Setting System Log Settings Setting Remote Logging Settings Viewing Memory Logs Chapter 4: Administration: File Management System Files Upgrade/Backup Firmware/Language Download/Backup Configuration/Log Configuration Files Properties Copy/Save Configuration Auto Configuration via DHCP Cisco Small Business 300 Series Managed Switch Administration Guide...
Page 3
Configuring System Time Chapter 7: Administration: Diagnostics Testing Copper Ports Displaying Optical Module Status Configuring Port and VLAN Mirroring Viewing CPU Utilization and Secure Core Technology Chapter 8: Administration: Discovery Bonjour Cisco Small Business 300 Series Managed Switch Administration Guide...
Page 4
Link Aggregation Configuring Green Ethernet Chapter 11: Smartport Overview What is a Smartport Smartport Types Smartport Macros Macro Failure and the Reset Operation How the Smartport Feature Works Auto Smartport Error Handling Cisco Small Business 300 Series Managed Switch Administration Guide...
Page 5
Configuring STP Status and Global Settings Defining Spanning Tree Interface Settings Configuring Rapid Spanning Tree Settings Chapter 15: Managing MAC Address Tables Configuring Static MAC Addresses Managing Dynamic MAC Addresses Chapter 16: Multicast Multicast Forwarding Cisco Small Business 300 Series Managed Switch Administration Guide...
Page 6
Defining Users Configuring RADIUS Management Access Method Management Access Authentication Secure Sensitive Data Management SSL Server SSH Client Configuring TCP/UDP Services Defining Storm Control Configuring Port Security 802.1X Denial of Service Prevention Cisco Small Business 300 Series Managed Switch Administration Guide...
Page 7
Chapter 21: Security: Secure Sensitive Data Management Introduction SSD Rules SSD Properties Configuration Files SSD Management Channels Menu CLI and Password Recovery Configuring SSD Chapter 22: Security: SSH Client Secure Copy (SCP) and SSH Cisco Small Business 300 Series Managed Switch Administration Guide...
Page 8
Chapter 25: Quality of Service QoS Features and Components Configuring QoS - General Managing QoS Statistics Chapter 26: SNMP SNMP Versions and Workflow Model OIDs SNMP Engine ID Configuring SNMP Views Creating SNMP Groups Cisco Small Business 300 Series Managed Switch Administration Guide...
Page 9
Contents Managing SNMP Users Defining SNMP Communities Defining Trap Settings Notification Recipients SNMP Notification Filters Cisco Small Business 300 Series Managed Switch Administration Guide...
Page 10
Contents Cisco Small Business 300 Series Managed Switch Administration Guide...
Open a Web browser. STEP 1 Enter the IP address of the device you are configuring in the address bar on the STEP 2 browser, and then press Enter. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 12
To add a new language to the device or update a current one, refer to the Upgrade/Backup Firmware/Language section. If this is the first time that you logged on with the default user ID (cisco) and the STEP 3 default password (cisco) or your password has expired, the Change Password Page appears.
Page 13
Save the Running Configuration to the Startup Configuration before logging off to preserve any changes you made during this session. A flashing red X icon to the left of the Save application link indicates that Running Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 14
Getting Started page. If you did not select this option, the initial page is the Getting Started page. If you did select this option, the initial page is the System Summary page. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Configure Port Mirroring Port and VLAN Mirroring page There are two hot links on the Getting Started page that take you to Cisco web pages for more information. Clicking on the Support link takes you to the device product support page, and clicking on the Forums link takes you to the Small Business Support Community page.
LAG (Port Channel)—These are displayed as LAG. VLAN—These are displayed as VLAN. Tunnel —These are displayed as Tunnel. • Interface Number: Port, LAG, tunnel or VLAN ID Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Running Configuration. Username Displays the name of the user logged on to the device. The default username is cisco. (The default password is cisco). Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 18
SYSLOG Alert Status icon is no longer displayed. To display the page when there is not an active SYSLOG message, Click Status and Statistics > View Log > RAM Memory. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 19
Clears log files. Clear Table Clears table entries. Close Returns to main page. If any changes were not applied to the Running Configuration, a message appears. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 20
Enter the query filtering criteria and click Go. The results are displayed on the page. Refresh Clich Refresh to refresh the counter values. Test Click Test to perform the related tests. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 21
Getting Started Window Navigation Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 22
Getting Started Window Navigation Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
This page is useful for analyzing the amount of traffic that is both sent and received and its dispersion (Unicast, Multicast, and Broadcast). Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 24
• Click Clear Interface Counters to clear counters for the interface displayed. • Click View All Interfaces Statistics to see all ports on a single page. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Pause Frames Transmitted—Flow control pause frames transmitted from the selected interface. To clear statistics counters: • Click Clear Interface Counters to clear the selected interfaces counters. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Leave All—Number of GVRP Leave All packets received/transmitted. The GVRP Error Statistics section displays the GVRP error counters. • Invalid Protocol ID—Invalid protocol ID errors. • Invalid Attribute Type—Invalid attribute ID errors. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
• EAP Response/ID Frames Received—EAP Resp/ID frames received on the port. • EAP Response Frames Received—EAP Response frames received by the port (other than Resp/ID frames). Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
The TCAM Utilization page shows the following fields: • Maximum TCAM Entries for IPv4 and Non-IP (Rules)—Maximum TCAM Entries available. • IPv4 Routing In Use—Number of TCAM entries used for IPv4 routing. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Define interesting changes in counter values, such as “reached a certain number of late collisions” (defines the alarm), and then specify what action to perform when this event occurs (log, trap, or log and trap). Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
CRC & Align Errors—Number of CRC and Align errors that have occurred. • Undersize Packets—Number of undersized packets (less than 64 octets) received. • Oversize Packets—Number of oversized packets (over 2000 octets) received. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Click Clear Interface Counters to clear the selected interfaces counters. • Click View All Interfaces Statistics to see all ports on a single page. Configuring RMON History The RMON feature enables monitoring statistics per interface. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Viewing the RMON History Table The History Table page displays interface-specific statistical network samplings. The samples were configured in the History Control table described above. To view RMON history statistics: Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 33
(FCS Error) or a bad FCS with a non-integral octet (Alignment Error) number. • Collisions—Collisions received. • Utilization—Percentage of current interface traffic compared to maximum traffic that the interface can handle. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Time—Displays the time of the event. (This is a read-only table in the parent window and cannot be defined). • Owner—Enter the device or user that defined the event. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
The Alarms page provides the ability to configure alarms and to bind them with events. Alarm counters can be monitored by either absolute values or changes (delta) in the counter values. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 36
Rising Alarm—A rising value triggers the rising threshold alarm. Falling Alarm—A falling value triggers the falling threshold alarm. Rising and Falling—Both rising and falling values trigger the alarm. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Owner—Enter the name of the user or network management system that receives the alarm. Click Apply. The RMON alarm is saved to the Running Configuration file. STEP 4 View Log Viewing Memory Logs. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 38
Status and Statistics View Log Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
(except for Emergency that is indicated by the letter F). For example, the log message "%INIT-I-InitCompleted: … " has a severity level of I, meaning Informational. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 40
Each message states the number of times it was aggregated. • Max Aggregation Time—Enter the interval of time that SYSLOG messages are aggregated. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
• IPv6 Source Interface—Select the source interface whose IPv6 address will be used as the source IPv6 address of SYSLOG messages sent to SYSLOG servers. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 42
Click Apply. The Add Remote Log Server page closes, the SYSLOG server is STEP 5 added, and the Running Configuration file is updated. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Log Settings page. Flash logs remain when the device is rebooted. You can clear the logs manually. To view the Flash logs, click Status and Statistics > View Log > Flash Memory. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 44
Log Time—Time when message was generated. • Severity—Event severity. • Description—Message text describing the event. To clear the messages, click Clear Logs. The messages are cleared. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
The possible methods of file transfer are: • Internal copy. • HTTP/HTTPS that uses the facilities that the browser provides. • TFTF/SCP client, requiring a TFTP/SCP server. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 46
The device has been operating continuously for 24 hours. No configuration changes have been made to the Running Configuration in the previous 24 hours. The Startup Configuration is identical to the Running Configuration. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 47
Copy/Save Configuration section. • Enable automatically uploading a configuration file from a DHCP server to the device, as described in the Auto Configuration via DHCP section. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
(the old version) until you change the status of the new image to be the active image by using the procedure in the Active Image <300- 500> section. Then boot the device. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 49
If a link local address exists on the interface, this entry replaces the address in the configuration. Global—The IPv6 address is a global Unicast IPV6 type that is visible and reachable from other networks. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 50
Username—Enter a username for this copy action. Password—Enter a password for this copy. The username and password for one-time credential will not saved in NOTE configuration file. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 51
If SSH server authentication is enabled (in the SSH Server Authentication page), and the SCP server is trusted, the operation succeeds. If the SCP server is not trusted, the operation fails and an error is displayed. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Active Image Version Number After Reboot displays the firmware version of the active image that is used after the device is rebooted. Click Apply. The active image selection is updated. STEP 3 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Startup Configuration file is deleted and the device reboots automatically in the new System mode. The device is configured with an empty configuration file. See Auto Configuration via DHCP. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 54
Destination File Type—Enter the destination configuration file type. Only valid file types are displayed. (The file types are described in the Files and File Types section). Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 55
(.), and the file name must be between 1 and 160 characters. (Valid characters: A-Z, a-z, 0-9, “.”, “-”, “_”). Click Apply. The file is upgraded or backed up. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 56
(password or public/private key), set a username and password on the device, if the password method is selected, and generate an RSA or DSA key if required. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 57
• Destination File Type—Select the configuration file type. Only valid file types are displayed. (The file types are described in the Files and File Types section). Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Creation Time—Date and time that file was modified. If required, disable Auto Mirror Configuration. This disables the automatic STEP 2 creation of mirror configuration files. When disabling this feature, the mirror Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Select the Source File Name to be copied. Only valid file types are displayed STEP 2 (described in the Files and File Types section). Select the Destination File Name to be overwritten by the source file. STEP 3 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
RADIUS server keys and SSH/SSL keys, by using the Secured Copy Protocol (SCP) and the Secure Sensitive Data (SSD) feature (See Security: Secure Sensitive Data Management). Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Auto Configuration page. This information is used when the DHCPv4 message does not contain this information (but it is not used by DHCPv6). Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
The SSH Client authentication parameters can also be used when downloading a NOTE file for manual download (a download that is not performed through the DHCP Auto Configuration feature). Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
If the SSH server authentication process is enabled, and the SSH server is not found in the SSH Trusted Servers list, the Auto Configuration process is halted. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
In IPv4, to ensure that the device configuration functions as intended, due to allocation of different IP addresses with each DHCP renew cycle, it is recommended that IP addresses be bound to MAC addresses in the DHCP Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 65
Enter the following optional information to be used if no configuration file name STEP 3 was received from the DHCP server. • Backup Server Definition—Select By IP address or By name to configure the server. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 66
DHCP message. Click Apply. The parameters are copied to the Running Configuration file. STEP 4 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 67
Administration: File Management Auto Configuration via DHCP Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
180W 2 uplinks and 2 combo-ports. SG300-52 SRW2048-K9 48 GE ports, and 4 special-purpose ports - 2 uplinks and 2 combo-ports SF300-08 SRW208-K9 8 FE ports. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
MAC address (the six furthest right hexadecimal digits). • System Uptime—Time that has elapsed since the last reboot. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 72
Boot MD5 Checksum—MD5 checksum of the boot version. • Locale—Locale of the first language. (This is always English). • Language Version—Language package version of the first or English language. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 73
L2—Select to place the device in Layer 2 system mode. L3—Select to place the device in Layer 3 system mode. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 74
Click Administration > Console Settings. STEP 1 Select one of the following: STEP 2 • Auto Detection—The console baud rate is detected automatically. • Static—Select one of the available speeds. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Select the timeout for the each session from the corresponding list. The default STEP 2 timeout value is 10 minutes. Click Apply to set the configuration settings on the device. STEP 3 Time Settings Administration: Time Settings. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
(e.g. late night). To reboot the device: Click Administration > Reboot. STEP 1 Click one of the Reboot buttons to reboot the device. STEP 2 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 77
Clearing the Startup Configuration File and Rebooting is not the same NOTE as Rebooting to Factory Defaults. Rebooting to Factory Defaults is more intrusive. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Maximum Entries—Select one of the following options: Use Default—The number of TCAM entries available for IP entries is 25% of the TCAM size. User Defined—Enter a value. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
• (On devices that support PoE) Disable the PoE circuitry so that less power is consumed and less heat is emitted. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Fan Direction—(On relevant devices) The direction that the fans are working in (for example: Front to Back). Diagnostics Administration: Diagnostics. Discovery - Bonjour See Bonjour. Discovery - LLDP Configuring LLDP. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
• Destination IPv6 Address Type—Select Link Local or Global as the type of IPv6 address to enter as the destination IP address. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 82
STEP 1 Configure Traceroute by entering information into the following fields: STEP 2 • Host Definition—Select whether hosts are identified by their IP address or name. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 83
A page appears showing the Round Trip Time (RTT) and status for each trip in the fields: • Index—Displays the number of the hop. • Host—Displays a stop along the route to the destination. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 84
• Round Trip Time (1-3)—Displays the round trip time in (ms) for the first through third frame and the status of the first through third operation. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 85
Administration Traceroute Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 86
Administration Traceroute Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 87
Administration Traceroute Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 88
Administration Traceroute Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 89
Administration Traceroute Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 90
Administration Traceroute Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 91
Administration Traceroute Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 92
Administration Traceroute Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 93
Administration Traceroute Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 94
Administration Traceroute Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
This section describes the options for configuring the system time, time zone, and Daylight Savings Time (DST). It covers the following topics: • System Time Options • SNTP Modes • Configuring System Time Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
After the time has been set by any of the above sources, it is not set again by the browser. SNTP is the recommended method for time setting. NOTE Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
The device supports having all of the above modes active at the same time and selects the best system time received from an SNTP server, according to an algorithm based on the closest stratum (distance from the reference clock). Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
RIP MD5 authentication to work. This also helps features that associate with time, for example: Time Based ACL, Port, 802. 1 port authentication that are supported on some devices. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 99
European country. Enter the following parameters: Recurring —DST occurs on the same date every year. By Dates Selecting allows customization of the start and stop of DST: Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Click Administration > Time Settings > SNTP Unicast. STEP 1 Enter the following fields: STEP 2 • SNTP Client Unicast—Select to enable the device to use SNTP-predefined Unicast clients with Unicast SNTP servers. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 101
Delay—The estimated round-trip delay of the server's clock relative to the local clock over the network path between them, in milliseconds. The host determines the value of this delay using the algorithm described in RFC 2030. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 102
The server with the lowest stratum is considered to be the primary server. The server with the next lowest stratum Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
The packets are transmitted to all SNTP servers on the subnet. If the system is in Layer 3 system mode, click Add to select the interface for SNTP STEP 3 reception/transmission. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
STEP 3 Click Add. STEP 4 Enter the following parameters: STEP 5 • Authentication Key ID—Enter the number used to identify this SNTP authentication key internally. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
The time-range feature can be used for the following: • Limit access of computers to the network during business hours (for example), after which the network ports are locked, and access to the rest Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 106
The existing recurring time ranges are displayed (filtered per a specific, absolute time range.) Select the absolute time range to which to add the recurring range. STEP 2 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 107
Recurring Starting Time—Enter the date and time that the Time Range begins on a recurring basis. Recurring Ending Time—Enter the date and time that the Time Range ends on a recurring basis. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Preconditions to Running the Copper Port Test Before running the test, do the following: • (Mandatory) Disable Short Reach mode (see the Port Management > Green Ethernet > Properties page) Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 109
Distance to Fault—Distance from the port to the location on the cable where the fault was discovered. • Operational Port Status—Displays whether port is up or down. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
10 km. The following GE SFP (1000Mbps) transceivers are supported: • MGBBX1: 1000BASE-BX-20U SFP transceiver, for single-mode fiber, 1310 nm wavelength, supports up to 40 km. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 111
No Signal (N/S). • Loss of Signal—Local SFP reports signal loss. Values are True and False. • Data Ready—SFP is operational. Values are True and False Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
• Type—Type of monitoring: incoming to the port (Rx), outgoing from the port (Tx), or both. • Status— Displays one of the following values: Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
This section describes the Secure Core Technology (SCT) and how to view CPU usage. The device handles the following types of traffic, in addition to end-user traffic: • Management traffic • Protocol traffic • Snooping traffic Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 114
Select the Refresh Rate (time period in seconds) that passes before the statistics STEP 2 are refreshed. A new sample is created for each time period Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Services page. When Bonjour Discovery and IGMP are both enabled, the IP Multicast address of Bonjour appears on the Adding IP Multicast Group Address page. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
To configure Bonjour when the device is in Layer 3 system mode: Click Administration > Discovery - Bonjour. STEP 1 Select Enable to enable Bonjour discovery globally. STEP 2 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
LLDP Properties page respectively. • Auto Smartport requires CDP and/or LLDP to be enabled. Auto Smartport automatically configures an interface based on the CDP/LLDP advertisement received from the interface. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
LLDP Overview • Setting LLDP Properties • Editing LLDP Port Settings • LLDP MED Network Policy • Configuring LLDP MED Port Settings • Displaying LLDP Port Status Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
TLVs to advertise, and advertise the device's management address. 3. Create LLDP MED network policies by using the LLDP MED Network Policy page. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
• Transmit Delay—Enter the amount of time in seconds that passes between successive LLDP frame transmissions due to changes in the LLDP local systems MIB. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Tx Only—Publishes but does not discover. Rx Only—Discovers but does not publish. Tx & Rx—Publishes and discovers. Disable—Indicates that LLDP is disabled on the port. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 122
PHY implementation. The following fields relate to the Management Address: • Advertisement Mode—Select one of the following ways to advertise the IP management address of the device: Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
IP Phone location information. • Troubleshooting information. LLDP MED sends alerts to network managers upon: Port speed and duplex mode conflicts QoS policy misconfigurations Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 124
Application—Select the type of application (type of traffic) for which the network policy is being defined. • VLAN ID—Enter the VLAN ID to which the traffic must be sent. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
MED Network Policies to a port, select it, and click Edit. Enter the parameters: STEP 4 • Interface—Select the interface to configure. • LLDP MED Status—Enable/disable LLDP MED on this port. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
TLVs sent to the neighbor. Click LLDP Neighbor Information Detail to see the details of the LLDP and LLDP- STEP 3 MED TLVs received from the neighbor. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
To view the LLDP local port status advertised on a port: Click Administration > Discovery - LLDP > LLDP Local Information. STEP 1 On the bottom of the page, click LLDP Port Status Table. STEP 2 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 128
Address—Returned address most appropriate for management use,typically a Layer 3 address. • Interface Subtype—Numbering method used for defining the interface number. • Interface Number—Specific interface associated with this management address. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 129
• Remote Rx Echo—Indicates the local link partner’s reflection of the remote link partner’s Rx value. MED Details • Capabilities Supported—MED capabilities supported on the port. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 130
Identification Number (ELIN). Network Policy Table • Application Type—Network policy application type; for example, Voice. • VLAN ID—VLAN ID for which the network policy is defined. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
System Name—Published name of the device. • Time to Live—Time interval (in seconds) after which the information for this neighbor is deleted. Select a local port, and click Details. STEP 2 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 132
Address—Managed address. • Interface Subtype—Port subtype. • Interface Number—Port number. MAC/PHY Details • Auto-Negotiation Supported—Port speed auto-negotiation support status. The possible values are True and False. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 133
• Remote Tx—Indicates the time (in micro seconds) that the transmitting link partner waits before it starts transmitting data after leaving Low Power Idle (LPI mode). Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 134
Firmware Revision—Firmware version. • Software Revision—Software version. • Serial Number—Device serial number. • Manufacturer Name—Device manufacturer name. • Model Name—Device model name. • Asset ID—Asset ID. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 135
VLAN ID—VLAN ID for which the network policy is defined. • VLAN Type—VLAN type, Tagged or Untagged, for which the network policy is defined. • User Priority—Network policy user priority. • DSCP—Network policy DSCP. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
The LLDP Overloading page displays the number of bytes of LLDP/LLDP-MED information, the number of available bytes for additional LLDP information, and the overloading status of every interface. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 137
—If the LLDP MED network policies packets were sent, or if they were overloaded. • LLDP MED Extended Power via MDI Size (Bytes) —Total LLDP MED extended power via MDI packets byte size. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
It covers the following topics: • Setting CDP Properties • Editing CDP Interface Settings • Displaying CDP Local Information • Displaying CDP Neighbors Information • Viewing CDP Statistics Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Administration: Discovery Configuring CDP Setting CDP Properties Similar to LLDP, CDP (Cisco Discovery Protocol) is a link layer protocol for directly connected neighbors to advertise themselves and their capabilities to each other. Unlike LLDP, CDP is a Cisco proprietary protocol.
Page 140
VLAN mismatch is detected. This means that the native VLAN information in the incoming frame does not match what the local device is advertising. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
• CDP Neighbor Information Details—Takes you to the Administration > Discovery - CDP > CDP Neighbor Information page. Select a port and click Edit. STEP 2 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
• Device ID TLV Device ID Type—Type of the device ID advertised in the device ID TLV. Device ID—Device ID advertised in the device ID TLV. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 143
In this case, packets received on such a port are not re- marked. Disabled indicates that the port is not trusted in which case, the following field is relevant. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Click Administration > Discovery - CDP > CDP Neighbor Information. STEP 1 This page contains the following fields for the link partner (neighbor): • Device ID—Neighbors device ID. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 145
Duplex—Whether neighbors interface is half or full duplex. • Addresses—Neighbors addresses. • Power Drawn—Amount of power consumed by neighbor on the interface. • Version—Neighbors software version. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
To clear all counters on all interfaces, click Clear All Interface Counters. To clear all counters on an interface, select it and click Clear All Interface Counters. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 147
Administration: Discovery Configuring CDP Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 148
Administration: Discovery Configuring CDP Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
5. Configure Green Ethernet and 802.3 Energy Efficient Ethernet by using the Properties page. 6. Configure Green Ethernet energy mode and 802.3 Energy Efficient Ethernet per port by using the Port Settings page. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Copper Ports—Regular, not Combo, support the following values: 10M, 100M, and 1000M (type: Copper). Combo Ports Copper—Combo port connected with copper CAT5 cable, supports the following values: 10M, 100M, and 1000M (type: ComboC). Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 151
You can designate Administrative Speed only when port auto-negotiation is disabled. • Operational Port Speed—Displays the current port speed that is the result of negotiation. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 152
MDI/MDIX—the Media Dependent Interface (MDI)/Media Dependent Interface with Crossover (MDIX) status on the port. The options are: MDIX—Select to swap the port's transmit and receives pairs. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 153
Click Port Management > Error Recovery Settings. STEP 1 Enter the following fields: STEP 2 • Automatic Recovery Interval—Select to enable the error recovery mechanism for the port security err-disable state. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
This section describes how to configure LAGs. It covers the following topics: • Link Aggregation Overview • Static and Dynamic LAG Workflow • Defining LAG Management • Configuring LAG Settings • Configuring LACP Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
LAG has port attributes similar to a regular port, such as state and speed. The device supports 32 LAGs with up to 8 ports in a LAG group. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 156
Members list. Select the load balancing algorithm for the LAG. Perform these actions in the LAG Management page. 2. Configure various aspects of the LAG, such as speed and flow control by using the LAG Settings page. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
LACP—Select to enable LACP on the selected LAG. This makes it a dynamic LAG. This field can only be enabled after moving a port to the LAG in the next field. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
• Reactivate Suspended LAG—Select to reactivate a port if the LAG has been disabled through the locked port security option or through ACL configurations. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 159
See the Port Configuration description in Setting Basic Port Configuration for details regarding protected ports and LAGs. Click Apply. The Running Configuration file is updated. STEP 4 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
In order for LACP to create a LAG, the ports on both link ends should be configured for LACP, meaning that the ports send LACP PDUs and handle received PDUs. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 161
LACP PDUs. Select the periodic transmissions of LACP PDUs, which occur at either a Long or Short transmission speed, depending upon the expressed LACP timeout preference. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
The Green Ethernet feature can reduce overall power usage in the following ways: • Energy-Detect Mode— On an inactive link, the port moves into inactive mode, saving power while keeping the Administrative status of the port Up. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 163
Green Ethernet mode. The saved energy displayed is only related to Green Ethernet. The amount of energy saved by EEE is not displayed. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 164
When using 802.3az EEE, systems on both sides of the link can disable portions of their functionality and save power during periods of no traffic. 802.3az EEE supports IEEE 802.3 MAC operation at 100 Mbps and 1000 Mbps: Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 165
802.3az EEE TLV is used to fine tune system wake-up and refresh durations. Availability of 802.3az EEE Please check the release notes for a complete listing of products that support EEE. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 166
Select whether to enable or disable advertisement of 802.3az EEE capabilities through LLDP in 802.3 Energy Efficient Ethernet (EEE) LLDP (it is enabled by default). Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
This value is updated each time there is an event that affects power saving. • 802.3 Energy Efficient Ethernet (EEE)— Globally enable or disable EEE mode. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Administrative—Displays whether Short Reach mode was enabled. Operational—Displays whether Short Reach mode is currently operating. Reason—If Short-Reach mode is not operational, displays the reason. Cable Length—Displays VCT-returned cable length in meters. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 169
(advertisement of EEE capabilities through LLDP) if there are GE ports on the device. Click Apply. The Green Ethernet port settings are written to the Running STEP 7 Configuration file. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 170
Port Management Configuring Green Ethernet Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
The purpose of UDLD is to detect ports on which the neighbor does not receive traffic from the local device (unidirectional link) and to shut down those ports. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
If the link is undetermined, the port is not shut down. Its status is changed to undetermined and a notification is sent. • Aggressive If the link is unidirectional or undetermined, the port is shut down. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 173
A port that was shut down can be reactivated manually in the Port Management > Error Recovery Settings page. For more information, see Reactivating a Shutdown Port. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 174
UDLD in the Port Management > Error Recovery Settings page. In this case, when a port is shut down by UDLD, it is automatically reactivated when the automatic recovery interval expires. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
When the port is down, UDLD goes into UDLD shutdown state. In this state, UDLD removes all learned neighbors. When the port is changed from down to up, UDLD resumes actively running. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Open the Port Management > UDLD Global Settings page. STEP 1 a. Enter the Message Time. b. Select either Disabled, Normal or Aggressive as the global UDLD status. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Enter the following fields: STEP 2 • Message Time—Enter the interval between two sent UDLD messages. This field is relevant for both fiber and copper ports. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 178
Detection—The latest UDLD state of the port is in the process of being determined. Expiration time has not yet expired since the last Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 179
Neighbor Information: Device ID—ID of the remote device. Device MAC—MAC address of the remote device. Device Name—Name of the remote device. Port ID—Name of the remote port. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 180
Neighbor Expiration Time (Sec)—Displays the time that must pass before determining the port UDLD status. This is three times the Message Time. • Neighbor Message Time (Sec)—Displays the time between UDLD messages. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
• Default Configuration • Relationships with Other Features and Backwards Compatibility • Common Smartport Tasks • Configuring Smartport Using The Web-based Interface • Built-in Smartport Macros Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 182
• LLDP/CDP for Smartport, described in the Configuring LLDP Configuring CDP sections, respectively. Additionally, typical work flows are described in the Common Smartport Tasks section. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
"the anti-macro," serves to undo all configuration performed by "the macro" when that interface happens to become a different Smartport type. You can apply a Smartport macro by the following methods: • The associated Smartport type. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
The following describe these special Smartport types: • Default An interface that does not (yet) have a Smartport type assigned to it has the Default Smartport status. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
View Macro Source button on the Smartport Type Settings page. A macro and the corresponding anti-macro are paired together in association with each Smartport type. The macro applies the configuration and the anti-macro removes it. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
If the Auto Smartport Global Operational state, the interface Auto Smartport state, and the Persistent Status are all Enable, the Smartport type is set to this dynamic type. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Edit. Then, select the Smartport type you want to assign and adjust the parameters as necessary before clicking Apply. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
If not, the Smartport Type reverts to Default. Enabling Auto Smartport Auto Smartport can be enabled globally in the Properties page in the following ways: Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
This mapping is shown in the following tables: CDP Capabilities Mapping to Smartport Type Capability Name CDP Bit Smartport Type Router 0x01 Router TB Bridge 0x02 Wireless Access Point Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 190
IEEE Std. 802. 1 Q S-VLAN Component of a VLAN Bridge Switch IEEE Std. 802. 1 Q Two-port MAC Relay (TPMR) IEEE Std. Ignore 802. 1 Q Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
(assuming the configuration was saved). The Smartport type and the configuration of the interface are not changed unless Auto Smartport detects an attaching device with a different Smartport type. If the Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Auto Smartport, the Auto Voice VLAN is disabled after the upgrade. If Telephony OUI was enabled before the upgrade, then Auto Smartport is disabled after the upgrade, and Telephony OUI remains enabled. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Select the Smartport type that is to be assigned to the interface in the Smartport STEP 3 Application field. Set the macro parameters as required. STEP 4 Click Apply. STEP 5 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 194
STEP 5 that are not switches, routers or APs) or Reapply Smartport Macro (for switches, routers or APs) to run the Smartport Macro on the interface. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Administrative Auto Smartport—Select to globally enable or disable Auto Smartport. The following options are available: Disable—Select to disable Auto Smartport on the device. Enable—Select to enable Auto Smartport on the device. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Editing these parameters for the Smartport types applied by Auto Smartport from the Smartport Type Settings page configures the default values for these parameters. These defaults are used by Auto Smartport. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 197
Auto Smartport automatically reapplies the macro to the interfaces currently assigned with the Smartport type by Auto Smartport. Auto Smartport does not apply the changes to interfaces that were statically assigned a Smartport type. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Reapply Smartport Macro. The macros are applied to all selected interface types. • Select an interface that is UP and click Reapply to reapply the last macro that was applied to the interface. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 199
LLDP advertisement received from the connecting devices as well as applying the corresponding Smartport macro. To statically assign a Smartport type and apply the corresponding Smartport macro to the interface, select the desired Smartport type. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Macro code for the following Smartport types are provided: • desktop • printer • guest • server • host • ip_camera • ip_phone • ip_phone_desktop • switch Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 201
Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 202
Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 203
Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 204
Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 205
Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 206
[ip_phone] #macro description ip_phone #macro keywords $native_vlan $voice_vlan $max_hosts Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 207
Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 208
$voice_vlan no smartport switchport trunk native vlan smartport switchport trunk allowed vlan remove all no port security no port security mode no port security max Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 209
$voice_vlan: The voice VLAN ID no smartport switchport trunk native vlan smartport switchport trunk allowed vlan remove all no spanning-tree link-type router [router] #macro description router Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 210
Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 211
Smartport Built-in Smartport Macros [ap] #macro description ap #macro keywords $native_vlan $voice_vlan #macro key description: $native_vlan: The untag VLAN which will be configured on the port Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Removes the necessity for placing all network devices next to power sources. • Eliminates the need to deploy double cabling systems in an enterprise significantly decreasing installation costs. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
There are two factors to consider in the PoE feature: • The amount of power that the PSE can supply • The amount of power that the PD is actually attempting to consume Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 214
AC, they could be powered up as a legacy PD by another PSE due to false detection. When this happens, the PoE device may not operate properly and Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
SNMP and configure at least one SNMP Notification Recipient. • Power Trap Threshold—Enter the usage threshold that is a percentage of the power limit. An alarm is initiated if the power exceeds this value. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
When the power consumed on the port exceeds the class limit, the port power is turned off. PoE priority example: Given: A 48 port device is supplying a total of 375 watts. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 217
Max Power Allocation—This field appears only if the Power Mode set in the PoE Properties page is Power Limit. Displays the maximum amount of power permitted on this port. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 218
PSE. Signatures are generated during powered device detection, classification, or maintenance. Click Apply. The PoE settings for the port are written to the Running Configuration STEP 4 file. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 219
Port Management: PoE Configuring PoE Settings Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
A VLAN is a logical group of ports that enables devices associated with it to communicate with each other over the Ethernet MAC layer, regardless of the physical LAN segment of the bridged network to which they are connected. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 221
Removes the VLAN tag from the frame if the egress port is an untagged member of the target VLAN, and the original frame has a VLAN tag. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 222
With QinQ, the device adds an ID tag known as Service Tag (S-tag) to forward traffic over the network. The S-tag is used to segregate traffic between various customers, while preserving the customer VLAN tags. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
The default VLAN has the following characteristics: • It is distinct, non-static/non-dynamic, and all ports are untagged members by default. • It cannot be deleted. • It cannot be given a label. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 224
Click Save (in the upper-right corner of the window) and save the Running STEP 4 Configuration to the Startup Configuration. The Default VLAN ID After Reset becomes the Current Default VLAN ID after you reboot the device. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Ports must always belong to one or more VLANs. The 300 Series device supports up to 4K VLANs, including the default VLAN. Each VLAN must be configured with a unique VID (VLAN ID) with a value from 1 to 4094.
These frame types are only available in General mode. Possible values are: Admit All—The interface accepts all types of frames: untagged frames, tagged frames, and priority tagged frames. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
VLAN, then the last VLAN-aware device (if there is one), must send frames of the destination VLAN to the end node untagged. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Running STEP 4 , and Configuration file. You can continue to display and/or configure port membership of another VLAN by selecting another VLAN ID. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
The default VLAN might appear in the right list if it is tagged, but it cannot be selected. • Tagging—Select one of the following tagging/PVID options: Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
To propagate the VLAN, it must be up on at least one port. By default, GVRP is disabled globally and on ports. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
TAG: If the packet is tagged, the VLAN is taken from the tag. • MAC-Based VLAN: If a MAC-based VLAN has been defined, the VLAN is taken from the source MAC-to-VLAN mapping of the ingress interface. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 232
To define a MAC-based VLAN group: 1. Assign a MAC address to a VLAN group ID (using the MAC-Based Groups page). 2. For each required interface: Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 233
Click VLAN Management > VLAN Groups > MAC-Based Groups to VLAN. STEP 1 Click Add. STEP 2 Enter the values for the following fields: STEP 3 • Group Type—Displays that the group is MAC-Based. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 234
Group ID—Displays the protocol group ID to which the interface is added. Click the Add Button. The Add Protocol-Based Group page appears STEP 2 Enter the following fields:. STEP 3 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 235
Interface—Port or LAG number assigned to VLAN according to protocol- based group. • Group ID—Protocol group ID. • VLAN ID—Attaches the interface to a user-defined VLAN ID. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
VLAN used by the phones is determined by the network configuration. There may or may not be separate voice and data VLANs. The phones and VoIP endpoints register with an on-premise IP PBX. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 237
OUIs. An OUI is the first three bytes of an Ethernet MAC address. For more information about Telephony OUI, see Configuring Telephony OUI. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 238
CDP and/or LLDP-MED. Voice End-Points To have a voice VLAN work properly, the voice devices, such as Cisco phones and VoIP endpoints, must be assigned to the voice VLAN where it sends and receives its voice traffic.
Page 239
MAC address of the source providing the voice VLAN information. Source type priority from high to low are static VLAN configuration, CDP advertisement, and default configuration based on changed default VLAN, Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 240
Working with the OUI mode, the device can additionally configure the mapping and remarking (CoS/802. 1 p) of the voice traffic based on the OUI. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 241
The device default configuration on Auto Voice VLAN, Auto Smartports, CDP, and LLDP cover most common voice deployment scenarios. This section describes how to deploy voice VLAN when the default configuration does not apply. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Configure Telephony OUI VLAN membership for ports in the Telephony OUI STEP 3 Interface page. Configuring Voice VLAN This section describes how to configure voice VLAN. It covers the following topics: Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 243
DSCP—Selection of DSCP values that to be used by the LLDP-MED as a voice network policy. Refer to Administration > Discovery > LLDP > LLDP MED Network Policy for additional details. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 244
This only resets the voice VLAN to the default voice vlan if the Source Type is in the NOTE Inactive state. To view Auto Voice VLAN parameters: Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 245
• Source Type— Type of UC from which voice configuration was received. The following options are available: Default—Default voice VLAN configuration on the device Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
The OUI Global table can hold up to 128 OUIs. This section covers the following topics: • Adding OUIs to the Telephony OUI Table • Adding Interfaces to Voice VLAN on Basis of OUIs Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 247
To add a new OUI, click Add. STEP 4 Enter the values for the following fields: STEP 5 • Telephony OUI—Enter a new OUI. • Description—Enter an OUI name. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 248
All—QoS attributes are applied on all packets that are classified to the Voice VLAN. Telephony Source MAC Address—QoS attributes are applied only on packets from IP phones. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Any VLAN can be configured as a Multicast-TV VLAN. A port assigned to a Multicast-TV VLAN: • Joins the Multicast-TV VLAN. • Packets passing through egress ports in the Multicast TV VLAN are untagged. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Source and all receiver Source and receiver ports ports must be static cannot be members in the members in the same same data VLAN. data VLAN. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Click Add to associate a Multicast group to a VLAN. Any VLAN can be selected. STEP 2 When a VLAN is selected, it becomes a Multicast TV VLAN. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
The box forwards the packets from the network port to the subscriber's devices based on the VLAN tag of the packet. Each VLAN is mapped to one of the MUX access ports. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
To support the CPE MUX with subscribers VLANs, subscribers may require multiple video providers, and each provider is assigned a different external VLAN. CPE (internal) Multicast VLANs must be mapped to the Multicast provider (external) VLANs. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Configuring VLAN Interface Settings). Use the Port Multicast VLAN Membership page to map these ports to Multicast TV VLANs as described in Port Multicast VLAN Membership Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 255
VLAN Management Customer Port Multicast TV VLAN Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
STP provides a tree topology for any arrangement of switches and interconnecting links, by creating a unique path between end stations on a network, and thereby eliminating loops. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
STEP 1 Enter the parameters. STEP 2 Global Settings: • Spanning Tree State—Enable or disable STP on the device. • STP Operation Mode—Select an STP mode. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 258
Root Bridge. (This is significant when the bridge is not the root.) • Root Path Cost—The cost of the path from this bridge to the root. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
STP port if connected to another device. This helps avoid loops. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 260
0 to 240, set in increments of 16. • Port State—Displays the current STP state of a port. Disabled—STP is currently disabled on the port. The port forwards traffic while learning MAC addresses. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
The RSTP Interface Settings page enables you to configure RSTP per port. Any configuration that is done on this page is active when the global STP mode is set to RSTP or MSTP. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 262
Role—Displays the role of the port that was assigned by STP to provide STP paths. The possible roles are: Root —Lowest cost path to forward packets to the Root Bridge. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 263
—The port is in Forwarding mode. The port can forward traffic and learn new MAC addresses. Click Apply. The Running Configuration file is updated. STEP 7 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
For two or more switches to be in the same MST region, they must have the same VLANs to MST instance mapping, the same configuration revision number, and the same region name. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Configuration on this page (and all of the MSTP pages) applies if the system STP mode is MSTP. Up to seven MST instances (predefined from 1-7) can be defined on 300 Series switches, in addition to instance zero. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
To enter MSTP instance settings: Click Spanning Tree > MSTP Instance Settings. STEP 1 Enter the parameters. STEP 2 • Instance ID—Select an MST instance to be displayed and defined. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Interface Type equals to—Select whether to display the list of ports or LAGs. Click Go. The MSTP parameters for the interfaces on the instance are displayed. STEP 3 Select an interface, and click Edit. STEP 4 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 268
LAN, which provides the lowest root path cost from the LAN to the Root Bridge for the MST instance. Alternate—The interface provides an alternate path to the root device from the root interface. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 269
Forward Transitions—Displays the number of times the port has changed from the Forwarding state to the Blocking state. Click Apply. The Running Configuration file is updated. STEP 6 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 270
Spanning Tree Defining MSTP Interface Settings Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
VLAN. Such frames are referred to as unknown Unicast frames. The device supports a maximum of 8K static and dynamic MAC addresses. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Secure—The MAC address is secure when the interface is in classic locked mode (see Configuring Port Security). Click Apply. A new entry appears in the table. STEP 4 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Click Go. The Dynamic MAC Address Table is queried and the results are STEP 4 displayed. To delete all of the dynamic MAC addresses. click Clear Table. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Discard —Delete the packet. Bridge —Forward the packet to all VLAN members. Click Apply. A new MAC address is reserved. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
The data is sent only to relevant ports. Forwarding the data only to the relevant ports conserves bandwidth and host resources on links. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
When the device is IGMP/MLD-snooping-enabled and receives a frame for a Multicast stream, it forwards the Multicast frame to all the ports that have registered to receive the Multicast stream using IGMP Join messages. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 277
The device can be configured to be an IGMP Querier as a backup querier, or in situation where a regular IGMP Querier does not exist. The device is not a full capability IGMP Querier. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
VLAN as defined in the Multicast Forwarding Data Base. Multicast filtering is enforced on all traffic. By default, such traffic is flooded to all relevant ports, but you can limit forwarding to a smaller subset. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 279
• Forwarding Method for IPv4—Set one of the following forwarding methods for IPv4 addresses: MAC Group Address, IP Group Address, or Source Specific IP Group Address. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
MAC Group Addresses from the selected VLAN. Click Go, and the MAC Multicast group addresses are displayed in the lower STEP 3 block. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 281
Click Apply, and the Running Configuration file is updated. STEP 10 Entries that were created in the IP Multicast Group Address page NOTE cannot be deleted in this page (even if they are selected). Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
IP Source Address field. If not, the entry is added as a (*,G) entry, an IP group address from any IP source. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Multicast frames to ports that have registered Multicast clients. The device supports IGMP Snooping only on static VLANs. It does not support NOTE IGMP Snooping on dynamic VLANs. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 284
Multicast traffic. The device only performs IGMP Snooping if both IGMP snooping and Bridge Multicast filtering are enabled. Select a VLAN, and click Edit. STEP 3 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 285
Last Member Query Interval—Enter the Maximum Response Delay to be used if the device cannot read Max Response Time value from group- specific queries sent by the elected querier. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
MLDv2 snooping uses MLDv2 control packets to forward traffic based on the source IPv6 address, and the destination IPv6 Multicast address. The actual MLD version is selected by the Multicast router in the network. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 287
MRouter Ports Auto-Learn—Enable or disable Auto Learn for the Multicast router. • Query Robustness—Enter the Robustness Variable value to be used if the device cannot read this value from messages sent by the elected querier. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Click Apply. The Running Configuration file is updated. STEP 5 Querying IGMP/MLD IP Multicast Group The IGMP/MLD IP Multicast Group page displays the IPv4 and IPv6 group address learned from IGMP/MLD messages. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Multicast streams and IGMP/MLD registration messages. This is required so that the Multicast routers can, in turn, forward the Multicast streams and propagate the registration messages to other subnets. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Multicast traffic is flooded to ports in the device. You can statically (manually) configure a port to Forward All, if the devices connecting to the port do not support IGMP and/or MLD. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
The Unregistered Multicast page enables handling Multicast frames that belong to groups that are not known to the device (unregistered Multicast groups). Unregistered Multicast frames are usually forwarded to all ports on the VLAN. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 292
Filtering—Enables filtering (rejecting) of unregistered Multicast frames to the selected interface. Click Apply. The settings are saved, and the Running Configuration file is updated. STEP 3 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 293
Multicast Defining Unregistered Multicast Settings Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Dynamic VLAN Assignment, VLAN Rate Limit, SYN Rate DoS Protection, and Advanced QoS Policers. Configuring the device to work in either mode is performed in the Administration > System Settings page. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 295
When in Layer 2 system mode, unless the device is configured with a static IP address, it issues DHCPv4 requests until a response is received from the DHCP server. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 296
All the IP addresses configured or assigned to the device are referred to as Management IP addresses in this guide. If the pages for Layer 2 and Layer 3 are different, both versions are displayed. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Interface > IPv6 Interfaces page. Configure the IPv6 address of that interface in the Administration > Management Interface > IPv6 Addresses page. This page is not available in SG500X, ESW2-550X and SG500XG devices. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
DHCP option 12 will not be requested by the device. The DHCP server must be configured to send option 12, regardless of what is requested in order to make use of this feature. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 299
You can configure this from Administration > File Management > DHCP Auto Configuration Click Apply. The IPv4 interface settings are written to the Running Configuration STEP 3 file. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 300
Valid-Duplicated—The IP address duplication check was completed, and a duplicate IP address was detected. Duplicated—A duplicated IP address was detected for the default IP address. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
IPv4 address may match multiple routes in the IPv4 Static Route Table. The device uses the matched route with the highest subnet mask, that is, the longest prefix match. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 302
Static addresses are manually configured and do not age out. The device creates dynamic addresses from the ARP packets it receives. Dynamic addresses age out after a configured time. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 303
Enter the parameters: STEP 5 • IP Version—The IP address format supported by the host. Only IPv4 is supported. • VLAN—In Layer 2, displays the management VLAN ID. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Select ARP Proxy to enable the device to respond to ARP requests for remotely- STEP 2 located nodes with the device MAC address. Click Apply. The ARP proxy is enabled, and the Running Configuration file is STEP 3 updated. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 305
A trusted port is a port that is connected to a DHCP server and is allowed to assign DHCP addresses. DHCP messages received on trusted ports are allowed to pass through the device. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 306
The main goal of option 82 is to help to the DHCP server select the best IP subnet (network pool) from which to obtain an IP address. The following Option 82 options are available on the device: Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 307
DHCP Relay VLAN with IP Address VLAN without IP Address Packet arrives Packet arrives Packet arrives Packet arrives without Option with Option without with Option Option 82 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 308
Option 82 discards the Disabled original packet Bridge – no Option 82 Option 82 is Bridge – inserted Packet is sent with the original Option 82 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 309
VLAN with IP Address VLAN without IP Address Packet arrives Packet arrives Packet arrives Packet arrives without with Option without with Option Option 82 Option 82 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 310
Bridge – Bridge – Packet is sent Bridge – Packet is sent without Packet is sent with the Option 82 with the Option 82 Option 82 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
The DHCP Snooping Binding database contains the following data: input port, input VLAN, MAC address of the client and IP address of the client if it exists. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 312
Device snoops packet. If an entry exists in the DHCP Snooping Binding table that STEP 5 matches the packet, the device replaces it with IP-MAC binding on receipt of DHCPACK. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 313
Otherwise the packet is forwarded to trusted interfaces only, and the entry is removed from database. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 314
Not enabled Verify MAC Address Enabled Backup DHCP Snooping Not enabled Binding Database DHCP Relay Disabled Configuring DHCP Work Flow To configure DHCP Relay and DHCP Snooping: Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 315
Backup Database Update Interval —Enter how often the DHCP Snooping Binding database is to be backed up (if Backup Database is selected). Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 316
Select the interface and click Edit. STEP 2 Select Trusted Interface (Yes or No). STEP 3 Click Apply to save the settings to the Running Configuration file. STEP 4 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 317
Inactive—IP Source Guard is not active on the device. • Reason— No Problem No Resource No Snoop VLAN Trust Port To add an entry, click Add. STEP 2 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
IP Address, the IP address is revoked at the end of this period, and the client must request another IP address. This is done in the Network Pools page. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 319
Do this in the IP Configuration > IPv4 Interface page. View the allocated IP addresses using the Address Binding page. IP addresses STEP 7 can be deleted in this page. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 320
Address and the Mask, or enter the Mask, the Address Pool Start and Address Pool End. Enter the fields: STEP 3 • Pool Name—Enter the pool name. • Subnet IP Address—Enter the subnet in which the network pool resides. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 321
Hybrid—A hybrid combination of b-node and p-node is used. When configured to use h-node, a computer always tries p-node first and uses b-node only if p-node fails. This is the default. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 322
Static Hosts You might want to assign some DHCP clients a permanent IP address that never changes. This client is then known as a static host. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 323
NetBIOS WINS Server (Option 44)— Enter the NetBIOS WINS name server available to the static host. • NetBIOS Node Type (Option 46)—Select how to resolve the NetBIOS name. Valid node types are: Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 324
Example: The DHCP option 66 is configured with the name of a TFTP server in the DHCP Options page. When a client DHCP packet is received containing option 66, the TFTP server is returned as the value of option 66. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 325
• Value— If the type is not Boolean, enter the value to be sent for this code. • Description— Enter a text description for documentation purposes. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 326
Pre-Allocated—An entry will be in pre-allocated state from the time between the offer and the time that the DHCP ACK is sent from the client. Then it becomes allocated. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
ICMPv6 Rate Limit Interval—Enter how often the ICMP error messages are generated. • ICMPv6 Rate Limit Bucket Size—Enter the maximum number of ICMP error messages that can be sent by the device per interval. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
To configure the interface as a DHCPv6 client, meaning to enable the interface to STEP 4 receive information from the DHCPv6 server, such as: SNTP configuration and DNS information, enter the DHCPv6 Client fields: Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 329
Click IPv6 Address Table to manually assign IPv6 addresses to the interface, if STEP 7 required. This page is described in the Defining IPv6 Addresses section. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 330
SNTP Servers—List of SNTP servers received from the DHCPv6 server. • POSIX Timezone String—Timezone received from the DHCPv6 server. • Configuration Server—Server containing configuration file received from the DHCPv6 server. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
ISATAP traffic until the DNS process is resolved. Configuring Tunnels To configure a tunnel, first configure an IPv6 interface as a tunnel in the IPv6 NOTE Interfaces page. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 332
The larger the number, the more frequent the queries. The ISATAP tunnel is not operational if the underlying IPv4 interface is NOTE not in operation. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Each address must be a valid IPv6 address that is specified in hexadecimal format by using 16-bit values separated by colons.You cannot configure an IPv6 addresses directly on an ISATAP tunnel interface. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Default Router IPv6 Address—Link local IP address of the default router. • Interface—Outgoing IPv6 interface where the default router resides. • Type—The default router configuration that includes the following options: Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
You can select a Clear Table option to clear some or all of IPv6 addresses in the IPv6 Neighbors Table. • Static Only—Deletes the static IPv6 address entries. • Dynamic Only—Deletes the dynamic IPv6 address entries. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 336
To change the type of an IP address from Dynamic to Static, select the address, STEP 5 click Edit and use the Edit IPv6 Neighbors page. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 337
List Name—Select one of the following options: Use Existing List—Select a previously-defined list to add a prefix to it. Create New List—Enter a name to create a new list. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
IPv6 Default Router List to send packets to destination devices that are not in the same IPv6 subnet as the device. In addition to the default route, Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 339
Lifetime—Time period during which the packet can be sent, and resent, before being deleted. • Route Type—How the destination is attached, and the method used to obtain the entry. The following values are: Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
The DHCPv6 client and DHCPv6 relay functions are mutually exclusive on an interface. Global Destinations To configure a list of DHCPv6 servers to which all DHCPv6 packets are relayed: Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 341
The address type can be Link Local, Global or Multicast (All_DHCP_Relay_Agents_and_Servers). • DHCPv6 Server IP Address—Enter the address of the DHCPv6 server to which packets are forwarded. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Default Domain Name—Enter the DNS domain name used to complete unqualified host names. The device appends this to all non-fully qualified domain names (NFQDNs) turning them into FQDNs. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 343
(from low to high). This effectively determines the order in which unqualified names are completed during DNS queries. Click Apply. The DNS server is saved to the Running Configuration file. STEP 5 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Name resolution always begins by checking static entries, continues by checking the dynamic entries, and ends by sending requests to the external DNS server. Eight IP addresses are supported per DNS server per host name. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 345
IP Version—Select Version 6 for IPv6 or Version 4 for IPv4. • IPv6 Address Type—Select the IPv6 address type (if IPv6 is used). The options are: Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 346
You can select the Clear Table option to clear some or all of the entries in the Host Mapping Table. • Static Only—Deletes the static hosts. • Dynamic Only—Deletes the dynamic hosts. • All Dynamic & Static—Deletes the static and dynamic hosts. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 347
IP Configuration Domain Name Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 348
IP Configuration Domain Name Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 349
IP Configuration Domain Name Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 350
IP Configuration Domain Name Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 351
IP Configuration Domain Name Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 352
IP Configuration Domain Name Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 353
IP Configuration Domain Name Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 354
IP Configuration Domain Name Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 355
IP Configuration Domain Name Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 356
IP Configuration Domain Name Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 357
IP Configuration Domain Name Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 358
IP Configuration Domain Name Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 359
IP Configuration Domain Name Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 360
IP Configuration Domain Name Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 361
IP Configuration Domain Name Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 362
IP Configuration Domain Name Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 363
IP Configuration Domain Name Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 364
IP Configuration Domain Name Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Access control of end-users to the network through the device is described in the following sections: • Management Access Method • Management Access Method • Configuring TACACS+<300-500> Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
(read-only or read-write) or changing the passwords of existing users. After adding a level 15 user (as described below), the default user is removed from the system. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 367
Read/Limited Write CLI Access (7)—User cannot access the GUI, and can only access some CLI commands that change the device configuration. See the CLI Reference Guide for more information. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 368
Contain no character that is repeated more than three times consecutively. • Do not repeat or reverse the users name or any variant reached by changing the case of the characters. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
The device can act as a TACACS+ client that uses the TACACS+ server for the following services: • Authentication—Provides authentication of users logging onto the device by using usernames and user-defined passwords. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 370
The user can enable accounting of login sessions using either a RADIUS or TACACS+ server. The user-configurable, TCP port used for TACACS+ server accounting is the same TCP port that is used for TACACS+ server authentication and authorization. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 371
Open an account for a user on the TACACS+ server. STEP 1 Configure that server along with the other parameters in the TACACS+ and Add STEP 2 TACACS+ Server pages. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 372
TACACS+ server times out. If a value is not entered in the Add TACACS+ Server page for a specific server, the value is taken from this field. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 373
Link Local Interface—Select the link local interface (if IPv6 Address Type Link Local is selected) from the list. • Server IP Address/Name—Enter the IP address or name of the TACACS+ server. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 374
To display sensitive data in plaintext form in the configuration file, click Display STEP 7 Sensitive Data As Plaintext. Click Apply. The TACACS+ server is added to the Running Configuration file of the STEP 8 device. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
The following defaults are relevant to this feature: • No default RADIUS server is defined by default. • If you configure a RADIUS server, the accounting feature is disabled by default. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Timeout for Reply—Enter the number of seconds that the device waits for an answer from the RADIUS server before retrying the query, or switching to the next server. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 377
Only one link local address is supported. If a link local address exists on the interface, this entry replaces the address in the configuration. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 378
Usage Type—Enter the RADIUS server authentication type. The options are: Login—RADIUS server is used for authenticating users that ask to administer the device. 802. 1 X—RADIUS server is used for 802. 1 x authentication. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Action—Permit or deny access to an interface or source address. • Interface—Which ports, LAGs, or VLANs are permitted to access or are denied access to the web-based configuration utility. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
This only applies to device types that offer a console port. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 381
Deny—Denies access to the device if the user matches the settings in the profile. • Applies to Interface—Select the interface attached to the rule. The options are: Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
IT management center. In this way, the device can still be managed and has gained another layer of security. To add profile rules to an access profile: Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 383
Applies to Interface—Select the interface attached to the rule. The options are: All—Applies to all ports, VLANs, and LAGs. User Defined—Applies only to the port, VLAN, or LAG selected. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
For example, if the selected authentication methods are RADIUS and Local, and all configured RADIUS servers are queried in priority order and do not reply, the user is authenticated locally. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
All authentication methods selected after Local or None are ignored. Click Apply. The selected authentication methods are associated with the access STEP 4 method. Secure Sensitive Data Management Security: Secure Sensitive Data Management. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Information appears for certificate 1 and 2 in the SSL Server Key Table. These fields are defined in the Edit page except for the following fields: • Valid From—Specifies the date from which the certificate is valid. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 387
• Certificate—Copy in the received certificate. • Import RSA KEY-Pair—Select to enable copying in the new RSA key-pair. • Public Key—Copy in the RSA public key. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
The device offers the following TCP/UDP services: • HTTP—Enabled by factory default • HTTPS—Enabled by factory default • SNMP—Disabled by factory default Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 389
The UDP Services table displays the following information: • Service Name—Access method through which the device is offering the UDP service. • Type—IP protocol the service uses. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Storm Control Rate Threshold—Enter the maximum rate at which unknown packets can be forwarded. The default for this threshold is 10,000 for FE devices and 100,000 for GE devices. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
New MAC addresses can be learned as Delete-On-Reset ones up to the maximum addresses allowed on the port. Relearning and aging are disabled. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 392
MAC addresses associated with the port. The port learns up to the maximum addresses allowed on the port. Both re-learning and aging of MAC addresses are enabled. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 393
Click Apply. Port security is modified, and the Running Configuration file is STEP 4 updated. 802.1X See the Security: 802.1X Authentication chapter for information about 802. 1 X authentication. This includes MAC-based and web-based authentication. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
TCP FIN packets are sent to close a connection. A packet in which both SYN and FIN flags are set should never exist. Therefore these packets might signify an attack on the device and should be blocked. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
A SYN attack is identified if the number of SYN packets per second exceeds a user-configured threshold. • Block SYN-FIN packets. • Block packets that contain reserved Martian addresses (Martian Addresses page) Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
QoS policies that are bound to a port. ACL and advanced QoS policies are not active when a port has DoS Protection enabled on it. To configure DoS Prevention global settings and monitor SCT: Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 397
Click Apply. The Denial of Service prevention Security Suite settings are written to STEP 6 the Running Configuration file. • If Interface-Level Prevention is selected, click the appropriate Edit button to configure the desired prevention. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 398
Click Apply. SYN protection is defined, and the Running Configuration file is STEP 3 updated. The SYN Protection Interface Table displays the following fields for every port or LAG (as requested by the user) Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 399
Click Security > Denial of Service Prevention > Martian Addresses. STEP 1 Select Reserved Martian Addresses and click Apply to include the reserved STEP 2 Martian Addresses in the System Level Prevention list. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 400
Network Mask—Enter the network mask for which the filter is enabled in IP address format. • TCP Port—Select the destination TCP port being filtered: Known Ports—Select a port from the list. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 401
Prefix Length—Select the Prefix Length and enter the number of bits that comprise the source IP address prefix. • SYN Rate Limit—Enter the number of SYN packets that be received. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 402
To configure fragmented IP blocking: Click Security > Denial of Service Prevention > IP Fragments Filtering. STEP 1 Click Add. STEP 2 Enter the parameters. STEP 3 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
If the packet matches an entry in the database, the device forwards it. If not, it is dropped. Interactions with Other Features The following points are relevant to IP Source Guard: Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 404
If source IP address filtering is enabled: IPv4 traffic: Only traffic with a source IP address that is associated with the port is permitted. Non IPv4 traffic: Permitted (Including ARP packets). Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Non IPv4 traffic — All non-IPv4 traffic is permitted. Interactions with Other Features for more information about enabling IP Source Guard on interfaces. To configure IP Source Guard on interfaces: Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Never-Never try to reactivate inactive addresses. Click Apply to save the above changes to the Running Configuration and/or Retry STEP 3 Now to check TCAM resources. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
ARP allows a gratuitous reply from a host even if an ARP request was not received. After the attack, all traffic from the device under attack flows through the attacker's computer and then to the router, switch, or host. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
The ARP inspection feature relates to interfaces as either trusted or untrusted (see Security > ARP Inspection > Interface Setting page). Interfaces are classified by the user as follows: Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 409
Addresses include 0.0.0.0, 255.255.255.255, and all IP Multicast addresses. Packets with invalid ARP Inspection bindings are logged and dropped. Up to 1024 entries can be defined in the ARP Access Control table. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Define the VLANs on which ARP Inspection is enabled and the Access Control STEP 4 Rules for each VLAN in the Security > ARP Inspection > VLAN Settings page. Defining ARP Inspection Properties To configure ARP Inspection: Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Click Security > ARP Inspection > Interface Settings. STEP 1 The ports/LAGs and their ARP trusted/untrusted status are displayed. To set a port/LAG as untrusted, select the port/LAG and click Edit. STEP 2 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
MAC Address—MAC address of packet. • IP Address—IP address of packet. Click Apply. The settings are defined, and the Running Configuration file is STEP 4 updated. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
VLAN number and select a previously-defined ARP Access Control group. Click Apply. The settings are defined, and the Running Configuration file is STEP 4 updated. First Hop Security Security: IPV6 First Hop Security Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 414
Security First Hop Security Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 415
Security First Hop Security Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 416
Security First Hop Security Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 417
Security First Hop Security Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
802. 1 x authentication is a client-server model. In this model, network devices have the following specific roles. • Client or supplicant • Authenticator • Authentication server Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 419
Single-host—Supports port-based authentication with a single client per port. • Multi-host—Supports port-based authentication with a multiple clients per port. • Multi-sessions—Supports client-based authentication with a multiple clients per port. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
The switch sends the 802. 1 x EAP-packet with the EAP success message inside when it receives the 802. 1 x EAPOL-start message. This is the default state. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 421
Security > 802. 1 X/MAC/Web Authentication > Port Authentication page. • Multi-Host Mode A port is authorized if there is if there is at least one authorized client. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 422
VLANs is bridged via the VLAN; if the VLAN is not assigned, all its traffic is bridged based on the static VLAN membership port configuration. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
802. 1 x messages, and the EAP messages between the authenticator and authentication servers are encapsulated into the RADIUS messages. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 424
In this case, the switch supports EAP MD5 functionality with the username and password equal to the client MAC address, as shown below. Figure 2 MAC-Based Authentication The method does not have any specific configuration. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 425
When the session is timed-out, the username/password is discarded, and the guest must re-enter them to open a new session. Table 1 Port Modes and Authentication Methods. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 426
The following table describes which SKUs support web-based authentication and in which system modes: System Mode WBA Supported Sx300 Layer 2 Layer 3 Sx500, Layer 2 Sx500ESW2- Layer 3 550X Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 427
The guest VLAN cannot be used as the Voice VLAN or an unauthenticated VLAN. “Table 3 Guest VLAN Support and RADIUS-VLAN Assignment Support” see a summary of the modes in which guest VLAN is supported. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 428
RADIUS-Assigned VLAN is enabled on the device. . In multi-session mode, RADIUS VLAN assignment is only supported when the NOTE device is in Layer 2 system mode. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 429
† † † † † † Legend: †—The port mode supports the guest VLAN and RADIUS-VLAN assignment N/S—The port mode does not support the authentication method. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 430
A value of 0 specifies the unlimited number of login attempts. The duration of the quiet period and the maximum number of login attempts can be set in the Port Authentication page. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Select the required port and click Edit. STEP 2 Enter the fields required for the port. STEP 3 The fields in this page are described in Defining 802.1X Port Authentication. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 432
Select a VLAN. STEP 3 Optionally, uncheck Authentication to make the VLAN an unauthenticated VLAN. STEP 4 Click Apply, and the Running Configuration file is updated. STEP 5 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
After linkup, if the software does not detect the 802. 1 X supplicant, or the authentication has failed, the port is added to the guest VLAN, only after the Guest VLAN timeout period has expired. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 434
A port with 802. 1 x defined on it cannot become a member of a LAG. NOTE To define 802. 1 X authentication: Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 435
Selected—Enables using a guest VLAN for unauthorized ports. If a guest VLAN is enabled, the unauthorized port automatically joins the VLAN selected in the Guest VLAN ID field in the 802. 1 X Port Authentication page. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 436
Time Range—Enable a limit on the time that the specific port is authorized for use if 802. 1 x has been enabled (Port -Based authentication is checked). • Time Range Name—Select the profile that specifies the time range. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
802. 1 X operates on the port and the action to perform if a violation has been detected. Port Host Modes for an explanation of these modes. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 438
Single Session/Single Host mode, from a host whose MAC address is not the supplicant MAC address). Click Apply. The settings are written to the Running Configuration file. STEP 4 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Administrative Port Control is Force Unauthorized. • Remaining Time(Sec)—The time remaining for the port to be locked. Select a port. STEP 2 Click Unlock. STEP 3 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 440
Click Apply and the settings are saved to the Running Configuration file. STEP 5 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 441
Hyperlink Color—Enter the ASCII code of the hyperlink color. The selected color is shown in the Text field. • Current Logo Image—Select one of the following options: Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 442
Password Textbox—Select for a password textbox to be displayed. • Password Textbox Label—Select the label to be displayed before the password textbox. • Language Selection—Select to enable the end user to select a language. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 443
Click Edit Success Page. STEP 13 Figure 5 The following page is displayed Click the Edit. button on the right side of the page. STEP 14 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
You can simulate the single-host mode by setting Max Hosts parameter to 1 in the Port Authentication page. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 445
VLAN based on they configuration the static belongs VLAN to the configurat unauthent icated VLANs Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 446
VLAN VLAN they to the unless configurat belongs to unauthent they icated belongs unauthent VLANs to the icated unauthent VLANs icated VLANs Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 447
Security: 802.1X Authentication Authentication Method and Port Mode Support Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 448
Policies, Global Parameters and System Defaults • Common Tasks • Default Settings and Configuration • Default Settings and Configuration • Configuring First Hop Security through Web GUI Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Certification Path Advertisement message CPS message Certification Path Solicitation message DAD-NS message Duplicate Address Detection Neighbor Solicitation message FCFS-SAVI First Come First Served - Source Address Validation Improvement Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 450
If IPv6 First Hop Security is enabled on a VLAN, the switch traps the following messages: • Router Advertisement (RA) messages • Router Solicitation (RS) messages • Neighbor Advertisement (NA) messages Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 451
Trapped RS,CPS NS and NA messages are also passed to the ND Inspection feature. ND Inspection validates these messages, drops illegal messages, and passes legal messages to the IPv6 Source Guard feature. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 452
R1 are inner links inside the protected area. Figure 7 IPv6 First Hop Security Perimeter Switch D IPv6 FHS Switch A IPv6 FHS IPv6 FHS Switch C Switch B Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
FHS common component is enabled, a rate limited SYSLOG message is sent. Neighbor Discovery Inspection Neighbor Discovery (ND) Inspection supports the following functions: Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
If a message does not pass verification, it is dropped. If the logging packet drop configuration on the FHS common component is enabled, a rate limited SYSLOG message is sent. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
IPv6 First Hop Security switch establishes binding only on perimeterical interfaces (see IPv6 First Hop Security Perimeter). Binding information is saved in the Neighbor Binding table. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 456
NA message is received as a reply to the DAD-NS message, the local device infers that no binding for that address exists in other devices and creates the local binding for that address. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
• If the given IPv6 address is known, the NS message is forwarded only on the interface to which the IPv6 address is bound. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 458
Protection Against NBD Cache Spoofing An IPv6 router supports the Neighbor Discovery Protocol (NDP) cache that maps the IPv6 address to the MAC address for the last hop routing. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
They are attached by default. • Default policies can never be deleted. You can only delete the user-added configuration. User-Defined Policies You can define policies other than the default policies. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
In the FHS Settings page, enter the list of VLANs on which this feature is enabled. STEP 1 In this same page, set the Global Packet Drop Logging feature. STEP 2 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 461
In the ND Inspection Settings page, enter the list of VLANs on which this feature is STEP 1 enabled. In this same page, set the global configuration values that are used if no values are STEP 2 set in a policy. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 462
• ICMPv6 Redirect messages • Certification Path Advertisement (CPA) messages • Certification Path Solicitation (CPS) message • DHCPv6 messages The FHS features are disabled by default. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Enable—Create a SYSLOG when a packet is dropped as a result of First Hop Security. Disable—Do not create a SYSLOG when a packet is dropped as a result of First Hop Security. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 464
No Verification—Disables verification of the advertised Managed Address Configuration flag. On—Enables verification of the advertised Managed Address Configuration flag. Off—The value of the flag must be 0. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 465
Preference value. The following values are acceptable: low, medium and high (see RFC4191). High—Specifies the maximum allowed Advertised Default Router Preference value. The following values are acceptable: low, medium and high (see RFC4191). Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 466
If required, click Add to create a DHCPv6 policy. STEP 3 Enter the following fields: STEP 4 • Policy Name—Enter a user-defined policy name. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 467
VLANs and to set the global configuration values for this feature. If required, a policy can be added or the system-defined default ND Inspection policies can be configured in this page. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 468
Inherited—Inherit value from VLAN or system default (disabled). Enable—Enable checking source MAC address against the link-layer address. Disable—Disable checking source MAC address against the link-layer address. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 469
Entries Per Interface:—Specifies the neighbor binding limit per interface. Entries Per MAC Address:—Specifies the neighbor binding limit per MAC address. If required, click Add to create a Neighbor Binding policy. STEP 3 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 470
VLAN List—Select the VLANs to which the policy is attached. Select All VLANs or enter a range of VLANs. Click Apply to add the settings to the Running Configuration file. STEP 3 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 471
• IPv6 Address—Source IPv6 address of the entry. • Interface Name— Port on which packet is received. • MAC Address— Neighbor MAC address of the packet. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 472
Maximal Router Preference:—Is maximum router preference verification enabled. • ND Inspection Status ND Inspection State on Current VLAN:—Is ND Inspection enabled on the current VLAN. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 473
Max Entries per Interface:—Maximum number of Neighbor Binding table entries per interface allowed. Max Entries per MAC Address:—Maximum number of Neighbor Binding table entries per MAC address allowed. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 474
The following fields are displayed in the FHS Dropped Message Table • Protocol— Dropped message protocol. • Message Type—Type of message dropped. • Count—Number of messages dropped. • Reason—Reason that the messages were dropped. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 475
Security: IPV6 First Hop Security Configuring First Hop Security through Web GUI Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
A device comes with a set of default SSD rules. An administrator can add, delete, and change SSD rules as desired. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 478
(Lowest) Exclude—Users are not permitted to access sensitive data in any form. (Middle) Encrypted Only—Users are permitted to access sensitive data as encrypted only. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 479
* The Read mode of a session can be temporarily changed in the SSD Properties page if the new read mode does not violate the read permission. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 480
SSD rules. A device depends on its user authentication process to authenticate and authorize management access. To protect a device and its data including sensitive data and SSD configurations from unauthorized access, it Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 481
Encrypted Only Encrypted The default rules can be modified, but they cannot be deleted. If the SSD default rules have been changed, they can be restored. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
A passphrase must comply with the following rules: • Length—Between 8-16 characters. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
The following are the existing passphrase control modes: Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Otherwise, the file is accepted for further processing. A device checks for the integrity of a text-based configuration file when the file is downloaded or copied to the Startup Configuration file. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
The SSD indicator is used to enforce SSD read permissions on text-based configuration files, but is ignored when copying the configuration files to the Running or Startup Configuration file. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
When directly configuring the passphrase, (non file copy), in the Running Configuration, the passphrase in the command must be entered in plaintext. Otherwise, the command is rejected. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
The user should not manually change the file SSD indicator that conflicts with the sensitive data, if any, in the file. Otherwise, plaintext sensitive data may be unexpectedly exposed. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 489
Devices that are out-of-the-box or in factory default states use the default NOTE anonymous user to access the SCP server. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
The Menu CLI interface is only allowed to users if their read permissions are Both or Plaintext Only. Other users are rejected. Sensitive data in the Menu CLI is always displayed as plaintext. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Rule). STEP 3 To change the local passphrase: Click Change Local Passphrase, and enter a new Local Passphrase: STEP 1 • Default—Use the devices default passphrase. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 492
Secure XML SNMP—Indicates that this rule applies only to XML over HTTPS and SNMPv3 with privacy. Insecure XML SNMP—Indicates that this rule applies only to XML over HTTP or and SNMPv1/v2and SNMPv3 without privacy. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 493
Restore to Default—Restore a user-modified default rule to the default rule. • Restore All Rules to Default—Restore all user-modified default rules to the default rule and remove all user-defined rules. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 494
Security: Secure Sensitive Data Management Configuring SSD Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
SCP server to a device. With respect to SSH, the SCP running on the device is an SSH client application and the SCP server is a SSH server application. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
SSH server. This is not done through the device’s management system, although, after a username has been established on the server, the server password can be changed through the device’s management system. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 497
SSH server. To facilitate this process, an additional feature enables secure transfer of the encrypted private key to all switches in the system. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
If no matching IP address/host name is found, the search is completed and authentication fails. • If the entry for the SSH server is not found in the list of trusted servers, the process fails. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
The following algorithms are supported on the client side: • Key Exchange Algorithm-diffie-hellman • Encryption Algorithms aes128-cbc 3des-cbc arcfour aes192-cbc aes256-cbc • Message Authentication Code Algorithms hmac-sha1 hmac-md5 Compression algorithms are not supported. NOTE Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Set up a username/password on the SSH server or modify the password on the STEP 3 SSH server. This activity depends on the server and is not described here. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 501
Click Add to add a new server and enter its identifying information. STEP 2 Click Apply to add the server to the Trusted SSH Servers table. STEP 3 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Display Sensitive Data As Plaintext—Sensitive data for the current page appears as plaintext. The SSH User Key Table contains the following fields for each key: • Key Type—RSA or DSA. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 503
By IP Address—If this is selected enter the IP address of the server in the fields below. By Name—If this is selected enter the name of the server in the Server IP Address/Name field. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 504
IP address is an IPv4 or IPv6 address. • IP Address Type—If the SSH server IP address is an IPv6 address, select the IPv6 address type. The options are: Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 505
• New Password—Enter the new password and confirm it in the Confirm Password field. Click Apply. The password on the SSH server is modified. STEP 3 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
SSH server application, such as PuTTY. The public keys are entered in the device. The users can then open an SSH session on the device through the external SSH server application. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Log on to device B and open the SSH Server Authentication page. Select either STEP 3 the RSA or DSA key, click Edit and paste in the key from device A. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
STEP 2 • SSH User Authentication by Password—Select to perform authentication of the SSH client user using the username/password configured in the local database (see Defining Users). Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 509
Select either an RSA or DSA key. STEP 2 You can perform any of the following actions: STEP 3 • Generate—Generates a key of the selected type. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 510
Encrypted. to display the text in encrypted form. If new keys were copied in from another, click Apply. The key(s) are stored in the STEP 4 Running Configuration file. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 511
Security: SSH Server SSH Server Configuration Pages Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Either a DENY or PERMIT action is applied to frames whose contents match the filter. The device supports a maximum of 512 ACLs, and a maximum of 512 ACEs. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 513
ACL. In advanced QoS, these frames can be referred to using this Flow name, and QoS can be applied to these frames (see QoS Advanced Mode). Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Only then can the ACL be modified, as described in this section. Defining MAC-based ACLs MAC-based ACLs are used to filter traffic based on Layer 2 fields. MAC-based ACLs check all frames for a match. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 515
—Drop packets that meet the ACE criteria, and disable the port from where the packets were received. Such ports can be reactivated from the Port Settings page. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 516
802.1p Mask—Enter the wildcard mask to be applied to the VPT tag. • Ethertype—Enter the frame Ethertype to be matched. Click Apply. The MAC-based ACE is saved to the Running Configuration file. STEP 5 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Enter the name of the new ACL in the ACL Name field. The names are STEP 3 case-sensitive. Click Apply. The IPv4-based ACL is saved to the Running Configuration file. STEP 4 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 518
ICMP —Internet Control Message Protocol IGMP —Internet Group Management Protocol IP in IP —IP in IP encapsulation —Transmission Control Protocol Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 519
User defined to enter a source address or range of source addresses. • Source IP Address Value—Enter the IP address to which the source IP address is to be matched. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 520
Filtered packets are either forwarded or dropped. Filtering packets by TCP flags increases packet control, which increases network security. • Type of Service—The service type of the IP packet. —Any service type Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
The IPv6-Based ACL page displays and enables the creation of IPv6 ACLs, which check pure IPv6-based traffic. IPv6 ACLs do not check IPv6-over-IPv4 or ARP packets. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 522
Deny—Drop packets that meet the ACE criteria. Shutdown—Drop packets that meet the ACE criteria, and disable the port to which the packets were addressed. Ports are reactivated from the Port Management page. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 523
Single—Enter a single TCP/UDP source port to which packets are matched. This field is active only if 800/6-TCP or 800/17-UDP is selected in the IP Protocol drop-down menu. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 524
Select one of the following options, to configure whether to filter on this code: Any—Accept all codes. User Defined—Enter an ICMP code for filtering purposes. Click Apply. STEP 5 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Select IPv4 Based ACL—Select an IPv4-based ACL to be bound to the interface. • Select IPv6 Based ACL—Select an IPv6-based ACL to be bound to the interface. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 526
Click Apply. The ACL binding is modified, and the Running Configuration file is STEP 4 updated. If no ACL is selected, the ACL(s) that is previously bound to the VLAN are unbound. NOTE Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
This section covers the following topics: • QoS Features and Components • Configuring QoS - General • QoS Basic Mode • QoS Advanced Mode • Managing QoS Statistics Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
CoS/802. 1 p to Queue page or the DSCP to Queue page (depending on whether the trust mode is CoS/802. 1 p or DSCP, respectively). Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
ACLs bonded directly to interfaces remain bonded. • When changing from QoS Basic mode to Advanced mode, the QoS Trust mode configuration in Basic mode is not retained. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Configure Basic mode, as described in Workflow to Configure Basic QoS Mode b. Configure Advanced mode, as described in Workflow to Configure Advanced QoS Mode. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Interface—Select the port or LAG. • Default CoS—Select the default CoS (Class-of-Service) value to be assigned for incoming packets (that do not have a VLAN tag). Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
(The relative portion from each WRR queue depends on its weight). To select the priority method and enter WRR data. Click Quality of Service > General > Queue. STEP 1 Enter the parameters. STEP 2 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 533
Values (4 queues 1- (0-7, 7 being 4, 4 being the the highest) highest priority) Background Best Effort Excellent Effort Critical Application - LVS phone SIP Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 534
For each 802. 1 p priority, select the Output Queue to which it is mapped. STEP 3 Click Apply. 801. 1 p priority values to queues are mapped, and the Running STEP 4 Configuration file is updated. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
The device is in QoS Advanced mode and the packets belongs to flows that is DSCP trusted Non-IP packets are always classified to the best-effort queue. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 536
Select the Output Queue (traffic forwarding queue) to which the DSCP value is STEP 2 mapped. Click Apply. The Running Configuration file is updated. STEP 3 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
This field is only available if the interface is a port. • Egress Shaping Rate—Select to enable egress shaping on the interface. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
• Committed Information Rate (CIR)—Enter the maximum rate (CIR) in Kbits per second (Kbps). CIR is the average maximum amount of data that can be sent. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 539
VLAN ID—Select a VLAN. • Committed Information Rate (CIR)—Enter the average maximum amount of data that can be accepted into the VLAN in Kilobytes per second. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
CoS/802. 1 p trusted mode and DSCP trusted mode. CoS/802. 1 p trusted mode uses the 802. 1 p priority in the VLAN tag. DSCP trusted mode use the DSCP value in the IP header. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 541
It also replaces the original DSCP values in the packets with the new DSCP values. The frame is mapped to an egress queue using the new, rewritten NOTE value, and not by the original DSCP value. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Select the Port or LAG interface. STEP 4 Click to enable or disable QoS State for this interface. STEP 5 Click Apply. The Running Configuration file is updated. STEP 6 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
(flow) at a port independent of each other. • An aggregate policer applies the QoS to all its flow(s) in aggregation regardless of policies and ports. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Aggregate Policer page. Create a policy that associates a class map with the aggregate policer by using the Policy Table page. 5. Bind the policy to an interface by using the Policy Binding page. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 545
When Override Ingress DSCP is enabled, the device uses the new DSCP values for egress queueing. It also replaces the original DSCP values in the packets with the new DSCP values. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 546
DSCP values 16, 24, and 48, Out of Profile DSCP Mapping changes the incoming values as they are mapped to the outgoing values. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
If a class map has two ACLs, you can specify that a frame must match both ACLs, or that it must match either one or both of the ACLs selected. Enter the parameters. STEP 3 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
QoS on the class map (flow) at ports that are otherwise independent of each other. A single policer is created in the Policy Table page. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
To define an aggregate policer: Click Quality of Service > QoS Advanced Mode > Aggregate Policer. STEP 1 This page displays the existing aggregate policers. Click Add. STEP 2 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
One or more aggregates that applies the QoS to the traffic flows in the policy. After a policy has been added, class maps can be added by using the Policy Table page. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
DSCP value of all the matching packets. Use default trust mode —Ignore the ingress CoS/802. 1 p and/or DSCP value. The matching packets are sent as best effort. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 552
Bandwidth page. • Exceed Action—Select the action assigned to incoming packets exceeding the CIR. The options are: None—No action. Drop—Packets exceeding the defined CIR value are dropped. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Permit Any can be defined only if IP Source Guard is not activated on NOTE the interface. Click Apply. The QoS policy binding is defined, and the Running Configuration file STEP 5 is updated. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Enter the parameters. STEP 3 • Interface—Select the interface for which statistics are accumulated. • Policy Name—Select the policy name. • Class Map Name—Select the class name. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Refresh Rate—Select the time period that passes before the interface Ethernet statistics are refreshed. The available options are: No Refresh—Statistics are not refreshed. 15 Sec—Statistics are refreshed every 15 seconds. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 556
All Ports—Specifies that statistics are displayed for all ports. • Queue—Select the queue for which statistics are displayed. • Drop Precedence—Enter drop precedence that indicates the probability of being dropped. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 557
Quality of Service Managing QoS Statistics Click Apply. The Queue Statistics counter is added, and the Running Configuration STEP 4 file is updated. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 558
Quality of Service Managing QoS Statistics Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 559
Quality of Service Managing QoS Statistics Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 560
Quality of Service Managing QoS Statistics Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 561
Quality of Service Managing QoS Statistics Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 562
Quality of Service Managing QoS Statistics Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
The device functions as SNMP agent and supports SNMPv1, v2, and v3. It also reports system events to trap receivers using the traps defined in the supported MIBs (Management Information Base). Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
For security reasons, SNMP is disabled by default. Before you can NOTE manage the device via SNMP, you must turn on SNMP on the Security >TCP/ UDP Services page. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 565
Define users by using the SNMP Users page where they can be associated with a STEP 4 group. If the SNMP Engine ID is not set, then users may not be created. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
9.6. 1 .83.52. 1 uplinks and 2 combo-ports SF300-08 8 FE ports. 9.6. 1 .82.08.4 SF302-08 8 FE ports plus 2 GE ports 9.6. 1 .82.08. 1 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
User Defined—Enter the local device engine ID. The field value is a hexadecimal string (range: 10 - 64). Each byte in the hexadecimal character strings is represented by two hexadecimal digits. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Object ID (OID) of the root of the relevant subtrees. Either well- known names can be used to specify the root of the desired subtree or an OID can be entered (see Model OIDs). Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 570
DefaultSuper—Default SNMP view for administrator views. Other views can be added. • Object ID Subtree—Displays the subtree to be included or excluded in the SNMP view. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
This page contains the existing SNMP groups and their security levels. Click Add. STEP 2 Enter the parameters. STEP 3 • Group Name—Enter a new group name. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 572
Otherwise, there is no restriction on the contents of the traps. This can only be selected for SNMPv3. Click Apply. The SNMP group is saved to the Running Configuration file. STEP 4 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Remote IP Address—User is connected to a different SNMP entity besides the local device. If the remote Engine ID is defined, remote devices receive inform messages, but cannot make requests for Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 574
This field must be exactly 32 hexadecimal characters. The Encrypted or Plaintext mode can be selected. Click Apply to save the settings. STEP 4 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
IP device can access the SNMP community. • IP Version—Select either IPv4 or IPv6. • IPv6 Address Type—Select the supported IPv6 address type if IPv6 is used. The options are: Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 576
Advanced—Select this mode for a selected community. Group Name—Select an SNMP group that determines the access rights. Click Apply. The SNMP Community is defined, and the Running Configuration is STEP 4 updated. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
An SNMP notification is a message sent from the device to the SNMP management station indicating that a certain event has occurred, such as a link up/ down. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 578
Server Definition—Select whether to specify the remote log server by IP address or name. • IP Version—Select either IPv4 or IPv6. • IPv6 Address Type—Select either Link Local or Global. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 579
Filter Name—Select the SNMP filter that defines the information contained in traps (defined in the Notification Filter page). Click Apply. The SNMP Notification Recipient settings are written to the Running STEP 5 Configuration file. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Global—The IPv6 address is a global Unicast IPV6 type that is visible and reachable from other networks. • Link Local Interface—Select the link local interface (if IPv6 Address Type Link Local is selected) from the pull-down list. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 581
Filter Name—Select the SNMP filter that defines the information contained in traps (defined in the Notification Filter page). Click Apply. The SNMP Notification Recipient settings are written to the Running STEP 4 Configuration file. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Select or deselect Include in filter. If this is selected, the selected MIBs are STEP 4 included in the filter, otherwise they are excluded. Click Apply. The SNMP views are defined and the running configuration is STEP 5 updated. Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 583
SNMP SNMP Notification Filters Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 584
SNMP SNMP Notification Filters Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 585
SNMP SNMP Notification Filters Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Page 586
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company.