Page 1 ADMINISTRATION GUIDE Cisco Small Business 300 Series Managed Switch Administration Guide Release 1.3.5...
Page 2: Table Of Contents
Setting System Log Settings Setting Remote Logging Settings Viewing Memory Logs Chapter 4: Administration: File Management System Files Upgrade/Backup Firmware/Language Download/Backup Configuration/Log Configuration Files Properties Copy/Save Configuration Auto Configuration via DHCP Cisco Small Business 300 Series Managed Switch Administration Guide...
Page 3 Configuring System Time Chapter 7: Administration: Diagnostics Testing Copper Ports Displaying Optical Module Status Configuring Port and VLAN Mirroring Viewing CPU Utilization and Secure Core Technology Chapter 8: Administration: Discovery Bonjour Cisco Small Business 300 Series Managed Switch Administration Guide...
Page 4 Link Aggregation Configuring Green Ethernet Chapter 11: Smartport Overview What is a Smartport Smartport Types Smartport Macros Macro Failure and the Reset Operation How the Smartport Feature Works Auto Smartport Error Handling Cisco Small Business 300 Series Managed Switch Administration Guide...
Page 5 Configuring STP Status and Global Settings Defining Spanning Tree Interface Settings Configuring Rapid Spanning Tree Settings Chapter 15: Managing MAC Address Tables Configuring Static MAC Addresses Managing Dynamic MAC Addresses Chapter 16: Multicast Multicast Forwarding Cisco Small Business 300 Series Managed Switch Administration Guide...
Page 6 Defining Users Configuring RADIUS Management Access Method Management Access Authentication Secure Sensitive Data Management SSL Server SSH Client Configuring TCP/UDP Services Defining Storm Control Configuring Port Security 802.1X Denial of Service Prevention Cisco Small Business 300 Series Managed Switch Administration Guide...
Page 7 Chapter 21: Security: Secure Sensitive Data Management Introduction SSD Rules SSD Properties Configuration Files SSD Management Channels Menu CLI and Password Recovery Configuring SSD Chapter 22: Security: SSH Client Secure Copy (SCP) and SSH Cisco Small Business 300 Series Managed Switch Administration Guide...
Page 8 Chapter 25: Quality of Service QoS Features and Components Configuring QoS - General Managing QoS Statistics Chapter 26: SNMP SNMP Versions and Workflow Model OIDs SNMP Engine ID Configuring SNMP Views Creating SNMP Groups Cisco Small Business 300 Series Managed Switch Administration Guide...
Page 9 Contents Managing SNMP Users Defining SNMP Communities Defining Trap Settings Notification Recipients SNMP Notification Filters Cisco Small Business 300 Series Managed Switch Administration Guide...
Page 10 Contents Cisco Small Business 300 Series Managed Switch Administration Guide...
Page 11: Chapter 1: Getting Started
Open a Web browser. STEP 1 Enter the IP address of the device you are configuring in the address bar on the STEP 2 browser, and then press Enter. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 12 To add a new language to the device or update a current one, refer to the Upgrade/Backup Firmware/Language section. If this is the first time that you logged on with the default user ID (cisco) and the STEP 3 default password (cisco) or your password has expired, the Change Password Page appears.
Page 13 Save the Running Configuration to the Startup Configuration before logging off to preserve any changes you made during this session. A flashing red X icon to the left of the Save application link indicates that Running Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 14 Getting Started page. If you did not select this option, the initial page is the Getting Started page. If you did select this option, the initial page is the System Summary page. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 15: Quick Start Device Configuration
Configure Port Mirroring Port and VLAN Mirroring page There are two hot links on the Getting Started page that take you to Cisco web pages for more information. Clicking on the Support link takes you to the device product support page, and clicking on the Forums link takes you to the Small Business Support Community page.
Page 16: Interface Naming Conventions
LAG (Port Channel)—These are displayed as LAG. VLAN—These are displayed as VLAN. Tunnel —These are displayed as Tunnel. • Interface Number: Port, LAG, tunnel or VLAN ID Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 17: Window Navigation
Running Configuration. Username Displays the name of the user logged on to the device. The default username is cisco. (The default password is cisco). Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 18 SYSLOG Alert Status icon is no longer displayed. To display the page when there is not an active SYSLOG message, Click Status and Statistics > View Log > RAM Memory. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 19 Clears log files. Clear Table Clears table entries. Close Returns to main page. If any changes were not applied to the Running Configuration, a message appears. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 20 Enter the query filtering criteria and click Go. The results are displayed on the page. Refresh Clich Refresh to refresh the counter values. Test Click Test to perform the related tests. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 21 Getting Started Window Navigation Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 22 Getting Started Window Navigation Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 23: Chapter 2: Status And Statistics
This page is useful for analyzing the amount of traffic that is both sent and received and its dispersion (Unicast, Multicast, and Broadcast). Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 24 • Click Clear Interface Counters to clear counters for the interface displayed. • Click View All Interfaces Statistics to see all ports on a single page. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 25: Viewing Etherlike Statistics
Pause Frames Transmitted—Flow control pause frames transmitted from the selected interface. To clear statistics counters: • Click Clear Interface Counters to clear the selected interfaces counters. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 26: Viewing Gvrp Statistics
Leave All—Number of GVRP Leave All packets received/transmitted. The GVRP Error Statistics section displays the GVRP error counters. • Invalid Protocol ID—Invalid protocol ID errors. • Invalid Attribute Type—Invalid attribute ID errors. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 27: Viewing 802.1X Eap Statistics
• EAP Response/ID Frames Received—EAP Resp/ID frames received on the port. • EAP Response Frames Received—EAP Response frames received by the port (other than Resp/ID frames). Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 28: Viewing Tcam Utilization
The TCAM Utilization page shows the following fields: • Maximum TCAM Entries for IPv4 and Non-IP (Rules)—Maximum TCAM Entries available. • IPv4 Routing In Use—Number of TCAM entries used for IPv4 routing. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 29: Health
Define interesting changes in counter values, such as “reached a certain number of late collisions” (defines the alarm), and then specify what action to perform when this event occurs (log, trap, or log and trap). Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 30: Viewing Rmon Statistics
CRC & Align Errors—Number of CRC and Align errors that have occurred. • Undersize Packets—Number of undersized packets (less than 64 octets) received. • Oversize Packets—Number of oversized packets (over 2000 octets) received. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 31: Configuring Rmon History
Click Clear Interface Counters to clear the selected interfaces counters. • Click View All Interfaces Statistics to see all ports on a single page. Configuring RMON History The RMON feature enables monitoring statistics per interface. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 32: Viewing The Rmon History Table
Viewing the RMON History Table The History Table page displays interface-specific statistical network samplings. The samples were configured in the History Control table described above. To view RMON history statistics: Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 33 (FCS Error) or a bad FCS with a non-integral octet (Alignment Error) number. • Collisions—Collisions received. • Utilization—Percentage of current interface traffic compared to maximum traffic that the interface can handle. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 34: Defining Rmon Events Control
Time—Displays the time of the event. (This is a read-only table in the parent window and cannot be defined). • Owner—Enter the device or user that defined the event. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 35: Viewing The Rmon Events Logs
The Alarms page provides the ability to configure alarms and to bind them with events. Alarm counters can be monitored by either absolute values or changes (delta) in the counter values. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 36 Rising Alarm—A rising value triggers the rising threshold alarm. Falling Alarm—A falling value triggers the falling threshold alarm. Rising and Falling—Both rising and falling values trigger the alarm. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 37: View Log
Owner—Enter the name of the user or network management system that receives the alarm. Click Apply. The RMON alarm is saved to the Running Configuration file. STEP 4 View Log Viewing Memory Logs. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 38 Status and Statistics View Log Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 39: Chapter 3: Administration: System Log
(except for Emergency that is indicated by the letter F). For example, the log message "%INIT-I-InitCompleted: … " has a severity level of I, meaning Informational. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 40 Each message states the number of times it was aggregated. • Max Aggregation Time—Enter the interval of time that SYSLOG messages are aggregated. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 41: Setting Remote Logging Settings
• IPv6 Source Interface—Select the source interface whose IPv6 address will be used as the source IPv6 address of SYSLOG messages sent to SYSLOG servers. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 42 Click Apply. The Add Remote Log Server page closes, the SYSLOG server is STEP 5 added, and the Running Configuration file is updated. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 43: Viewing Memory Logs
Log Settings page. Flash logs remain when the device is rebooted. You can clear the logs manually. To view the Flash logs, click Status and Statistics > View Log > Flash Memory. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 44 Log Time—Time when message was generated. • Severity—Event severity. • Description—Message text describing the event. To clear the messages, click Clear Logs. The messages are cleared. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 45: Chapter 4: Administration: File Management
The possible methods of file transfer are: • Internal copy. • HTTP/HTTPS that uses the facilities that the browser provides. • TFTF/SCP client, requiring a TFTP/SCP server. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 46 The device has been operating continuously for 24 hours. No configuration changes have been made to the Running Configuration in the previous 24 hours. The Startup Configuration is identical to the Running Configuration. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 47 Copy/Save Configuration section. • Enable automatically uploading a configuration file from a DHCP server to the device, as described in the Auto Configuration via DHCP section. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 48: Upgrade/Backup Firmware/Language
(the old version) until you change the status of the new image to be the active image by using the procedure in the Active Image <300- 500> section. Then boot the device. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 49 If a link local address exists on the interface, this entry replaces the address in the configuration. Global—The IPv6 address is a global Unicast IPV6 type that is visible and reachable from other networks. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 50 Username—Enter a username for this copy action. Password—Enter a password for this copy. The username and password for one-time credential will not saved in NOTE configuration file. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 51 If SSH server authentication is enabled (in the SSH Server Authentication page), and the SCP server is trusted, the operation succeeds. If the SCP server is not trusted, the operation fails and an error is displayed. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 52: Active Image
Active Image Version Number After Reboot displays the firmware version of the active image that is used after the device is rebooted. Click Apply. The active image selection is updated. STEP 3 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 53: Download/Backup Configuration/Log
Startup Configuration file is deleted and the device reboots automatically in the new System mode. The device is configured with an empty configuration file. See Auto Configuration via DHCP. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 54 Destination File Type—Enter the destination configuration file type. Only valid file types are displayed. (The file types are described in the Files and File Types section). Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 55 (.), and the file name must be between 1 and 160 characters. (Valid characters: A-Z, a-z, 0-9, “.”, “-”, “_”). Click Apply. The file is upgraded or backed up. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 56 (password or public/private key), set a username and password on the device, if the password method is selected, and generate an RSA or DSA key if required. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 57 • Destination File Type—Select the configuration file type. Only valid file types are displayed. (The file types are described in the Files and File Types section). Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 58: Configuration Files Properties
Creation Time—Date and time that file was modified. If required, disable Auto Mirror Configuration. This disables the automatic STEP 2 creation of mirror configuration files. When disabling this feature, the mirror Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 59: Copy/Save Configuration
Select the Source File Name to be copied. Only valid file types are displayed STEP 2 (described in the Files and File Types section). Select the Destination File Name to be overwritten by the source file. STEP 3 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 60: Auto Configuration Via Dhcp
RADIUS server keys and SSH/SSL keys, by using the Secured Copy Protocol (SCP) and the Secure Sensitive Data (SSD) feature (See Security: Secure Sensitive Data Management). Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 61: Dhcp Server Options
Auto Configuration page. This information is used when the DHCPv4 message does not contain this information (but it is not used by DHCPv6). Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 62: Ssh Client Authentication Parameters
The SSH Client authentication parameters can also be used when downloading a NOTE file for manual download (a download that is not performed through the DHCP Auto Configuration feature). Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 63: Auto Configuration Process
If the SSH server authentication process is enabled, and the SSH server is not found in the SSH Trusted Servers list, the Auto Configuration process is halted. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 64: Configuring Dhcp Auto Configuration
In IPv4, to ensure that the device configuration functions as intended, due to allocation of different IP addresses with each DHCP renew cycle, it is recommended that IP addresses be bound to MAC addresses in the DHCP Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 65 Enter the following optional information to be used if no configuration file name STEP 3 was received from the DHCP server. • Backup Server Definition—Select By IP address or By name to configure the server. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 66 DHCP message. Click Apply. The parameters are copied to the Running Configuration file. STEP 4 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 67 Administration: File Management Auto Configuration via DHCP Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 68: Chapter 5: Administration
• File Management • Routing Resources<300-500> • Health • Diagnostics • Discovery - Bonjour • Discovery - LLDP • Discovery - CDP • Ping • Traceroute Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 69: Device Models
180W 2 uplinks and 2 combo-ports. SG300-52 SRW2048-K9 48 GE ports, and 4 special-purpose ports - 2 uplinks and 2 combo-ports SF300-08 SRW208-K9 8 FE ports. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 70 740W 52MP-K9 SG300-10SFP SG300- 10-Port Gigabit Managed SFP Switch 10SFP-K9 SF300-24MP SF300-24M- 24-Port 10/100 PoE Managed Switch 375W SG300-28MP SRW2024P- 28-Port Gigabit PoE Managed Switch 375W Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 71: System Settings
MAC address (the six furthest right hexadecimal digits). • System Uptime—Time that has elapsed since the last reboot. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 72 Boot MD5 Checksum—MD5 checksum of the boot version. • Locale—Locale of the first language. (This is always English). • Language Version—Language package version of the first or English language. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 73 L2—Select to place the device in Layer 2 system mode. L3—Select to place the device in Layer 3 system mode. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 74 Click Administration > Console Settings. STEP 1 Select one of the following: STEP 2 • Auto Detection—The console baud rate is detected automatically. • Static—Select one of the available speeds. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 75: Management Interface
Select the timeout for the each session from the corresponding list. The default STEP 2 timeout value is 10 minutes. Click Apply to set the configuration settings on the device. STEP 3 Time Settings Administration: Time Settings. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 76: System Log
(e.g. late night). To reboot the device: Click Administration > Reboot. STEP 1 Click one of the Reboot buttons to reboot the device. STEP 2 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 77 Clearing the Startup Configuration File and Rebooting is not the same NOTE as Rebooting to Factory Defaults. Rebooting to Factory Defaults is more intrusive. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 78: Routing Resources
Maximum Entries—Select one of the following options: Use Default—The number of TCAM entries available for IP entries is 25% of the TCAM size. User Defined—Enter a value. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 79: Health
• (On devices that support PoE) Disable the PoE circuitry so that less power is consumed and less heat is emitted. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 80: Diagnostics
Fan Direction—(On relevant devices) The direction that the fans are working in (for example: Front to Back). Diagnostics Administration: Diagnostics. Discovery - Bonjour See Bonjour. Discovery - LLDP Configuring LLDP. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 81: Discovery - Cdp
• Destination IPv6 Address Type—Select Link Local or Global as the type of IPv6 address to enter as the destination IP address. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 82 STEP 1 Configure Traceroute by entering information into the following fields: STEP 2 • Host Definition—Select whether hosts are identified by their IP address or name. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 83 A page appears showing the Round Trip Time (RTT) and status for each trip in the fields: • Index—Displays the number of the hop. • Host—Displays a stop along the route to the destination. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 84 • Round Trip Time (1-3)—Displays the round trip time in (ms) for the first through third frame and the status of the first through third operation. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 85 Administration Traceroute Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 86 Administration Traceroute Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 87 Administration Traceroute Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 88 Administration Traceroute Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 89 Administration Traceroute Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 90 Administration Traceroute Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 91 Administration Traceroute Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 92 Administration Traceroute Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 93 Administration Traceroute Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 94 Administration Traceroute Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 95: Chapter 6: Administration: Time Settings
This section describes the options for configuring the system time, time zone, and Daylight Savings Time (DST). It covers the following topics: • System Time Options • SNTP Modes • Configuring System Time Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 96: System Time Options
After the time has been set by any of the above sources, it is not set again by the browser. SNTP is the recommended method for time setting. NOTE Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 97: Sntp Modes
The device supports having all of the above modes active at the same time and selects the best system time received from an SNTP server, according to an algorithm based on the closest stratum (distance from the reference clock). Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 98: Configuring System Time
RIP MD5 authentication to work. This also helps features that associate with time, for example: Time Based ACL, Port, 802. 1 port authentication that are supported on some devices. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 99 European country. Enter the following parameters: Recurring —DST occurs on the same date every year. By Dates Selecting allows customization of the start and stop of DST: Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 100: Adding A Unicast Sntp Server
Click Administration > Time Settings > SNTP Unicast. STEP 1 Enter the following fields: STEP 2 • SNTP Client Unicast—Select to enable the device to use SNTP-predefined Unicast clients with Unicast SNTP servers. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 101 Delay—The estimated round-trip delay of the server's clock relative to the local clock over the network path between them, in milliseconds. The host determines the value of this delay using the algorithm described in RFC 2030. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 102 The server with the lowest stratum is considered to be the primary server. The server with the next lowest stratum Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 103: Configuring The Sntp Mode
The packets are transmitted to all SNTP servers on the subnet. If the system is in Layer 3 system mode, click Add to select the interface for SNTP STEP 3 reception/transmission. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 104: Defining Sntp Authentication
STEP 3 Click Add. STEP 4 Enter the following parameters: STEP 5 • Authentication Key ID—Enter the number used to identify this SNTP authentication key internally. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 105: Time Range
The time-range feature can be used for the following: • Limit access of computers to the network during business hours (for example), after which the network ports are locked, and access to the rest Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 106 The existing recurring time ranges are displayed (filtered per a specific, absolute time range.) Select the absolute time range to which to add the recurring range. STEP 2 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 107 Recurring Starting Time—Enter the date and time that the Time Range begins on a recurring basis. Recurring Ending Time—Enter the date and time that the Time Range ends on a recurring basis. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 108: Chapter 7: Administration: Diagnostics
Preconditions to Running the Copper Port Test Before running the test, do the following: • (Mandatory) Disable Short Reach mode (see the Port Management > Green Ethernet > Properties page) Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 109 Distance to Fault—Distance from the port to the location on the cable where the fault was discovered. • Operational Port Status—Displays whether port is up or down. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 110: Displaying Optical Module Status
10 km. The following GE SFP (1000Mbps) transceivers are supported: • MGBBX1: 1000BASE-BX-20U SFP transceiver, for single-mode fiber, 1310 nm wavelength, supports up to 40 km. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 111 No Signal (N/S). • Loss of Signal—Local SFP reports signal loss. Values are True and False. • Data Ready—SFP is operational. Values are True and False Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 112: Configuring Port And Vlan Mirroring
• Type—Type of monitoring: incoming to the port (Rx), outgoing from the port (Tx), or both. • Status— Displays one of the following values: Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 113: Viewing Cpu Utilization And Secure Core Technology
This section describes the Secure Core Technology (SCT) and how to view CPU usage. The device handles the following types of traffic, in addition to end-user traffic: • Management traffic • Protocol traffic • Snooping traffic Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 114 Select the Refresh Rate (time period in seconds) that passes before the statistics STEP 2 are refreshed. A new sample is created for each time period Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 115: Chapter 8: Administration: Discovery
Services page. When Bonjour Discovery and IGMP are both enabled, the IP Multicast address of Bonjour appears on the Adding IP Multicast Group Address page. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 116: Bonjour In Layer 3 System Mode
To configure Bonjour when the device is in Layer 3 system mode: Click Administration > Discovery - Bonjour. STEP 1 Select Enable to enable Bonjour discovery globally. STEP 2 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 117: Lldp And Cdp
LLDP Properties page respectively. • Auto Smartport requires CDP and/or LLDP to be enabled. Auto Smartport automatically configures an interface based on the CDP/LLDP advertisement received from the interface. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 118: Configuring Lldp
LLDP Overview • Setting LLDP Properties • Editing LLDP Port Settings • LLDP MED Network Policy • Configuring LLDP MED Port Settings • Displaying LLDP Port Status Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 119: Lldp Overview
TLVs to advertise, and advertise the device's management address. 3. Create LLDP MED network policies by using the LLDP MED Network Policy page. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 120: Setting Lldp Properties
• Transmit Delay—Enter the amount of time in seconds that passes between successive LLDP frame transmissions due to changes in the LLDP local systems MIB. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 121: Editing Lldp Port Settings
Tx Only—Publishes but does not discover. Rx Only—Discovers but does not publish. Tx & Rx—Publishes and discovers. Disable—Indicates that LLDP is disabled on the port. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 122 PHY implementation. The following fields relate to the Management Address: • Advertisement Mode—Select one of the following ways to advertise the IP management address of the device: Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 123: Lldp Med Network Policy
IP Phone location information. • Troubleshooting information. LLDP MED sends alerts to network managers upon: Port speed and duplex mode conflicts QoS policy misconfigurations Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 124 Application—Select the type of application (type of traffic) for which the network policy is being defined. • VLAN ID—Enter the VLAN ID to which the traffic must be sent. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 125: Configuring Lldp Med Port Settings
MED Network Policies to a port, select it, and click Edit. Enter the parameters: STEP 4 • Interface—Select the interface to configure. • LLDP MED Status—Enable/disable LLDP MED on this port. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 126: Displaying Lldp Port Status
TLVs sent to the neighbor. Click LLDP Neighbor Information Detail to see the details of the LLDP and LLDP- STEP 3 MED TLVs received from the neighbor. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 127: Displaying Lldp Local Information
To view the LLDP local port status advertised on a port: Click Administration > Discovery - LLDP > LLDP Local Information. STEP 1 On the bottom of the page, click LLDP Port Status Table. STEP 2 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 128 Address—Returned address most appropriate for management use,typically a Layer 3 address. • Interface Subtype—Numbering method used for defining the interface number. • Interface Number—Specific interface associated with this management address. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 129 • Remote Rx Echo—Indicates the local link partner’s reflection of the remote link partner’s Rx value. MED Details • Capabilities Supported—MED capabilities supported on the port. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 130 Identification Number (ELIN). Network Policy Table • Application Type—Network policy application type; for example, Voice. • VLAN ID—VLAN ID for which the network policy is defined. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 131: Displaying Lldp Neighbors Information
System Name—Published name of the device. • Time to Live—Time interval (in seconds) after which the information for this neighbor is deleted. Select a local port, and click Details. STEP 2 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 132 Address—Managed address. • Interface Subtype—Port subtype. • Interface Number—Port number. MAC/PHY Details • Auto-Negotiation Supported—Port speed auto-negotiation support status. The possible values are True and False. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 133 • Remote Tx—Indicates the time (in micro seconds) that the transmitting link partner waits before it starts transmitting data after leaving Low Power Idle (LPI mode). Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 134 Firmware Revision—Firmware version. • Software Revision—Software version. • Serial Number—Device serial number. • Manufacturer Name—Device manufacturer name. • Model Name—Device model name. • Asset ID—Asset ID. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 135 VLAN ID—VLAN ID for which the network policy is defined. • VLAN Type—VLAN type, Tagged or Untagged, for which the network policy is defined. • User Priority—Network policy user priority. • DSCP—Network policy DSCP. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 136: Accessing Lldp Statistics
The LLDP Overloading page displays the number of bytes of LLDP/LLDP-MED information, the number of available bytes for additional LLDP information, and the overloading status of every interface. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 137 —If the LLDP MED network policies packets were sent, or if they were overloaded. • LLDP MED Extended Power via MDI Size (Bytes) —Total LLDP MED extended power via MDI packets byte size. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 138: Configuring Cdp
It covers the following topics: • Setting CDP Properties • Editing CDP Interface Settings • Displaying CDP Local Information • Displaying CDP Neighbors Information • Viewing CDP Statistics Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 139: Setting Cdp Properties
Administration: Discovery Configuring CDP Setting CDP Properties Similar to LLDP, CDP (Cisco Discovery Protocol) is a link layer protocol for directly connected neighbors to advertise themselves and their capabilities to each other. Unlike LLDP, CDP is a Cisco proprietary protocol.
Page 140 VLAN mismatch is detected. This means that the native VLAN information in the incoming frame does not match what the local device is advertising. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 141: Editing Cdp Interface Settings
• CDP Neighbor Information Details—Takes you to the Administration > Discovery - CDP > CDP Neighbor Information page. Select a port and click Edit. STEP 2 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 142: Displaying Cdp Local Information
• Device ID TLV Device ID Type—Type of the device ID advertised in the device ID TLV. Device ID—Device ID advertised in the device ID TLV. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 143 In this case, packets received on such a port are not re- marked. Disabled indicates that the port is not trusted in which case, the following field is relevant. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 144: Displaying Cdp Neighbors Information
Click Administration > Discovery - CDP > CDP Neighbor Information. STEP 1 This page contains the following fields for the link partner (neighbor): • Device ID—Neighbors device ID. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 145 Duplex—Whether neighbors interface is half or full duplex. • Addresses—Neighbors addresses. • Power Drawn—Amount of power consumed by neighbor on the interface. • Version—Neighbors software version. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 146: Viewing Cdp Statistics
To clear all counters on all interfaces, click Clear All Interface Counters. To clear all counters on an interface, select it and click Clear All Interface Counters. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 147 Administration: Discovery Configuring CDP Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 148 Administration: Discovery Configuring CDP Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 149: Port Management
5. Configure Green Ethernet and 802.3 Energy Efficient Ethernet by using the Properties page. 6. Configure Green Ethernet energy mode and 802.3 Energy Efficient Ethernet per port by using the Port Settings page. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 150: Setting Port Configuration
Copper Ports—Regular, not Combo, support the following values: 10M, 100M, and 1000M (type: Copper). Combo Ports Copper—Combo port connected with copper CAT5 cable, supports the following values: 10M, 100M, and 1000M (type: ComboC). Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 151 You can designate Administrative Speed only when port auto-negotiation is disabled. • Operational Port Speed—Displays the current port speed that is the result of negotiation. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 152 MDI/MDIX—the Media Dependent Interface (MDI)/Media Dependent Interface with Crossover (MDIX) status on the port. The options are: MDIX—Select to swap the port's transmit and receives pairs. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 153 Click Port Management > Error Recovery Settings. STEP 1 Enter the following fields: STEP 2 • Automatic Recovery Interval—Select to enable the error recovery mechanism for the port security err-disable state. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 154: Link Aggregation
This section describes how to configure LAGs. It covers the following topics: • Link Aggregation Overview • Static and Dynamic LAG Workflow • Defining LAG Management • Configuring LAG Settings • Configuring LACP Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 155: Link Aggregation Overview
LAG has port attributes similar to a regular port, such as state and speed. The device supports 32 LAGs with up to 8 ports in a LAG group. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 156 Members list. Select the load balancing algorithm for the LAG. Perform these actions in the LAG Management page. 2. Configure various aspects of the LAG, such as speed and flow control by using the LAG Settings page. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 157: Defining Lag Management
LACP—Select to enable LACP on the selected LAG. This makes it a dynamic LAG. This field can only be enabled after moving a port to the LAG in the next field. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 158: Configuring Lag Settings
• Reactivate Suspended LAG—Select to reactivate a port if the LAG has been disabled through the locked port security option or through ACL configurations. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 159 See the Port Configuration description in Setting Basic Port Configuration for details regarding protected ports and LAGs. Click Apply. The Running Configuration file is updated. STEP 4 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 160: Configuring Lacp
In order for LACP to create a LAG, the ports on both link ends should be configured for LACP, meaning that the ports send LACP PDUs and handle received PDUs. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 161 LACP PDUs. Select the periodic transmissions of LACP PDUs, which occur at either a Long or Short transmission speed, depending upon the expressed LACP timeout preference. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 162: Configuring Green Ethernet
The Green Ethernet feature can reduce overall power usage in the following ways: • Energy-Detect Mode— On an inactive link, the port moves into inactive mode, saving power while keeping the Administrative status of the port Up. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 163 Green Ethernet mode. The saved energy displayed is only related to Green Ethernet. The amount of energy saved by EEE is not displayed. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 164 When using 802.3az EEE, systems on both sides of the link can disable portions of their functionality and save power during periods of no traffic. 802.3az EEE supports IEEE 802.3 MAC operation at 100 Mbps and 1000 Mbps: Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 165 802.3az EEE TLV is used to fine tune system wake-up and refresh durations. Availability of 802.3az EEE Please check the release notes for a complete listing of products that support EEE. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 166 Select whether to enable or disable advertisement of 802.3az EEE capabilities through LLDP in 802.3 Energy Efficient Ethernet (EEE) LLDP (it is enabled by default). Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 167: Setting Global Green Ethernet Properties
This value is updated each time there is an event that affects power saving. • 802.3 Energy Efficient Ethernet (EEE)— Globally enable or disable EEE mode. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 168: Setting Green Ethernet Properties For Ports
Administrative—Displays whether Short Reach mode was enabled. Operational—Displays whether Short Reach mode is currently operating. Reason—If Short-Reach mode is not operational, displays the reason. Cable Length—Displays VCT-returned cable length in meters. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 169 (advertisement of EEE capabilities through LLDP) if there are GE ports on the device. Click Apply. The Green Ethernet port settings are written to the Running STEP 7 Configuration file. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 170 Port Management Configuring Green Ethernet Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 171: Udld Overview
The purpose of UDLD is to detect ports on which the neighbor does not receive traffic from the local device (unidirectional link) and to shut down those ports. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 172: Udld Operation
If the link is undetermined, the port is not shut down. Its status is changed to undetermined and a notification is sent. • Aggressive If the link is unidirectional or undetermined, the port is shut down. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 173 A port that was shut down can be reactivated manually in the Port Management > Error Recovery Settings page. For more information, see Reactivating a Shutdown Port. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 174 UDLD in the Port Management > Error Recovery Settings page. In this case, when a port is shut down by UDLD, it is automatically reactivated when the automatic recovery interval expires. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 175: Usage Guidelines
When the port is down, UDLD goes into UDLD shutdown state. In this state, UDLD removes all learned neighbors. When the port is changed from down to up, UDLD resumes actively running. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 176: Default Settings And Configuration
Open the Port Management > UDLD Global Settings page. STEP 1 a. Enter the Message Time. b. Select either Disabled, Normal or Aggressive as the global UDLD status. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 177: Configuring Udld
Enter the following fields: STEP 2 • Message Time—Enter the interval between two sent UDLD messages. This field is relevant for both fiber and copper ports. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 178 Detection—The latest UDLD state of the port is in the process of being determined. Expiration time has not yet expired since the last Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 179 Neighbor Information: Device ID—ID of the remote device. Device MAC—MAC address of the remote device. Device Name—Name of the remote device. Port ID—Name of the remote port. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 180 Neighbor Expiration Time (Sec)—Displays the time that must pass before determining the port UDLD status. This is three times the Message Time. • Neighbor Message Time (Sec)—Displays the time between UDLD messages. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 181: Chapter 11: Smartport
• Default Configuration • Relationships with Other Features and Backwards Compatibility • Common Smartport Tasks • Configuring Smartport Using The Web-based Interface • Built-in Smartport Macros Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 182 • LLDP/CDP for Smartport, described in the Configuring LLDP Configuring CDP sections, respectively. Additionally, typical work flows are described in the Common Smartport Tasks section. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 183: What Is A Smartport
"the anti-macro," serves to undo all configuration performed by "the macro" when that interface happens to become a different Smartport type. You can apply a Smartport macro by the following methods: • The associated Smartport type. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 184: Special Smartport Types
The following describe these special Smartport types: • Default An interface that does not (yet) have a Smartport type assigned to it has the Default Smartport status. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 185: Smartport Macros
View Macro Source button on the Smartport Type Settings page. A macro and the corresponding anti-macro are paired together in association with each Smartport type. The macro applies the configuration and the anti-macro removes it. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 186: Applying A Smartport Type To An Interface
If the Auto Smartport Global Operational state, the interface Auto Smartport state, and the Persistent Status are all Enable, the Smartport type is set to this dynamic type. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 187: Macro Failure And The Reset Operation
Edit. Then, select the Smartport type you want to assign and adjust the parameters as necessary before clicking Apply. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 188: Auto Smartport
If not, the Smartport Type reverts to Default. Enabling Auto Smartport Auto Smartport can be enabled globally in the Properties page in the following ways: Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 189: Identifying Smartport Type
This mapping is shown in the following tables: CDP Capabilities Mapping to Smartport Type Capability Name CDP Bit Smartport Type Router 0x01 Router TB Bridge 0x02 Wireless Access Point Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 190 IEEE Std. 802. 1 Q S-VLAN Component of a VLAN Bridge Switch IEEE Std. 802. 1 Q Two-port MAC Relay (TPMR) IEEE Std. Ignore 802. 1 Q Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 191: Multiple Devices Attached To The Port
(assuming the configuration was saved). The Smartport type and the configuration of the interface are not changed unless Auto Smartport detects an attaching device with a different Smartport type. If the Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 192: Error Handling
Auto Smartport, the Auto Voice VLAN is disabled after the upgrade. If Telephony OUI was enabled before the upgrade, then Auto Smartport is disabled after the upgrade, and Telephony OUI remains enabled. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 193: Common Smartport Tasks
Select the Smartport type that is to be assigned to the interface in the Smartport STEP 3 Application field. Set the macro parameters as required. STEP 4 Click Apply. STEP 5 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 194 STEP 5 that are not switches, routers or APs) or Reapply Smartport Macro (for switches, routers or APs) to run the Smartport Macro on the interface. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 195: Configuring Smartport Using The Web-Based Interface
Administrative Auto Smartport—Select to globally enable or disable Auto Smartport. The following options are available: Disable—Select to disable Auto Smartport on the device. Enable—Select to enable Auto Smartport on the device. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 196: Smartport Type Settings
Editing these parameters for the Smartport types applied by Auto Smartport from the Smartport Type Settings page configures the default values for these parameters. These defaults are used by Auto Smartport. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 197 Auto Smartport automatically reapplies the macro to the interfaces currently assigned with the Smartport type by Auto Smartport. Auto Smartport does not apply the changes to interfaces that were statically assigned a Smartport type. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 198: Smartport Interface Settings
Reapply Smartport Macro. The macros are applied to all selected interface types. • Select an interface that is UP and click Reapply to reapply the last macro that was applied to the interface. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 199 LLDP advertisement received from the connecting devices as well as applying the corresponding Smartport macro. To statically assign a Smartport type and apply the corresponding Smartport macro to the interface, select the desired Smartport type. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 200: Built-In Smartport Macros
Macro code for the following Smartport types are provided: • desktop • printer • guest • server • host • ip_camera • ip_phone • ip_phone_desktop • switch Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 201 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 202 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 203 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 204 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 205 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 206 [ip_phone] #macro description ip_phone #macro keywords $native_vlan $voice_vlan $max_hosts Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 207 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 208 $voice_vlan no smartport switchport trunk native vlan smartport switchport trunk allowed vlan remove all no port security no port security mode no port security max Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 209 $voice_vlan: The voice VLAN ID no smartport switchport trunk native vlan smartport switchport trunk allowed vlan remove all no spanning-tree link-type router [router] #macro description router Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 210 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 211 Smartport Built-in Smartport Macros [ap] #macro description ap #macro keywords $native_vlan $voice_vlan #macro key description: $native_vlan: The untag VLAN which will be configured on the port Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 212: Chapter 12: Port Management: Poe
Removes the necessity for placing all network devices next to power sources. • Eliminates the need to deploy double cabling systems in an enterprise significantly decreasing installation costs. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 213: Poe Configuration Considerations
There are two factors to consider in the PoE feature: • The amount of power that the PSE can supply • The amount of power that the PD is actually attempting to consume Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 214 AC, they could be powered up as a legacy PD by another PSE due to false detection. When this happens, the PoE device may not operate properly and Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 215: Configuring Poe Properties
SNMP and configure at least one SNMP Notification Recipient. • Power Trap Threshold—Enter the usage threshold that is a percentage of the power limit. An alarm is initiated if the power exceeds this value. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 216: Configuring Poe Settings
When the power consumed on the port exceeds the class limit, the port power is turned off. PoE priority example: Given: A 48 port device is supplying a total of 375 watts. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 217 Max Power Allocation—This field appears only if the Power Mode set in the PoE Properties page is Power Limit. Displays the maximum amount of power permitted on this port. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 218 PSE. Signatures are generated during powered device detection, classification, or maintenance. Click Apply. The PoE settings for the port are written to the Running Configuration STEP 4 file. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 219 Port Management: PoE Configuring PoE Settings Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 220: Chapter 13: Vlan Management
A VLAN is a logical group of ports that enables devices associated with it to communicate with each other over the Ethernet MAC layer, regardless of the physical LAN segment of the bridged network to which they are connected. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 221 Removes the VLAN tag from the frame if the egress port is an untagged member of the target VLAN, and the original frame has a VLAN tag. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 222 With QinQ, the device adds an ID tag known as Service Tag (S-tag) to forward traffic over the network. The S-tag is used to segregate traffic between various customers, while preserving the customer VLAN tags. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 223: Configuring Default Vlan Settings
The default VLAN has the following characteristics: • It is distinct, non-static/non-dynamic, and all ports are untagged members by default. • It cannot be deleted. • It cannot be given a label. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 224 Click Save (in the upper-right corner of the window) and save the Running STEP 4 Configuration to the Startup Configuration. The Default VLAN ID After Reset becomes the Current Default VLAN ID after you reboot the device. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 225: Creating Vlans
Ports must always belong to one or more VLANs. The 300 Series device supports up to 4K VLANs, including the default VLAN. Each VLAN must be configured with a unique VID (VLAN ID) with a value from 1 to 4094.
Page 226: Configuring Vlan Interface Settings
These frame types are only available in General mode. Possible values are: Admit All—The interface accepts all types of frames: untagged frames, tagged frames, and priority tagged frames. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 227: Defining Vlan Membership
VLAN, then the last VLAN-aware device (if there is one), must send frames of the destination VLAN to the end node untagged. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 228: Configuring Port To Vlan
Running STEP 4 , and Configuration file. You can continue to display and/or configure port membership of another VLAN by selecting another VLAN ID. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 229: Configuring Vlan Membership
The default VLAN might appear in the right list if it is tagged, but it cannot be selected. • Tagging—Select one of the following tagging/PVID options: Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 230: Gvrp Settings
To propagate the VLAN, it must be up on at least one port. By default, GVRP is disabled globally and on ports. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 231: Defining Gvrp Settings
TAG: If the packet is tagged, the VLAN is taken from the tag. • MAC-Based VLAN: If a MAC-based VLAN has been defined, the VLAN is taken from the source MAC-to-VLAN mapping of the ingress interface. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 232 To define a MAC-based VLAN group: 1. Assign a MAC address to a VLAN group ID (using the MAC-Based Groups page). 2. For each required interface: Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 233 Click VLAN Management > VLAN Groups > MAC-Based Groups to VLAN. STEP 1 Click Add. STEP 2 Enter the values for the following fields: STEP 3 • Group Type—Displays that the group is MAC-Based. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 234 Group ID—Displays the protocol group ID to which the interface is added. Click the Add Button. The Add Protocol-Based Group page appears STEP 2 Enter the following fields:. STEP 3 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 235 Interface—Port or LAG number assigned to VLAN according to protocol- based group. • Group ID—Protocol group ID. • VLAN ID—Attaches the interface to a user-defined VLAN ID. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 236: Voice Vlan
VLAN used by the phones is determined by the network configuration. There may or may not be separate voice and data VLANs. The phones and VoIP endpoints register with an on-premise IP PBX. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 237 OUIs. An OUI is the first three bytes of an Ethernet MAC address. For more information about Telephony OUI, see Configuring Telephony OUI. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 238 CDP and/or LLDP-MED. Voice End-Points To have a voice VLAN work properly, the voice devices, such as Cisco phones and VoIP endpoints, must be assigned to the voice VLAN where it sends and receives its voice traffic.
Page 239 MAC address of the source providing the voice VLAN information. Source type priority from high to low are static VLAN configuration, CDP advertisement, and default configuration based on changed default VLAN, Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 240 Working with the OUI mode, the device can additionally configure the mapping and remarking (CoS/802. 1 p) of the voice traffic based on the OUI. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 241 The device default configuration on Auto Voice VLAN, Auto Smartports, CDP, and LLDP cover most common voice deployment scenarios. This section describes how to deploy voice VLAN when the default configuration does not apply. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 242: Configuring Voice Vlan
Configure Telephony OUI VLAN membership for ports in the Telephony OUI STEP 3 Interface page. Configuring Voice VLAN This section describes how to configure voice VLAN. It covers the following topics: Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 243 DSCP—Selection of DSCP values that to be used by the LLDP-MED as a voice network policy. Refer to Administration > Discovery > LLDP > LLDP MED Network Policy for additional details. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 244 This only resets the voice VLAN to the default voice vlan if the Source Type is in the NOTE Inactive state. To view Auto Voice VLAN parameters: Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 245 • Source Type— Type of UC from which voice configuration was received. The following options are available: Default—Default voice VLAN configuration on the device Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 246: Configuring Telephony Oui
The OUI Global table can hold up to 128 OUIs. This section covers the following topics: • Adding OUIs to the Telephony OUI Table • Adding Interfaces to Voice VLAN on Basis of OUIs Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 247 To add a new OUI, click Add. STEP 4 Enter the values for the following fields: STEP 5 • Telephony OUI—Enter a new OUI. • Description—Enter an OUI name. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 248 All—QoS attributes are applied on all packets that are classified to the Voice VLAN. Telephony Source MAC Address—QoS attributes are applied only on packets from IP phones. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 249: Access Port Multicast Tv Vlan
Any VLAN can be configured as a Multicast-TV VLAN. A port assigned to a Multicast-TV VLAN: • Joins the Multicast-TV VLAN. • Packets passing through egress ports in the Multicast TV VLAN are untagged. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 250: Igmp Snooping
Source and all receiver Source and receiver ports ports must be static cannot be members in the members in the same same data VLAN. data VLAN. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 251: Multicast Tv Group To Vlan
Click Add to associate a Multicast group to a VLAN. Any VLAN can be selected. STEP 2 When a VLAN is selected, it becomes a Multicast TV VLAN. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 252: Customer Port Multicast Tv Vlan
The box forwards the packets from the network port to the subscriber's devices based on the VLAN tag of the packet. Each VLAN is mapped to one of the MUX access ports. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 253: Mapping Cpe Vlans To Multicast Tv Vlans
To support the CPE MUX with subscribers VLANs, subscribers may require multiple video providers, and each provider is assigned a different external VLAN. CPE (internal) Multicast VLANs must be mapped to the Multicast provider (external) VLANs. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 254: Cpe Port Multicast Vlan Membership
Configuring VLAN Interface Settings). Use the Port Multicast VLAN Membership page to map these ports to Multicast TV VLANs as described in Port Multicast VLAN Membership Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 255 VLAN Management Customer Port Multicast TV VLAN Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 256: Chapter 14: Spanning Tree
STP provides a tree topology for any arrangement of switches and interconnecting links, by creating a unique path between end stations on a network, and thereby eliminating loops. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 257: Configuring Stp Status And Global Settings
STEP 1 Enter the parameters. STEP 2 Global Settings: • Spanning Tree State—Enable or disable STP on the device. • STP Operation Mode—Select an STP mode. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 258 Root Bridge. (This is significant when the bridge is not the root.) • Root Path Cost—The cost of the path from this bridge to the root. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 259: Defining Spanning Tree Interface Settings
STP port if connected to another device. This helps avoid loops. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 260 0 to 240, set in increments of 16. • Port State—Displays the current STP state of a port. Disabled—STP is currently disabled on the port. The port forwards traffic while learning MAC addresses. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 261: Configuring Rapid Spanning Tree Settings
The RSTP Interface Settings page enables you to configure RSTP per port. Any configuration that is done on this page is active when the global STP mode is set to RSTP or MSTP. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 262 Role—Displays the role of the port that was assigned by STP to provide STP paths. The possible roles are: Root —Lowest cost path to forward packets to the Root Bridge. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 263 —The port is in Forwarding mode. The port can forward traffic and learn new MAC addresses. Click Apply. The Running Configuration file is updated. STEP 7 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 264: Multiple Spanning Tree
For two or more switches to be in the same MST region, they must have the same VLANs to MST instance mapping, the same configuration revision number, and the same region name. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 265: Mapping Vlans To A Mstp Instance
Configuration on this page (and all of the MSTP pages) applies if the system STP mode is MSTP. Up to seven MST instances (predefined from 1-7) can be defined on 300 Series switches, in addition to instance zero. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 266: Defining Mstp Instance Settings
To enter MSTP instance settings: Click Spanning Tree > MSTP Instance Settings. STEP 1 Enter the parameters. STEP 2 • Instance ID—Select an MST instance to be displayed and defined. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 267: Defining Mstp Interface Settings
Interface Type equals to—Select whether to display the list of ports or LAGs. Click Go. The MSTP parameters for the interfaces on the instance are displayed. STEP 3 Select an interface, and click Edit. STEP 4 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 268 LAN, which provides the lowest root path cost from the LAN to the Root Bridge for the MST instance. Alternate—The interface provides an alternate path to the root device from the root interface. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 269 Forward Transitions—Displays the number of times the port has changed from the Forwarding state to the Blocking state. Click Apply. The Running Configuration file is updated. STEP 6 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 270 Spanning Tree Defining MSTP Interface Settings Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 271: Chapter 15: Managing Mac Address Tables
VLAN. Such frames are referred to as unknown Unicast frames. The device supports a maximum of 8K static and dynamic MAC addresses. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 272: Configuring Static Mac Addresses
Secure—The MAC address is secure when the interface is in classic locked mode (see Configuring Port Security). Click Apply. A new entry appears in the table. STEP 4 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 273: Managing Dynamic Mac Addresses
Click Go. The Dynamic MAC Address Table is queried and the results are STEP 4 displayed. To delete all of the dynamic MAC addresses. click Clear Table. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 274: Defining Reserved Mac Addresses
Discard —Delete the packet. Bridge —Forward the packet to all VLAN members. Click Apply. A new MAC address is reserved. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 275: Chapter 16: Multicast
The data is sent only to relevant ports. Forwarding the data only to the relevant ports conserves bandwidth and host resources on links. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 276: Typical Multicast Setup
When the device is IGMP/MLD-snooping-enabled and receives a frame for a Multicast stream, it forwards the Multicast frame to all the ports that have registered to receive the Multicast stream using IGMP Join messages. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 277 The device can be configured to be an IGMP Querier as a backup querier, or in situation where a regular IGMP Querier does not exist. The device is not a full capability IGMP Querier. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 278: Multicast Address Properties
VLAN as defined in the Multicast Forwarding Data Base. Multicast filtering is enforced on all traffic. By default, such traffic is flooded to all relevant ports, but you can limit forwarding to a smaller subset. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 279 • Forwarding Method for IPv4—Set one of the following forwarding methods for IPv4 addresses: MAC Group Address, IP Group Address, or Source Specific IP Group Address. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 280: Adding Mac Group Address
MAC Group Addresses from the selected VLAN. Click Go, and the MAC Multicast group addresses are displayed in the lower STEP 3 block. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 281 Click Apply, and the Running Configuration file is updated. STEP 10 Entries that were created in the IP Multicast Group Address page NOTE cannot be deleted in this page (even if they are selected). Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 282: Adding Ip Multicast Group Addresses
IP Source Address field. If not, the entry is added as a (*,G) entry, an IP group address from any IP source. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 283: Configuring Igmp Snooping
Multicast frames to ports that have registered Multicast clients. The device supports IGMP Snooping only on static VLANs. It does not support NOTE IGMP Snooping on dynamic VLANs. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 284 Multicast traffic. The device only performs IGMP Snooping if both IGMP snooping and Bridge Multicast filtering are enabled. Select a VLAN, and click Edit. STEP 3 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 285 Last Member Query Interval—Enter the Maximum Response Delay to be used if the device cannot read Max Response Time value from group- specific queries sent by the elected querier. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 286: Mld Snooping
MLDv2 snooping uses MLDv2 control packets to forward traffic based on the source IPv6 address, and the destination IPv6 Multicast address. The actual MLD version is selected by the Multicast router in the network. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 287 MRouter Ports Auto-Learn—Enable or disable Auto Learn for the Multicast router. • Query Robustness—Enter the Robustness Variable value to be used if the device cannot read this value from messages sent by the elected querier. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 288: Querying Igmp/Mld Ip Multicast Group
Click Apply. The Running Configuration file is updated. STEP 5 Querying IGMP/MLD IP Multicast Group The IGMP/MLD IP Multicast Group page displays the IPv4 and IPv6 group address learned from IGMP/MLD messages. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 289: Defining Multicast Router Ports
Multicast streams and IGMP/MLD registration messages. This is required so that the Multicast routers can, in turn, forward the Multicast streams and propagate the registration messages to other subnets. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 290: Defining Forward All Multicast
Multicast traffic is flooded to ports in the device. You can statically (manually) configure a port to Forward All, if the devices connecting to the port do not support IGMP and/or MLD. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 291: Defining Unregistered Multicast Settings
The Unregistered Multicast page enables handling Multicast frames that belong to groups that are not known to the device (unregistered Multicast groups). Unregistered Multicast frames are usually forwarded to all ports on the VLAN. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 292 Filtering—Enables filtering (rejecting) of unregistered Multicast frames to the selected interface. Click Apply. The settings are saved, and the Running Configuration file is updated. STEP 3 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 293 Multicast Defining Unregistered Multicast Settings Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 294: Chapter 17: Ip Configuration
Dynamic VLAN Assignment, VLAN Rate Limit, SYN Rate DoS Protection, and Advanced QoS Policers. Configuring the device to work in either mode is performed in the Administration > System Settings page. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 295 When in Layer 2 system mode, unless the device is configured with a static IP address, it issues DHCPv4 requests until a response is received from the DHCP server. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 296 All the IP addresses configured or assigned to the device are referred to as Management IP addresses in this guide. If the pages for Layer 2 and Layer 3 are different, both versions are displayed. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 297: Loopback Interface
Interface > IPv6 Interfaces page. Configure the IPv6 address of that interface in the Administration > Management Interface > IPv6 Addresses page. This page is not available in SG500X, ESW2-550X and SG500XG devices. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 298: Ipv4 Management And Interfaces
DHCP option 12 will not be requested by the device. The DHCP server must be configured to send option 12, regardless of what is requested in order to make use of this feature. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 299 You can configure this from Administration > File Management > DHCP Auto Configuration Click Apply. The IPv4 interface settings are written to the Running Configuration STEP 3 file. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 300 Valid-Duplicated—The IP address duplication check was completed, and a duplicate IP address was detected. Duplicated—A duplicated IP address was detected for the default IP address. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 301: Ipv4 Routes
IPv4 address may match multiple routes in the IPv4 Static Route Table. The device uses the matched route with the highest subnet mask, that is, the longest prefix match. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 302 Static addresses are manually configured and do not age out. The device creates dynamic addresses from the ARP packets it receives. Dynamic addresses age out after a configured time. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 303 Enter the parameters: STEP 5 • IP Version—The IP address format supported by the host. Only IPv4 is supported. • VLAN—In Layer 2, displays the management VLAN ID. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 304: Arp Proxy
Select ARP Proxy to enable the device to respond to ARP requests for remotely- STEP 2 located nodes with the device MAC address. Click Apply. The ARP proxy is enabled, and the Running Configuration file is STEP 3 updated. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 305 A trusted port is a port that is connected to a DHCP server and is allowed to assign DHCP addresses. DHCP messages received on trusted ports are allowed to pass through the device. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 306 The main goal of option 82 is to help to the DHCP server select the best IP subnet (network pool) from which to obtain an IP address. The following Option 82 options are available on the device: Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 307 DHCP Relay VLAN with IP Address VLAN without IP Address Packet arrives Packet arrives Packet arrives Packet arrives without Option with Option without with Option Option 82 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 308 Option 82 discards the Disabled original packet Bridge – no Option 82 Option 82 is Bridge – inserted Packet is sent with the original Option 82 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 309 VLAN with IP Address VLAN without IP Address Packet arrives Packet arrives Packet arrives Packet arrives without with Option without with Option Option 82 Option 82 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 310 Bridge – Bridge – Packet is sent Bridge – Packet is sent without Packet is sent with the Option 82 with the Option 82 Option 82 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 311: Dhcp Snooping Binding Database
The DHCP Snooping Binding database contains the following data: input port, input VLAN, MAC address of the client and IP address of the client if it exists. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 312 Device snoops packet. If an entry exists in the DHCP Snooping Binding table that STEP 5 matches the packet, the device replaces it with IP-MAC binding on receipt of DHCPACK. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 313 Otherwise the packet is forwarded to trusted interfaces only, and the entry is removed from database. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 314 Not enabled Verify MAC Address Enabled Backup DHCP Snooping Not enabled Binding Database DHCP Relay Disabled Configuring DHCP Work Flow To configure DHCP Relay and DHCP Snooping: Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 315 Backup Database Update Interval —Enter how often the DHCP Snooping Binding database is to be backed up (if Backup Database is selected). Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 316 Select the interface and click Edit. STEP 2 Select Trusted Interface (Yes or No). STEP 3 Click Apply to save the settings to the Running Configuration file. STEP 4 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 317 Inactive—IP Source Guard is not active on the device. • Reason— No Problem No Resource No Snoop VLAN Trust Port To add an entry, click Add. STEP 2 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 318: Dhcp Server
IP Address, the IP address is revoked at the end of this period, and the client must request another IP address. This is done in the Network Pools page. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 319 Do this in the IP Configuration > IPv4 Interface page. View the allocated IP addresses using the Address Binding page. IP addresses STEP 7 can be deleted in this page. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 320 Address and the Mask, or enter the Mask, the Address Pool Start and Address Pool End. Enter the fields: STEP 3 • Pool Name—Enter the pool name. • Subnet IP Address—Enter the subnet in which the network pool resides. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 321 Hybrid—A hybrid combination of b-node and p-node is used. When configured to use h-node, a computer always tries p-node first and uses b-node only if p-node fails. This is the default. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 322 Static Hosts You might want to assign some DHCP clients a permanent IP address that never changes. This client is then known as a static host. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 323 NetBIOS WINS Server (Option 44)— Enter the NetBIOS WINS name server available to the static host. • NetBIOS Node Type (Option 46)—Select how to resolve the NetBIOS name. Valid node types are: Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 324 Example: The DHCP option 66 is configured with the name of a TFTP server in the DHCP Options page. When a client DHCP packet is received containing option 66, the TFTP server is returned as the value of option 66. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 325 • Value— If the type is not Boolean, enter the value to be sent for this code. • Description— Enter a text description for documentation purposes. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 326 Pre-Allocated—An entry will be in pre-allocated state from the time between the offer and the time that the DHCP ACK is sent from the client. Then it becomes allocated. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 327: Ipv6 Management And Interfaces
ICMPv6 Rate Limit Interval—Enter how often the ICMP error messages are generated. • ICMPv6 Rate Limit Bucket Size—Enter the maximum number of ICMP error messages that can be sent by the device per interval. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 328: Ipv6 Interface
To configure the interface as a DHCPv6 client, meaning to enable the interface to STEP 4 receive information from the DHCPv6 server, such as: SNTP configuration and DNS information, enter the DHCPv6 Client fields: Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 329 Click IPv6 Address Table to manually assign IPv6 addresses to the interface, if STEP 7 required. This page is described in the Defining IPv6 Addresses section. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 330 SNTP Servers—List of SNTP servers received from the DHCPv6 server. • POSIX Timezone String—Timezone received from the DHCPv6 server. • Configuration Server—Server containing configuration file received from the DHCPv6 server. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 331: Ipv6 Tunnel
ISATAP traffic until the DNS process is resolved. Configuring Tunnels To configure a tunnel, first configure an IPv6 interface as a tunnel in the IPv6 NOTE Interfaces page. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 332 The larger the number, the more frequent the queries. The ISATAP tunnel is not operational if the underlying IPv4 interface is NOTE not in operation. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 333: Defining Ipv6 Addresses
Each address must be a valid IPv6 address that is specified in hexadecimal format by using 16-bit values separated by colons.You cannot configure an IPv6 addresses directly on an ISATAP tunnel interface. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 334: Ipv6 Default Router List
Default Router IPv6 Address—Link local IP address of the default router. • Interface—Outgoing IPv6 interface where the default router resides. • Type—The default router configuration that includes the following options: Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 335: Defining Ipv6 Neighbors Information
You can select a Clear Table option to clear some or all of IPv6 addresses in the IPv6 Neighbors Table. • Static Only—Deletes the static IPv6 address entries. • Dynamic Only—Deletes the dynamic IPv6 address entries. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 336 To change the type of an IP address from Dynamic to Static, select the address, STEP 5 click Edit and use the Edit IPv6 Neighbors page. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 337 List Name—Select one of the following options: Use Existing List—Select a previously-defined list to add a prefix to it. Create New List—Enter a name to create a new list. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 338: Viewing Ipv6 Route Tables
IPv6 Default Router List to send packets to destination devices that are not in the same IPv6 subnet as the device. In addition to the default route, Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 339 Lifetime—Time period during which the packet can be sent, and resent, before being deleted. • Route Type—How the destination is attached, and the method used to obtain the entry. The following values are: Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 340: Dhcpv6 Relay
The DHCPv6 client and DHCPv6 relay functions are mutually exclusive on an interface. Global Destinations To configure a list of DHCPv6 servers to which all DHCPv6 packets are relayed: Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 341 The address type can be Link Local, Global or Multicast (All_DHCP_Relay_Agents_and_Servers). • DHCPv6 Server IP Address—Enter the address of the DHCPv6 server to which packets are forwarded. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 342: Domain Name
Default Domain Name—Enter the DNS domain name used to complete unqualified host names. The device appends this to all non-fully qualified domain names (NFQDNs) turning them into FQDNs. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 343 (from low to high). This effectively determines the order in which unqualified names are completed during DNS queries. Click Apply. The DNS server is saved to the Running Configuration file. STEP 5 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 344: Search List
Name resolution always begins by checking static entries, continues by checking the dynamic entries, and ends by sending requests to the external DNS server. Eight IP addresses are supported per DNS server per host name. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 345 IP Version—Select Version 6 for IPv6 or Version 4 for IPv4. • IPv6 Address Type—Select the IPv6 address type (if IPv6 is used). The options are: Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 346 You can select the Clear Table option to clear some or all of the entries in the Host Mapping Table. • Static Only—Deletes the static hosts. • Dynamic Only—Deletes the dynamic hosts. • All Dynamic & Static—Deletes the static and dynamic hosts. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 347 IP Configuration Domain Name Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 348 IP Configuration Domain Name Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 349 IP Configuration Domain Name Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 350 IP Configuration Domain Name Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 351 IP Configuration Domain Name Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 352 IP Configuration Domain Name Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 353 IP Configuration Domain Name Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 354 IP Configuration Domain Name Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 355 IP Configuration Domain Name Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 356 IP Configuration Domain Name Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 357 IP Configuration Domain Name Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 358 IP Configuration Domain Name Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 359 IP Configuration Domain Name Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 360 IP Configuration Domain Name Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 361 IP Configuration Domain Name Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 362 IP Configuration Domain Name Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 363 IP Configuration Domain Name Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 364 IP Configuration Domain Name Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 365: Chapter 18: Security
Access control of end-users to the network through the device is described in the following sections: • Management Access Method • Management Access Method • Configuring TACACS+<300-500> Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 366: Defining Users
(read-only or read-write) or changing the passwords of existing users. After adding a level 15 user (as described below), the default user is removed from the system. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 367 Read/Limited Write CLI Access (7)—User cannot access the GUI, and can only access some CLI commands that change the device configuration. See the CLI Reference Guide for more information. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 368 Contain no character that is repeated more than three times consecutively. • Do not repeat or reverse the users name or any variant reached by changing the case of the characters. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 369: Configuring Tacacs
The device can act as a TACACS+ client that uses the TACACS+ server for the following services: • Authentication—Provides authentication of users logging onto the device by using usernames and user-defined passwords. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 370 The user can enable accounting of login sessions using either a RADIUS or TACACS+ server. The user-configurable, TCP port used for TACACS+ server accounting is the same TCP port that is used for TACACS+ server authentication and authorization. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 371 Open an account for a user on the TACACS+ server. STEP 1 Configure that server along with the other parameters in the TACACS+ and Add STEP 2 TACACS+ Server pages. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 372 TACACS+ server times out. If a value is not entered in the Add TACACS+ Server page for a specific server, the value is taken from this field. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 373 Link Local Interface—Select the link local interface (if IPv6 Address Type Link Local is selected) from the list. • Server IP Address/Name—Enter the IP address or name of the TACACS+ server. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 374 To display sensitive data in plaintext form in the configuration file, click Display STEP 7 Sensitive Data As Plaintext. Click Apply. The TACACS+ server is added to the Running Configuration file of the STEP 8 device. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 375: Configuring Radius
The following defaults are relevant to this feature: • No default RADIUS server is defined by default. • If you configure a RADIUS server, the accounting feature is disabled by default. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 376: Radius Workflow
Timeout for Reply—Enter the number of seconds that the device waits for an answer from the RADIUS server before retrying the query, or switching to the next server. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 377 Only one link local address is supported. If a link local address exists on the interface, this entry replaces the address in the configuration. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 378 Usage Type—Enter the RADIUS server authentication type. The options are: Login—RADIUS server is used for authenticating users that ask to administer the device. 802. 1 X—RADIUS server is used for 802. 1 x authentication. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 379: Management Access Method
Action—Permit or deny access to an interface or source address. • Interface—Which ports, LAGs, or VLANs are permitted to access or are denied access to the web-based configuration utility. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 380: Active Access Profile
This only applies to device types that offer a console port. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 381 Deny—Denies access to the device if the user matches the settings in the profile. • Applies to Interface—Select the interface attached to the rule. The options are: Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 382: Defining Profile Rules
IT management center. In this way, the device can still be managed and has gained another layer of security. To add profile rules to an access profile: Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 383 Applies to Interface—Select the interface attached to the rule. The options are: All—Applies to all ports, VLANs, and LAGs. User Defined—Applies only to the port, VLAN, or LAG selected. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 384: Management Access Authentication
For example, if the selected authentication methods are RADIUS and Local, and all configured RADIUS servers are queried in priority order and do not reply, the user is authenticated locally. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 385: Secure Sensitive Data Management
All authentication methods selected after Local or None are ignored. Click Apply. The selected authentication methods are associated with the access STEP 4 method. Secure Sensitive Data Management Security: Secure Sensitive Data Management. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 386: Ssl Server
Information appears for certificate 1 and 2 in the SSL Server Key Table. These fields are defined in the Edit page except for the following fields: • Valid From—Specifies the date from which the certificate is valid. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 387 • Certificate—Copy in the received certificate. • Import RSA KEY-Pair—Select to enable copying in the new RSA key-pair. • Public Key—Copy in the RSA public key. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 388: Ssh Server
The device offers the following TCP/UDP services: • HTTP—Enabled by factory default • HTTPS—Enabled by factory default • SNMP—Disabled by factory default Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 389 The UDP Services table displays the following information: • Service Name—Access method through which the device is offering the UDP service. • Type—IP protocol the service uses. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 390: Defining Storm Control
Storm Control Rate Threshold—Enter the maximum rate at which unknown packets can be forwarded. The default for this threshold is 10,000 for FE devices and 100,000 for GE devices. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 391: Configuring Port Security
New MAC addresses can be learned as Delete-On-Reset ones up to the maximum addresses allowed on the port. Relearning and aging are disabled. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 392 MAC addresses associated with the port. The port learns up to the maximum addresses allowed on the port. Both re-learning and aging of MAC addresses are enabled. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 393 Click Apply. Port security is modified, and the Running Configuration file is STEP 4 updated. 802.1X See the Security: 802.1X Authentication chapter for information about 802. 1 X authentication. This includes MAC-based and web-based authentication. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 394: Denial Of Service Prevention
TCP FIN packets are sent to close a connection. A packet in which both SYN and FIN flags are set should never exist. Therefore these packets might signify an attack on the device and should be blocked. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 395: Defense Against Dos Attacks
A SYN attack is identified if the number of SYN packets per second exceeds a user-configured threshold. • Block SYN-FIN packets. • Block packets that contain reserved Martian addresses (Martian Addresses page) Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 396: Configuring Dos Prevention
QoS policies that are bound to a port. ACL and advanced QoS policies are not active when a port has DoS Protection enabled on it. To configure DoS Prevention global settings and monitor SCT: Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 397 Click Apply. The Denial of Service prevention Security Suite settings are written to STEP 6 the Running Configuration file. • If Interface-Level Prevention is selected, click the appropriate Edit button to configure the desired prevention. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 398 Click Apply. SYN protection is defined, and the Running Configuration file is STEP 3 updated. The SYN Protection Interface Table displays the following fields for every port or LAG (as requested by the user) Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 399 Click Security > Denial of Service Prevention > Martian Addresses. STEP 1 Select Reserved Martian Addresses and click Apply to include the reserved STEP 2 Martian Addresses in the System Level Prevention list. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 400 Network Mask—Enter the network mask for which the filter is enabled in IP address format. • TCP Port—Select the destination TCP port being filtered: Known Ports—Select a port from the list. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 401 Prefix Length—Select the Prefix Length and enter the number of bits that comprise the source IP address prefix. • SYN Rate Limit—Enter the number of SYN packets that be received. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 402 To configure fragmented IP blocking: Click Security > Denial of Service Prevention > IP Fragments Filtering. STEP 1 Click Add. STEP 2 Enter the parameters. STEP 3 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 403: Dhcp Snooping
If the packet matches an entry in the database, the device forwards it. If not, it is dropped. Interactions with Other Features The following points are relevant to IP Source Guard: Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 404 If source IP address filtering is enabled: IPv4 traffic: Only traffic with a source IP address that is associated with the port is permitted. Non IPv4 traffic: Permitted (Including ARP packets). Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 405: Configuring Ip Source Guard Work Flow
Non IPv4 traffic — All non-IPv4 traffic is permitted. Interactions with Other Features for more information about enabling IP Source Guard on interfaces. To configure IP Source Guard on interfaces: Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 406: Binding Database
Never-Never try to reactivate inactive addresses. Click Apply to save the above changes to the Running Configuration and/or Retry STEP 3 Now to check TCAM resources. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 407: Arp Inspection
ARP allows a gratuitous reply from a host even if an ARP request was not received. After the attack, all traffic from the device under attack flows through the attacker's computer and then to the router, switch, or host. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 408: How Arp Prevents Cache Poisoning
The ARP inspection feature relates to interfaces as either trusted or untrusted (see Security > ARP Inspection > Interface Setting page). Interfaces are classified by the user as follows: Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 409 Addresses include 0.0.0.0, 255.255.255.255, and all IP Multicast addresses. Packets with invalid ARP Inspection bindings are logged and dropped. Up to 1024 entries can be defined in the ARP Access Control table. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 410: Interaction Between Arp Inspection And Dhcp Snooping
Define the VLANs on which ARP Inspection is enabled and the Access Control STEP 4 Rules for each VLAN in the Security > ARP Inspection > VLAN Settings page. Defining ARP Inspection Properties To configure ARP Inspection: Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 411: Defining Dynamic Arp Inspection Interfaces Settings
Click Security > ARP Inspection > Interface Settings. STEP 1 The ports/LAGs and their ARP trusted/untrusted status are displayed. To set a port/LAG as untrusted, select the port/LAG and click Edit. STEP 2 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 412: Defining Arp Inspection Access Control
MAC Address—MAC address of packet. • IP Address—IP address of packet. Click Apply. The settings are defined, and the Running Configuration file is STEP 4 updated. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 413: Defining Arp Inspection Vlan Settings
VLAN number and select a previously-defined ARP Access Control group. Click Apply. The settings are defined, and the Running Configuration file is STEP 4 updated. First Hop Security Security: IPV6 First Hop Security Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 414 Security First Hop Security Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 415 Security First Hop Security Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 416 Security First Hop Security Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 417 Security First Hop Security Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 418: Chapter 19: Security: 802.1X Authentication
802. 1 x authentication is a client-server model. In this model, network devices have the following specific roles. • Client or supplicant • Authenticator • Authentication server Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 419 Single-host—Supports port-based authentication with a single client per port. • Multi-host—Supports port-based authentication with a multiple clients per port. • Multi-sessions—Supports client-based authentication with a multiple clients per port. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 420: Authenticator Overview
The switch sends the 802. 1 x EAP-packet with the EAP success message inside when it receives the 802. 1 x EAPOL-start message. This is the default state. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 421 Security > 802. 1 X/MAC/Web Authentication > Port Authentication page. • Multi-Host Mode A port is authorized if there is if there is at least one authorized client. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 422 VLANs is bridged via the VLAN; if the VLAN is not assigned, all its traffic is bridged based on the static VLAN membership port configuration. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 423: Multiple Authentication Methods
802. 1 x messages, and the EAP messages between the authenticator and authentication servers are encapsulated into the RADIUS messages. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 424 In this case, the switch supports EAP MD5 functionality with the username and password equal to the client MAC address, as shown below. Figure 2 MAC-Based Authentication The method does not have any specific configuration. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 425 When the session is timed-out, the username/password is discarded, and the guest must re-enter them to open a new session. Table 1 Port Modes and Authentication Methods. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 426 The following table describes which SKUs support web-based authentication and in which system modes: System Mode WBA Supported Sx300 Layer 2 Layer 3 Sx500, Layer 2 Sx500ESW2- Layer 3 550X Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 427 The guest VLAN cannot be used as the Voice VLAN or an unauthenticated VLAN. “Table 3 Guest VLAN Support and RADIUS-VLAN Assignment Support” see a summary of the modes in which guest VLAN is supported. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 428 RADIUS-Assigned VLAN is enabled on the device. . In multi-session mode, RADIUS VLAN assignment is only supported when the NOTE device is in Layer 2 system mode. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 429 † † † † † † Legend: †—The port mode supports the guest VLAN and RADIUS-VLAN assignment N/S—The port mode does not support the authentication method. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 430 A value of 0 specifies the unlimited number of login attempts. The duration of the quiet period and the maximum number of login attempts can be set in the Port Authentication page. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 431: Common Tasks
Select the required port and click Edit. STEP 2 Enter the fields required for the port. STEP 3 The fields in this page are described in Defining 802.1X Port Authentication. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 432 Select a VLAN. STEP 3 Optionally, uncheck Authentication to make the VLAN an unauthenticated VLAN. STEP 4 Click Apply, and the Running Configuration file is updated. STEP 5 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 433: 802.1X Configuration Through The Gui
After linkup, if the software does not detect the 802. 1 X supplicant, or the authentication has failed, the port is added to the guest VLAN, only after the Guest VLAN timeout period has expired. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 434 A port with 802. 1 x defined on it cannot become a member of a LAG. NOTE To define 802. 1 X authentication: Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 435 Selected—Enables using a guest VLAN for unauthorized ports. If a guest VLAN is enabled, the unauthorized port automatically joins the VLAN selected in the Guest VLAN ID field in the 802. 1 X Port Authentication page. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 436 Time Range—Enable a limit on the time that the specific port is authorized for use if 802. 1 x has been enabled (Port -Based authentication is checked). • Time Range Name—Select the profile that specifies the time range. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 437: Defining Host And Session Authentication
802. 1 X operates on the port and the action to perform if a violation has been detected. Port Host Modes for an explanation of these modes. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 438 Single Session/Single Host mode, from a host whose MAC address is not the supplicant MAC address). Click Apply. The settings are written to the Running Configuration file. STEP 4 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 439: Viewing Authenticated Hosts
Administrative Port Control is Force Unauthorized. • Remaining Time(Sec)—The time remaining for the port to be locked. Select a port. STEP 2 Click Unlock. STEP 3 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 440 Click Apply and the settings are saved to the Running Configuration file. STEP 5 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 441 Hyperlink Color—Enter the ASCII code of the hyperlink color. The selected color is shown in the Text field. • Current Logo Image—Select one of the following options: Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 442 Password Textbox—Select for a password textbox to be displayed. • Password Textbox Label—Select the label to be displayed before the password textbox. • Language Selection—Select to enable the end user to select a language. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 443 Click Edit Success Page. STEP 13 Figure 5 The following page is displayed Click the Edit. button on the right side of the page. STEP 14 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 444: Defining Time Ranges
You can simulate the single-host mode by setting Max Hosts parameter to 1 in the Port Authentication page. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 445 VLAN based on they configuration the static belongs VLAN to the configurat unauthent icated VLANs Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 446 VLAN VLAN they to the unless configurat belongs to unauthent they icated belongs unauthent VLANs to the icated unauthent VLANs icated VLANs Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 447 Security: 802.1X Authentication Authentication Method and Port Mode Support Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 448 Policies, Global Parameters and System Defaults • Common Tasks • Default Settings and Configuration • Default Settings and Configuration • Configuring First Hop Security through Web GUI Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 449: First Hop Security Overview
Certification Path Advertisement message CPS message Certification Path Solicitation message DAD-NS message Duplicate Address Detection Neighbor Solicitation message FCFS-SAVI First Come First Served - Source Address Validation Improvement Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 450 If IPv6 First Hop Security is enabled on a VLAN, the switch traps the following messages: • Router Advertisement (RA) messages • Router Solicitation (RS) messages • Neighbor Advertisement (NA) messages Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 451 Trapped RS,CPS NS and NA messages are also passed to the ND Inspection feature. ND Inspection validates these messages, drops illegal messages, and passes legal messages to the IPv6 Source Guard feature. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 452 R1 are inner links inside the protected area. Figure 7 IPv6 First Hop Security Perimeter Switch D IPv6 FHS Switch A IPv6 FHS IPv6 FHS Switch C Switch B Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 453: Router Advertisement Guard
FHS common component is enabled, a rate limited SYSLOG message is sent. Neighbor Discovery Inspection Neighbor Discovery (ND) Inspection supports the following functions: Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 454: Dhcpv6 Guard
If a message does not pass verification, it is dropped. If the logging packet drop configuration on the FHS common component is enabled, a rate limited SYSLOG message is sent. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 455: Neighbor Binding Integrity
IPv6 First Hop Security switch establishes binding only on perimeterical interfaces (see IPv6 First Hop Security Perimeter). Binding information is saved in the Neighbor Binding table. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 456 NA message is received as a reply to the DAD-NS message, the local device infers that no binding for that address exists in other devices and creates the local binding for that address. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 457: Attack Protection
• If the given IPv6 address is known, the NS message is forwarded only on the interface to which the IPv6 address is bound. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 458 Protection Against NBD Cache Spoofing An IPv6 router supports the Neighbor Discovery Protocol (NDP) cache that maps the IPv6 address to the MAC address for the last hop routing. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 459: Policies, Global Parameters And System Defaults
They are attached by default. • Default policies can never be deleted. You can only delete the user-added configuration. User-Defined Policies You can define policies other than the default policies. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 460: Common Tasks
In the FHS Settings page, enter the list of VLANs on which this feature is enabled. STEP 1 In this same page, set the Global Packet Drop Logging feature. STEP 2 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 461 In the ND Inspection Settings page, enter the list of VLANs on which this feature is STEP 1 enabled. In this same page, set the global configuration values that are used if no values are STEP 2 set in a policy. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 462 • ICMPv6 Redirect messages • Certification Path Advertisement (CPA) messages • Certification Path Solicitation (CPS) message • DHCPv6 messages The FHS features are disabled by default. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 463: Before You Start
Enable—Create a SYSLOG when a packet is dropped as a result of First Hop Security. Disable—Do not create a SYSLOG when a packet is dropped as a result of First Hop Security. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 464 No Verification—Disables verification of the advertised Managed Address Configuration flag. On—Enables verification of the advertised Managed Address Configuration flag. Off—The value of the flag must be 0. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 465 Preference value. The following values are acceptable: low, medium and high (see RFC4191). High—Specifies the maximum allowed Advertised Default Router Preference value. The following values are acceptable: low, medium and high (see RFC4191). Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 466 If required, click Add to create a DHCPv6 policy. STEP 3 Enter the following fields: STEP 4 • Policy Name—Enter a user-defined policy name. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 467 VLANs and to set the global configuration values for this feature. If required, a policy can be added or the system-defined default ND Inspection policies can be configured in this page. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 468 Inherited—Inherit value from VLAN or system default (disabled). Enable—Enable checking source MAC address against the link-layer address. Disable—Disable checking source MAC address against the link-layer address. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 469 Entries Per Interface:—Specifies the neighbor binding limit per interface. Entries Per MAC Address:—Specifies the neighbor binding limit per MAC address. If required, click Add to create a Neighbor Binding policy. STEP 3 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 470 VLAN List—Select the VLANs to which the policy is attached. Select All VLANs or enter a range of VLANs. Click Apply to add the settings to the Running Configuration file. STEP 3 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 471 • IPv6 Address—Source IPv6 address of the entry. • Interface Name— Port on which packet is received. • MAC Address— Neighbor MAC address of the packet. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 472 Maximal Router Preference:—Is maximum router preference verification enabled. • ND Inspection Status ND Inspection State on Current VLAN:—Is ND Inspection enabled on the current VLAN. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 473 Max Entries per Interface:—Maximum number of Neighbor Binding table entries per interface allowed. Max Entries per MAC Address:—Maximum number of Neighbor Binding table entries per MAC address allowed. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 474 The following fields are displayed in the FHS Dropped Message Table • Protocol— Dropped message protocol. • Message Type—Type of message dropped. • Count—Number of messages dropped. • Reason—Reason that the messages were dropped. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 475 Security: IPV6 First Hop Security Configuring First Hop Security through Web GUI Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 476: Chapter 21: Security: Secure Sensitive Data Management
Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 477: Ssd Rules
A device comes with a set of default SSD rules. An administrator can add, delete, and change SSD rules as desired. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 478 (Lowest) Exclude—Users are not permitted to access sensitive data in any form. (Middle) Encrypted Only—Users are permitted to access sensitive data as encrypted only. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 479 * The Read mode of a session can be temporarily changed in the SSD Properties page if the new read mode does not violate the read permission. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 480 SSD rules. A device depends on its user authentication process to authenticate and authorize management access. To protect a device and its data including sensitive data and SSD configurations from unauthorized access, it Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 481 Encrypted Only Encrypted The default rules can be modified, but they cannot be deleted. If the SSD default rules have been changed, they can be restored. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 482: Ssd Properties
A passphrase must comply with the following rules: • Length—Between 8-16 characters. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 483: Local Passphrase
The following are the existing passphrase control modes: Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 484: Configuration File Integrity Control
Otherwise, the file is accepted for further processing. A device checks for the integrity of a text-based configuration file when the file is downloaded or copied to the Startup Configuration file. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 485: Read Mode
The SSD indicator is used to enforce SSD read permissions on text-based configuration files, but is ignored when copying the configuration files to the Running or Startup Configuration file. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 486: Ssd Control Block
SSD control block. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 487: Running Configuration File
When directly configuring the passphrase, (non file copy), in the Running Configuration, the passphrase in the command must be entered in plaintext. Otherwise, the command is rejected. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 488: Backup And Mirror Configuration File
The user should not manually change the file SSD indicator that conflicts with the sensitive data, if any, in the file. Otherwise, plaintext sensitive data may be unexpectedly exposed. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 489 Devices that are out-of-the-box or in factory default states use the default NOTE anonymous user to access the SCP server. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 490: Ssd Management Channels
The Menu CLI interface is only allowed to users if their read permissions are Both or Plaintext Only. Other users are rejected. Sensitive data in the Menu CLI is always displayed as plaintext. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 491: Configuring Ssd
Rule). STEP 3 To change the local passphrase: Click Change Local Passphrase, and enter a new Local Passphrase: STEP 1 • Default—Use the devices default passphrase. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 492 Secure XML SNMP—Indicates that this rule applies only to XML over HTTPS and SNMPv3 with privacy. Insecure XML SNMP—Indicates that this rule applies only to XML over HTTP or and SNMPv1/v2and SNMPv3 without privacy. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 493 Restore to Default—Restore a user-modified default rule to the default rule. • Restore All Rules to Default—Restore all user-modified default rules to the default rule and remove all user-defined rules. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 494 Security: Secure Sensitive Data Management Configuring SSD Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 495: Chapter 22: Security: Ssh Client
SCP server to a device. With respect to SSH, the SCP running on the device is an SSH client application and the SCP server is a SSH server application. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 496: Protection Methods
SSH server. This is not done through the device’s management system, although, after a username has been established on the server, the server password can be changed through the device’s management system. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 497 SSH server. To facilitate this process, an additional feature enables secure transfer of the encrypted private key to all switches in the system. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 498: Ssh Server Authentication
If no matching IP address/host name is found, the search is completed and authentication fails. • If the entry for the SSH server is not found in the list of trusted servers, the process fails. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 499: Ssh Client Authentication
The following algorithms are supported on the client side: • Key Exchange Algorithm-diffie-hellman • Encryption Algorithms aes128-cbc 3des-cbc arcfour aes192-cbc aes256-cbc • Message Authentication Code Algorithms hmac-sha1 hmac-md5 Compression algorithms are not supported. NOTE Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 500: Before You Begin
Set up a username/password on the SSH server or modify the password on the STEP 3 SSH server. This activity depends on the server and is not described here. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 501 Click Add to add a new server and enter its identifying information. STEP 2 Click Apply to add the server to the Trusted SSH Servers table. STEP 3 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 502: Ssh Client Configuration Through The Gui
Display Sensitive Data As Plaintext—Sensitive data for the current page appears as plaintext. The SSH User Key Table contains the following fields for each key: • Key Type—RSA or DSA. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 503 By IP Address—If this is selected enter the IP address of the server in the fields below. By Name—If this is selected enter the name of the server in the Server IP Address/Name field. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 504 IP address is an IPv4 or IPv6 address. • IP Address Type—If the SSH server IP address is an IPv6 address, select the IPv6 address type. The options are: Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 505 • New Password—Enter the new password and confirm it in the Confirm Password field. Click Apply. The password on the SSH server is modified. STEP 3 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 506: Chapter 23: Security: Ssh Server
SSH server application, such as PuTTY. The public keys are entered in the device. The users can then open an SSH session on the device through the external SSH server application. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 507: Common Tasks
Log on to device B and open the SSH Server Authentication page. Select either STEP 3 the RSA or DSA key, click Edit and paste in the key from device A. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 508: Ssh Server Configuration Pages
STEP 2 • SSH User Authentication by Password—Select to perform authentication of the SSH client user using the username/password configured in the local database (see Defining Users). Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 509 Select either an RSA or DSA key. STEP 2 You can perform any of the following actions: STEP 3 • Generate—Generates a key of the selected type. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 510 Encrypted. to display the text in encrypted form. If new keys were copied in from another, click Apply. The key(s) are stored in the STEP 4 Running Configuration file. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 511 Security: SSH Server SSH Server Configuration Pages Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 512: Chapter 24: Access Control
Either a DENY or PERMIT action is applied to frames whose contents match the filter. The device supports a maximum of 512 ACLs, and a maximum of 512 ACEs. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 513 ACL. In advanced QoS, these frames can be referred to using this Flow name, and QoS can be applied to these frames (see QoS Advanced Mode). Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 514: Defining Mac-Based Acls
Only then can the ACL be modified, as described in this section. Defining MAC-based ACLs MAC-based ACLs are used to filter traffic based on Layer 2 fields. MAC-based ACLs check all frames for a match. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 515 —Drop packets that meet the ACE criteria, and disable the port from where the packets were received. Such ports can be reactivated from the Port Settings page. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 516 802.1p Mask—Enter the wildcard mask to be applied to the VPT tag. • Ethertype—Enter the frame Ethertype to be matched. Click Apply. The MAC-based ACE is saved to the Running Configuration file. STEP 5 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 517: Ipv4-Based Acls
Enter the name of the new ACL in the ACL Name field. The names are STEP 3 case-sensitive. Click Apply. The IPv4-based ACL is saved to the Running Configuration file. STEP 4 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 518 ICMP —Internet Control Message Protocol IGMP —Internet Group Management Protocol IP in IP —IP in IP encapsulation —Transmission Control Protocol Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 519 User defined to enter a source address or range of source addresses. • Source IP Address Value—Enter the IP address to which the source IP address is to be matched. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 520 Filtered packets are either forwarded or dropped. Filtering packets by TCP flags increases packet control, which increases network security. • Type of Service—The service type of the IP packet. —Any service type Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 521: Ipv6-Based Acls
The IPv6-Based ACL page displays and enables the creation of IPv6 ACLs, which check pure IPv6-based traffic. IPv6 ACLs do not check IPv6-over-IPv4 or ARP packets. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 522 Deny—Drop packets that meet the ACE criteria. Shutdown—Drop packets that meet the ACE criteria, and disable the port to which the packets were addressed. Ports are reactivated from the Port Management page. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 523 Single—Enter a single TCP/UDP source port to which packets are matched. This field is active only if 800/6-TCP or 800/17-UDP is selected in the IP Protocol drop-down menu. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 524 Select one of the following options, to configure whether to filter on this code: Any—Accept all codes. User Defined—Enter an ICMP code for filtering purposes. Click Apply. STEP 5 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 525: Defining Acl Binding
Select IPv4 Based ACL—Select an IPv4-based ACL to be bound to the interface. • Select IPv6 Based ACL—Select an IPv6-based ACL to be bound to the interface. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 526 Click Apply. The ACL binding is modified, and the Running Configuration file is STEP 4 updated. If no ACL is selected, the ACL(s) that is previously bound to the VLAN are unbound. NOTE Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 527: Chapter 25: Quality Of Service
This section covers the following topics: • QoS Features and Components • Configuring QoS - General • QoS Basic Mode • QoS Advanced Mode • Managing QoS Statistics Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 528: Qos Features And Components
CoS/802. 1 p to Queue page or the DSCP to Queue page (depending on whether the trust mode is CoS/802. 1 p or DSCP, respectively). Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 529: Qos Modes
ACLs bonded directly to interfaces remain bonded. • When changing from QoS Basic mode to Advanced mode, the QoS Trust mode configuration in Basic mode is not retained. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 530: Qos Workflow
Configure Basic mode, as described in Workflow to Configure Basic QoS Mode b. Configure Advanced mode, as described in Workflow to Configure Advanced QoS Mode. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 531: Configuring Qos - General
Interface—Select the port or LAG. • Default CoS—Select the default CoS (Class-of-Service) value to be assigned for incoming packets (that do not have a VLAN tag). Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 532: Configuring Qos Queues
(The relative portion from each WRR queue depends on its weight). To select the priority method and enter WRR data. Click Quality of Service > General > Queue. STEP 1 Enter the parameters. STEP 2 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 533 Values (4 queues 1- (0-7, 7 being 4, 4 being the the highest) highest priority) Background Best Effort Excellent Effort Critical Application - LVS phone SIP Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 534 For each 802. 1 p priority, select the Output Queue to which it is mapped. STEP 3 Click Apply. 801. 1 p priority values to queues are mapped, and the Running STEP 4 Configuration file is updated. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 535: Mapping Dscp To Queue
The device is in QoS Advanced mode and the packets belongs to flows that is DSCP trusted Non-IP packets are always classified to the best-effort queue. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 536 Select the Output Queue (traffic forwarding queue) to which the DSCP value is STEP 2 mapped. Click Apply. The Running Configuration file is updated. STEP 3 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 537: Configuring Bandwidth
This field is only available if the interface is a port. • Egress Shaping Rate—Select to enable egress shaping on the interface. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 538: Configuring Egress Shaping Per Queue
• Committed Information Rate (CIR)—Enter the maximum rate (CIR) in Kbits per second (Kbps). CIR is the average maximum amount of data that can be sent. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 539 VLAN ID—Select a VLAN. • Committed Information Rate (CIR)—Enter the average maximum amount of data that can be accepted into the VLAN in Kilobytes per second. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 540: Tcp Congestion Avoidance
CoS/802. 1 p trusted mode and DSCP trusted mode. CoS/802. 1 p trusted mode uses the 802. 1 p priority in the VLAN tag. DSCP trusted mode use the DSCP value in the IP header. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 541 It also replaces the original DSCP values in the packets with the new DSCP values. The frame is mapped to an egress queue using the new, rewritten NOTE value, and not by the original DSCP value. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 542: Interface Qos Settings
Select the Port or LAG interface. STEP 4 Click to enable or disable QoS State for this interface. STEP 5 Click Apply. The Running Configuration file is updated. STEP 6 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 543: Qos Advanced Mode
(flow) at a port independent of each other. • An aggregate policer applies the QoS to all its flow(s) in aggregation regardless of policies and ports. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 544: Workflow To Configure Advanced Qos Mode
Aggregate Policer page. Create a policy that associates a class map with the aggregate policer by using the Policy Table page. 5. Bind the policy to an interface by using the Policy Binding page. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 545 When Override Ingress DSCP is enabled, the device uses the new DSCP values for egress queueing. It also replaces the original DSCP values in the packets with the new DSCP values. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 546 DSCP values 16, 24, and 48, Out of Profile DSCP Mapping changes the incoming values as they are mapped to the outgoing values. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 547: Defining Class Mapping
If a class map has two ACLs, you can specify that a frame must match both ACLs, or that it must match either one or both of the ACLs selected. Enter the parameters. STEP 3 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 548: Qos Policers
QoS on the class map (flow) at ports that are otherwise independent of each other. A single policer is created in the Policy Table page. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 549: Defining Aggregate Policers
To define an aggregate policer: Click Quality of Service > QoS Advanced Mode > Aggregate Policer. STEP 1 This page displays the existing aggregate policers. Click Add. STEP 2 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 550: Configuring A Policy
One or more aggregates that applies the QoS to the traffic flows in the policy. After a policy has been added, class maps can be added by using the Policy Table page. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 551: Policy Class Maps
DSCP value of all the matching packets. Use default trust mode —Ignore the ingress CoS/802. 1 p and/or DSCP value. The matching packets are sent as best effort. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 552 Bandwidth page. • Exceed Action—Select the action assigned to incoming packets exceeding the CIR. The options are: None—No action. Drop—Packets exceeding the defined CIR value are dropped. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 553: Policy Binding
Permit Any can be defined only if IP Source Guard is not activated on NOTE the interface. Click Apply. The QoS policy binding is defined, and the Running Configuration file STEP 5 is updated. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 554: Managing Qos Statistics
Enter the parameters. STEP 3 • Interface—Select the interface for which statistics are accumulated. • Policy Name—Select the policy name. • Class Map Name—Select the class name. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 555: Viewing Queues Statistics
Refresh Rate—Select the time period that passes before the interface Ethernet statistics are refreshed. The available options are: No Refresh—Statistics are not refreshed. 15 Sec—Statistics are refreshed every 15 seconds. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 556 All Ports—Specifies that statistics are displayed for all ports. • Queue—Select the queue for which statistics are displayed. • Drop Precedence—Enter drop precedence that indicates the probability of being dropped. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 557 Quality of Service Managing QoS Statistics Click Apply. The Queue Statistics counter is added, and the Running Configuration STEP 4 file is updated. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 558 Quality of Service Managing QoS Statistics Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 559 Quality of Service Managing QoS Statistics Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 560 Quality of Service Managing QoS Statistics Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 561 Quality of Service Managing QoS Statistics Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 562 Quality of Service Managing QoS Statistics Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 563: Chapter 26: Snmp
The device functions as SNMP agent and supports SNMPv1, v2, and v3. It also reports system events to trap receivers using the traps defined in the supported MIBs (Management Information Base). Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 564: Snmpv1 And V2
For security reasons, SNMP is disabled by default. Before you can NOTE manage the device via SNMP, you must turn on SNMP on the Security >TCP/ UDP Services page. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 565 Define users by using the SNMP Users page where they can be associated with a STEP 4 group. If the SNMP Engine ID is not set, then users may not be created. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 566: Supported Mibs
9.6. 1 .83.52. 1 uplinks and 2 combo-ports SF300-08 8 FE ports. 9.6. 1 .82.08.4 SF302-08 8 FE ports plus 2 GE ports 9.6. 1 .82.08. 1 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 567 24-Port 10/100 PoE Managed Switch 9.6. 1 .82.24. 1 SG300-28PP 28-Port Gigabit PoE Managed Switch 9.6. 1 .83.28.2 SF300-48PP 48-Port 10/100 PoE Managed Switch 9.6. 1 .82.48.2 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 568: Snmp Engine Id
User Defined—Enter the local device engine ID. The field value is a hexadecimal string (range: 10 - 64). Each byte in the hexadecimal character strings is represented by two hexadecimal digits. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 569: Configuring Snmp Views
Object ID (OID) of the root of the relevant subtrees. Either well- known names can be used to specify the root of the desired subtree or an OID can be entered (see Model OIDs). Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 570 DefaultSuper—Default SNMP view for administrator views. Other views can be added. • Object ID Subtree—Displays the subtree to be included or excluded in the SNMP view. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 571: Creating Snmp Groups
This page contains the existing SNMP groups and their security levels. Click Add. STEP 2 Enter the parameters. STEP 3 • Group Name—Enter a new group name. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 572 Otherwise, there is no restriction on the contents of the traps. This can only be selected for SNMPv3. Click Apply. The SNMP group is saved to the Running Configuration file. STEP 4 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 573: Managing Snmp Users
Remote IP Address—User is connected to a different SNMP entity besides the local device. If the remote Engine ID is defined, remote devices receive inform messages, but cannot make requests for Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 574 This field must be exactly 32 hexadecimal characters. The Encrypted or Plaintext mode can be selected. Click Apply to save the settings. STEP 4 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 575: Defining Snmp Communities
IP device can access the SNMP community. • IP Version—Select either IPv4 or IPv6. • IPv6 Address Type—Select the supported IPv6 address type if IPv6 is used. The options are: Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 576 Advanced—Select this mode for a selected community. Group Name—Select an SNMP group that determines the access rights. Click Apply. The SNMP Community is defined, and the Running Configuration is STEP 4 updated. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 577: Defining Trap Settings
An SNMP notification is a message sent from the device to the SNMP management station indicating that a certain event has occurred, such as a link up/ down. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 578 Server Definition—Select whether to specify the remote log server by IP address or name. • IP Version—Select either IPv4 or IPv6. • IPv6 Address Type—Select either Link Local or Global. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 579 Filter Name—Select the SNMP filter that defines the information contained in traps (defined in the Notification Filter page). Click Apply. The SNMP Notification Recipient settings are written to the Running STEP 5 Configuration file. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 580: Defining Snmpv3 Notification Recipients
Global—The IPv6 address is a global Unicast IPV6 type that is visible and reachable from other networks. • Link Local Interface—Select the link local interface (if IPv6 Address Type Link Local is selected) from the pull-down list. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 581 Filter Name—Select the SNMP filter that defines the information contained in traps (defined in the Notification Filter page). Click Apply. The SNMP Notification Recipient settings are written to the Running STEP 4 Configuration file. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 582: Snmp Notification Filters
Select or deselect Include in filter. If this is selected, the selected MIBs are STEP 4 included in the filter, otherwise they are excluded. Click Apply. The SNMP views are defined and the running configuration is STEP 5 updated. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 583 SNMP SNMP Notification Filters Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 584 SNMP SNMP Notification Filters Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 585 SNMP SNMP Notification Filters Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 586 Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company.

Cisco 300 Series Administration Manual

Chapter 1: Getting Started

Chapter 2: Status and Statistics

Chapter 3: Administration: System Log

Chapter 4: Administration: File Management

Chapter 5: Administration

Chapter 6: Administration: Time Settings

Chapter 7: Administration: Diagnostics

Chapter 8: Administration: Discovery

Chapter 9 : Administration: Unidirectional Link Detection

Chapter 10 : Port Management

Chapter 11: Smartport

Chapter 12: Port Management: Poe

Chapter 13: VLAN Management

Chapter 14: Spanning Tree

Chapter 15: Managing MAC Address Tables

Chapter 16: Multicast

Chapter 17: IP Configuration

Chapter 18: Security

Chapter 19: Security: 802.1X Authentication

Chapter 20 : Security: First Hop Security

Chapter 21: Security: Secure Sensitive Data Management

Chapter 22: Security: SSH Client

Chapter 23: Security: SSH Server

Quick Links

Related Manuals for Cisco 300 Series

Summary of Contents for Cisco 300 Series