Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 402: Defining Profile Rules
IT management center. In this way, the device can still be managed and has gained another layer of security. To add profile rules to an access profile: Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 403 • Applies to Interface—Select the interface attached to the rule. The options are: All—Applies to all ports, VLANs, and LAGs. User Defined—Applies only to the port, VLAN, or LAG selected. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 404: Ssl Server
Some browsers generate warnings when using a default certificate, since this certificate is not signed by a Certification Authority (CA). It is best practice to have a certificate signed by a trusted CA. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 405: Default Settings And Configuration
Key Length—Enter the length of the RSA key to be generated. Common Name—Specifies the fully-qualified device URL or IP address. If unspecified, defaults to the lowest IP address of the device (when the certificate is generated). Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 406 RSA key-pair to another device (using copy/paste). When you click Display Sensitive Data as Encrypted., the private keys are displayed in encrypted form. Click Apply to apply the changes to the Running Configuration. STEP 5 Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 407: Configuring Tcp/Udp Services
Type—IP protocol the service uses. • Local IP Address—Local IP address through which the device is offering the service. • Local Port—Local TCP port through which the device is offering the service. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 408: Defining Storm Control
When the rate of Broadcast, Multicast, or Unknown Unicast frames is higher than the user-defined threshold, frames received beyond the threshold are discarded. To define Storm Control: Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 409: Configuring Port Security
MAC addresses. The MAC addresses can be either dynamically learned or statically configured. Port security monitors received and learned packets. Access to locked ports is limited to users with specific MAC addresses. Port Security has four modes: Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 410 Session Authentication page). To configure port security: Click Security > Port Security. STEP 1 Select an interface to be modified, and click Edit. STEP 2 Enter the parameters. STEP 3 Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 411 Forward—Forwards packets from an unknown source without learning the MAC address. Shutdown—Discards packets from any unlearned source, and shuts down the port. The port remains shut down until reactivated, or until the device is rebooted. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 412: Configuring 802.1X
All access by other devices received from the same port are denied until the authorized supplicant is no longer using the port or the access is to the unauthenticated VLAN or guest VLAN. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 413 802. 1 x capable devices, and uses the MAC address of the devices as the username and password when communicating with the RADIUS servers. MAC addresses for Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 414 Guest VLAN when the first supplicant of the port is authorized. • The Guest VLAN cannot be used as the Voice VLAN and an unauthenticated VLAN. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 415: 802.1X Parameters Workflow
For 802. 1 X to function, it must be activated both globally and individually on each port. To define port-based authentication: Click Security > 802.1X > Properties. STEP 1 Enter the parameters. STEP 2 Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 416 The VLAN Authentication Table displays all VLANs, and indicates whether authentication has been enabled on them. Click Apply. The 802. 1 X properties are written to the Running Configuration file. STEP 3 Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 417: Defining 802.1X Port Authentication
This page displays authentication settings for all ports. Select a port, and click Edit. STEP 2 Enter the parameters. STEP 3 • Interface—Select a port. • User Name—Displays the username. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 418 After an authentication failure, and if Guest VLAN is activated globally on a given port, the guest VLAN is automatically assigned to the unauthorized ports as an Untagged VLAN. Cleared—Disables Guest VLAN on the port. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 419 Time Range Name—Select the profile that specifies the time range. • Quiet Period—Enter the number of seconds that the device remains in the quiet state following a failed authentication exchange. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 420: Defining Host And Session Authentication
Multiple Sessions—Enables the number of specific authorized hosts to access the port. Each host is treated as if it were the first and only user and must be authenticated. Filtering is based on the source MAC address. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 421 Action on Violation—Select the action to be applied to packets arriving in Single Session/Single Host mode, from a host whose MAC address is not the supplicant MAC address. The options are: Protect (Discard)—Discards the packets. Restrict (Forward)—Forwards the packets. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 422: Viewing Authenticated Hosts
None—No authentication is applied; it is automatically authorized. RADIUS—Supplicant was authenticated by a RADIUS server. • MAC Address—Displays the supplicant MAC address. Defining Time Ranges Time Range for an explanation of this feature. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 423: Denial Of Service Prevention
One method of resisting DoS attacks employed by the device is the use of SCT. SCT is enabled by default on the device and cannot be disabled. The Cisco device is an advanced device that handles management traffic, protocol traffic and snooping traffic, in addition to end-user (TCP) traffic.
Page 424: Defense Against Dos Attacks
A SYN attack is identified if the number of SYN packets per second exceeds a user-configured threshold. • Block SYN-FIN packets. • Block packets that contain reserved Martian addresses (Martian Addresses page) Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 425: Dependencies Between Features
QoS policies that are bound to a port. ACL and advanced QoS policies are not active when a port has DoS Protection enabled on it. To configure DoS Prevention global settings and monitor SCT: Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 426 Click Apply. The Denial of Service prevention Security Suite settings are written to STEP 6 the Running Configuration file. • If Interface-Level Prevention is selected, click the appropriate Edit button to configure the desired prevention. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 427: Syn Protection
Click Apply. SYN protection is defined, and the Running Configuration file is STEP 3 updated. The SYN Protection Interface Table displays the following fields for every port or LAG (as requested by the user) Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 428: Martian Addresses
Click Security > Denial of Service Prevention > Martian Addresses. STEP 1 Select Reserved Martian Addresses and click Apply to include the reserved STEP 2 Martian Addresses in the System Level Prevention list. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 429: Syn Filtering
Network Mask—Enter the network mask for which the filter is enabled in IP address format. • TCP Port—Select the destination TCP port being filtered: Known Ports—Select a port from the list. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 430: Syn Rate Protection
Prefix Length—Select the Prefix Length and enter the number of bits that comprise the source IP address prefix. • SYN Rate Limit—Enter the number of SYN packets that be received. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 431: Icmp Filtering
The IP Fragmented page enables blocking fragmented IP packets. To configure fragmented IP blocking: Click Security > Denial of Service Prevention > IP Fragments Filtering. STEP 1 Click Add. STEP 2 Enter the parameters. STEP 3 Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 432: Ip Source Guard
DHCP Snooping must be globally enabled in order to enable IP Source Guard on an interface. • IP source guard can be active on an interface only if: DHCP Snooping is enabled on at least one of the port's VLANs Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 433: Filtering
Configure interfaces as trusted or untrusted in the IP Configuration > DHCP > STEP 3 DHCP Snooping Interface page. Enable IP Source Guard in the Security > IP Source Guard > Properties page. STEP 4 Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 434: Enabling Ip Source Guard
Select the port/LAG and click Edit. Select Enable in the IP Source Guard field to STEP 3 enable IP Source Guard on the interface. Click Apply to copy the setting to the Running Configuration file. STEP 4 Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 435: Binding Database
Status—Displays whether interface is active. • Type—Displays whether entry is dynamic or static. • Reason—If the interface is not active, displays the reason. The following reasons are possible: No Problem—Interface is active. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 436: Dynamic Arp Inspection
After the attack, all traffic from the device under attack flows through the attacker's computer and then to the router, switch, or host. The following shows an example of ARP cache poisoning. ARP Cache Poisoning Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 437: How Arp Prevents Cache Poisoning
If the packet's IP address was not found in the ARP access control rules or in the DHCP Snooping Binding database the packet is invalid and is dropped. A SYSLOG message is generated. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 438: Interaction Between Arp Inspection And Dhcp Snooping
Dynamic ARP Inspection Not enabled. ARP Packet Validation Not enabled ARP Inspection Enabled on Not enabled VLAN Log Buffer Interval SYSLOG message generation for dropped packets is enabled at 5 seconds interval Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 439: Arp Inspection Work Flow
Addresses include 0.0.0.0, 255.255.255.255, and all IP Multicast addresses. • Log Buffer Interval—Select one of the following options: Retry Frequency—Enable sending SYSLOG messages for dropped packets. Entered the frequency with which the messages are sent. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 440: Defining Dynamic Arp Inspection Interfaces Settings
To add an entry, click Add. STEP 2 Enter the fields: STEP 3 • ARP Access Control Name—Enter a user-created name. • MAC Address—MAC address of packet. • IP Address—IP address of packet. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 441: Defining Arp Inspection Access Control Rules
To associate an ARP Access Control group with a VLAN, click Add. Select the STEP 3 VLAN number and select a previously-defined ARP Access Control group. Click Apply. The settings are defined, and the Running Configuration file is STEP 4 updated. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 442: Chapter 21: Security: Ssh Client
SCP server to a device. With respect to SSH, the SCP running on the device is an SSH client application and the SCP server is a SSH server application. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 443: Protection Methods
SSH server. This is not done through the device’s management system, although, after a username has been established on the server, the server password can be changed through the device’s management system. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 444: Public/Private Keys
SSH server. To facilitate this process, an additional feature enables secure transfer of the encrypted private key to all switches in the system. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 445: Ssh Server Authentication
If no matching IP address/host name is found, the search is completed and authentication fails. • If the entry for the SSH server is not found in the list of trusted servers, the process fails. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 446: Ssh Client Authentication
The following algorithms are supported on the client side: • Key Exchange Algorithm-diffie-hellman • Encryption Algorithms aes128-cbc 3des-cbc arcfour aes192-cbc aes256-cbc • Message Authentication Code Algorithms hmac-sha1 hmac-md5 Compression algorithms are not supported. NOTE Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 447: Before You Begin
SSH User Authentication page can be used. Set up a username/password on the SSH server or modify the password on the STEP 3 SSH server. This activity depends on the server and is not described here. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 448 To change your password on an SSH server: Identify the server in the Change User Password on SSH Server page. STEP 1 Enter the new password. STEP 2 Click Apply. STEP 3 Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 449: Ssh Client Configuration Through The Gui
Display Sensitive Data As Plaintext—Sensitive data for the current page appears as plaintext. The SSH User Key Table contains the following fields for each key: • Key Type—RSA or DSA. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 450: Ssh Server Authentication
Click Apply. The trusted server definition is stored in the Running Configuration STEP 4 file. Modifying the User Password on the SSH Server To change the password on the SSH server: Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 451 Old Password—This must match the password on the server. • New Password—Enter the new password and confirm it in the Confirm Password field. Click Apply. The password on the SSH server is modified. STEP 3 Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 452: Chapter 22: Security: Ssh Server
SSH server application, such as PuTTY. The public keys are entered in the device. The users can then open an SSH session on the device through the external SSH server application. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 453: Common Tasks
Log on to device B and open the SSH Server Authentication page. Select either STEP 3 the RSA or DSA key, click Edit and paste in the key from device A. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 454: Ssh Server Configuration Pages
This page is optional. You do not have to work with user authentication in SSH. To enable authentication and add a user. Click Security > SSH Server > SSH User Authentication. STEP 1 Select the following fields: STEP 2 Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 455: Ssh Server Authentication
The following fields are displayed for each key: • Key Type—RSA or DSA. • Key Source—Auto Generated or User Defined. • Fingerprint—Fingerprint generated from the key. Select either an RSA or DSA key. STEP 2 Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 456 Display Sensitive Data as Encrypted. to display the text in encrypted form. If new keys were copied in from another, click Apply. The key(s) are stored in the STEP 4 Running Configuration file. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 457 Security: SSH Server SSH Server Configuration Pages Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 458: Chapter 23: Security: Secure Sensitive Data Management
Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 459: Ssd Management
A device comes with a set of default SSD rules. An administrator can add, delete, and change SSD rules as desired. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 460: Elements Of An Ssd Rule
User Type will be applied). Specific—The rule applies to a specific user. Default User (cisco)—The rule applies to the default user (cisco). Level 15—The rule applies to users with privilege level 15. All—The rule applies to all users.
Page 461 Each management channel allows specific read presumptions. The following summarizes these. Table 2 Default Read Modes for Read Permissions Read Permission Default Read Mode Allowed Exclude Exclude Encrypted Only *Encrypted Plaintext Only *Plaintext Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 462 CLI/GUI sessions. When the SSD rule applied upon the session login is changed from NOTE within that session, the user must log out and back in to see the change. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 463: Ssd Rules And User Authentication
Rule Key Rule Action User Channel Read Default Read Mode Permission Level Secure XML Plaintext Only Plaintext SNMP Level Secure Both Encrypted Level Insecure Both Encrypted Insecure XML Exclude Exclude SNMP Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 464: Ssd Default Read Mode Session Override
• Controlling how the sensitive data is encrypted. • Controlling the strength of security on configuration files. • Controlling how the sensitive data is viewed within the current session. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 465: Passphrase
By default, the local passphrase and default passphrase are identical. It can be changed by administrative actions from either the Command Line Interface (if available) or the web-based interface. It is Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 466: Configuration File Passphrase Control
Configuration File Integrity Control be enabled when a device uses a user-defined passphrase with Unrestricted Configuration File Passprhase Control. Any modification made to a configuration file that is integrity protected is CAUTION considered tampering. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 467: Read Mode
• The SSD indicator, if it exists, must be in the configuration header file. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 468: Ssd Control Block
SSD control block, the device rejects the source file and the copy fails. • If there is no SSD control block in the source configuration file, the SSD configuration in the Startup Configuration file is reset to default. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 469: Running Configuration File
(meaning read permissions of either Both or Plaintext Only), the device rejects all SSD commands. • When copied from a source file, File SSD indicator, SSD Control Block Integrity, and SSD File Integrity are neither verified nor enforced. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 470: Backup And Mirror Configuration File
SSD Indicator shows Exclude or Plaintext Only sensitive data. • A user with Encrypted Only permission can access mirror and backup configuration files with their file SSD Indicator showing Exclude or Encrypted sensitive data. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 471: Sensitive Data Zero-Touch Auto Configuration
However, for auto configuration to succeed with a user-defined passphrase, the target devices must be manually pre-configured with the same passphrase as the device that generates the files, which is not zero touch. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 472: Ssd Management Channels
SSD Management Parallel Secured Channel Type Management Channel Console Secure Telnet Insecure Secure GUI/HTTP Insecure GUI/HTTPS GUI/HTTPS Secure XML/HTTP Insecure-XML- XML/HTTPS SNMP XML/HTTPS Secure-XML-SNMP SNMPv1/v2/v3 without Insecure-XML- Secure-XML-SNMP privacy SNMP Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 473: Menu Cli And Password Recovery
SSD rules are defined in the SSD Rules page. SSD Properties Only users with SSD read permission of Plaintext-only or Both are allowed to set SSD properties. To configure global SSD properties: Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 474: Ssd Rules
Specific User—Select and enter the specific user name to which this rule applies (this user does not necessarily have to be defined). Default User (cisco)—Indicates that this rule applies to the default user. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 475 Encrypted—Sensitive data is presented encrypted. Plaintext—Sensitive data is presented as plaintext. The following actions can be performed: STEP 3 • Restore to Default—Restore a user-modified default rule to the default rule. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 476 Security: Secure Sensitive Data Management Configuring SSD • Restore All Rules to Default—Restore all user-modified default rules to the default rule and remove all user-defined rules. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 477 Security: Secure Sensitive Data Management Configuring SSD Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 478: Chapter 24: Access Control
Either a DENY or PERMIT action is applied to frames whose contents match the filter. The device supports a maximum of 512 ACLs, and a maximum of 512 ACEs. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 479 If a frame matches the filter in an ACL, it is defined as a flow with the name of that ACL. In advanced QoS, these frames can be referred to using this Flow name, and QoS can be applied to these frames (see QoS Advanced Mode). Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 480: Defining Mac-Based Acls
Only then can the ACL be modified, as described in this section. Defining MAC-based ACLs MAC-based ACLs are used to filter traffic based on Layer 2 fields. MAC-based ACLs check all frames for a match. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 481: Adding Rules To A Mac-Based Acl
Such ports can be reactivated from the Port Settings page. • Time Range—Select to enable limiting the use of the ACL to a specific time range. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 482 802.1p Mask—Enter the wildcard mask to be applied to the VPT tag. • Ethertype—Enter the frame Ethertype to be matched. Click Apply. The MAC-based ACE is saved to the Running Configuration file. STEP 5 Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 483: Ipv4-Based Acls
Enter the name of the new ACL in the ACL Name field. The names are STEP 3 case-sensitive. Click Apply. The IPv4-based ACL is saved to the Running Configuration file. STEP 4 Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 484: Adding Rules (Aces) To An Ipv4-Based Acl
ICMP —Internet Control Message Protocol IGMP —Internet Group Management Protocol IP in IP —IP in IP encapsulation —Transmission Control Protocol —Exterior Gateway Protocol —Interior Gateway Protocol Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 485 Note that this mask is different than in other uses, such as subnet mask. Here, setting a bit as 1 indicates don't care and 0 indicates to mask that value. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 486 • Type of Service—The service type of the IP packet. —Any service type DSCP to Match —Differentiated Serves Code Point (DSCP) to match Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 487: Ipv6-Based Acls
STEP 5 IPv6-Based ACLs The IPv6-Based ACL page displays and enables the creation of IPv6 ACLs, which check pure IPv6-based traffic. IPv6 ACLs do not check IPv6-over-IPv4 or ARP packets. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 488: Adding Rules (Aces) For An Ipv6-Based Acl
Deny—Drop packets that meet the ACE criteria. Shutdown—Drop packets that meet the ACE criteria, and disable the port to which the packets were addressed. Ports are reactivated from the Port Management page. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 489 Any—Match to all source ports. Single—Enter a single TCP/UDP source port to which packets are matched. This field is active only if 800/6-TCP or 800/17-UDP is selected in the IP Protocol drop-down menu. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 490 Select one of the following options, to configure whether to filter on this code: Any—Accept all codes. User defined—Enter an ICMP code for filtering purposes. Click Apply. STEP 5 Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 491: Defining Acl Binding
Select MAC Based ACL—Select a MAC-based ACL to be bound to the interface. • Select IPv4 Based ACL—Select an IPv4-based ACL to be bound to the interface. • Select IPv6 Based ACL—Select an IPv6-based ACL to be bound to the interface. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 492 Click Apply. The ACL binding is modified, and the Running Configuration file is STEP 7 updated. If no ACL is selected, the ACL(s) that is previously bound to the NOTE interface is unbound. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 493 Access Control Defining ACL Binding Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 494: Chapter 25: Quality Of Service
This section covers the following topics: • QoS Features and Components • Configuring QoS - General • QoS Basic Mode • QoS Advanced Mode • Managing QoS Statistics Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 495: Qos Features And Components
Code Point (DSCP) value for IPv4 or Traffic Class (TC) value for IPv6 in Layer 3. When operating in Basic Mode, the device trusts this external assigned QoS value. The external assigned QoS value of a packet determines its traffic class and QoS. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 496: Qos Workflow
QoS Properties page. The following steps in the workflow, assume that you have chosen to enable QoS. Assign each interface a default CoS priority by using the QoS Properties page. STEP 2 Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 497: Configuring Qos - General
The QoS Properties Page contains fields for setting the QoS mode for the system (Basic, Advanced, or Disabled, as described in the “QoS Modes” section). In addition, the default CoS priority for each interface can be defined. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 498: Setting Qos Properties
Default CoS—Select the default CoS (Class-of-Service) value to be assigned for incoming packets (that do not have a VLAN tag). Click Apply. The interface default CoS value is saved to Running Configuration file. STEP 2 Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 499: Configuring Qos Queues
To select the priority method and enter WRR data. Click Quality of Service > General > Queue. STEP 1 Enter the parameters. STEP 2 • Queue—Displays the queue number. • Scheduling Method: Select one of the following options: Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 500: Mapping Cos/802.1P To A Queue
802.1p Queue Notes Values (4 queues 1- (0-7, 7 being 4, 4 being the the highest) highest priority) Background Best Effort Excellent Effort Critical Application - LVS phone SIP Video Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 501 Queue schedule method and bandwidth allocation (Queue page), it is possible to achieve the desired quality of service in a network. The CoS/802. 1 p to Queue mapping is applicable only if one of the following exists: Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 502: Mapping Dscp To Queue
The device is in QoS Basic mode and DSCP is the trusted mode, or • The device is in QoS Advanced mode and the packets belongs to flows that is DSCP trusted Non-IP packets are always classified to the best-effort queue. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 503 Queue DSCP Queue DSCP Queue Table 5 DSCP to Queue Default Mapping – 8 Queues System (7 is highest and 8 is used for stack control purposes) DSCP Queue DSCP Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 504 DSCP Queue DSCP Queue DSCP Queue DSCP Queue Table 6 DSCP to Queue Default Mapping – 8 Queues System (8 is highest) DSCP Queue DSCP Queue DSCP Queue DSCP Queue Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 505: Configuring Bandwidth
The following values are entered for egress shaping: • Committed Information Rate (CIR) sets the average maximum amount of data allowed to be sent on the egress interface, measured in bits per second Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 506 This amount can be sent even if it temporarily increases the bandwidth beyond the allowed limit. Click Apply. The bandwidth settings are written to the Running Configuration file. STEP 5 Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 507: Configuring Egress Shaping Per Queue
Click Apply. The bandwidth settings are written to the Running Configuration file. STEP 6 Configuring VLAN Ingress Rate Limit The VLAN Rate Limit feature is not available when the device is in Layer 3 mode. NOTE Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 508 Cannot be entered for LAGs. Click Apply. The VLAN rate limit is added, and the Running Configuration file is STEP 4 updated. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 509: Tcp Congestion Avoidance
It is recommended that you disable the trusted mode at the ports where the CoS/802. 1 p and/or DSCP values in the incoming packets are not trustworthy. Otherwise, it might negatively affect the performance of your network Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 510: Configuring Global Settings
Select the DSCP Out value to indicate the outgoing value is mapped. STEP 5 Click Apply. The Running Configuration file is updated with the new DSCP values. STEP 6 Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 511: Interface Qos Settings
A class map defines a flow with one or more associating ACLs. Packets that match only ACL rules (ACE) in a class map with Permit (forward) action are considered belonging to the same flow, and are subjected to the same Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 512 • Definition of the actions to be applied to frames in each flow that match the rules. • Binding the combinations of rules and action to one or more interfaces. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 513: Workflow To Configure Advanced Qos Mode
Select the Trust Mode while the device is in Advanced mode. If a packet CoS STEP 2 level and DSCP tag are mapped to separate queues, the Trust mode determines the queue to which the packet is assigned: Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 514: Configuring Out-Of-Profile Dscp Mapping
QoS-specified limits. The portion of the traffic that causes the flow to exceed its QoS limit is referred to as out-of-profile packets. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 515 Select the DSCP Out value to where the incoming value is mapped. STEP 2 Click Apply. The Running Configuration file is updated with the new DSCP STEP 3 Mapping table. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 516: Defining Class Mapping
—A packet must match either the IP based ACL or the MAC based ACL in the class map. • IP—Select the IPv4 based ACL or the IPv6 based ACL for the class map. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 517: Qos Policers
An aggregate policer is defined if the policer is to be shared with more than one class. Policers on a port cannot be shared with other policers in another device. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 518: Defining Aggregate Policers
Aggregate Policer Name—Enter the name of the Aggregate Policer. • Ingress Committed Information Rate (CIR)—Enter the maximum bandwidth allowed in bits per second. See the description of this in the Bandwidth page. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 519: Configuring A Policy
Click Policy Class Map Table to display the Policy Class Maps page. STEP 2 Click Add to open the Add Policy Table page. Enter the name of the new policy in the New Policy Name field. STEP 3 Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 520: Policy Class Maps
CoS/802. 1 p value and the CoS/802. 1 p to Queue Table. —If this option is selected, use the value entered in the New Value box to determine the egress queue of the matching packets as follows: Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 521 Drop—Packets exceeding the defined CIR value are dropped. Out of Profile DSCP—IP packets exceeding the defined CIR are forwarding with a new DSCP derived from the Out Of Profile DSCP Mapping Table. Click Apply. STEP 5 Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 522: Policy Binding
Click Apply. The QoS policy binding is defined, and the Running Configuration file STEP 5 is updated. Managing QoS Statistics From these pages you can manage the Single Policer, Aggregated Policer, and view queues statistics. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 523: Policer Statistics
Policy Name—Select the policy name. • Class Map Name—Select the class name. Click Apply. An additional request for statistics is created and the Running STEP 4 Configuration file is updated. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 524: Viewing Aggregated Policer Statistics
Refresh Rate—Select the time period that passes before the interface Ethernet statistics are refreshed. The available options are: No Refresh—Statistics are not refreshed. 15 Sec—Statistics are refreshed every 15 seconds. 30 Sec—Statistics are refreshed every 30 seconds. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 525 Total Packets—Number of packets forwarded or tail dropped. • Tail Drop Packets—Percentage of packets that were tail dropped. Click Add. STEP 4 Enter the parameters. STEP 5 • Counter Set—Select the counter set: Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 526 Queue—Select the queue for which statistics are displayed. • Drop Precedence—Enter drop precedence that indicates the probability of being dropped. Click Apply. The Queue Statistics counter is added, and the Running Configuration STEP 6 file is updated. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 527 Quality of Service Managing QoS Statistics Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 528: Chapter 26: Snmp
The device functions as SNMP agent and supports SNMPv1, v2, and v3. It also reports system events to trap receivers using the traps defined in the supported MIBs (Management Information Base). Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 529: Snmpv1 And V2
For security reasons, SNMP is disabled by default. Before you can NOTE manage the device via SNMP, you must turn on SNMP on the Security >TCP/ UDP Services page. The following is the recommended series of actions for configuring SNMP: Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 530 If the SNMP Engine ID is not set, then users may not be created. Optionally, enable or disable traps by using the Trap Settings page. STEP 5 Optionally, define a notification filter(s) by using the Notification Filter page. STEP 6 Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 531: Supported Mibs
Stackable Managed Switch SG500X 24P 24-Port Gigabit with 4-Port 10-Gigabit PoE 9.6. 1 .85.24.2 Stackable Managed Switch SG500X-48 48-Port Gigabit with 4-Port 10-Gigabit 9.6. 1 .85.48. 1 Stackable Managed Switch Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 532: Snmp Engine Id
Choose which to use for Local Engine ID. STEP 2 • Use Default—Select to use the device-generated engine ID. The default engine ID is based on the device MAC address, and is defined per standard Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 533 • Server IP Address/Name—Enter the IP address or domain name of the log server. • Engine ID—Enter the Engine ID. Click Apply. The Running Configuration file is updated. STEP 5 Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 534: Configuring Snmp Views
In order to verify your view configuration, select the user-defined views from the STEP 6 Filter: View Name list. The following views exist by default: • Default—Default SNMP view for read and read/write views. • DefaultSuper—Default SNMP view for administrator views. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 535: Creating Snmp Groups
It becomes operational when it is associated with an SNMP user or community. To associate a non-default view with a group, first create the view in the Views NOTE page. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 536 Write—Management access is write for the selected view. Otherwise, a user or a community associated with this group is able to write all MIBs except those that control SNMP itself. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 537: Managing Snmp Users
Click Add. STEP 2 This page provides information for assigning SNMP access control privileges to SNMP users. Enter the parameters. STEP 3 • User Name—Enter a name for the user. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 538 Privacy Password—16 bytes are required (DES encryption key) if the DES privacy method was selected. This field must be exactly 32 hexadecimal characters. The Encrypted or Plaintext mode can be selected. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 539: Defining Snmp Communities
STEP 3 station IP address that can access the SNMP community. Click All to indicate that any IP device can access the SNMP community. • IP Version—Select either IPv4 or IPv6. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 540 View Name—Select an SNMP view (a collection of MIB subtrees to which access is granted). • Advanced—Select this mode for a selected community. Group Name—Select an SNMP group that determines the access rights. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 541: Defining Trap Settings
When an event arises that requires a trap message to be sent, it is sent to every node listed in the Notification Recipient Table. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 542: Defining Snmpv1,2 Notification Recipients
Global—The IPv6 address is a global Unicast IPV6 type that is visible and reachable from other networks. • Link Local Interface—If the IPv6 address type is Link Local, select whether it is received through a VLAN or ISATAP. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 543: Defining Snmpv3 Notification Recipients
This page contains recipients for SNMPv3. Click Add. STEP 2 Enter the parameters. STEP 3 • Server Definition—Select whether to specify the remote log server by IP address or name. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 544 Security Level is No Authentication only. However, if this User Name has assigned Authentication and Privacy on the User page, the security level on this screen can be either No Authentication, or Authentication Only, or Authentication and Privacy. The options are: Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 545: Snmp Notification Filters
Filter Name—Enter a name between 0-30 characters. • Object ID Subtree—Select the node in the MIB tree that is included or excluded in the selected SNMP filter. The options to select the object are as follows: Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 546 Select or deselect Include in filter. If this is selected, the selected MIBs are STEP 4 included in the filter, otherwise they are excluded. Click Apply. The SNMP views are defined and the running configuration is STEP 5 updated. Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 547 SNMP SNMP Notification Filters Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3...
Page 548 Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company.

This manual is also suitable for:

Sf500-24p Sf500-48p Sg500-28p Sg500-28 Sg500-52 Sg500-52p ... Show all

Cisco SF500-24 Administration Manual

Chapter 1: Getting Started

Chapter 2: Status and Statistics

Chapter 3: Administration: System Log

Chapter 4: Administration: File Management

Chapter 5: Administration: Stack Management

Chapter 6: Administration: General Information

Chapter 7: Administration: Time Settings

Chapter 8: Administration: Diagnostics

Chapter 9: Administration: Discovery

Chapter 10: Port Management

Chapter 11: Smartport

Chapter 12: Port Management: Poe

Chapter 13: VLAN Management

Chapter 14: Spanning Tree

Chapter 15: Managing MAC Address Tables

Chapter 16: Multicast

Chapter 17: IP Configuration

Quick Links

Related Manuals for Cisco SF500-24

Summary of Contents for Cisco SF500-24